--------------- QuickDiag | g3n-h@ckm@n | V5_10.09.19.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 18/09/2019 20:31:59 Updated 10/09/2019 | 23:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Andre (Administrator)] - [DESKTOP-6QT9I58] (S-1-5-21-3749229121-239879379-510366881-1001) System: Microsoft Windows 10 Famille - - (10.0.18362) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1903) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: X540LA - ASUSTeK COMPUTER INC. - IdNumber: GBN0CX04X791448 - UUID: 35818A22-3FDE-9845-85EE-2496FF817E50 Processor : X64 - 1995 Mhz - Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz X540LA.204 - en|US|iso8859-1 - American Megatrends Inc. - S/N: GBN0CX04X791448 - X540LA.204 - _ASUS_ - 1072009 CoreTemp : 47 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_104310D0&REV_1000\4&803EF72&0&0001 ---------- | Video Intel(R) HD Graphics 5500 - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_10D01043&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 5500 - DriverVersion: 20.19.15.4549 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:1 % CPU #2 value:0 % CPU #3 value:0 % CPU #4 value:7 % Total Overall CPU Usage value:0 % ---------- | Network Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec Qualcomm Atheros AR956x Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:0 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_213A1A3B&REV_01\4&311916B6&0&00E3 Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_200F1043&REV_06\01000000364CE00002 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2C7F165C&0&11 Bluetooth Device (Personal Area Network) #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&18F82F71&0&2 Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2C7F165C&0&12 WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6 WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH ---------- | Memory RAM = Total (MB) : 4093 | Free (MB) : 2584 Pagefile = Total (MB) : 4814 | Free (MB) : 3122 Virtual = Total (MB) : 4194 | Free (MB) : 3907 Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: - Manufacturer: Micron - PartNumber: 8KTF51264HZ-1G9P2 - S/N: 00000000 ---------- | SID Users Administrateur : [S-1-5-21-3749229121-239879379-510366881-500] Andre : [S-1-5-21-3749229121-239879379-510366881-1001] DefaultAccount : [S-1-5-21-3749229121-239879379-510366881-503] defaultuser0 : [S-1-5-21-3749229121-239879379-510366881-1000] Invité : [S-1-5-21-3749229121-239879379-510366881-501] WDAGUtilityAccount : [S-1-5-21-3749229121-239879379-510366881-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 930.67 Go | Free : 862.73 Go -> NTFS [SATA] D:\ -> [CDROM] | [Audio CD] Disk Usage Information [1 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_MQ01ABD100\4&FD37B12&0&000000 ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.18362.1 (© Microsoft Corporation. Tous droits réservés.) Default : "E:\Andre\Documents\mes applications\PortApps\PortableApps.com\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe" -osint -url "" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.255 FlashPlayer Plugin : 32.0.0.255 ---------- | Security AS : Windows Defender Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 408 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.329) = C:\Windows\System32\smss.exe [12/09/2019 20:47:12] CPU Usage:0 % 664 | [Owner : Système | Parent : 652(fontdrvhost.exe) | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 756 | [Owner : Système | Parent : 652(fontdrvhost.exe) | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.1) = C:\Windows\System32\wininit.exe [19/03/2019 06:44:35] CPU Usage:0 % 768 | [Owner : Système | Parent : 748() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe [19/03/2019 06:44:35] CPU Usage:0 % 836 | [Owner : Système | Parent : 748() | 9.25 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.356) = C:\Windows\System32\winlogon.exe [12/09/2019 20:47:13] CPU Usage:0 % 904 | [Owner : Système | Parent : 756(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.207) = C:\Windows\System32\services.exe [29/08/2019 18:51:08] CPU Usage:0 % 916 | [Owner : Système | Parent : 756(wininit.exe) | 15.09 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe [19/03/2019 06:44:36] CPU Usage:0 % 376 | [Owner : Système | Parent : 904(services.exe) | 3.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 592 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 10.39 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.18362.1) = C:\Windows\System32\WUDFHost.exe [19/03/2019 06:44:53] CPU Usage:0 % 656 | [Owner : UMFD-0 | Parent : 756(wininit.exe) | 2.47 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe [12/09/2019 20:47:13] CPU Usage:0 % 652 | [Owner : UMFD-1 | Parent : 836(winlogon.exe) | 7.21 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe [12/09/2019 20:47:13] CPU Usage:0 % 72 | [Owner : Système | Parent : 904(services.exe) | 27.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1080 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 12.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1140 | [Owner : Système | Parent : 904(services.exe) | 7.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1216 | [Owner : DWM-1 | Parent : 836(winlogon.exe) | 42.7 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.329) = C:\Windows\System32\dwm.exe [12/09/2019 20:46:59] CPU Usage:0 % 1332 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1340 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 11.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1376 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1476 | [Owner : Système | Parent : 904(services.exe) | 9.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1532 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1564 | [Owner : Système | Parent : 904(services.exe) | 14.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1592 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 5.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1692 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1724 | [Owner : Système | Parent : 904(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1736 | [Owner : Système | Parent : 904(services.exe) | 11.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1836 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2044 | [Owner : Système | Parent : 904(services.exe) | 6.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1072 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 12.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1164 | [Owner : Système | Parent : 904(services.exe) | 8.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2140 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2148 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2164 | [Owner : Système | Parent : 904(services.exe) | 67.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2192 | [Owner : Système | Parent : 904(services.exe) | 5.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2216 | [Owner : Système | Parent : 904(services.exe) | 13.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2316 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2408 | [Owner : Système | Parent : 904(services.exe) | 7.77 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2476 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 11.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2492 | [Owner : Système | Parent : 904(services.exe) | 8.9 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe [30/11/2016 22:56:28] CPU Usage:0 % 2544 | [Owner : Système | Parent : 904(services.exe) | 7.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2556 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 9.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2596 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2640 | [Owner : SERVICE LOCAL | Parent : 2044(svchost.exe) | 10.46 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe [19/03/2019 06:44:18] CPU Usage:0 % 2668 | [Owner : Système | Parent : 904(services.exe) | 19.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2752 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2884 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3044 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 13.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3188 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3200 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3296 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3380 | [Owner : Système | Parent : 904(services.exe) | 14.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3440 | [Owner : Système | Parent : 904(services.exe) | 13.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3512 | [Owner : Système | Parent : 904(services.exe) | 12.37 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.239) = C:\Windows\System32\spoolsv.exe [29/08/2019 18:50:11] CPU Usage:0 % 3572 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 13.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3656 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 7.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3780 | [Owner : Système | Parent : 904(services.exe) | 7.05 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe [30/01/2019 23:44:54] CPU Usage:0 % 3788 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 12.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3800 | [Owner : Système | Parent : 904(services.exe) | 33.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3812 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 33.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3820 | [Owner : Système | Parent : 904(services.exe) | 6.6 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10603.192) = C:\Windows\SysWOW64\esif_uf.exe [13/08/2015 00:54:46] CPU Usage:0 % 3828 | [Owner : Système | Parent : 904(services.exe) | 11.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3924 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 6.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3936 | [Owner : Système | Parent : 904(services.exe) | 5.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3964 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3972 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4008 | [Owner : Système | Parent : 904(services.exe) | 8.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4036 | [Owner : Système | Parent : 904(services.exe) | 20.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4056 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1908.7) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1908.7-0\MsMpEng.exe [17/09/2019 07:07:19] CPU Usage:0 % 3536 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4216 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 4.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4412 | [Owner : Système | Parent : 904(services.exe) | 10.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4844 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 4.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5036 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5044 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3640 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1424 | [Owner : SERVICE RÉSEAU | Parent : 72(svchost.exe) | 16.94 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 5484 | [Owner : Andre | Parent : 3820(esif_uf.exe) | 5.02 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10603.192) = C:\Windows\Temp\DPTF\esif_assist_64.exe [18/09/2019 06:38:36] CPU Usage:0 % 5512 | [Owner : Andre | Parent : 1164(svchost.exe) | 26.38 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe [19/03/2019 06:44:12] CPU Usage:0 % 5544 | [Owner : Andre | Parent : 904(services.exe) | 14.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5628 | [Owner : Andre | Parent : 904(services.exe) | 37.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5700 | [Owner : Andre | Parent : 1564(svchost.exe) | 6.04 Mo] - (.H.D.S. Hungary - Hard Disk Sentinel.) - (5.40.0.0) = C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [16/09/2018 07:33:01] CPU Usage:0 % 5756 | [Owner : Système | Parent : 904(services.exe) | 12.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 5776 | [Owner : Andre | Parent : 1564(svchost.exe) | 14.74 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.1) = C:\Windows\System32\taskhostw.exe [19/03/2019 06:44:33] CPU Usage:0 % 5900 | [Owner : Système | Parent : 904(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6020 | [Owner : Andre | Parent : 5748() | 11.24 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe [30/11/2016 22:56:54] CPU Usage:0 % 6036 | [Owner : Andre | Parent : 5900(svchost.exe) | 14.11 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe [19/03/2019 06:44:33] CPU Usage:0 % 6052 | [Owner : Andre | Parent : 5748() | 8.36 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe [30/11/2016 22:57:14] CPU Usage:0 % 6104 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 15.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 4860 | [Owner : Andre | Parent : 5748() | 10.36 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe [30/11/2016 22:57:46] CPU Usage:0 % 4856 | [Owner : Andre | Parent : 5956() | 121.83 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.329) = C:\Windows\explorer.exe [12/09/2019 20:45:59] CPU Usage:0 % 6480 | [Owner : Andre | Parent : 904(services.exe) | 18.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7008 | [Owner : Andre | Parent : 1564(svchost.exe) | 1.58 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.290) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [13/11/2015 05:33:58] CPU Usage:0 % 988 | [Owner : Andre | Parent : 7004() | 1.12 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1126) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13/11/2015 05:34:18] CPU Usage:0 % 3592 | [Owner : Système | Parent : 904(services.exe) | 9.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1636 | [Owner : Andre | Parent : 72(svchost.exe) | 6.63 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.18362.1) = C:\Windows\System32\wbem\unsecapp.exe [19/03/2019 06:43:54] CPU Usage:0 % 616 | [Owner : Système | Parent : 72(svchost.exe) | 13.14 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe [19/03/2019 06:44:00] CPU Usage:0 % 2632 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1872 | [Owner : Système | Parent : 904(services.exe) | 11.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6884 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe [19/03/2019 06:45:32] CPU Usage:0 % 6140 | [Owner : Système | Parent : 904(services.exe) | 14.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3388 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 3664 | [Owner : Système | Parent : 904(services.exe) | 28.84 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.329) = C:\Windows\System32\SearchIndexer.exe [12/09/2019 20:46:31] CPU Usage:0 % 4032 | [Owner : Andre | Parent : 904(services.exe) | 11.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 7596 | [Owner : Andre | Parent : 72(svchost.exe) | 8.36 Mo] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.18362.1) = C:\Windows\System32\CompPkgSrv.exe [19/03/2019 06:43:47] CPU Usage:0 % 7636 | [Owner : Andre | Parent : 72(svchost.exe) | 7.18 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe [19/03/2019 06:44:06] CPU Usage:0 % 7828 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe [12/09/2019 20:47:14] CPU Usage:0 % 8040 | [Owner : Système | Parent : 904(services.exe) | 6.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1644 | [Owner : Système | Parent : 904(services.exe) | 16.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 2916 | [Owner : Andre | Parent : 72(svchost.exe) | 68.76 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.18362.329) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [12/09/2019 20:47:06] CPU Usage:0 % 1948 | [Owner : Andre | Parent : 72(svchost.exe) | 25.18 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe [19/03/2019 06:44:23] CPU Usage:0 % 5220 | [Owner : Andre | Parent : 72(svchost.exe) | 37.66 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.329) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe [12/09/2019 20:46:51] CPU Usage:0 % 5216 | [Owner : Système | Parent : 904(services.exe) | 17.23 Mo] - (.TeamViewer GmbH - TeamViewer 14.) - (14.6.2452.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [24/05/2019 21:20:09] CPU Usage:0 % 2368 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 16.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 1660 | [Owner : Système | Parent : 904(services.exe) | 9.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6032 | [Owner : Andre | Parent : 1788() | 17.06 Mo] - (.Opera Software - Opera Browser Assistant.) - (63.0.3368.94) = C:\Users\Andre\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [15/07/2019 16:03:20] CPU Usage:0 % 3492 | [Owner : Andre | Parent : 6032(browser_assistant.exe) | 9.03 Mo] - (.Opera Software - Opera Browser Assistant.) - (63.0.3368.94) = C:\Users\Andre\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [15/07/2019 16:03:20] CPU Usage:0 % 8308 | [Owner : Andre | Parent : 72(svchost.exe) | 14.61 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe [12/09/2019 20:47:15] CPU Usage:0 % 5652 | [Owner : SERVICE LOCAL | Parent : 3044(svchost.exe) | 11.36 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.18362.356) = C:\Windows\System32\audiodg.exe [12/09/2019 20:45:51] CPU Usage:0 % 7652 | [Owner : Andre | Parent : 72(svchost.exe) | 22.22 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.18362.1) = C:\Windows\System32\smartscreen.exe [19/03/2019 06:44:03] CPU Usage:0 % 5360 | [Owner : Andre | Parent : 4856(explorer.exe) | 60.56 Mo] - (.SosVirus - QuickDiag.) - (10.9.19.1) = C:\Users\Andre\Desktop\QuickDiag.exe [18/09/2019 19:32:39] CPU Usage:0 % 8256 | [Owner : Système | Parent : 904(services.exe) | 5.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe [19/03/2019 06:44:33] CPU Usage:0 % 6560 | [Owner : SERVICE RÉSEAU | Parent : 72(svchost.exe) | 10.15 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [19/03/2019 06:45:12] CPU Usage:0 % ---------- | Locked Applications [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe) ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll (.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4549) -- C:\WINDOWS\SYSTEM32\igdusc64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4549) -- C:\WINDOWS\system32\igfxDTCM.dll (.Intel Corporation.-.igfxDH Module.) - (6.15.10.4549) -- C:\WINDOWS\system32\igfxDH.dll (.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4549) -- C:\WINDOWS\system32\igfxLHM.dll (.Intel Corporation.-.igfxDI Module.) - (6.15.10.4549) -- C:\WINDOWS\system32\igfxDI.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.The ICU Project.-.ICU Combined Library.) - (63.1.0.0) -- C:\WINDOWS\SYSTEM32\icu.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU Opera Browser Assistant - (C:\Users\Andre\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\...\Run]) - User: DESKTOP-6QT9I58\Andre SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Opera Browser Assistant"=C:\Users\Andre\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [15/07/2019 16:03:20] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDriveSetup"=0x020000000000000000000000 "OneDrive"=0x0300000019E49BDE4D3DD401 "Emjysoft Sauvegarde Facile"=0x03000000FDB532BBFF7ED401 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Doro PDF Writer,winspool,Ne03: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "DefaultColor"=0 "EnableExtensions"=1 "CompletionChar"=64 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x0700000062BAF04A70E4D401 "AvastUI.exe"=0x060000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "Avira SystrayStartTrigger"=0x03000000181FD4B2AD1AD401 "SecurityHealth"=0x030000003039D0F43F57D401 "DoroServer"=0x03000000B9BF93D76460D401 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D5699A6797C477 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "DoroServer"=C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [06/10/2018 21:32:37] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [27/09/2017 21:26:40] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Flash Player NPAPI Notifier Adobe Flash Player PPAPI Notifier Adobe Flash Player Updater ATK Package 36D18D69AFC3 ATK Package A22126881260 Avast Emergency Update BlueStacksHelper CCleaner Update CCleanerSkipUAC OneDrive Standalone Update Task-S-1-5-21-3749229121-239879379-510366881-1001 Opera scheduled assistant Autoupdate 1563199400 Opera scheduled Autoupdate 1561445150 RogueKiller Anti-Malware RtHDVBg_ListenToDevice RTKCPL User_Feed_Synchronization-{7135C517-EDF1-4517-822F-A5D6BB9A7F96} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [27/05/2019 22:56:32] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=916 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "ResourceTimeoutCount"=648000 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=0 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=4283ffd2-85b3-47d2-9c7b-6960bf6 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "FontSmoothingGamma"=1200 "WallPaper"= "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9052078010000000 "MaxVirtualDesktopDimension"=3286 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010059E6010080070000B00400008D7B7490EDD1D30143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C005400680065006D00650032005C0069006D006700310032002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "AutoColorization"=1 "EnablePerProcessSystemDPI"=1 "ImageColor"=3305111551 "CaretWidth"=5 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "EdgeDesktopShortcutCreated"=1 "EnableAutoTray"=0 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x690F1723C1408A27100000010002000037090000FB9A790967ADD111ABCD00C04FC30936900200000114020000000000C0000000000000460D03000044F8271D1F3A104485AC14651078412D620700001A58CE57B60C66429CA019364C90A0B3000D0000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=3 "GlobalAssocChangedCounter"=83 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=0 "StartMenuInit"=13 "TaskbarStateLastRun"=0xA01F815D00000000 "ReindexedProfile"=1 "TaskbarSizeMove"=0 "DisablePreviewDesktop"=0 "DontUsePowerShellOnWinX"=1 "TaskbarAutoHideInTabletMode"=0 "TaskbarBadges"=1 "Start_TrackProgs"=0 "ShowTaskViewButton"=0 "TaskbarSmallIcons"=1 "ShowCortanaButton"=1 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=3 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 "DefaultLevel"=262144 "TransparentEnabled"=1 "PolicyScope"=0 "ExecutableTypes"=ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=2 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=18362 "FirstLogon"=0 "PUUActive"=0xCC727E61010001002000600069F20000DD640400DD640400D200000002000900F0FD7C5C9BCF19004EEB0E0009410000133C00001605000000000000000000009B5E0E004E060000C4010000000000005DF65109406ED50169F20000000000000100000069F20000BA470000000000000000000000000000 "DP"=0xD200E800300001001F000000CC727E6100000000000000005DF65109406ED5015DF65109406ED501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100626000C04082100341A250134263008020455A0130455A01628200802C00C5042C60D50C6C6C0080841A1A008C1A1A20741F01C020C8864220D89F426900008002E006280AE0076AC8FF0080086082400BE083507BD30080A271040CA275040C40EE00801A4D30421ACD306219D400800A3122080E392A2CE0BB00805808082058080B23 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=1898180051 "ShutdownFlags"=2147483687 "AutoAdminLogon"=0 "DefaultUserName"=Andre "IsConnectedAutoLogon"=0 "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\Firefox-20F4E34260F859BB\Shell\open\Command] ""="E:\Andre\Documents\mes applications\PortApps\PortableApps.com\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe" [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\Firefox-20F4E34260F859BB\InstallInfo] "ReinstallCommand"="E:\Andre\Documents\mes applications\PortApps\PortableApps.com\PortableApps\FirefoxPortable\App\Firefox64\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command] ""="C:\Users\Andre\AppData\Local\Programs\Opera\Launcher.exe" [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo] "ReinstallCommand"="C:\Users\Andre\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:01:28] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [19/03/2019 14:01:28] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\Andre\AppData\Local\Programs\Opera\Launcher.exe"=32 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0BA02005C1F030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Andre\Downloads\Ninite 7Zip Air Avast Chrome Firefox Java 8 Installer.exe"=0x534143500100000000000000070000002800000050720600AC01070001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000035740A00000000000100000001000000 "C:\Users\Andre\AppData\Local\Temp\AIR5E5D.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000488C05001503060001000000000000000000000A0021000033504C2B57DFD1010000008000000000 "C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000068EA8A0013388B0001000000000000000000000A0021000033504C2B57DFD1010000000000000000 "C:\Users\Andre\Downloads\Ninite LibreOffice Installer.exe"=0x5341435001000000000000000700000028000000507206006306070001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BAFF0400000000000100000001000000 "C:\Program Files (x86)\Windows Mail\WinMail.exe"=0x534143500100000000000000070000002800000000420600BE39070001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Program Files (x86)\Windows Mail\wabmig.exe"=0x5341435001000000000000000700000028000000000001004934010001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Program Files (x86)\Windows Mail\wab.exe"=0x534143500100000000000000070000002800000000DC0700E3BC080001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Users\Andre\Desktop\mes applications\revouninstaller\revosetup (1).exe"=0x5341435001000000000000000700000028000000A8082800A0C6280001000000000000000000010600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A3AB0300000000000400000004000000 "C:\Users\Andre\Downloads\TeamViewer_Setup_fr.exe"=0x534143500100000000000000070000002800000078F3C500D848C60001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C67E0000000000000100000001000000 "C:\Program Files\SumatraPDF\SumatraPDF.exe"=0x534143500100000000000000070000002800000090981D00F5501E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B97C4A00000000005F0000005F000000 "C:\Users\Andre\Downloads\Thunderbird Setup 45.7.1.exe"=0x5341435001000000000000000700000028000000B0F119022E0E1A020100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B9CD0800000000000100000001000000 "C:\Users\Andre\Downloads\Firefox Setup Stub 51.0.1.exe"=0x534143500100000000000000070000002800000070BF03002BBC040001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000029150100000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files\AVAST Software\SZBrowser\launcher.exe"=0x534143500100000000000000070000002800000020260E00AF4D0E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000008000000000000000000000000000000000000000356F0000000000000200000002000000 "C:\Program Files\AVAST Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000500B14000000000003000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003AB70000000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Users\Andre\AppData\Local\Temp\jre-8u131-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B00316E0B0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000CCDA0400000000000100000001000000 "C:\Users\Andre\Downloads\flashplayer25_xa_install.exe"=0x53414350010000000000000007000000280000006856120020B7120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C8390100000000000100000001000000 "C:\Users\Andre\Downloads\PowerPointViewer.exe"=0x5341435001000000000000000700000028000000A099C6031335C7030100000000000000000001067102000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000455C0100000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office14\PPTVIEW.EXE"=0x534143500100000000000000070000002800000080D37800CC1279000100000000000000000001060021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B53D0000000000000100000001000000 "C:\Users\Andre\Desktop\mes applications\Captvty\captvty-2.5.9-autoextract.exe"=0x5341435001000000000000000700000028000000CD0EA3000EAB02000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000BC340000000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Users\Andre\Desktop\mes applications\team viewer\TeamViewer_Setup_fr.exe"=0x5341435001000000000000000700000028000000F840D500A0CFD50001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007CC60000000000000100000001000000 "C:\Users\Andre\Desktop\mes applications\Captvty\Captvty.exe"=0x534143500100000000000000070000002800000000F024000000000001000000000000000000000AF122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000076230000000000000100000001000000 "C:\Users\Andre\Desktop\mes applications\TeamViewer_Setup_fr.exe"=0x5341435001000000000000000700000028000000F840D500A0CFD50001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005D9F0000000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A7120000033504C2B57DFD1010000000100000000 "C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004E000000000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Andre\Downloads\flashplayer26_ha_install.exe"=0x5341435001000000000000000700000028000000F05F1200E2C3120001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004AB70000000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe"=0x5341435001000000000000000700000028000000303E30001B12310001000000000000000000020671220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000002E60200000000000100000001000000 "C:\Users\Andre\Downloads\flashplayer27_xa_install.exe"=0x5341435001000000000000000700000028000000F0611200D891120001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000007B2B0200000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7073.1013\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400AEA6040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7076.1026_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7131.1115\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C89C0300B381040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\Desktop\adwcleaner_7.0.5.0.exe"=0x5341435001000000000000000700000028000000C8ED7C00AC227D0001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000087580200000000000100000001000000 "C:\Users\Andre\Desktop\SFTGC.exe"=0x5341435001000000000000000700000028000000A43E10001F960A0001000000000000000000010671020000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000093A30000000000000200000002000000 "C:\Users\Andre\Desktop\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007CE80000000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0A203006855040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"=0x5341435001000000000000000700000028000000A0E00000E9FA000001000000000000000000000A00210000DB80FDAC2839D301000000000000000002000000280000000000000000000040000000000000000000000000000000005D991800000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AE0300F24D040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000A0548501FEE6850101000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0E00300017A040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000 "SIGN.MEDIA=172853C Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000050A7600000000000C0000000C000000 "C:\Users\Andre\Desktop\adwcleaner_7.1.1.exe"=0x5341435001000000000000000700000028000000D0F46E0049476F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FF640100000000000100000001000000 "SIGN.MEDIA=1AC138 Documents\Pictures\Shellbag\shellbag_analyzer_cleaner.exe"=0x534143500100000000000000070000002800000038C11A00704C1B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FFB30000000000000100000001000000 "SIGN.MEDIA=36BA9D Documents\Pictures\PatchMyPC\PatchMyPC.exe"=0x534143500100000000000000070000002800000020551B000B7A1B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AE370900000000000100000001000000 "C:\Users\Andre\Desktop\utilitaire\FolderPainter\FolderPainter\FolderPainter.exe"=0x534143500100000000000000070000002800000068480B0027B80B0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009C700000000000000100000001000000 "C:\Program Files (x86)\FolderPainter\FolderPainter.exe"=0x534143500100000000000000070000002800000068480B0027B80B0001000000000000000000010600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000100000000000000000000000000000F5200000000000001100000011000000 "C:\Users\Andre\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\PAssist_Std (1).exe"=0x5341435001000000000000000700000028000000D826A8002410A90001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000062770A00000000000100000001000000 "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.0\PartAssist.exe"=0x5341435001000000000000000700000028000000702F5400AA42540001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009B9A0000000000000100000001000000 "E:\Andre\Documents\utilitaire\VersionsLogsZeb.exe"=0x5341435001000000000000000700000028000000006E0A000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D8F70100000000000200000002000000 "C:\Users\Andre\Desktop\VersionsLogsZeb.exe"=0x534143500100000000000000070000002800000000E206000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008BBB0100000000000100000001000000 "E:\Andre\Documents\utilitaire\shellbag_analyzer_cleaner.exe"=0x534143500100000000000000070000002800000038C11A00704C1B0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002C950000000000000600000006000000 "G:\PortableApps.com\Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000006000000000000000000000000000000D8F0810700000000C2000000C2000000 "E:\Andre\Documents\extraire ici\PNotes\PNotes.NET\PNotes.NET.exe"=0x534143500100000000000000070000002800000000F43E000000000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000004000000000000000000000000000000E74B6400000000000600000006000000 "C:\Program Files (x86)\AOMEI Partition Assistant Standard Edition 7.0\unins000.exe"=0x5341435001000000000000000700000028000000490712000000000003000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009DB10000000000000100000001000000 "SIGN.MEDIA=4178D2 Documents\Pictures\smplayer-portable\smplayer-portable-18.5.0.0\smplayer.exe"=0x5341435001000000000000000700000028000000008C3F003CAA3F0001000000000000000000000A73200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000088050B00000000000200000002000000 "SIGN.MEDIA=122D738 Documents\Pictures\smplayer-portable\Nouveau dossier\smtube-18.3.0-x64.exe"=0x534143500100000000000000070000002800000038D722011689230101000000000000000000010600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008AA40400000000000300000003000000 "SIGN.MEDIA=4178D2 Documents\Pictures\smplayer-portable\smplayer-portable-18.5.0.0\smtube-18.3.0-x64.exe"=0x534143500100000000000000070000002800000038D722011689230101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B6C70300000000000100000001000000 "SIGN.MEDIA=4178D2 Documents\Music\smplayer-portable\smplayer-portable-18.5.0.0\smtube-18.3.0-x64.exe"=0x534143500100000000000000070000002800000038D722011689230101000000000000000000010600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DE730200000000000100000001000000 "SIGN.MEDIA=4178D2 Documents\Music\smplayer-portable\smplayer-portable-18.5.0.0\smplayer.exe"=0x5341435001000000000000000700000028000000008C3F003CAA3F0001000000000000000000000A73200000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003BA40E00000000000800000008000000 "SIGN.MEDIA=EC478 rufus-2.18.exe"=0x534143500100000000000000070000002800000078C40E0025E00E0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BB090200000000000100000001000000 "E:\Andre\Documents\extraire ici\rufus-3.0.exe"=0x534143500100000000000000070000002800000038860F00E87E100001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D7840500000000000600000006000000 "C:\Users\Andre\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ChromeSetup (1).exe"=0x53414350010000000000000007000000280000005841110043DD110001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000028100100000000000100000001000000 "E:\Andre\téléchargements\rufus-2.18.exe"=0x534143500100000000000000070000002800000078C40E0025E00E0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009CF50D00000000000100000001000000 "SIGN.MEDIA=2E50CEA Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000005C8EA07000000001100000011000000 "E:\Andre\téléchargements\avira_fr_pg001_5b48a5bd0a343__ws.exe"=0x5341435001000000000000000700000028000000A09F5200A83F530001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F2CF0000000000000100000001000000 "SIGN.MEDIA=8F9A99E Documents\Videos\Captvty\Captvty.exe"=0x534143500100000000000000070000002800000000BC3A000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009E096C02000000000200000002000000 "SIGN.MEDIA=1E7CF954 LOGICIELS PORTABLES\sumo\sumo\SUMo.exe"=0x5341435001000000000000000700000028000000C0881F0068971F0001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000092550000000000000100000001000000 "C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe"=0x5341435001000000000000000700000028000000F0A30400A8B5040001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000040120000000000000100000001000000 "SIGN.MEDIA=47FDEC5 Documents\Videos\Captvty.exe"=0x534143500100000000000000070000002800000000EE3A000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000076600200000000000100000001000000 "SIGN.MEDIA=8FFBDC2 Documents\Videos\Captvty.exe"=0x534143500100000000000000070000002800000000EE3A000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000091A41300000000000100000001000000 "G:\PortableApps.com\Documents\Pictures\PatchMyPC\PatchMyPC.exe"=0x534143500100000000000000070000002800000020551B000B7A1B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000ACB90000000000000400000004000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\bureau\CKScanner.exe"=0x5341435001000000000000000700000028000000002607000000000001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000057D00200000000000100000001000000 "E:\Andre\Documents\extraire ici\FSResizer38\FSResizer.exe"=0x5341435001000000000000000700000028000000006034000000000001000000000000000000000A61200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000014E0000000000000100000001000000 "C:\ProgramData\Package Cache\{890aaa3c-e398-43d7-bbe0-f109738dd071}\Avira.OE.Setup.Bundle.exe"=0x534143500100000000000000070000002800000000CD13002EF3130003000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004ECB0000000000000100000001000000 "C:\Program Files (x86)\Avira\Privacy Pal\unins000.exe"=0x5341435001000000000000000700000028000000F86114000CC4140003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E7320000000000000100000001000000 "E:\Andre\Documents\extraire ici\BleachBit-Portable\bleachbit.exe"=0x5341435001000000000000000700000028000000E8BA0000E2F1000001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000603A0200000000000100000001000000 "E:\Andre\téléchargements\spsetup132.exe"=0x5341435001000000000000000700000028000000E01E69006B74690001000000000000000000010600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000077510100000000000100000001000000 "E:\Andre\Documents\extraire ici\Renamer.exe"=0x534143500100000000000000070000002800000000321E000000000001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000003D60200000000000300000003000000 "E:\Andre\bureau\VersionsLogsZeb.exe"=0x534143500100000000000000070000002800000000DE06000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000022600D00000000000C0000000C000000 "E:\Andre\téléchargements\MEGAsyncSetup.exe"=0x5341435001000000000000000700000028000000385EB701FC34B80101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Program Files\internet explorer\iexplore.exe"=0x534143500100000000000000070000002800000008910C0061C40C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "E:\Andre\Documents\mes applications\sumatra\SumatraPDF-3.1.1-install.exe"=0x5341435001000000000000000700000028000000487E4900FD5A4A0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D7180000000000000100000001000000 "E:\Andre\Documents\mes applications\captvty\Captvty.exe"=0x534143500100000000000000070000002800000000EE3A000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008DDB1A00000000000200000002000000 "E:\Andre\Documents\extraire ici\Everything.exe"=0x534143500100000000000000070000002800000068902100A76A220001000000000000000000000A73220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000076B09E01000000000200000002000000 "E:\Andre\téléchargements\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6439.exe"=0x534143500100000000000000070000002800000090BFEC04BFDBEC0401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FC120000000000000100000001000000 "E:\Andre\téléchargements\PortableApps.com_Platform_Setup_12.0.5.paf.exe"=0x5341435001000000000000000700000028000000E869390017C0390001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C9ED0700000000000100000001000000 "F:\PortableApps.com_Platform_Setup_12.0.5.paf.exe"=0x5341435001000000000000000700000028000000E869390017C0390001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000620E0100000000000100000001000000 "E:\Andre\téléchargements\Start.exe"=0x534143500100000000000000070000002800000000FC0700E45B080001000000000000000000030671020000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000004DD00400000000000200000002000000 "E:\Andre\Documents\extraire ici\portable APPS\Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000025FD0800000000000200000002000000 "E:\Andre\Documents\extraire ici\nzvigzteur\Slimjet\slimjet.exe"=0x53414350010000000000000007000000280000004099160047ED160001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000001E465A01000000000F0000000F000000 "E:\Andre\téléchargements\windows-live-photo-gallery_16-4-3552_fr_124558.exe"=0x5341435001000000000000000700000028000000B09C4C0856434D0801000000000000000000030671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E2750200000000000100000001000000 "E:\Andre\téléchargements\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080413000BCD6300001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CC5B0000000000000100000001000000 "E:\Andre\bureau\adwcleaner_7.2.2.exe"=0x5341435001000000000000000700000028000000D02C710032B5710001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009DE50000000000000100000001000000 "E:\Andre\bureau\RogueKiller_setup.exe"=0x53414350010000000000000007000000280000003858310271C1310201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B4E14C00000000000100000001000000 "E:\Andre\bureau\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6439.exe"=0x534143500100000000000000070000002800000090BFEC04BFDBEC0401000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000F211500000000000100000001000000 "E:\Andre\bureau\TFC.exe"=0x534143500100000000000000070000002800000000D80600B99F070001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C1280100000000000100000001000000 "E:\Andre\bureau\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006F1F0000000000000300000003000000 "C:\Program Files\RogueKiller\unins000.exe"=0x534143500100000000000000070000002800000038320C00D6910C0003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000521C0000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D02C120069B3120003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A8610000000000000100000001000000 "E:\Andre\bureau\SFTGC.exe"=0x5341435001000000000000000700000028000000A43E10001F960A0001000000000000000000010671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A1230100000000000300000003000000 "SIGN.MEDIA=26128394 LOGICIELS PORTABLES\KeePass\KeePass.exe"=0x534143500100000000000000070000002800000050AE310017D0310001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E9AF2400000000000100000001000000 "E:\Andre\Documents\mes applications\slimjet\nzvigzteur\Slimjet\slimjet.exe"=0x53414350010000000000000007000000280000004099160047ED160001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000034E22B01000000000F0000000F000000 "E:\Andre\Documents\utilitaire\M ajour pilotes\dumo\dumo\DUMo.exe"=0x5341435001000000000000000700000028000000C0E81F0090A7200001000000000000000000000A61200000BFA2139DEDD1D3010000000000000000010000000400000001000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000200000000000000020000000000039930300000000000200000002000000 "E:\Andre\téléchargements\OperaSetup.exe"=0x5341435001000000000000000700000028000000101418003526180001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EB410000000000000100000001000000 "E:\Andre\Documents\extraire ici\Nouveau dossier\winx-youtube-downloader.exe"=0x5341435001000000000000000700000028000000185BB9011067B90101000000000000000000030600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002AAC0100000000000200000002000000 "C:\Program Files (x86)\Digiarty\WinX_YouTube_Downloader\WinX_YouTube_Downloader.exe"=0x534143500100000000000000070000002800000020135D007A955D0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000DD5D1100000000000B0000000B000000 "E:\Andre\Documents\extraire ici\4K\4kvideodownloader\4kvideodownloader.exe"=0x5341435001000000000000000700000028000000B01A46017275460101000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A5115200000000000400000004000000 "E:\Andre\bureau\FRST64.exe"=0x534143500100000000000000070000002800000000D02400FA78250001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000022300B00000000000100000001000000 "SIGN.MEDIA=B943C0 PortableApps.com\Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CA150000000000000200000002000000 "C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe"=0x5341435001000000000000000700000028000000C9A914000000000003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000825D0000000000000100000001000000 "C:\Program Files\7-Zip\Uninstall.exe"=0x5341435001000000000000000700000028000000003C00000000000003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E3380000000000000100000001000000 "C:\Program Files\SumatraPDF\uninstall.exe"=0x5341435001000000000000000700000028000000900A05009AB5050003000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AE390000000000000100000001000000 "C:\Program Files (x86)\Digiarty\WinX_YouTube_Downloader\unins000.exe"=0x534143500100000000000000070000002800000020FB1800297F190003000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000083960000000000000100000001000000 "E:\Andre\bureau\PortApps\PortableApps.com\Start.exe"=0x534143500100000000000000070000002800000040CF1500D688160001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000004D3EC00000000000A0000000A000000 "E:\Andre\Documents\extraire ici\sumatra\SumatraPDF-3.1.2-64-install.exe"=0x5341435001000000000000000700000028000000907A4F004A904F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EE360000000000000100000001000000 "E:\Andre\Documents\extraire ici\KeePass.exe"=0x534143500100000000000000070000002800000050AE310017D0310001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000054620000000000000100000001000000 "E:\Andre\téléchargements\flashplayer31_jd_install.exe"=0x5341435001000000000000000700000028000000F06112005DDE120001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000030A90000000000000100000001000000 "E:\Andre\Documents\mes applications\revouninstaller\revosetup (1).exe"=0x5341435001000000000000000700000028000000A8082800A0C6280001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DA300200000000000100000001000000 "C:\Program Files\7-Zip\7zG.exe"=0x534143500100000000000000070000002800000000CA08000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000F0D0000000000000100000001000000 "E:\Andre\Documents\mes applications\slimjet Port\nzvigzteur\Slimjet\slimjet.exe"=0x53414350010000000000000007000000280000004099160047ED160001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005908CA01000000007A0000007A000000 "E:\Andre\Documents\utilitaire\PatchMyPC.exe"=0x534143500100000000000000070000002800000020551B0099721B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A6141600000000000400000004000000 "E:\Andre\Documents\extraire ici\Nouveau dossier\Boom.exe"=0x5341435001000000000000000700000028000000004C25000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000098490400000000000200000002000000 "E:\Andre\Documents\extraire ici\Lecteur audio BOUM\Boom.exe"=0x5341435001000000000000000700000028000000004C25000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E26A0001000000000200000002000000 "E:\Andre\Documents\extraire ici\WIFI INSPECTOR\WiFiInspector-Setup-1-2-1-4.exe"=0x5341435001000000000000000700000028000000101D530113F5530101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A01D0200000000000100000001000000 "C:\Windows\System32\Fondue.exe"=0x534143500100000000000000070000002800000000B201000E16020001000000010000000000000A63220000BFA2139DEDD1D3010000000000000000 "E:\Andre\bureau\audio\Lecteur audio BOUM\Boom.exe"=0x5341435001000000000000000700000028000000004C25000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B1550000000000000100000001000000 "E:\Andre\Music\audio\Lecteur audio BOOM en port\Boom.exe"=0x5341435001000000000000000700000028000000004C25000000000001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000077E15200000000000800000008000000 "E:\Andre\Documents\extraire ici\hdsentinel_pro_setup.exe"=0x53414350010000000000000007000000280000008890720178F9720101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D3055801000000000100000001000000 "C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe"=0x534143500100000000000000070000002800000058485300AB31540001000000000000000000000A61220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AF020000000000000100000001000000 "E:\Andre\bureau\PortableApps\SpeedyFox 2.0.24.130_Portable.exe"=0x5341435001000000000000000700000028000000300A17003025170001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000613E0000000000000100000001000000 "E:\utilitaire\shellbag_analyzer_cleaner.exe"=0x534143500100000000000000070000002800000038C11A00704C1B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F2CF0000000000000700000007000000 "C:\Program Files (x86)\LibreOffice\program\swriter.exe"=0x5341435001000000000000000700000028000000683A01004073010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000803E0000000000000100000001000000 "E:\Andre\Documents\extraire ici\Double Driver\dd.exe"=0x534143500100000000000000070000002800000000C81A000000000001000000000000000000010671220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000FAC00E0000000000010000000100000000000000000000400000000000000000000000000000000013FC0000000000000100000000000000 "E:\Andre\Documents\extraire ici\procexp64.exe"=0x5341435001000000000000000700000028000000A8421600CFE0160001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BFDD0300000000000100000001000000 "E:\Andre\téléchargements\Windows ISO Downloader.exe"=0x5341435001000000000000000700000028000000E8493C00FC503C0001000000000000000000000A75200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B51A7201000000000100000001000000 "E:\Andre\Documents\extraire ici\DoroSetup.exe"=0x5341435001000000000000000700000028000000EACB05010000000001000000000000000000000A41220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000000B5A780A000000000100000001000000 "C:\Users\Andre\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEGAsyncSetup (1).exe"=0x5341435001000000000000000700000028000000F8F1BB0162B9BC0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C6CBB707000000000100000001000000 "E:\Andre\téléchargements\sjt7z_x86.exe"=0x534143500100000000000000070000002800000020FCE40237A4E50201000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000000000000000000000000000000000275F000000000000030000000200000000000000000000400000000000000000000000000000000018380000000000000100000000000000 "SIGN.MEDIA=298590 Windows7-USB-DVD-Download-Tool-Installer-en-US.exe"=0x534143500100000000000000070000002800000090852900E2D5290001000000000000000000010671020000BFA2139DEDD1D301000000000000000002000000500000000000000080010040000000000000000000000000000000005928000000000000010000000100000000000000800100000000000000000000000000000000000032290000000000000100000000000000 "E:\utilitaire\Speedyfox\SpeedyFox 2.0.25.135_Portable.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BC750000000000001000000010000000 "E:\Andre\Documents\mes applications\PortApps\PortableApps.com\PortableApps.com_Platform_Setup_15.0.paf.exe"=0x5341435001000000000000000700000028000000F846560004F6560001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000ABAC0000000000000100000001000000 "C:\Users\Andre\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\OneSafe_Driver_Manager (1).exe"=0x5341435001000000000000000700000028000000B05743002F8F430001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000008F0D0300000000000100000001000000 "C:\Program Files (x86)\OneSafe Driver Manager\unins000.exe"=0x5341435001000000000000000700000028000000C97312000000000003000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000002A470000000000000100000001000000 "E:\Andre\téléchargements\rsthosts_2.0.exe"=0x5341435001000000000000000700000028000000606505000000000001000000000000000000010671020000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000031D00000000000000100000001000000 "E:\Andre\bureau\DNS_CLEAN.exe"=0x534143500100000000000000070000002800000015E406000000000001000000000000000000030671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C00F0000000000000400000004000000 "E:\utilitaire\Nouveau dossier\DNS_CLEAN.exe"=0x534143500100000000000000070000002800000015E406000000000001000000000000000000030671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A00F0000000000000100000001000000 "E:\Andre\Documents\mes applications\PortApps\PortableApps.com\Documents\Pictures\SpeedyFox 2.0.25.135_Portable.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E55C0000000000000200000002000000 "E:\Andre\téléchargements\sauvegarde-facile.exe"=0x534143500100000000000000070000002800000088734B0106A04B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F532360D000000000100000001000000 "C:\Program Files (x86)\Emjysoft\Sauvegarde-Facile\Sauvegarde.exe"=0x5341435001000000000000000700000028000000D8D61B008CD51C0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005E687407000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\Documents\extraire ici\Speccy64.exe"=0x5341435001000000000000000700000028000000989A6C0074CD6C0001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000EB241100000000000100000001000000 "E:\Andre\téléchargements\Diag_portable64.exe"=0x534143500100000000000000070000002800000038F4F701EF50F80101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F85B6000000000000100000001000000 "E:\Andre\Documents\extraire ici\zedtv\zedtv.exe"=0x534143500100000000000000070000002800000000BC13004D11140001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A88F0B00000000000500000005000000 "E:\Andre\téléchargements\vlc-3.0.4-win64.exe"=0x5341435001000000000000000700000028000000400879026D56790201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000C4F60000000000000200000002000000 "E:\Andre\bureau\adwcleaner_7.2.5.0.exe"=0x5341435001000000000000000700000028000000D0B86F0004BD6F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DEC80000000000000100000001000000 "E:\Andre\bureau\JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B0001000000000000000000010671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E9590300000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileSyncConfig.exe"=0x53414350010000000000000007000000280000002031040026BC040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\Documents\mes applications\Fences\Fences3-sd-setup.exe"=0x534143500100000000000000070000002800000000F0C1009D27C20001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000081300100000000000200000002000000 "E:\Andre\Documents\mes applications\Nouveau dossier\SXCU.exe"=0x534143500100000000000000070000002800000000400900CC70090001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4380000000000000100000001000000 "E:\Andre\Documents\mes applications\PortApps\PortableApps.com\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe"=0x5341435001000000000000000700000028000000D0E10700053A080001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\Documents\extraire ici\captvty-2.7.9-autoextract.exe"=0x5341435001000000000000000700000028000000EC42A7000EAB020001000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DD670100000000000100000001000000 "E:\Andre\Documents\mes applications\note pad ++\npp.7.6.1.Installer.exe"=0x5341435001000000000000000700000028000000C0344200A6C4420001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000059830000000000000200000002000000 "SIGN.MEDIA=2EA0CEA Start.exe"=0x5341435001000000000000000700000028000000400F16003E1C160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F84CF000000000000B0000000B000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\utilitaire\Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000088420000000000000300000003000000 "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe"=0x53414350010000000000000007000000280000007088DC00A230DD0001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A9360800000000000D0000000D000000 "E:\Andre\bureau\Firefox Setup 64.0.exe"=0x5341435001000000000000000700000028000000A86FAE02973BAF0201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D6491800000000000100000001000000 "E:\Andre\téléchargements\BlueStacks_1918746013.exe"=0x5341435001000000000000000700000028000000C89025000000000001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000E7EAA00000000000100000001000000 "E:\Andre\bureau\adwcleaner_7.2.6.0.exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000 "E:\Andre\téléchargements\Firefox_Setup_64.0_64.exe"=0x5341435001000000000000000700000028000000A86FAE02973BAF0201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EA3D1900000000000100000001000000 "E:\utilitaire\PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000090580000000000000200000002000000 "SIGN.MEDIA=83A45BCA TeamViewer_Setup.exe"=0x5341435001000000000000000700000028000000D8925901EAC2590101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000064260000000000000100000001000000 "SIGN.MEDIA=34541F utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000026670000000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00A5500F0001000000000000000000000600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A90DAF00000000000B0000000B000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x534143500100000000000000070000002800000030E716001615170001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\bureau\mb3-setup-consumer-3.6.1.2711-1.0.519-1.0.8888.exe"=0x53414350010000000000000007000000280000001895EA04F900EB0401000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AA0A0E00000000000100000001000000 "E:\Andre\bureau\KVRT.exe"=0x5341435001000000000000000700000028000000287166095BFE660901000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000023EB0500000000000100000001000000 "SIGN.MEDIA=345228 utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000084E0500000000000100000001000000 "SIGN.MEDIA=26A148 utilitaire\2 Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000002F0000000000000400000004000000 "E:\Andre\Documents\mes applications\Nouveau dossier (2)\DuktoR6-Setup.exe"=0x5341435001000000000000000700000028000000CC9E78000000000001000000000000000000020600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000030410000000000000100000001000000 "E:\Andre\téléchargements\DriversCloud_Win.exe"=0x534143500100000000000000070000002800000030B503009AE5030001000000000000000000000671000000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000020D80000000000000100000001000000 "E:\Andre\téléchargements\Drivers_DESKTOP-6QT9I58.exe"=0x534143500100000000000000070000002800000048F61E00EB731F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000028930A00000000000100000001000000 "E:\Andre\téléchargements\DuktoR6-Setup.exe"=0x5341435001000000000000000700000028000000CC9E78000000000001000000000000000000020600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000383D0000000000000100000001000000 "C:\Program Files (x86)\Dukto\dukto.exe"=0x534143500100000000000000070000002800000000F208007F80090001000000000000000000020671200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FDE70700000000000300000003000000 "C:\Program Files\LibreOffice\program\soffice.exe"=0x534143500100000000000000070000002800000068580100A2F9010001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D2070300000000001100000011000000 "E:\Andre\bureau\DriverPack-17-Online.exe"=0x534143500100000000000000070000002800000010031000D8FA100001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006F221000000000000200000002000000 "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"=0x5341435001000000000000000700000028000000B86E0300E913040001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DD231A03000000003700000037000000 "C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"=0x5341435001000000000000000700000028000000B89E0600B666070001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003B241A03000000003700000037000000 "SIGN.MEDIA=34758E utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000077401300000000000100000001000000 "C:\Program Files\7-Zip\7zFM.exe"=0x5341435001000000000000000700000028000000003E0D000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000145D0000000000000200000002000000 "E:\Andre\Documents\mes applications\captvty Port\Captvty.exe"=0x5341435001000000000000000700000028000000000A3B000000000001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000062681300000000000300000003000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.012.0121.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308D04008E97040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\Documents\mes applications\Folder Painter\FolderPainter\FolderPainter.exe"=0x534143500100000000000000070000002800000068480B0027B80B0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000A420000000000000100000001000000 "SIGN.MEDIA=35864F utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000064FC0600000000000100000001000000 "SIGN.MEDIA=1AC138 utilitaire\4 shellbag_analyzer_cleaner\4shellbag_analyzer_cleaner.exe"=0x534143500100000000000000070000002800000038C11A00704C1B0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000007F750000000000000100000001000000 "E:\Andre\bureau\utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000044B05900000000000500000005000000 "E:\Andre\bureau\utilitaire\4 shellbag_analyzer_cleaner\4shellbag_analyzer_cleaner.exe"=0x534143500100000000000000070000002800000038C11A00704C1B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D0910000000000000300000003000000 "E:\Andre\bureau\utilitaire\2 Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006E270000000000000300000003000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AD5B0000000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AA0400777F050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\Documents\mes applications\Folder Painter\FolderPainter\FolderPainter_x64.exe"=0x534143500100000000000000070000002800000068F50D006A7E0E0001000000000000000000010600010000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000A5C0000000000000200000002000000 "C:\Program Files\FolderPainter\FolderPainter.exe"=0x534143500100000000000000070000002800000068F50D006A7E0E0001000000000000000000010600010000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008A1D0000000000000100000001000000 "SIGN.MEDIA=21F33997 belatout572.exe"=0x5341435001000000000000000700000028000000AE5C29000000000001000000000000000000000A41200000BFA2139DEDD1D3010000000000000000020000002800000000000000000800400000000000000000000000000000000040390000000000000100000001000000 "E:\Andre\Documents\mes applications\Hard Disk Sentinel\hdsentinel_pro_setup.exe"=0x5341435001000000000000000700000028000000284C9B011D249C0101000000000000000000010600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000030E2601000000000100000001000000 "E:\Andre\Documents\mes applications\PortApps\PortableApps.com\Start.exe"=0x5341435001000000000000000700000028000000481A16004673160001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000057819C03000000000500000005000000 "SIGN.MEDIA=35B60D utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000004E90E00000000000100000001000000 "SIGN.MEDIA=35B0E1 utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002F371000000000000100000001000000 "SIGN.MEDIA=F1B72 utilitaire\soft2base\soft2base.exe"=0x5341435001000000000000000700000028000000721B0F000000000001000000000000000000010671020000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000030A50200000000000200000002000000 "E:\Andre\bureau\utilitaire\soft2base\soft2base.exe"=0x5341435001000000000000000700000028000000721B0F000000000001000000000000000000010671020000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000511E0100000000000100000001000000 "E:\Andre\Music\audio\4kvideodownloader en port\4kvideodownloader\4kvideodownloader.exe"=0x5341435001000000000000000700000028000000306C7901BD3D7A0101000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000B789AE01000000000700000007000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.062.0331.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400AE33050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=21CDB60 thunderbird portable\ThunderbirdPortable_60.6.1_French.paf.exe"=0x534143500100000000000000070000002800000060DB1C02A3881D0201000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000020F56A02000000000A0000000A000000000000000000004000000000000000000000000000000000F2530200000000000100000000000000 "SIGN.MEDIA=54F89 thunderbird portable\ThunderbirdPortable\ThunderbirdPortable.exe"=0x534143500100000000000000070000002800000090B60200BE79030001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000C3AF500000000000180000000D00000000000000000000400000000000000000000000000000000091E71700000000000200000000000000 "E:\Andre\téléchargements\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D3A30300000000000200000002000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC04002A69050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "E:\Andre\bureau\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080752E00BF402F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BCA60400000000000100000001000000 "E:\Andre\bureau\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000801B30007D78300001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000001C490700000000000100000001000000 "E:\Andre\bureau\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EDA30400000000000200000002000000 "E:\Andre\téléchargements\TeamViewer_Setup.exe"=0x534143500100000000000000070000002800000008DA5B0134005C0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000630E0100000000000100000001000000 "E:\Andre\Music\audio\4kyoutubeomp3 en port\4kyoutubetomp3\4kyoutubetomp3.exe"=0x5341435001000000000000000700000028000000C07E60011112610101000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C5CB5700000000000200000002000000 "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x5341435001000000000000000700000028000000205DD302BEF4D30201000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000050000000000000000000004000000000000000000000000000000000B60FB203000000000500000005000000000000000000000000000000000000000000000000000000DFE63600000000000600000000000000 "E:\Andre\téléchargements\mb3-setup-consumer-3.7.1.2839-1.0.586-1.0.10774.exe"=0x53414350010000000000000007000000280000007000C9036872C90301000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000CD421C00000000000100000001000000 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000088D0C00ACE60C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000 "C:\Users\Andre\Desktop\RogueKiller_portable64.exe"=0x5341435001000000000000000700000028000000385C06027500070201000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009D091200000000000100000001000000 "C:\Users\Andre\Desktop\EmsisoftEmergencyKit.exe"=0x5341435001000000000000000700000028000000F0F7F11304DBF21301000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F4B50300000000000100000001000000 "C:\EEK\Start Emergency Kit Scanner.exe"=0x5341435001000000000000000700000028000000C02414002F29140001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000468C0900000000000100000001000000 "C:\Users\Andre\Desktop\soft2base.exe"=0x5341435001000000000000000700000028000000721B0F000000000001000000000000000000010671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FEE60800000000000100000001000000 "C:\Program Files (x86)\captvty\Captvty.exe"=0x5341435001000000000000000700000028000000001C3B000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000500000000000000020000060000000000000000000000000000000007B870E0000000000030000000300000000000000000000000000000000000000000000000000000070870000000000000100000000000000 "C:\Users\Andre\Desktop\hdtune_255.exe"=0x534143500100000000000000070000002800000048CE09000000000001000000000000000000000A41220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000008A125D00000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x534143500100000000000000070000002800000010390F005A03100001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E5060000000000000200000002000000 "C:\Program Files (x86)\HD Tune\HDTune.exe"=0x5341435001000000000000000700000028000000002006000000000001000000000000000000000671220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000EAE57401000000000200000002000000 "C:\Users\Andre\Desktop\JkDefrag_3.36_full.exe"=0x53414350010000000000000007000000280000000BED0E000000000001000000000000000000000A41220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000E17C0000000000000100000001000000 "C:\Program Files (x86)\JkDefrag\JkDefrag64.exe"=0x534143500100000000000000070000002800000000B403006CAF040001000000000000000000000673220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000038370100000000000100000001000000 "C:\Users\Andre\Music\audio\4kyoutubeomp3 en port\4kyoutubetomp3\4kyoutubetomp3.exe"=0x5341435001000000000000000700000028000000C07E60011112610101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000E780000000000000100000001000000 "C:\Users\Andre\Music\audio\4kvideodownloader en port\4kvideodownloader\4kvideodownloader.exe"=0x5341435001000000000000000700000028000000306C7901BD3D7A0101000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000005A6E0000000000000100000001000000 "C:\Users\Andre\Music\audio\Lecteur audio BOOM en port\Boom.exe"=0x5341435001000000000000000700000028000000004C25000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BE170000000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.070.0410.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060BC0400100C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "C:\Users\Andre\Desktop\Utilitaires\utilitaire\2 Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000006E5B0000000000000100000001000000 "C:\Users\Andre\Desktop\Utilitaires\utilitaire\3 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DEDC1800000000000200000002000000 "C:\Users\Andre\Desktop\DriverPack-17-Online.exe"=0x5341435001000000000000000700000028000000C09C5700A47B580001000000000000000000010600010000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B8250000000000000100000001000000 "C:\Users\Andre\AppData\Local\Programs\Opera\57.0.3098.91\opera.exe"=0x534143500100000000000000070000002800000058601800CDC0180001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=1F98C38 utilitaire\Ucheck\UCheck_portable64(1).exe"=0x5341435001000000000000000700000028000000388CF9015C03FA0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000058863B00000000000200000002000000 "SIGN.MEDIA=351399 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000032F40700000000000100000001000000 "SIGN.MEDIA=351000 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x5341435001000000000000000700000028000000204F1B001EF91B0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000AFED0600000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000704D5A01EF2E5B0101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000002050000000000000100000001000000 "SIGN.MEDIA=26A148 utilitaire\02 Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000D93101000000000004000000010000000000000000000040000000000000000000000000000000003A690000000000000200000000000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000 "C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"=0x5341435001000000000000000700000028000000B0BD0200C8B6030001000000000000000000000A73220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000086E53D06000000004A0000004A000000 "SIGN.MEDIA=1C2DCC utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000228F0300000000000100000001000000 "SIGN.MEDIA=1FA8A38 utilitaire\Ucheck\UCheck_portable64.exe"=0x5341435001000000000000000700000028000000388AFA0111C7FA0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CC491000000000000600000006000000 "SIGN.MEDIA=1C0CB8 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000006EAB0100000000000100000001000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.123.0624.0005\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000788C05000898050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000 "SIGN.MEDIA=1CD402 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000092321200000000000100000001000000 "SIGN.MEDIA=1CD550 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000BE911100000000000100000001000000 "SIGN.MEDIA=1CC0A8 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CE4B0000000000000100000001000000 "SIGN.MEDIA=1CCCBA utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F1670000000000000100000001000000 "SIGN.MEDIA=2E554CE Start.exe"=0x534143500100000000000000070000002800000000DC15000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000000B935F00000000000100000001000000 "SIGN.MEDIA=1CC94C utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000058C41400000000000100000001000000 "C:\Users\Andre\Documents\1 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000828C0300000000000500000005000000 "C:\Program Files (x86)\LibreOffice\program\soffice.exe"=0x5341435001000000000000000700000028000000684401002AF3010001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000047DD0200000000000100000001000000 "E:\1 utilitaire\ThunderbirdPortable_60.8.0_French.paf.exe"=0x5341435001000000000000000700000028000000905A1D02748D1D0201000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000027700500000000000100000001000000 "E:\1 utilitaire\ThunderbirdPortable\ThunderbirdPortable.exe"=0x534143500100000000000000070000002800000008AC02009C55030001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AB1B3700000000000400000004000000 "SIGN.MEDIA=2085038 utilitaire\Ucheck\UCheck_portable64.exe"=0x5341435001000000000000000700000028000000385008023170080201000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E4541100000000000400000004000000 "C:\Program Files\Mozilla Firefox\updater.exe"=0x534143500100000000000000070000002800000020080600F40C060001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000009B5E0000000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020CA08003FCF080001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.152.0801.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000789405000CF3050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "SIGN.MEDIA=2EA198E Start.exe"=0x5341435001000000000000000700000028000000500F1600BEFF160001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000020F7C900000000000200000002000000 "SIGN.MEDIA=1C9678 utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000200000000000000000000000000AC011900000000000100000001000000 "SIGN.MEDIA=1C94EA utilitaire\03 PatchMyPC\3 PatchMyPC.exe"=0x534143500100000000000000070000002800000048761B00554F1C0001000000000000000000000A75220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000FB2E0100000000000100000001000000 "C:\Users\Andre\Desktop\mes applications\doro\DoroSetup.exe"=0x5341435001000000000000000700000028000000CBDC05010000000001000000000000000000000A41220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000A17B3E02000000000100000001000000 "C:\Users\Andre\AppData\Local\Programs\Opera\launcher.exe"=0x534143500100000000000000070000002800000018321700EC47170001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F3D41700000000000800000008000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000884500004D460001000000010000000000000A63220000631F6E6F0EDED4010000000000000000 "C:\Users\Andre\Desktop\adwcleaner_7.4.1.exe"=0x5341435001000000000000000700000028000000C84E7400096F740001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000002F4A0200000000000200000002000000 "C:\Users\Andre\Desktop\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080B72F00F841300001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005DF71100000000000400000004000000 "C:\Users\Andre\Desktop\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080692E009B9A2E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000FAA11100000000000200000002000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000014D3890000000000010000000100000000000000000000400000000000000000000000000000000086010000000000000100000000000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000785416024476160201000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Andre\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078940500FFAD050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\Andre\Desktop\quickdiag_V5_10.09.19.1.exe"=0x534143500100000000000000070000002800000098094F009D3C4F0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000AF190E00000000000100000001000000 "SIGN.MEDIA=61D4A5B epson325814eu.exe"=0x5341435001000000000000000700000028000000008A2C010000000001000000000000000000010571000000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000008008000002000000280000000000000080080040000000000000000000000000000000007C220000000000000100000001000000 "C:\Users\Andre\Desktop\avastclear.exe"=0x534143500100000000000000070000002800000070BFA500C331A60001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BA510000000000000100000001000000 "C:\Users\Andre\Documents\1 utilitaire\Ucheck\UCheck_portable64.exe"=0x534143500100000000000000070000002800000038A20802F3F4080201000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000B8F20100000000000100000001000000 "C:\Users\Andre\Documents\1 utilitaire\02 Speedyfox\speedyfox.exe"=0x5341435001000000000000000700000028000000304016009ABD160001000000000000000000000A71220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000020000000000000000000000000049900000000000000100000001000000 "C:\Users\Andre\AppData\Local\Programs\Opera\assistant\assistant_installer.exe"=0x534143500100000000000000070000002800000018881700B378180001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Users\Andre\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098094F009D3C4F0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132115702580838322 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "DisableAntiSpyware"=0 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "ProductType"=2 "InstallTime"=0x301658157F78D201 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0\ "ProductStatus"=0 "OOBEInstallTime"=0xD936956A885ED501 "DisableAntiVirus"=0 "LastEnabledTime"=0x67138936885ED501 "ManagedDefenderProductType"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.209.238] avec 32 octets de donn?es?: R?ponse de 216.58.209.238?: octets=32 temps=30 ms TTL=54 R?ponse de 216.58.209.238?: octets=32 temps=29 ms TTL=54 R?ponse de 216.58.209.238?: octets=32 temps=29 ms TTL=54 R?ponse de 216.58.209.238?: octets=32 temps=28 ms TTL=54 Statistiques Ping pour 216.58.209.238: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 28ms, Maximum = 30ms, Moyenne = 29ms ---------- | @ [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "ImageStoreRandomFolder"=u5v6xf2 "OperationalData"=12 "FullScreen"=no "Start Page_TIMESTAMP"=0x05092E39D314D501 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x98784759A284D401 "IE10TourShown"=1 "IE10TourShownTime"=0xA7EEDB4F09F5D301 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2A0000002A0000007F03000082020000 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC200000028000000E203000080020000 "NotifyDownloadComplete"=yes "IE11EdgeNotifyTime"=0x81F8725CD314D501 "EdgeReminderRemainingCount"=4 "Start Page"=https://www.google.fr/ "IE10RunOncePerInstallCompleted"=1 "IE10RunOnceCompletionTime"=0xA7EEDB4F09F5D301 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x8FEB693F7B5ED501 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "LockDatabase"=131943530006896472 "Use FormSuggest"=yes "FormSuggest Passwords"=yes "GlobalUserOffline"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- C:\Users\Andre\AppData\Local\MEGAsync\ShellExtX64.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- C:\Users\Andre\AppData\Local\MEGAsync\ShellExtX64.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- C:\Users\Andre\AppData\Local\MEGAsync\ShellExtX64.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [19/03/2019 06:44:47] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0xA7EEDB4F09F5D301 "Version"=5 "UpgradeTime"=0xA7EEDB4F09F5D301 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.255 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_255.dll [HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.221.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.221.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 32.0.0.255 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_255.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll C:\Users\Andre\AppData\Roaming\Mozilla\Firefox\Profiles\1uv53l4i.default-1568557176165\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20190827005903"); user_pref("browser.startup.homepage_override.mstone", "69.0"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.blocklist.lastModified", "Fri, 13 Sep 2019 11:31:13 GMT"); user_pref("extensions.blocklist.pingCountTotal", 4); user_pref("extensions.blocklist.pingCountVersion", 4); user_pref("extensions.databaseSchema", 31); user_pref("extensions.getAddons.cache.lastUpdate", 1568776178); user_pref("extensions.getAddons.databaseSchema", 5); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20190827005903"); user_pref("extensions.lastAppVersion", "69.0"); user_pref("extensions.lastPlatformVersion", "69.0"); user_pref("extensions.pendingOperations", false); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.French-GC@grammalecte.net", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.addon@darkreader.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.brief@mozdev.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-KKzOGWgsW3Ao4Q@jetpack", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.uBlock0@raymondhill.net", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.webext@tabmixplus.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.worldwide@radio", true); user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"52dbd394-ff87-4aa8-aecd-caa9d18c6b00\",\"fxmonitor@mozilla.org\":\"8a2755cc-6733-4a86-87d5-dbb923a2c0e0\",\"screenshots@mozilla.org\":\"b922950b-3e46-46ac-9c93-1ed89a4c5e26\",\"webcompat-reporter@mozilla.org\":\"f851a080-1987-467e-b33c-31fef9352e93\",\"webcompat@mozilla.org\":\"a8b022c5-dd99-4384-b149-512845c5bc38\",\"default-theme@mozilla.org\":\"bda4282d-3f32-4038-86cc-2dfd68135a52\",\"google@search.mozilla.org\":\"c9b50daa-e470-48f4-86c8-2fa2f1cc6961\",\"bing@search.mozilla.org\":\"a486b491-d97d-4fcd-87cb-a8a65878e233\",\"amazon@search.mozilla.org\":\"dbd9c145-e815-4e66-b121-44c2b8e846ee\",\"ddg@search.mozilla.org\":\"97fedf0a-a588-4d45-85c0-205244540dc6\",\"ebay@search.mozilla.org\":\"11faf4cd-8726-4293-896b-00c6ab1d7eb0\",\"qwant@search.mozilla.org\":\"181985ce-c4ca-49ad-8681-c008f33bbb92\",\"wikipedia@search.mozilla.org\":\"d0034501-4979-442f-985c-a032a5b0d2ba\",\"worldwide@radio\":\"b1dad37b-bb6b-4ced-b1dc-8c3d5c61e236\",\"French-GC@grammalecte.net\":\"77b8ee49-396f-48af-9b41-5817b8ee36f6\",\"webext@tabmixplus.org\":\"3cb95850-ac9c-44d9-a685-c4d15c10c4cb\",\"uBlock0@raymondhill.net\":\"0251d873-6c23-4d9c-94a7-dcdeb357090a\",\"jid1-KKzOGWgsW3Ao4Q@jetpack\":\"940e7ec0-dd18-49ff-92ad-c9d865931d4a\",\"addon@darkreader.org\":\"4876ba73-4f91-4feb-96f1-51e2ce0b6090\",\"brief@mozdev.org\":\"651e9620-eae5-47ed-bc80-fd32a316173b\"}"); user_pref("services.sync.extension-storage.lastSync", "0"); [Profile0] - Name=default -> Profiles/1uv53l4i.default-1568557176165 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{11cc08be-a14d-4009-a62b-7d4b0ff9da2f}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{11cc08be-a14d-4009-a62b-7d4b0ff9da2f}] "NameServer"=1.1.1.1,1.0.0.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8bc7a2df-2fee-457e-8bdb-d11f3a044217}] "DhcpNameServer"=192.168.0.250 192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{11cc08be-a14d-4009-a62b-7d4b0ff9da2f}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{11cc08be-a14d-4009-a62b-7d4b0ff9da2f}] "NameServer"=1.1.1.1,1.0.0.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8bc7a2df-2fee-457e-8bdb-d11f3a044217}] "DhcpNameServer"=192.168.0.250 192.168.0.254 ---------- | Applications [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\Andre\AppData\Local\Programs\Opera\Launcher.exe" "%1" [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\Classes\Applications\Start.exe] : "E:\Start.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\SumatraPDF.exe] : "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %* [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SumatraPDF.exe] : "C:\Program Files\SumatraPDF\SumatraPDF.exe" "%1" %* [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc DevicePickerUserSvc ConsentUxUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\4kdownload.com] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\7-zip] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Adobe] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Akeo Consulting] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\AppDataLow] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\ASUS] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\AVAST Software] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\AvastAdSDK] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Avira] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Browser Cleanup] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Chromium] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\cks] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Clients] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\CompSoft] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\DRP] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Emjysoft] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\FlashPeak] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Google] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Intel] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\JavaSoft] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Licenses] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Macromedia] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Malwarebytes] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Mozilla] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\msec.it] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Opera Software] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Partition Assistant] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Piriform] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Policies] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\QtProject] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Realtek] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Slimjet] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Stardock] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Sysinternals] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\TeamViewer] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\The Document Foundation] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Thunderbird] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\VS Revo Group] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Wow6432Node] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\ZHP] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3749229121-239879379-510366881-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\ASUS] [HKLM\Software\Atheros] [HKLM\Software\AVAST Software] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\Emsisoft] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\ICEpower] [HKLM\Software\Intel] [HKLM\Software\IPS] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Khronos] [HKLM\Software\Knowles] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\Nahimic] [HKLM\Software\Nuance] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Oracle] [HKLM\Software\Partner] [HKLM\Software\Patch My PC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SonicFocus] [HKLM\Software\SoundResearch] [HKLM\Software\SRS Labs] [HKLM\Software\Stardock] [HKLM\Software\SumatraPDF] [HKLM\Software\sysinternals] [HKLM\Software\VideoLAN] [HKLM\Software\Volatile] [HKLM\Software\Waves Audio] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\Software\Yamaha APO] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AppDataLow] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\BlueStacksGP] [HKLM\Software\WOW6432Node\CompSoft] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\GPL Ghostscript] [HKLM\Software\WOW6432Node\HD Sentinel] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LibreOffice] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\SRS Labs] [HKLM\Software\WOW6432Node\Stardock] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\The Document Foundation] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [30/10/2015 09:24:24] - |SHD| - [34100063] - C:\$Recycle.Bin [MD5.D0691EDD57AFCCAB63E39C3E0C7BE4F3] - [25/06/2019 19:26:49] - |A| - (.-.) - [101] - (0.0.0.0) - C:\AiOLog.txt [MD5.30B9B13636DDD74EFE7C77AB120843F1] - [01/06/2018 19:13:43] - |H| - (.-.) - [1024] - (0.0.0.0) - C:\AMTAG.BIN [01/06/2018 19:24:09] - |HD| - [412494451] - C:\Aomei [24/03/2016 21:39:46] - |SHD| - [18470380] - C:\Boot [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [27/01/2017 10:46:16] - |SHD| - [516096] - C:\Config.Msi [MD5.7628BF9FC81B3B77D3AAFFB633801C31] - [09/11/2016 22:48:46] - |AH| - (.-.) - [11842] - (0.0.0.0) - C:\devlist.txt [27/01/2017 11:31:12] - |SHD| - [0] - C:\Documents and Settings [28/05/2019 00:47:53] - |D| - [700906202] - C:\EEK [10/11/2016 05:16:18] - |D| - [1458496875] - C:\eSupport [MD5.01224851F19C9423A1D7E06F44DBFB6A] - [09/11/2016 22:48:46] - |AH| - (.-.) - [9] - (0.0.0.0) - C:\Finish.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/05/2018 18:43:45] - |ASH| - (.-.) - [1676648448] - (0.0.0.0) - C:\hiberfil.sys [09/11/2016 21:34:51] - |HD| - [580429] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/11/2016 21:17:41] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys [19/03/2019 06:52:43] - |D| - [0] - C:\PerfLogs [19/03/2019 06:52:43] - |RD| - [4527949392] - C:\Program Files [19/03/2019 06:52:44] - |RD| - [1429449525] - C:\Program Files (x86) [19/03/2019 06:52:44] - |HD| - [1552856453] - C:\ProgramData [16/09/2019 11:29:42] - |D| - [500204] - C:\QuickDiag [MD5.09917E8F090DAA2C7DE4E6715C0EFD4D] - [18/09/2019 20:31:59] - |A| - (.-.) - [212234] - (0.0.0.0) - C:\QuickDiag.txt [24/03/2016 13:42:12] - |SHD| - [3947769229] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/11/2016 21:17:42] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [10/11/2016 04:55:29] - |SHD| - [0] - C:\System Volume Information [19/03/2019 06:37:22] - |RD| - [27546481457] - C:\Users [19/03/2019 06:37:22] - |D| - [23679098424] - C:\Windows [29/08/2019 19:09:17] - |D| - [7981251601] - C:\Windows.old ---------- | C:\WINDOWS [19/03/2019 06:52:44] - |D| - [802] - C:\WINDOWS\addins [19/03/2019 06:52:44] - |D| - [14445245] - C:\WINDOWS\appcompat [19/03/2019 06:52:44] - |D| - [8446546] - C:\WINDOWS\apppatch [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\AppReadiness [19/03/2019 06:52:43] - |RD| - [406626882] - C:\WINDOWS\assembly [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [27/01/2017 12:04:36] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [19/03/2019 06:52:44] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 06:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe [19/03/2019 06:52:44] - |D| - [39534311] - C:\WINDOWS\Boot [MD5.5D2059B3A10915370F4950C4759BEB06] - [29/08/2019 19:03:52] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [19/03/2019 06:52:44] - |D| - [2450424] - C:\WINDOWS\Branding [19/03/2019 06:37:22] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.0D0D6023DB4276D1FB3F7EDD8FB62C34] - [29/08/2019 18:21:51] - |A| - (.-.) - [9705] - (0.0.0.0) - C:\WINDOWS\comsetup.log [19/03/2019 06:52:44] - |D| - [33951637] - C:\WINDOWS\Containers [MD5.1F334AC7713E228137147CBFBB7BC9AA] - [19/03/2019 14:03:26] - |A| - (.-.) - [33951] - (0.0.0.0) - C:\WINDOWS\Core.xml [19/03/2019 06:52:44] - |D| - [11501377] - C:\WINDOWS\Cursors [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\debug [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [29/08/2019 18:36:27] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [19/03/2019 06:52:44] - |D| - [4293525] - C:\WINDOWS\diagnostics [19/03/2019 06:52:44] - |D| - [2074128] - C:\WINDOWS\DiagTrack [MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [29/08/2019 18:36:27] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [19/03/2019 14:00:40] - |D| - [0] - C:\WINDOWS\DigitalLocker [19/03/2019 06:52:44] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.9CF1BDC2527E51E2A3F7165AD582BABD] - [11/07/2019 17:12:35] - |A| - (.-.) - [2328] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG [MD5.9BA3629DA25EA41969AEBBD9B8E54655] - [19/03/2019 06:55:49] - |A| - (.-.) - [776] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [19/03/2019 06:52:44] - |HD| - [46472] - C:\WINDOWS\ELAMBKUP [19/03/2019 14:00:40] - |D| - [0] - C:\WINDOWS\en-US [MD5.9CFA2A65575B4313753BC52D268F7B85] - [12/09/2019 20:45:59] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4551352] - (10.0.18362.329) - C:\WINDOWS\explorer.exe [19/03/2019 06:52:44] - |RSD| - [433704468] - C:\WINDOWS\Fonts [19/03/2019 14:00:40] - |D| - [110592] - C:\WINDOWS\fr-FR [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [19/03/2019 06:52:44] - |D| - [53135467] - C:\WINDOWS\Globalization [19/03/2019 06:52:44] - |D| - [960276] - C:\WINDOWS\Help [MD5.7FE51A1679579DB427447CE8DFD8D47F] - [29/08/2019 18:52:21] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1059840] - (10.0.18362.267) - C:\WINDOWS\HelpPane.exe [MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 06:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe [19/03/2019 06:52:44] - |D| - [29869] - C:\WINDOWS\IdentityCRL [19/03/2019 06:52:44] - |D| - [28821950] - C:\WINDOWS\IME [19/03/2019 06:52:44] - |RD| - [9264248] - C:\WINDOWS\ImmersiveControlPanel [19/03/2019 06:50:07] - |D| - [66880002] - C:\WINDOWS\INF [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\InfusedApps [19/03/2019 06:52:44] - |D| - [38126462] - C:\WINDOWS\InputMethod [19/03/2019 06:52:44] - |SHD| - [1058036168] - C:\WINDOWS\Installer [19/03/2019 06:52:44] - |D| - [94304] - C:\WINDOWS\L2Schemas [19/03/2019 06:52:44] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\LiveKernelReports [19/03/2019 06:52:44] - |D| - [104856824] - C:\WINDOWS\Logs [19/03/2019 06:52:44] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 06:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [19/03/2019 06:52:43] - |RD| - [656521615] - C:\WINDOWS\Microsoft.NET [19/03/2019 06:52:44] - |D| - [3323] - C:\WINDOWS\Migration [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 06:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe [19/03/2019 14:02:18] - |D| - [199472] - C:\WINDOWS\OCR [19/03/2019 06:52:44] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [28/08/2019 20:46:08] - |DC| - [555603011] - C:\WINDOWS\Panther [19/03/2019 06:52:44] - |D| - [454137] - C:\WINDOWS\Performance [MD5.13292448419A3FDB17B9610006B4052B] - [27/01/2017 13:18:44] - |A| - (.-.) - [918804] - (0.0.0.0) - C:\WINDOWS\PFRO.log [19/03/2019 06:52:44] - |D| - [1136442] - C:\WINDOWS\PLA [19/03/2019 06:52:44] - |D| - [2908500] - C:\WINDOWS\PolicyDefinitions [29/08/2019 18:10:02] - |D| - [17021609] - C:\WINDOWS\Prefetch [19/03/2019 06:52:44] - |RD| - [1997092] - C:\WINDOWS\PrintDialog [19/03/2019 06:52:44] - |D| - [5940574] - C:\WINDOWS\Provisioning [MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 06:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe [19/03/2019 06:52:44] - |D| - [1117876] - C:\WINDOWS\Registration [19/03/2019 06:52:44] - |D| - [6488952] - C:\WINDOWS\rescache [19/03/2019 06:52:44] - |D| - [3871571] - C:\WINDOWS\Resources [19/03/2019 06:52:44] - |D| - [0] - C:\WINDOWS\SchCache [19/03/2019 06:52:44] - |D| - [122082] - C:\WINDOWS\schemas [19/03/2019 06:52:44] - |D| - [10414126] - C:\WINDOWS\security [29/08/2019 19:02:44] - |D| - [403982962] - C:\WINDOWS\ServiceProfiles [19/03/2019 06:52:44] - |D| - [4096] - C:\WINDOWS\ServiceState [19/03/2019 06:37:22] - |D| - [554965663] - C:\WINDOWS\servicing [19/03/2019 06:56:38] - |D| - [37627] - C:\WINDOWS\Setup [MD5.39C97A43EAEA98D3667DC66093DFF475] - [29/08/2019 18:14:44] - |A| - (.-.) - [21335] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/08/2019 18:14:44] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [19/03/2019 06:52:44] - |D| - [7052288] - C:\WINDOWS\ShellComponents [19/03/2019 06:52:44] - |D| - [56039936] - C:\WINDOWS\ShellExperiences [19/03/2019 06:52:44] - |D| - [3070736] - C:\WINDOWS\SKB [27/01/2017 11:31:32] - |D| - [389116342] - C:\WINDOWS\SoftwareDistribution [19/03/2019 06:52:44] - |D| - [86038209] - C:\WINDOWS\Speech [19/03/2019 06:52:44] - |D| - [63949381] - C:\WINDOWS\Speech_OneCore [MD5.DD8E5CAD821A7A4122D7FA0BF92512D6] - [29/08/2019 18:50:11] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132096] - (10.0.18362.239) - C:\WINDOWS\splwow64.exe [28/05/2019 01:11:41] - |D| - [106] - C:\WINDOWS\Sun [19/03/2019 06:52:44] - |D| - [1993343] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [16/07/2016 13:47:50] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [19/03/2019 06:37:22] - |D| - [6155805711] - C:\WINDOWS\System32 [19/03/2019 06:52:45] - |D| - [212055986] - C:\WINDOWS\SystemApps [19/03/2019 06:52:46] - |D| - [187195349] - C:\WINDOWS\SystemResources [19/03/2019 06:52:46] - |D| - [1376048269] - C:\WINDOWS\SysWOW64 [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\TAPI [16/07/2016 13:47:48] - |D| - [220] - C:\WINDOWS\Tasks [19/03/2019 06:52:46] - |D| - [1519808] - C:\WINDOWS\Temp [19/03/2019 06:52:46] - |D| - [13786112] - C:\WINDOWS\TextInput [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\tracing [19/03/2019 06:52:46] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 06:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [19/03/2019 06:52:46] - |D| - [12420] - C:\WINDOWS\Vss [19/03/2019 06:52:46] - |D| - [33146] - C:\WINDOWS\WaaS [19/03/2019 06:52:46] - |D| - [16568315] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [16/07/2016 13:47:50] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 06:44:30] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [03/07/2019 08:11:02] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 06:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe [19/03/2019 06:37:22] - |D| - [10539819835] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 06:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 06:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.B56E77E356E209E6C00A37755B5BB11D] - [09/06/2018 19:29:02] - |A| - (.-.) - [128] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\GPT.INI [09/06/2018 19:29:02] - |D| - [150] - C:\WINDOWS\System32\GroupPolicy\Machine [09/06/2018 19:29:02] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System [11/02/2019 11:58:35] - |A| - [935632] - C:\WINDOWS\System\Vb40016.dll (Copyright © 1987-1995 Microsoft Corp.) - (Visual Basic 4.0 runtime library) [11/02/2019 11:58:35] - |A| - [271264] - C:\WINDOWS\System\vbrun100.dll () - () [11/02/2019 11:58:35] - |A| - [356992] - C:\WINDOWS\System\vbrun200.dll (Copyright © 1987-1992 Microsoft Corp) - (Visual Basic 2.0 runtime library) [11/02/2019 11:58:35] - |A| - [398416] - C:\WINDOWS\System\Vbrun300.dll (Copyright © 1987-1993 Microsoft Corp) - (Visual Basic 3.0 runtime library) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [20/09/2016 17:08:28] - C:\WINDOWS\Installer\199e1c.msi : (swMSM - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/07/2019 08:21:42] - C:\WINDOWS\Installer\368d3100.msi : (Java SE Runtime Environment 8 Update 221 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/05/2019 12:14:28] - C:\WINDOWS\Installer\589eb908.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/05/2019 01:10:11] - C:\WINDOWS\Installer\81c005.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/10/2016 08:44:34] - C:\WINDOWS\Installer\ca76405.msi : ( - ASUS) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2018 06:30:28] - [53350400] - (.().-. - ()) - C:\WINDOWS\Installer\1232bd.msp [14/03/2019 11:49:28] - [8896512] - (.().-. - ()) - C:\WINDOWS\Installer\14d6758d.msp [27/01/2017 11:59:02] - [53345280] - (.().-. - ()) - C:\WINDOWS\Installer\199e0c.msp [30/11/2018 14:32:46] - [2023424] - (.().-. - ()) - C:\WINDOWS\Installer\211af217.msp [18/12/2018 10:47:34] - [9052160] - (.().-. - ()) - C:\WINDOWS\Installer\28fa01fc.msp [21/07/2011 12:34:34] - [3456000] - (.().-. - ()) - C:\WINDOWS\Installer\521824e7.msp [26/10/2011 23:23:32] - [8821760] - (.().-. - ()) - C:\WINDOWS\Installer\521824f3.msp [26/10/2011 23:22:30] - [1071616] - (.().-. - ()) - C:\WINDOWS\Installer\521824f4.msp [27/06/2013 22:13:14] - [40314880] - (.().-. - ()) - C:\WINDOWS\Installer\5218250c.msp [17/06/2015 15:23:30] - [432128] - (.().-. - ()) - C:\WINDOWS\Installer\52182514.msp [20/10/2018 15:19:32] - [2023424] - (.().-. - ()) - C:\WINDOWS\Installer\527c1c2.msp [20/10/2018 15:18:48] - [8818688] - (.().-. - ()) - C:\WINDOWS\Installer\527c1cc.msp [22/01/2019 17:39:00] - [7778304] - (.().-. - ()) - C:\WINDOWS\Installer\52b3c33.msp [13/09/2018 20:25:16] - [9035776] - (.().-. - ()) - C:\WINDOWS\Installer\56a8e19.msp [13/09/2018 20:24:58] - [5918720] - (.().-. - ()) - C:\WINDOWS\Installer\56a8e23.msp [06/09/2013 23:07:14] - [2347008] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf04.msp [06/09/2013 23:07:02] - [11534336] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf0e.msp [17/02/2015 17:43:42] - [8855552] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf1a.msp [17/02/2015 17:43:02] - [1053696] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf1b.msp [17/02/2015 17:37:22] - [746496] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf25.msp [16/07/2015 08:20:48] - [1110528] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf2f.msp [04/09/2015 23:32:46] - [5976064] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf39.msp [11/11/2015 09:58:48] - [758784] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf43.msp [17/05/2016 17:56:42] - [2978304] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf4d.msp [25/08/2017 12:21:18] - [5895168] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf57.msp [27/08/2017 11:25:28] - [638976] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf61.msp [26/03/2018 19:16:24] - [5918720] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf6b.msp [17/05/2018 12:40:20] - [7991296] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf75.msp [26/06/2018 12:38:18] - [761856] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf7f.msp [30/07/2018 16:13:26] - [9052160] - (.().-. - ()) - C:\WINDOWS\Installer\5815bf89.msp [16/01/2019 22:22:30] - [9031680] - (.().-. - ()) - C:\WINDOWS\Installer\611138e.msp [28/06/2011 21:21:32] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\656ac27.msp [20/10/2018 15:18:40] - [774144] - (.().-. - ()) - C:\WINDOWS\Installer\66ffe7af.msp [16/08/2019 10:08:46] - [9048064] - (.().-. - ()) - C:\WINDOWS\Installer\79d09fa.msp [16/08/2019 10:08:46] - [9048064] - (.().-. - ()) - C:\WINDOWS\Installer\79d09ff.msp [16/01/2019 17:07:25] - [53014528] - (.().-. - ()) - C:\WINDOWS\Installer\a608f57.msp [22/01/2019 17:38:42] - [8855552] - (.().-. - ()) - C:\WINDOWS\Installer\aa4cb65.msp ---------- | %System%\*.in* [19/03/2019 06:45:40] - [3329] - C:\WINDOWS\System32\ieuinit.inf [29/08/2019 18:26:43] - [1681870] - C:\WINDOWS\System32\PerfStringBackup.INI [19/03/2019 06:45:00] - [60124] - C:\WINDOWS\System32\tcpmon.ini [19/03/2019 06:44:30] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [19/03/2019 06:46:01] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [19/03/2019 06:45:19] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:44] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [30/08/2019 07:19:28] - [0 Ko] - C:\WINDOWS\Temp\1F71039A-4262-4409-852F-2EED4BC344F4-Sigs [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 06:38:39] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 06:38:39] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 06:38:39] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 06:38:39] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace [MD5.00000000000000000000000000000000] - |D| - [29/08/2019 18:14:45] - [501.49 Ko] - C:\WINDOWS\Temp\DPTF [MD5.D62C264CE1A8A15FEFFFE5ADF9725AC4] - |A| - [29/08/2019 18:37:38] - (.-.) - [140.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.9E6C91EF19DC0DB5135CD1856F7A7B04] - |A| - [30/08/2019 07:19:28] - (.-.) - [202.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.60F0E7CC9B68EB6CEB2AA63650B1821D] - |A| - [12/09/2019 21:52:02] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_23EA.tmp [MD5.7CAFE354BCCCBB021323B6AA8474A265] - |A| - [12/09/2019 21:51:13] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_629D.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b44.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b56.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b67.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b69.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b7b.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b8c.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358b8e.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358ba0.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358ba2.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bb4.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bb6.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bc7.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bd9.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bdb.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bed.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358bef.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358c00.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358c02.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 17:12:04] - [0 Ko] - C:\WINDOWS\Temp\tw-1390-1ea0-358c14.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a4de.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a55d.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a55f.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a571.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a582.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a584.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a596.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a598.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5aa.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5ac.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5bd.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5cf.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5d1.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5e3.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5e5.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5f6.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a5f8.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a60a.tmp [MD5.00000000000000000000000000000000] - |D| - [18/09/2019 07:17:01] - [0 Ko] - C:\WINDOWS\Temp\tw-15f4-177c-23a60c.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:02] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead490.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead4d1.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead4e2.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead4f4.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead4f6.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead508.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead529.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead52b.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead53c.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead54e.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead550.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead562.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead573.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead585.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead597.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead599.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead5aa.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead5bc.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 05:22:03] - [0 Ko] - C:\WINDOWS\Temp\tw-1904-29fc-bead5ed.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153947.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153988.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-15398a.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-15399b.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-1539bd.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-1539de.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-1539ff.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153a11.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153a32.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153a63.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153aa3.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153ac5.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153ac7.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153ad8.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153afa.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153ba7.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153bd8.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153c38.tmp [MD5.00000000000000000000000000000000] - |D| - [15/09/2019 16:36:46] - [0 Ko] - C:\WINDOWS\Temp\tw-1a0c-23b4-153c3a.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:09] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b61bb.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:09] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b61fc.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:09] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b620e.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:09] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b621f.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6240.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6252.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6264.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6275.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6287.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6299.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b62ba.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b62cb.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b630c.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b633d.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b635e.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b638f.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b63a1.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b63c2.tmp [MD5.00000000000000000000000000000000] - |D| - [16/09/2019 09:02:10] - [0 Ko] - C:\WINDOWS\Temp\tw-2468-2780-39b6412.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6ced.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d2e.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d30.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d42.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d53.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d65.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6d96.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6da7.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6db9.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6dbb.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6dcd.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6dde.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6de0.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6df2.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6e13.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6e44.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6e56.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6e67.tmp [MD5.00000000000000000000000000000000] - |D| - [17/09/2019 07:13:42] - [0 Ko] - C:\WINDOWS\Temp\tw-25e0-27e0-85e6e79.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5eb1.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5f21.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5f42.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5f54.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5f94.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb5fe4.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb6006.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb6046.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb6067.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb60c7.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb60e8.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:48] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb610a.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb615a.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb617b.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb61db.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb61fc.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb620e.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb62ac.tmp [MD5.00000000000000000000000000000000] - |D| - [12/09/2019 17:43:49] - [0 Ko] - C:\WINDOWS\Temp\tw-e90-1f68-6eb62dd.tmp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 06:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 06:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 06:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 06:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png [MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 06:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png [MD5.5878B3819063DB00389C245D7E326449] - |A| - [09/02/2019 00:53:16] - (.-.) - [115.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll [MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 06:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2751.51 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 06:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2710.82 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [355.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\as-IN [MD5.EAADE8EC057AE5BAAC6C17A9C846D19C] - |A| - [25/06/2018 23:23:56] - (.-.) - [58.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ASGCoInstaller_x64.dll [MD5.64A2A17060F7F72BBCA4D67A49CBD6D0] - |A| - [09/02/2019 00:53:17] - (.-.) - [102.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 06:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [348 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 06:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5783.46 Ko] - C:\WINDOWS\System32\Boot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\bs-Latn-BA [MD5.FBE9848441B8F21158694F4285488582] - |A| - [12/08/2015 05:28:08] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [213.1 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll [MD5.01C1FE0B937AFDB4687FD50DCAEAC5D0] - |A| - [12/08/2015 05:28:08] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [212.62 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll [MD5.D1A5BB0487B547E71961218A17F32DED] - |A| - [12/08/2015 05:28:08] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [46.6 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US [MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 06:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [75802.76 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45662.37 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [11.19 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.64430E214B5B229D426D2D35538C402D] - |A| - [30/11/2016 02:56:14] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [370 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.B37ED55D2C524E799A5DE853FAD417FD] - |A| - [09/02/2019 00:53:18] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.41 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [244791.4 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.FDCF1790F100879ADF8F8684018FAAC0] - |A| - [12/09/2019 20:46:36] - (.-.) - [232.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [30/11/2016 02:56:14] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [405.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.2419907A0BB9A14F1871F0BDA7F65578] - |A| - [29/08/2019 18:52:18] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.6E36F79B04FBFB48836B1BCC6A4A3CCA] - |A| - [13/11/2015 05:40:46] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [401.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.B3E4FEC7C8AD9291722B49D0D63E6550] - |A| - [12/09/2019 20:46:03] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [26/07/2017 20:00:21] - [13172.75 Ko] - C:\WINDOWS\System32\DAX2 [MD5.00000000000000000000000000000000] - |D| - [09/02/2019 00:58:04] - [9056.75 Ko] - C:\WINDOWS\System32\DAX3 [MD5.4D35A29FD2E9D54239E43E0731B1BBD3] - |A| - [09/02/2019 00:53:19] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1508.02 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOProp.dll [MD5.AD23A86B6E1EEFA83EB23B54688B885C] - |A| - [09/02/2019 00:53:19] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.19 Ko] - (1.1.7.13) - C:\WINDOWS\System32\DAX3APOv251.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [277.94 Ko] - C:\WINDOWS\System32\DDFs [MD5.8A9446288F74FF030CED32FA425A2525] - |A| - [09/02/2019 00:53:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.71 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll [MD5.8FFC961632FB16E8E16ACD03F0C5D4C4] - |A| - [09/02/2019 00:53:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [308.54 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll [MD5.F2CEC5B6A4B68E3F774FA080C4B908AD] - |A| - [09/02/2019 00:53:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.13 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll [MD5.6F9B8C197093D4D02CF34999FBD7D8AD] - |A| - [09/02/2019 00:53:19] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.06 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll [MD5.600127C05D8A4B3066BAAC46993A783E] - |A| - [09/02/2019 00:53:20] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.17 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll [MD5.3610633E944668A9DB6716D1CAF828F8] - |A| - [09/02/2019 00:53:20] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [358.96 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll [MD5.436EB9BB12CD293B7293EAF3677B398A] - |A| - [09/02/2019 00:53:20] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.26 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll [MD5.9AFBA0AB7A0138A174840EB4C2828568] - |A| - [09/02/2019 00:53:20] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6123.2 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [456 Ko] - C:\WINDOWS\System32\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 06:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [19/03/2019 06:49:38] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 06:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 06:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 06:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [914.5 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 06:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [9441.31 Ko] - C:\WINDOWS\System32\Dism [MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [30/11/2016 02:56:14] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.5E129D123422DCF2CD210FAEFA966007] - |A| - [09/02/2019 00:53:20] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1414.78 Ko] - (1.1.5.3) - C:\WINDOWS\System32\DolbyAPOv251gm.dll [MD5.6E1528AAE4F0FFB078C336E66E68B240] - |A| - [09/02/2019 00:53:21] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1137.29 Ko] - (1.6.1.2) - C:\WINDOWS\System32\DolbyAPOvlldpgm.dll [MD5.CCC486EA51FC8B80DB8167AA0E51C7FE] - |A| - [09/02/2019 00:53:21] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1131.98 Ko] - (0.8.4.32) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll [MD5.D54B0EE45951697B7B461782D7320669] - |A| - [09/02/2019 00:53:21] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2387.35 Ko] - (0.8.4.32) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll [MD5.CC76B7F7079919642E5444F5599F5EB2] - |A| - [09/02/2019 00:53:21] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.64 Ko] - (0.8.4.32) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll [MD5.23DBCC1F4C94B7DEB60320104D4A962C] - |A| - [09/02/2019 00:53:21] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.16 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2420.63 Ko] - C:\WINDOWS\System32\downlevel [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:51:55] - [154754.68 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\DriverState [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [2130366.74 Ko] - C:\WINDOWS\System32\DriverStore [MD5.8D220B2451DFE2E17A95212D8E0C7B2E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth1.bin [MD5.13318050805A1AC2D4A4C534887AB007] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth10.bin [MD5.54A4D2752B62FFE8A98E588DB906E799] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth11.bin [MD5.FA7D32EB423DAC57B0AE079CCA87DE7A] - |A| - [19/03/2019 06:45:34] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth12.bin [MD5.3570691E603B87CC41363341E8348904] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth2.bin [MD5.DF7C0D8374183AB5CA91C1204CA91A0B] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth3.bin [MD5.46F4C31CFE6F93F9CA045DF5C1E23752] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth4.bin [MD5.A88FC6AF11F7E33395C51F9D979FFDFB] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth5.bin [MD5.91B60C6DB00407A19FB7B16C15C3B07E] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth6.bin [MD5.8F40E6DF99054EF4DF58281867B404B3] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth7.bin [MD5.681F63EA513534AFC3A881CF81D65DEF] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth8.bin [MD5.F0259D2CCAC0734A7E83CD875179A6A8] - |A| - [19/03/2019 06:45:32] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth9.bin [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.76ADAD4DFFACC7B3A37B8F91FAED0CAB] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [733.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll [MD5.9749C5D480F276EAEB25AF2B07BA26F8] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS Boost COM DLL.) - [1480.7 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll [MD5.269C280DE856AB731E128592B7739F2E] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [438.05 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll [MD5.81145568E6FE7B03463201DCE6EE5E69] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS GFX APO.) - [255.08 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll [MD5.FADFA560F160D310C5FCB4D1EDC43578] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS GFX APO.) - [254.08 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll [MD5.B57FE13514868F0772565FB098D61ADF] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS LFX APO.) - [255.05 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll [MD5.121EB389D92AF13E9E9A0A5ED2047D0B] - |A| - [09/02/2019 00:53:21] - (.(c) DTS. - DTS Limiter COM DLL.) - [442.09 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll [MD5.EC47E4D82C7EEA2E9C1D5B53F9FAD7E5] - |A| - [09/02/2019 00:53:22] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [499.62 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll [MD5.BE03C36ADCC56B4E300BDDEFBBA72928] - |A| - [09/02/2019 00:53:22] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1560.9 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll [MD5.CC1508049F2D49A86900D5AAB21968CA] - |A| - [09/02/2019 00:53:22] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1746.02 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll [MD5.CC7BC01CFBF16C9BED362D1563C9E0C6] - |A| - [09/02/2019 00:53:22] - (.(c) DTS. - DTS Symmetry COM DLL.) - [717.52 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll [MD5.E8E9A1990F9D82C0EC91A7BC602ED015] - |A| - [13/11/2015 05:41:36] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll [MD5.D3AD18D9DC534A11BECCB4CAB99A8471] - |A| - [13/11/2015 05:41:38] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll [MD5.913220CE87F10E56B81D6A4BBF9C881B] - |A| - [13/11/2015 05:41:40] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll [MD5.D251BBD46278ACAE536D07E4A212BD38] - |A| - [09/02/2019 00:53:22] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [698.84 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll [MD5.2AC58918336D59AAAB91DBDB97FB3182] - |A| - [19/03/2019 06:44:30] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 06:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 06:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 06:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [461 Ko] - C:\WINDOWS\System32\el-GR [MD5.A3418EB9A210CE33956A00B6DE97A434] - |A| - [26/07/2017 20:13:53] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [326 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1651.53 Ko] - C:\WINDOWS\System32\en-US [MD5.68C2EA653231A0DF6630E034712CB06A] - |A| - [20/02/2019 20:55:50] - (.-.) - [40.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\energy-report.html [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [436 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [320 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\eu-ES [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [16908.14 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\fa-IR [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 06:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [406.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\fil-PH [MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [30/11/2016 02:56:14] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv [MD5.A5DC5CAEFDF125BC9EEC0363CEF711BA] - |A| - [29/08/2019 18:10:14] - (.-.) - [451.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:40] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [371.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [46595.75 Ko] - C:\WINDOWS\System32\fr-FR [MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 06:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ga-IE [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 06:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gd-GB [MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config [MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [30/11/2016 02:56:14] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/07/2017 19:59:59] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gl-ES [MD5.00000000000000000000000000000000] - |HD| - [18/03/2017 23:03:29] - [0.27 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ha-Latn-NG [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.47C041DBC578D070F48A24F4D83D419A] - |A| - [09/02/2019 00:53:22] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.71 Ko] - (1.2.0.0) - C:\WINDOWS\System32\HarmanAudioInterface.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [329.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 06:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\hi-IN [MD5.3FA88336D2F0FEE4A8C63FD63F39EFEF] - |A| - [09/02/2019 00:53:26] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.48 Ko] - (0.8.4.82) - C:\WINDOWS\System32\HiFiDAX2API.dll [MD5.71552556693294569854795AFEA57169] - |A| - [09/02/2019 00:53:26] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [396.89 Ko] - (1.6.1.53) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll [MD5.9AACF7D4C0FBF6D7EEA2D6CEADB1C1B2] - |A| - [09/02/2019 00:53:26] - (.© Harman. - Audio by Harman APO.) - [351.86 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMClariFi.dll [MD5.093E042F5886F545EDF0D5D972DBA584] - |A| - [09/02/2019 00:53:26] - (.© Harman. - Audio by Harman APO.) - [186.42 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ.dll [MD5.2B2472C5AF66647959BDC5A92169EB8B] - |A| - [09/02/2019 00:53:26] - (.© Harman. - Audio by Harman APO.) - [186.42 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ_Voice.dll [MD5.E6C467E08DB9A9D41F9150F850F1C8A3] - |A| - [09/02/2019 00:53:26] - (.© Harman. - Audio by Harman APO.) - [199.02 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMHVS.dll [MD5.8ED57EA6D16088934EC1CD7660E1F8E0] - |A| - [09/02/2019 00:53:26] - (.© Harman. - Audio by Harman APO.) - [175.35 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMLimiter.dll [MD5.81BCEF14E1036B60B4EBB1A5F59000C8] - |A| - [09/02/2019 00:53:27] - (.?Harman. - Audio by Harman APO UI.) - [406.71 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMUI.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [337 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [413.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 06:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:58] - [158.57 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.3B51E805B3E6138EAAF9E76F04BE775E] - |A| - [09/02/2019 00:53:27] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO.) - [697.68 Ko] - (1.0.0.32) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.D1F330F8E82D009A79EA9BBC8D43FEAD] - |A| - [09/02/2019 00:53:27] - (.-.) - [165.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ICEsoundService.bin [MD5.B8E3FDF73A0B9B382EDC9B2FCC7CE2D8] - |A| - [09/02/2019 00:53:27] - (.Copyright (c) 2018, ICEpower a/s - ICEpower ICEsound APO service.) - [472.47 Ko] - (1.0.0.32) - C:\WINDOWS\System32\ICEsoundService64.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.2E977573411A099BD0213832B7442F0E] - |A| - [29/08/2019 18:50:36] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icu.dll [MD5.D2A4919E61E99157AD2DE994795C0F83] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.003EEDD728E2952E23DB9F6516B9194A] - |RA| - [19/03/2019 06:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ig-NG [MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [30/11/2016 02:56:18] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin [MD5.B00A94D06A20B9B7382818E169613E9E] - |A| - [30/11/2016 22:56:42] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll [MD5.7ACB75AA480D7F81A01C74241C866F4F] - |A| - [30/11/2016 22:56:18] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.51 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll [MD5.81583957ADAE0BD3B7E416C160C40E07] - |A| - [30/11/2016 22:56:50] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.7 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll [MD5.EF9390A03B2BDE2E6A24C71BEB5748F3] - |A| - [30/11/2016 22:56:22] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl [MD5.C3944847462CBEFAE479C31D938C1491] - |A| - [30/11/2016 22:56:32] - (.-.) - [101.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll [MD5.B96A6C8002F307BCC2D35F9CD4DA287F] - |A| - [30/11/2016 22:56:38] - (.-.) - [82.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll [MD5.B9F6958F071CC397BAF2A93F4993429D] - |A| - [30/11/2016 22:56:40] - (.-.) - [93.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll [MD5.2452E415E1D8A64E26D7970EC882BC56] - |A| - [30/11/2016 22:56:46] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll [MD5.56A686346BD2B62A28DE9E30E85F67A2] - |A| - [30/11/2016 22:56:48] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll [MD5.D6919CD2FA3C0C794A062D3D266C8930] - |A| - [30/11/2016 22:56:58] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll [MD5.2CD34AA6E9E3CBAFF25A9DB933FDD4EF] - |A| - [30/11/2016 22:57:00] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll [MD5.849D49E4FE8FE71DA638E87FBF8C3CF9] - |A| - [30/11/2016 22:57:18] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll [MD5.014908E8B2E69BA6F1DED6897FCC7985] - |A| - [30/11/2016 22:57:24] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll [MD5.7136416D6203AABE347B418646B49359] - |A| - [30/11/2016 22:57:32] - (.-.) - [1002.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe [MD5.B698EBBAC77D6E698F5550746F3E9A7D] - |A| - [30/11/2016 22:57:36] - (.-.) - [98.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll [MD5.3F97F0FE00548B1B271B2D9B5E769C00] - |A| - [30/11/2016 22:57:42] - (.-.) - [109.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll [MD5.63C36E3D97A3EA6B3A89B6075BD77925] - |A| - [30/11/2016 22:57:46] - (.-.) - [392.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe [MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [30/11/2016 02:56:20] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa [MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [30/11/2016 02:56:20] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp [MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp [MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [30/11/2016 02:56:20] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp [MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [30/11/2016 02:56:20] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp [MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [30/11/2016 02:56:20] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp [MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp [MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [30/11/2016 02:56:20] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp [MD5.43B54B93E36AD6D5842C33697D5B3F47] - |A| - [30/11/2016 02:56:20] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp [MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 06:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [30/11/2016 02:56:20] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [25976.29 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6775 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.72652EDC712584F93088238767533BBC] - |A| - [30/11/2016 22:58:02] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe [MD5.EE5C284485228230494662C005FE51D7] - |A| - [30/11/2016 22:59:00] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.51 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\is-IS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [435 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [325.09 Ko] - C:\WINDOWS\System32\ja-jp [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ka-GE [MD5.B98B06ECB66ECC6D14A15B48BC946293] - |A| - [13/11/2015 05:42:04] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [532.61 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [298 Ko] - C:\WINDOWS\System32\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ky-KG [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 06:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 06:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\lb-LU [MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 14:01:40] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [29504.98 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [90761.03 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:25] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7B93274118A63BD344A9D1EF16E8BC07] - |A| - [13/11/2015 05:42:14] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.81 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll [MD5.BECDAD4C1C94A9B9BA05F37B1FB1B2B3] - |A| - [13/11/2015 05:42:16] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll [MD5.72919EBA2781CFAEB31D3AB88C839B29] - |A| - [13/11/2015 05:42:20] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll [MD5.D3E7FBE176CF946E2E0A5E510EF68FA4] - |A| - [13/11/2015 05:42:22] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll [MD5.260D680A36F70A83E6DAAC5A853D3BBF] - |A| - [13/11/2015 05:42:28] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll [MD5.83AF248E17E4404C81BECF7BD0F2957E] - |A| - [13/11/2015 05:42:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll [MD5.EBC11DFBC65059C86EC6F5C9288E4E52] - |A| - [13/11/2015 05:33:18] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll [MD5.B8FE8FB6BCA82D3C3AC4A21C863EC308] - |A| - [13/11/2015 05:33:20] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll [MD5.58F741FA35B4BEDECE6DAFE28F84F1AD] - |A| - [13/11/2015 05:33:32] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll [MD5.00CD2DBCD7EF5070477303DC2A10D7C7] - |A| - [13/11/2015 05:33:38] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1291.66 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll [MD5.A386D37F0486627D6B06EDC5B4CC90A0] - |A| - [13/11/2015 05:42:34] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll [MD5.FAF12A2B74452B693FA0C181A610C930] - |A| - [13/11/2015 05:42:44] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll [MD5.E4F5ABC0208430DBCFAAEF7ED3E3279B] - |A| - [13/11/2015 05:43:02] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.15 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll [MD5.BD74403916E651ADCC5D45790AAFFF7D] - |A| - [13/11/2015 05:43:02] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.8 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll [MD5.F53CAB05B340E9C28028764995BC1071] - |A| - [19/03/2019 06:45:05] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 06:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:39] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mn-MN [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mr-IN [MD5.00000000000000000000000000000000] - |D| - [27/01/2017 12:54:39] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4244.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.B593078DA4CB80F93284822C2C4D6A66] - |A| - [13/11/2015 05:43:34] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll [MD5.1E991E442FF9FB0A1650D9B4B0A90053] - |A| - [13/11/2015 05:33:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll [MD5.196C639170EB52452DD33295114A0175] - |A| - [13/11/2015 05:43:42] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5639.3 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll [MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 06:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [396.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [640 Ko] - C:\WINDOWS\System32\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ne-NP [MD5.CB295EF15482AB73581577EA5F362D7B] - |A| - [26/07/2017 19:56:05] - (.-.) - [144.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 06:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [431.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.2145E8D9F059A01AD670A8A0FE3B74BF] - |A| - [19/03/2019 14:02:58] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [14682.07 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:01:40] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\or-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 06:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\pa-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1728.68 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.95CB6CEED48FCC96B5917B11E5ED9F74] - |A| - [19/03/2019 06:55:38] - (.-.) - [123.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.18DB68B31B007EBB9FA2EF40BFAE5F25] - |A| - [19/03/2019 14:00:42] - (.-.) - [139.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [19/03/2019 06:55:38] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [19/03/2019 14:00:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.6850A268272E27360180D418BCD7599A] - |A| - [19/03/2019 06:55:38] - (.-.) - [652.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.E2B489B910C599973D094D24783C1841] - |A| - [19/03/2019 14:00:42] - (.-.) - [740.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.5E4571F107D334D239353B39360BB1C2] - |A| - [29/08/2019 18:26:43] - (.-.) - [1642.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 06:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [430 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [448 Ko] - C:\WINDOWS\System32\PointOfService [MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 06:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\prs-AF [MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 06:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [424 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [426.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\quz-PE [MD5.D72F1AE3A83B3DBD98B8A0C6F5CF8DA9] - |A| - [09/02/2019 00:53:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.45 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll [MD5.971F3D10257D3A62FC2A684EC1A3D333] - |A| - [09/02/2019 00:53:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.62 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll [MD5.ABC431F8F65B4C284B3652D37E63BCB3] - |A| - [09/02/2019 00:53:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [88.02 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll [MD5.43FA09EB8001A94D0C828B82824B5576] - |A| - [09/02/2019 00:53:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.62 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll [MD5.9B2841F32647D26D9C774820DF4F347A] - |A| - [09/02/2019 00:53:28] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.19 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.2210F24EDC6E80B1D311B2C3641DE9FA] - |A| - [29/08/2019 18:52:43] - (.-.) - [1983.5 Ko] - (1.0.1907.17001) - C:\WINDOWS\System32\rdpnano.dll [MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 06:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [2.17 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.093F9EE0C00B452996E7837F1D7165E5] - |A| - [29/08/2019 18:52:10] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 06:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 06:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 06:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.CA93E5150B1D950B188E739ABF3A3C18] - |A| - [09/02/2019 00:53:36] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [319.56 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll [MD5.D7998722BEB33E63D5EC1E79209201FC] - |A| - [09/02/2019 00:53:36] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [319.56 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll [MD5.7139BD44489D202712B4031B5288F0CA] - |A| - [08/07/2015 09:27:46] - (.Copyright (C) 2014 - RtCRX.) - [89.75 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll [MD5.6874C99DCC8DD86485995C0176D4497A] - |A| - [09/02/2019 00:53:37] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [215.19 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll [MD5.2BFB425F06498EE5D0D270209BA0E121] - |A| - [09/02/2019 00:53:37] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [91.66 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll [MD5.22B51F7E5B19A74089841FD497E49D06] - |A| - [09/02/2019 00:53:37] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [113.77 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll [MD5.753387165355DA219CCE3A85CA4C0923] - |A| - [09/02/2019 00:53:37] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [383.63 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll [MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 06:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\rw-RW [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 06:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sd-Arab-PK [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 06:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.93C5E720D1D582D68382BA756FA1E19C] - |A| - [09/02/2019 00:53:39] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.21 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll [MD5.829B4E2F1E187B6AFF9A23214EEF54CF] - |A| - [09/02/2019 00:53:39] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.75 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll [MD5.EEB8A5006D7C0004CA80B960711182B5] - |A| - [09/02/2019 00:53:40] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.45 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll [MD5.7C8C9F775742CE66B5ADB8A92DA7E289] - |A| - [09/02/2019 00:53:40] - (.Copyright (C) 2018 DTS, Inc. - DTS Universal APO DLL.) - [971.34 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sl3apo64.dll [MD5.F89136D33C26A4ACD00A9031E8AD5AA0] - |A| - [09/02/2019 00:53:40] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Controller DLL.) - [3337.87 Ko] - (3.5.17.0) - C:\WINDOWS\System32\slcnt64.dll [MD5.00000000000000000000000000000000] - |D| - [29/08/2019 18:10:20] - [12092.72 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.1B87BC5154E33F95B4CBAD0276D64C0A] - |A| - [09/02/2019 00:53:40] - (.TODO: (c) . - TODO: .) - [260.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll [MD5.2BF8AEBEA0EDFEFC9C93AA0ECED6F1EC] - |A| - [09/02/2019 00:53:40] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Technology DLL.) - [3055.44 Ko] - (3.5.17.0) - C:\WINDOWS\System32\sltech64.dll [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 06:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:37:22] - [13377.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 06:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 06:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 06:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [7558.3 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [12411.23 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [54292.93 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5940.09 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [23.61 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sq-AL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [339 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.C54120A86FB235AEBFC2D37BE7B008FC] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.17 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll [MD5.BA82B6179BC3CBEEAC4A7CE4C42E4180] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.12 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll [MD5.6BD18E120CD9265A1542E0D9B63F5C68] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.43 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [29/08/2019 18:52:43] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.80F7B2000376DA9804E3A28B211A29AE] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.47 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll [MD5.1D603AE811B0918AE1336AEB30C41560] - |A| - [09/02/2019 00:53:41] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [213.12 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll [MD5.F761E3F90B797B41B9089333E7612374] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [225.26 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll [MD5.256068DD38F4D7AAAA6A5501DE7327B8] - |A| - [09/02/2019 00:53:41] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [528.4 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll [MD5.9A91256B1FC14EC1294E250516684632] - |A| - [09/02/2019 00:53:41] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [170.8 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [68120 Ko] - C:\WINDOWS\System32\sru [MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 06:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [403.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:43] - [1389.12 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [939.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 06:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [651.74 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [611.52 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 06:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\te-IN [MD5.364B8B76EBB95762632341E49F26144D] - |A| - [29/08/2019 18:50:34] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [310.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tn-ZA [MD5.7651C8963B940D4C3803629A696F7784] - |A| - [09/02/2019 00:53:41] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [832.13 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tosasfapo64.dll [MD5.FB350F1FD40E4E97899E4078661B656C] - |A| - [09/02/2019 00:53:41] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.66 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll [MD5.798C41D5D400F9B40CFAC65D6FE55AC7] - |A| - [09/02/2019 00:53:41] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.25 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll [MD5.910E0050E20E7CCFEE466B57E398EB20] - |A| - [09/02/2019 00:53:42] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [590.59 Ko] - (1.1.2.0) - C:\WINDOWS\System32\tossaemaxapo64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [394 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 06:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 06:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 06:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:45] - [1917.6 Ko] - C:\WINDOWS\System32\UNP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\ur-PK [MD5.21B9D3543310B811B3F0DBE3838EEF12] - |A| - [19/03/2019 06:44:18] - (.-.) - [44.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [29/08/2019 18:50:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\vi-VN [MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 06:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.987467BDF2790EA06CAE527D9E9EEBD6] - |A| - [13/11/2015 05:36:10] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [125240.69 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [83751.34 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 06:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [49316.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.92042E1EA3CDB08B077C7CE788D2816D] - |A| - [28/05/2019 01:08:27] - (.Copyright © 2019 - Java(TM) Platform SE binary.) - [107.48 Ko] - (8.0.2210.11) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll [MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 06:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [10303.86 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 06:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [89416 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [6160.01 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [107.56 Ko] - C:\WINDOWS\System32\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\wo-SN [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 06:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 06:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 06:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 06:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\System32\xh-ZA [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 06:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [26/07/2017 19:59:59] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat [MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [26/07/2017 19:59:59] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 06:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 06:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 06:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [1856.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\af-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\am-ET [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [174 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\as-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\be-BY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [147.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-BD [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [317 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.1E02A122FE09272058FC1EF0B1B6265E] - |A| - [29/08/2019 18:52:52] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\cy-GB [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [207 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [229 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 06:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [186 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [7413.73 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [19/03/2019 14:01:34] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.01 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\gu-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [166 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 06:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hi-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [142.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [212.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\hy-AM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [29/08/2019 18:51:45] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |RA| - [19/03/2019 06:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\id-ID [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ig-NG [MD5.C2558938D3DFB45D63BB3FCEEC0AD7DA] - |A| - [30/11/2016 22:58:54] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.51 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\is-IS [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [154 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ka-GE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kk-KZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\km-KH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kn-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [154.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\kok-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ku-Arab-IQ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ky-KG [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lb-LU [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\lo-LA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [145.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [142 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [70690.74 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:02:25] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mi-NZ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [2776.1 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [812.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 06:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mk-MK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ml-IN [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 06:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mn-MN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mr-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ms-MY [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.DF252F37880142ED5574C2BE4DADF5A7] - |A| - [11/02/2019 11:58:34] - (.-.) - [206 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msvcrt10.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\mt-MT [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [205.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ne-NP [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nn-NO [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\nso-ZA [MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 06:52:46] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 07:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [751.8 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\or-IN [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-IN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [79 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [216.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\prs-AF [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [214.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [215.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\quz-PE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.BA82B6179BC3CBEEAC4A7CE4C42E4180] - |A| - [09/02/2019 00:53:41] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.12 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 06:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 06:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [207.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\sw-KE [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ta-IN [MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 06:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\te-IN [MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [29/08/2019 18:51:37] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [129 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ti-ET [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tk-TM [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tn-ZA [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [201 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\tt-RU [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ug-CN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [145 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 06:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\ur-PK [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\vi-VN [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [15726.07 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 06:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [9158.15 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 14:00:41] - [107.56 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\wo-SN [MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 06:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\xh-ZA [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\yo-NG [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [135.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:46] - [136 Ko] - C:\WINDOWS\SysWOW64\zh-TW [MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [0 Ko] - C:\WINDOWS\SysWOW64\zu-ZA ---------- | [Andre] [11/02/2019 11:50:23] - |D| - [56] - C:\Users\Andre\.cache [08/11/2017 19:30:33] - |RD| - [298] - C:\Users\Andre\3D Objects [29/08/2019 18:16:47] - |HD| - [3214995559] - C:\Users\Andre\AppData [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Application Data [27/01/2017 11:39:56] - |RD| - [412] - C:\Users\Andre\Contacts [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Cookies [27/05/2019 22:56:32] - |RD| - [1084753328] - C:\Users\Andre\Desktop [27/05/2019 22:57:28] - |RD| - [8836115302] - C:\Users\Andre\Documents [27/05/2019 22:59:13] - |RD| - [3811468284] - C:\Users\Andre\Downloads [27/01/2017 11:39:29] - |RD| - [54177] - C:\Users\Andre\Favorites [27/01/2017 11:50:49] - |SHD| - [25308] - C:\Users\Andre\IntelGraphicsProfiles [27/01/2017 11:39:29] - |RD| - [1953] - C:\Users\Andre\Links [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Local Settings [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Menu Démarrer [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Mes documents [08/11/2017 19:32:03] - |HD| - [4742728] - C:\Users\Andre\MicrosoftEdgeBackups [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Modèles [27/05/2019 22:58:29] - |RD| - [5567085412] - C:\Users\Andre\Music [29/08/2019 18:16:47] - |AH| - [4194304] - C:\Users\Andre\NTUSER.DAT [29/08/2019 18:16:48] - |ASH| - [1091584] - C:\Users\Andre\ntuser.dat.LOG1 [29/08/2019 18:16:48] - |ASH| - [1091584] - C:\Users\Andre\ntuser.dat.LOG2 [29/08/2019 18:16:48] - |ASH| - [65536] - C:\Users\Andre\NTUSER.DAT{cfa70fa3-ca7f-11e9-b459-f46c366fa7a0}.TM.blf [29/08/2019 18:16:48] - |ASH| - [524288] - C:\Users\Andre\NTUSER.DAT{cfa70fa3-ca7f-11e9-b459-f46c366fa7a0}.TMContainer00000000000000000001.regtrans-ms [29/08/2019 18:16:48] - |ASH| - [524288] - C:\Users\Andre\NTUSER.DAT{cfa70fa3-ca7f-11e9-b459-f46c366fa7a0}.TMContainer00000000000000000002.regtrans-ms [29/08/2019 18:39:43] - |SH| - [20] - C:\Users\Andre\ntuser.ini [27/01/2017 11:42:32] - |RD| - [96] - C:\Users\Andre\OneDrive [30/08/2019 07:17:32] - |D| - [251] - C:\Users\Andre\opera autoupdate [27/05/2019 22:58:02] - |RD| - [1446803073] - C:\Users\Andre\Pictures [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Recent [27/01/2017 11:39:29] - |RD| - [282] - C:\Users\Andre\Saved Games [27/01/2017 11:39:56] - |RD| - [1872] - C:\Users\Andre\Searches [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\SendTo [27/05/2019 22:59:41] - |RD| - [1972281489] - C:\Users\Andre\Videos [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Voisinage d'impression [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\Voisinage réseau [29/08/2019 18:16:47] - |D| - [2788701018] - C:\Users\Andre\AppData\Local [27/01/2017 11:39:30] - |D| - [310736] - C:\Users\Andre\AppData\LocalLow [29/08/2019 18:16:47] - |D| - [425983805] - C:\Users\Andre\AppData\Roaming [08/09/2018 09:45:10] - |D| - [1079173] - C:\Users\Andre\AppData\Local\4kdownload.com [27/01/2017 11:58:55] - |D| - [0] - C:\Users\Andre\AppData\Local\Adobe [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\AppData\Local\Application Data [12/05/2017 18:21:08] - |D| - [0] - C:\Users\Andre\AppData\Local\Apps [27/01/2017 12:16:31] - |D| - [0] - C:\Users\Andre\AppData\Local\CEF [27/01/2017 11:57:37] - |D| - [32530436] - C:\Users\Andre\AppData\Local\Comms [27/01/2017 11:39:48] - |D| - [8585742] - C:\Users\Andre\AppData\Local\ConnectedDevicesPlatform [10/11/2018 04:30:28] - |D| - [71548126] - C:\Users\Andre\AppData\Local\CrashDumps [01/06/2018 06:13:23] - |D| - [68516] - C:\Users\Andre\AppData\Local\D3DSCache [30/08/2017 18:41:00] - |D| - [0] - C:\Users\Andre\AppData\Local\DBG [06/02/2017 15:36:14] - |D| - [0] - C:\Users\Andre\AppData\Local\Diagnostics [16/06/2017 16:10:24] - |D| - [0] - C:\Users\Andre\AppData\Local\ElevatedDiagnostics [27/01/2017 13:27:40] - |D| - [30828] - C:\Users\Andre\AppData\Local\Google [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\AppData\Local\Historique [01/01/2019 21:44:56] - |D| - [0] - C:\Users\Andre\AppData\Local\Lavasoft [19/05/2017 09:06:11] - |D| - [0] - C:\Users\Andre\AppData\Local\Macromedia [01/09/2018 02:01:49] - |D| - [776360] - C:\Users\Andre\AppData\Local\mbam [22/01/2019 18:54:50] - |D| - [235676] - C:\Users\Andre\AppData\Local\mbamtray [29/08/2019 18:16:47] - |D| - [391557734] - C:\Users\Andre\AppData\Local\Microsoft [27/01/2017 11:54:20] - |D| - [72267] - C:\Users\Andre\AppData\Local\MicrosoftEdge [05/09/2018 21:23:51] - |D| - [1107910760] - C:\Users\Andre\AppData\Local\Mozilla [27/01/2017 11:42:23] - |D| - [0] - C:\Users\Andre\AppData\Local\NetworkTiles [25/06/2019 08:45:57] - |D| - [256952977] - C:\Users\Andre\AppData\Local\Opera Software [08/11/2017 19:09:09] - |D| - [307812981] - C:\Users\Andre\AppData\Local\Packages [01/06/2018 06:28:19] - |D| - [20464] - C:\Users\Andre\AppData\Local\Patch_My_PC,_LLC [26/05/2018 21:01:38] - |D| - [0] - C:\Users\Andre\AppData\Local\PlaceholderTileLogoFolder [19/10/2017 17:22:56] - |D| - [407417298] - C:\Users\Andre\AppData\Local\Programs [27/01/2017 11:40:13] - |D| - [841473] - C:\Users\Andre\AppData\Local\Publishers [11/10/2018 06:05:40] - |D| - [4700] - C:\Users\Andre\AppData\Local\speech [09/12/2018 16:54:41] - |D| - [5747] - C:\Users\Andre\AppData\Local\Stardock [06/12/2017 18:26:34] - |D| - [0] - C:\Users\Andre\AppData\Local\TeamViewer [29/08/2019 18:16:47] - |D| - [86355606] - C:\Users\Andre\AppData\Local\Temp [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\AppData\Local\Temporary Internet Files [08/08/2018 07:59:13] - |D| - [102317202] - C:\Users\Andre\AppData\Local\Thunderbird [27/01/2017 11:39:49] - |D| - [12161912] - C:\Users\Andre\AppData\Local\TileDataLayer [27/01/2017 11:39:52] - |D| - [63976] - C:\Users\Andre\AppData\Local\VirtualStore [31/08/2018 15:50:29] - |D| - [0] - C:\Users\Andre\AppData\Local\Windows Live [29/11/2018 19:11:37] - |D| - [351064] - C:\Users\Andre\AppData\Local\ZHP [27/01/2017 11:40:47] - |SD| - [149683] - C:\Users\Andre\AppData\LocalLow\Microsoft [01/02/2017 11:09:04] - |D| - [0] - C:\Users\Andre\AppData\LocalLow\Mozilla [12/05/2017 17:33:49] - |D| - [145408] - C:\Users\Andre\AppData\LocalLow\Oracle [19/04/2017 16:18:04] - |D| - [15645] - C:\Users\Andre\AppData\LocalLow\Sun [02/09/2018 21:58:23] - |D| - [0] - C:\Users\Andre\AppData\LocalLow\Temp [21/10/2018 08:39:38] - |D| - [0] - C:\Users\Andre\AppData\Roaming\4kdownload.com [27/01/2017 11:39:53] - |D| - [0] - C:\Users\Andre\AppData\Roaming\Adobe [15/09/2018 05:00:06] - |D| - [3838] - C:\Users\Andre\AppData\Roaming\Boom Audio Player [25/09/2018 05:20:41] - |D| - [344] - C:\Users\Andre\AppData\Roaming\CrystalIdea Software [08/09/2018 08:38:36] - |D| - [4887902] - C:\Users\Andre\AppData\Roaming\Digiarty [15/11/2018 08:26:54] - |D| - [369] - C:\Users\Andre\AppData\Roaming\Emjysoft [16/09/2018 07:33:22] - |D| - [2859] - C:\Users\Andre\AppData\Roaming\Hard Disk Sentinel [01/02/2017 11:13:36] - |D| - [0] - C:\Users\Andre\AppData\Roaming\Identities [28/07/2018 08:55:18] - |D| - [26239] - C:\Users\Andre\AppData\Roaming\KC Softwares [01/02/2017 11:10:04] - |D| - [5306452] - C:\Users\Andre\AppData\Roaming\LibreOffice [26/05/2018 18:39:53] - |D| - [2148] - C:\Users\Andre\AppData\Roaming\Macromedia [29/08/2019 18:16:47] - |SD| - [1714634] - C:\Users\Andre\AppData\Roaming\Microsoft [22/11/2018 18:55:34] - |D| - [46370407] - C:\Users\Andre\AppData\Roaming\Mozilla [06/06/2018 07:20:04] - |D| - [0] - C:\Users\Andre\AppData\Roaming\mpv [07/09/2018 08:34:15] - |D| - [89736022] - C:\Users\Andre\AppData\Roaming\Opera Software [27/01/2017 11:43:27] - |D| - [77] - C:\Users\Andre\AppData\Roaming\Skype [29/04/2019 09:36:15] - |D| - [249627435] - C:\Users\Andre\AppData\Roaming\soft2base [09/12/2018 16:54:47] - |D| - [868906] - C:\Users\Andre\AppData\Roaming\Stardock [07/02/2017 18:35:25] - |D| - [189276] - C:\Users\Andre\AppData\Roaming\SumatraPDF [27/01/2017 12:00:53] - |D| - [0] - C:\Users\Andre\AppData\Roaming\Sun [01/02/2017 18:27:19] - |D| - [98765] - C:\Users\Andre\AppData\Roaming\TeamViewer [07/08/2018 15:01:23] - |D| - [0] - C:\Users\Andre\AppData\Roaming\Thunderbird [23/07/2018 06:47:57] - |D| - [94269] - C:\Users\Andre\AppData\Roaming\vlc [24/05/2019 00:45:00] - |D| - [27053863] - C:\Users\Andre\AppData\Roaming\ZHP [27/01/2017 11:39:56] - |SH| - [174] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [29/08/2019 18:16:47] - |SHD| - [0] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [27/01/2017 11:39:29] - |RD| - [24062] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/08/2019 18:16:47] - |RD| - [3888] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [29/08/2019 18:16:47] - |RD| - [2927] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [27/01/2017 11:39:56] - |RD| - [174] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/08/2019 18:16:47] - |SH| - [264] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/08/2019 18:16:47] - |D| - [170] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [25/06/2019 08:45:52] - |A| - [1395] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk [29/08/2019 18:16:47] - |A| - [2403] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [27/01/2017 11:39:56] - |RD| - [174] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/08/2019 18:16:47] - |RD| - [4913] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [29/08/2019 18:16:47] - |RD| - [7754] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [27/01/2017 11:39:56] - |SH| - [174] - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [27/01/2017 11:39:56] - |RHD| - [150144] - C:\Users\Public\AccountPictures [16/07/2016 13:47:48] - |RHD| - [7186] - C:\Users\Public\Desktop [19/03/2019 06:49:35] - |ASH| - [174] - C:\Users\Public\desktop.ini [16/07/2016 13:47:48] - |RD| - [278] - C:\Users\Public\Documents [16/07/2016 13:47:48] - |RD| - [174] - C:\Users\Public\Downloads [19/03/2019 06:52:44] - |RHD| - [1135] - C:\Users\Public\Libraries [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Music [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Pictures [13/07/2018 15:17:51] - |D| - [6426] - C:\Users\Public\PrivacyPal Sessions [13/07/2018 15:19:31] - |D| - [0] - C:\Users\Public\Speedup Sessions [16/07/2016 13:47:48] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [27/01/2017 11:58:57] - |D| - [0] - C:\ProgramData\Adobe [01/06/2018 19:24:25] - |D| - [51] - C:\ProgramData\AomeiBR [29/08/2019 18:38:21] - |SHD| - [0] - C:\ProgramData\Application Data [11/07/2019 18:11:13] - |D| - [3305] - C:\ProgramData\ASUS Smart Gesture [27/01/2017 12:03:53] - |D| - [3284] - C:\ProgramData\AVAST Software [13/07/2018 15:16:23] - |D| - [0] - C:\ProgramData\Avira [27/01/2017 11:31:12] - |SHD| - [0] - C:\ProgramData\Bureau [16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms [29/08/2019 18:38:21] - |SHD| - [0] - C:\ProgramData\Documents [26/07/2017 20:00:26] - |A| - [0] - C:\ProgramData\DP45977C.lfl [28/05/2019 00:50:47] - |D| - [0] - C:\ProgramData\Emsisoft [27/05/2019 15:03:53] - |D| - [49757383] - C:\ProgramData\Malwarebytes [27/01/2017 11:31:12] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [19/03/2019 06:52:44] - |SD| - [1265393919] - C:\ProgramData\Microsoft [29/08/2019 18:43:17] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [27/01/2017 11:31:12] - |SHD| - [0] - C:\ProgramData\Modèles [01/02/2019 21:41:41] - |D| - [15303] - C:\ProgramData\Mozilla [09/06/2018 19:29:03] - |RASH| - [290] - C:\ProgramData\ntuser.pol [27/01/2017 12:00:24] - |D| - [84093637] - C:\ProgramData\Oracle [13/07/2018 15:13:16] - |D| - [155648] - C:\ProgramData\Packages [19/03/2019 06:52:44] - |D| - [995] - C:\ProgramData\regid.1991-06.com.microsoft [31/08/2018 21:47:39] - |D| - [87440372] - C:\ProgramData\RogueKiller [27/09/2018 00:18:45] - |D| - [58649297] - C:\ProgramData\SetupTPDriver [19/03/2019 06:52:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution [09/12/2018 16:54:41] - |D| - [0] - C:\ProgramData\Stardock [03/07/2019 06:06:11] - |D| - [24337] - C:\ProgramData\UCheck [19/03/2019 06:52:44] - |D| - [15464] - C:\ProgramData\USOPrivate [29/08/2019 18:15:33] - |D| - [7303168] - C:\ProgramData\USOShared [19/03/2019 14:02:58] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [27/01/2017 11:31:12] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [19/03/2019 06:52:44] - |RD| - [101285] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [11/09/2018 16:27:35] - |D| - [1561] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [19/03/2019 06:52:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [19/03/2019 06:52:44] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [19/03/2019 06:52:44] - |RD| - [22954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [28/05/2019 01:04:29] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [19/03/2019 06:49:34] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [09/02/2019 01:52:04] - |A| - [1046] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dukto R6.lnk [09/01/2019 20:08:57] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [16/09/2018 07:33:05] - |D| - [5882] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel [28/05/2019 01:29:34] - |D| - [3849] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [19/03/2019 06:46:39] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [28/05/2019 01:08:25] - |D| - [6758] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [09/04/2019 17:43:27] - |D| - [1184] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jeux de cartes [28/05/2019 11:41:48] - |D| - [2016] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JkDefrag [27/01/2017 16:17:48] - |RD| - [36] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2 [13/08/2019 19:32:02] - |SD| - [9430] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.3 [19/03/2019 06:52:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [03/07/2019 07:18:37] - |D| - [3900] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [27/01/2017 11:59:56] - |D| - [2340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [09/02/2019 00:58:45] - |D| - [2041] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek [11/09/2018 16:45:48] - |D| - [3420] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [15/11/2018 08:26:35] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sauvegarde Facile [28/05/2019 01:06:39] - |D| - [937] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy [19/03/2019 06:52:44] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [11/09/2018 08:54:13] - |A| - [1946] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [19/03/2019 06:52:44] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [24/05/2019 21:20:17] - |A| - [1114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk [25/11/2018 11:47:53] - |D| - [5862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [19/05/2017 09:09:06] - |A| - [2573] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [19/03/2019 06:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [27/09/2018 00:18:55] - |D| - [88350310] - C:\Program Files (x86)\ASUS [01/01/2019 21:45:55] - |AD| - [74970234] - C:\Program Files (x86)\BlueStacks [28/05/2019 01:11:44] - |D| - [39172622] - C:\Program Files (x86)\captvty [19/03/2019 06:52:44] - |D| - [318135788] - C:\Program Files (x86)\Common Files [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [06/10/2018 21:32:34] - |D| - [17712953] - C:\Program Files (x86)\DoroPDFWriter [09/02/2019 01:52:03] - |D| - [27537188] - C:\Program Files (x86)\Dukto [01/06/2018 08:37:31] - |D| - [1426990] - C:\Program Files (x86)\FolderPainter [27/01/2017 11:58:15] - |D| - [0] - C:\Program Files (x86)\Google [16/09/2018 07:33:01] - |D| - [51828187] - C:\Program Files (x86)\Hard Disk Sentinel [28/05/2019 01:29:34] - |D| - [1294262] - C:\Program Files (x86)\HD Tune [26/07/2017 19:59:15] - |D| - [16822535] - C:\Program Files (x86)\Intel [19/03/2019 06:52:44] - |D| - [1984291] - C:\Program Files (x86)\Internet Explorer [09/04/2019 17:43:26] - |D| - [9975111] - C:\Program Files (x86)\Jeux de cartes [28/05/2019 11:41:48] - |D| - [980505] - C:\Program Files (x86)\JkDefrag [13/08/2019 19:30:40] - |D| - [503404513] - C:\Program Files (x86)\LibreOffice [19/05/2017 09:08:55] - |D| - [34254331] - C:\Program Files (x86)\Microsoft Office [27/01/2017 11:59:04] - |D| - [42894550] - C:\Program Files (x86)\Microsoft Silverlight [19/03/2019 06:52:44] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [09/06/2019 22:59:40] - |D| - [335489] - C:\Program Files (x86)\Mozilla Maintenance Service [19/05/2017 09:08:06] - |D| - [66546585] - C:\Program Files (x86)\MSECache [30/08/2019 10:18:24] - |D| - [7413760] - C:\Program Files (x86)\Reference Assemblies [21/07/2017 09:14:06] - |AD| - [96773385] - C:\Program Files (x86)\TeamViewer [26/07/2017 20:09:16] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [21/07/2017 09:09:33] - |D| - [6840319] - C:\Program Files (x86)\VS Revo Group [19/03/2019 06:52:44] - |D| - [1741328] - C:\Program Files (x86)\Windows Defender [19/03/2019 06:52:44] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [19/03/2019 14:02:58] - |D| - [3238765] - C:\Program Files (x86)\Windows Media Player [19/03/2019 14:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7559512] - C:\Program Files (x86)\Windows NT [19/03/2019 14:02:58] - |D| - [5276616] - C:\Program Files (x86)\Windows Photo Viewer [19/03/2019 14:02:58] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [19/03/2019 06:52:44] - |D| - [2250183] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [27/01/2017 12:02:59] - |AD| - [5204927] - C:\Program Files\7-Zip [28/05/2019 01:04:24] - |D| - [46619264] - C:\Program Files\CCleaner [19/03/2019 06:52:43] - |D| - [45575930] - C:\Program Files\Common Files [19/03/2019 06:49:34] - |ASH| - [174] - C:\Program Files\desktop.ini [27/01/2017 11:31:12] - |SHD| - [0] - C:\Program Files\Fichiers communs [09/04/2019 17:33:54] - |D| - [2997822] - C:\Program Files\FolderPainter [26/07/2017 19:59:53] - |D| - [46180457] - C:\Program Files\Intel [19/03/2019 06:52:44] - |D| - [2645510] - C:\Program Files\Internet Explorer [28/05/2019 01:07:44] - |D| - [215804032] - C:\Program Files\Java [27/05/2019 15:03:53] - |D| - [172683489] - C:\Program Files\Malwarebytes [27/01/2017 11:59:04] - |AD| - [55728894] - C:\Program Files\Microsoft Silverlight [19/03/2019 06:52:44] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [31/12/2018 18:21:09] - |D| - [200561248] - C:\Program Files\Mozilla Firefox [26/07/2017 20:00:08] - |D| - [57177386] - C:\Program Files\Realtek [16/11/2018 18:22:00] - |D| - [39922800] - C:\Program Files\rempl [28/05/2019 01:06:36] - |D| - [15516312] - C:\Program Files\Speccy [11/09/2018 08:54:11] - |D| - [12353544] - C:\Program Files\SumatraPDF [27/01/2017 11:24:47] - |HD| - [0] - C:\Program Files\Uninstall Information [22/05/2017 10:24:42] - |AD| - [25690112] - C:\Program Files\UNP [25/11/2018 11:47:14] - |D| - [178747032] - C:\Program Files\VideoLAN [11/09/2018 16:45:47] - |D| - [22506705] - C:\Program Files\VS Revo Group [19/03/2019 06:52:44] - |D| - [15852398] - C:\Program Files\Windows Defender [19/03/2019 06:52:44] - |D| - [636416] - C:\Program Files\Windows Mail [19/03/2019 14:02:58] - |D| - [4710289] - C:\Program Files\Windows Media Player [19/03/2019 14:02:58] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform [19/03/2019 06:52:44] - |D| - [7895896] - C:\Program Files\Windows NT [19/03/2019 14:02:58] - |D| - [6093976] - C:\Program Files\Windows Photo Viewer [19/03/2019 14:02:58] - |D| - [47720] - C:\Program Files\Windows Portable Devices [19/03/2019 06:52:44] - |D| - [110373] - C:\Program Files\Windows Security [19/03/2019 06:52:44] - |SHD| - [0] - C:\Program Files\Windows Sidebar [19/03/2019 06:52:44] - |HD| - [3344092983] - C:\Program Files\WindowsApps [19/03/2019 06:52:44] - |D| - [2545983] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [27/01/2017 12:05:14] - |D| - [1531] - C:\Program Files (x86)\Common Files\AV [26/07/2017 19:59:45] - |D| - [68080827] - C:\Program Files (x86)\Common Files\Intel [28/05/2019 01:11:39] - |D| - [2008648] - C:\Program Files (x86)\Common Files\Java [19/03/2019 06:52:44] - |D| - [123712538] - C:\Program Files (x86)\Common Files\Microsoft Shared [28/05/2019 01:07:25] - |D| - [1534949] - C:\Program Files (x86)\Common Files\Oracle [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [19/03/2019 06:52:44] - |D| - [9434507] - C:\Program Files (x86)\Common Files\System [31/08/2018 15:49:57] - |D| - [113360086] - C:\Program Files (x86)\Common Files\Windows Live ---------- | C:\Program Files\Common files [26/07/2017 20:00:31] - |D| - [886] - C:\Program Files\Common files\Atheros [27/01/2017 12:05:14] - |D| - [1531] - C:\Program Files\Common files\AV [19/03/2019 06:52:43] - |D| - [35287920] - C:\Program Files\Common files\microsoft shared [19/03/2019 06:52:44] - |D| - [2702] - C:\Program Files\Common files\Services [19/03/2019 06:52:44] - |D| - [10282891] - C:\Program Files\Common files\System ---------- | Tasks [MD5.4E0537A04F2CBE866A527158811D9DD7] - [01/06/2018 07:57:25] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [29/08/2019 18:37:37] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.4BD59C6EC6A75F8BA59BB7BF2BCFE4ED] - [29/08/2019 18:37:36] - |A| - [4762] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_Plugin.exe [MD5.ED4E34CD5680CC3F4E9B36ACA205F3E0] - [29/08/2019 18:37:36] - |A| - [4774] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [MD5.574F15BF3F5FC4BD2CB6DC757CE5B905] - [29/08/2019 18:37:36] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.AEDC8E22D7F58845F9132CC2B36C1E1A] - [29/08/2019 18:37:36] - |A| - [2924] - C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3 : "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" [MD5.A4C90D430197DE626B28A0D0B60C8981] - [29/08/2019 18:37:36] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ATK Package A22126881260 : "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" [MD5.9C47ECFA22000CE4CEA4A9022CC3C180] - [29/08/2019 18:37:36] - |A| - [3248] - C:\WINDOWS\System32\Tasks\Avast Emergency Update : C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [MD5.00000000000000000000000000000000] - [29/08/2019 18:37:36] - |D| - [5912] - C:\WINDOWS\System32\Tasks\AVAST Software [MD5.3B7B096378C0A25D1D66D42237F94817] - [29/08/2019 18:38:47] - |A| - [2608] - C:\WINDOWS\System32\Tasks\BlueStacksHelper : C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [MD5.CDCB25C6FC1E8A92E050039F89D12479] - [29/08/2019 18:37:36] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.FF59665027B87982FA4541F58D1231FF] - [29/08/2019 18:37:36] - |A| - [2234] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [29/08/2019 18:37:36] - |D| - [3072] - C:\WINDOWS\System32\Tasks\HardDiskSentinel [MD5.00000000000000000000000000000000] - [29/08/2019 18:37:36] - |D| - [0] - C:\WINDOWS\System32\Tasks\MEGA [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:45] - |D| - [601528] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.6C01DD7ED0CA9E3ADDA600BD19E0D4A6] - [29/08/2019 18:37:37] - |A| - [3376] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3749229121-239879379-510366881-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.C2B7E48000D2CF5CFFF6432B7E0C0289] - [29/08/2019 18:37:37] - |A| - [4464] - C:\WINDOWS\System32\Tasks\Opera scheduled assistant Autoupdate 1563199400 : C:\Users\Andre\AppData\Local\Programs\Opera\launcher.exe [MD5.49766F7149A2BE1DDDBBFB9BBA37629D] - [29/08/2019 18:37:37] - |A| - [4236] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1561445150 : C:\Users\Andre\AppData\Local\Programs\Opera\launcher.exe [MD5.4915B57F103CE7F545DB2E8F24CC33AF] - [29/08/2019 18:37:37] - |A| - [2238] - C:\WINDOWS\System32\Tasks\RogueKiller Anti-Malware : C:\Users\Andre\Desktop\RogueKiller_portable64.exe [MD5.C4DEFE179456697578CC4A86444DE4F5] - [29/08/2019 18:37:37] - |A| - [2346] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.8C9929CE8499520CDB8AE87615E5FCFC] - [29/08/2019 18:37:37] - |A| - [2302] - C:\WINDOWS\System32\Tasks\RTKCPL : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.00000000000000000000000000000000] - [29/08/2019 18:37:37] - |D| - [3020] - C:\WINDOWS\System32\Tasks\S-1-5-21-3749229121-239879379-510366881-1001 [MD5.2BD3F60A36268330E3D19AE92BE380E7] - [29/08/2019 18:37:37] - |A| - [3316] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7135C517-EDF1-4517-822F-A5D6BB9A7F96} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [19/03/2019 06:52:46] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{08BFA660-3541-4FAF-81EE-AAA923858671}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{8E875505-BCB4-4559-8B06-7ECA0EECE23B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{9315D0D3-1FF4-4699-BEE3-1CE8F9F9471D}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{6217A2AD-4C59-444B-A4EA-E941C35DDDDD}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{C8D88CB3-732C-4F04-A352-33E3B187C973}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{1D7254ED-D61B-44E8-8356-51E8999A28C3}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ| "{9B2190C9-987E-45AD-B418-F2A8733821E9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{5EDE732F-B15F-46C6-AF40-332B197B2E41}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{9E4B7BEB-C30D-456A-A0BC-7CB6BED91CB0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Andre\AppData\Local\Temp\DriverPack-2019062583949\tools\aria2c.exe|Name=DriverPack aria2c.exe| "{13E2E1EF-B841-4B7F-9425-A97C4DD0F33E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Facebook|Desc=Facebook|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3324467646-4197585051-1359281946-1224535466-457027138-2879639353-3757999841|EmbedCtxt=Facebook|Platform=2:6:2|Platform2=GTEQ| "{9A6DC6D6-4858-4A21-9B46-F346CD1B75A7}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe|Name=BlueStacks Service| "{667D66BC-D626-487E-9FC8-CE1E2EF26926}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{848D34DD-0748-4F74-A0D6-6109F1BE47E1}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{DDEA05D9-865C-4B8B-984D-7B58368AA944}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{1C212654-BA86-413C-939A-BF491DB742A6}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{9318F959-4D71-4029-9695-05F6F321F9B5}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{7D115E43-65BF-4ECC-A81E-FAB944496A2A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft for Windows 10|Desc=Minecraft for Windows 10|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft for Windows 10|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{3D4D6DBD-E4D3-433F-9CB3-7ADC44B1833C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Royal Revolt 2|Desc=Royal Revolt 2|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3474005379-1872132649-326631018-4198885170-543086615-2459371407-1773961359|EmbedCtxt=Royal Revolt 2|Platform=2:6:2|Platform2=GTEQ| "{CE3CE254-A92B-4F91-B11A-9B5A984EEAEF}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Andre\AppData\Local\Programs\Opera\63.0.3368.71\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{95E2638E-50E2-4CAB-821B-FFB644C1D723}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{7C7F26C1-50A5-4357-B546-73090483ABF2}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Andre\AppData\Local\Programs\Opera\63.0.3368.88\opera.exe|Name=Opera Internet Browser (mDNS-In)|Desc=Inbound rule to allow mDNS traffic.|EmbedCtxt=Opera Internet Browser| "{F1F9D00A-A1FC-4F99-B8B6-06662F177F7E}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{F0E02EB3-3BA4-4B63-8F09-FCB92C92089F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{C3E6A7E4-85DC-422B-92B6-D94E3B6566C2}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{E0043FCB-6A16-4249-BF42-F1CDAFBF296F}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{8FDA1650-30E1-48E2-A7D3-2455A48D28B0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{FFB31EF8-3BD0-4CB7-8B33-88B5E155B05A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{E2DE9159-327D-46EB-9F98-21A91E3CB33A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{29814483-12D9-4E76-A228-9912DC3B1090}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{8B4CD272-65E6-4040-A792-CD2C060DB36C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-3749229121-239879379-510366881-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem13.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [08/05/2015 11:07:06] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20/01/2019 12:54:07] - (10.0.3.458) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw10x.sys [20/01/2019 12:16:24] - (1.0.0.8) - (ASUS - HID minidriver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsRadioControl.sys [30/01/2019 23:44:54] - (10.0.3.19) - (Qualcomm - BT Filter) - C:\WINDOWS\System32\drivers\btfilter.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - IntelHSWPcc () -> System32\drivers\IntelPcc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_307898c750ba9e44\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ba2a8de08ea0d469\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SMPlayer] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180221F0}] : (Java 8 Update 221 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180221F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Doro_is1] : (Doro 2.13.-.the sz development) -> "C:\Program Files (x86)\DoroPDFWriter\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0FC65BD2-FB46-4E89-AEB9-C5CB53E4BC1F}_is1] : (JkDefrag 3.36.-.Trad-Fr) -> "C:\Program Files (x86)\JkDefrag\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1] : (Dukto R6.-.Emanuele Colombo) -> "C:\Program Files (x86)\Dukto\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7CC95123-99B9-5.886E-8DA5.8-AD335.82DD695.8C}_is1] : (Sauvegarde Facile.-.Emjysoft) -> "C:\Program Files (x86)\Emjysoft\Sauvegarde-Facile\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) -> MsiExec.exe /X{AB5C933E-5C7D-4D30-B314-9C83A49B94BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF6981F9-E106-480B-96C5-5CD2F6249C64}] : (LibreOffice 6.3.0.4.-.The Document Foundation) -> MsiExec.exe /I{EF6981F9-E106-480B-96C5-5CD2F6249C64} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\1616DA6174E21FB4AA779064FE9EE380] : Update for Windows 10 for x64-based Systems (KB4023057) [HKCR\Installer\Products\4EA42A62D9304AC4784BF2468120120F] : Java 8 Update 221 (64-bit) -> C:\Program Files\Java\jre1.8.0_221\\bin\javaws.exe [HKCR\Installer\Products\6A6823D4BA6FA894284A4E0F0425F9D3] : ASUS Smart Gesture -> C:\WINDOWS\Installer\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}\_853F67D554F05449430E7E.exe [HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\WINDOWS\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe [HKCR\Installer\Products\9F1896FE601EB084695CC52D6F42C946] : LibreOffice 6.3.0.4 -> C:\WINDOWS\Installer\{EF6981F9-E106-480B-96C5-5CD2F6249C64}\soffice.ico [HKCR\Installer\Products\E339C5BAD7C503D43B41C9384AB949EB] : ATK Package -> C:\WINDOWS\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe [HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater ---------- | Drives ---------- | MBR 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog svchost (1952,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x1b48 Heure de début de l’application défaillante : 0x01d56e48bd4edfb6 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 50ef4e79-a375-49b8-911e-bfcee18b0ce1 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x1ec0 Heure de début de l’application défaillante : 0x01d56e48b70d4152 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 2b20e97e-4b44-444a-b9e2-ded3bfee9807 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x22a8 Heure de début de l’application défaillante : 0x01d56e487d9d5ec4 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 795f067f-2e3f-49f5-b5d4-2d7af9842c69 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x1bbc Heure de début de l’application défaillante : 0x01d56e4848bd81cb Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 62c83bd0-dd75-4e23-a9dc-8b47ec1e9a36 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x73c Heure de début de l’application défaillante : 0x01d56e482eb8170d Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 2be86d31-57f3-41d5-a7f3-c5e1a42dce50 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0xba4 Heure de début de l’application défaillante : 0x01d56e480c81522a Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 4dbc616e-4a3c-41cf-940d-341b227e584a Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x16c0 Heure de début de l’application défaillante : 0x01d56e4802cb08b7 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 63de5a00-203e-4e65-8a8b-845c96d79b98 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ svchost (5228,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x1cb0 Heure de début de l’application défaillante : 0x01d56e47d326811d Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 0cbbff75-3cfa-4f84-af1d-68b2b9e992e6 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0xc34 Heure de début de l’application défaillante : 0x01d56e47cbe3bd44 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 187aeb78-9b09-432b-add3-f75a93149009 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x16d4 Heure de début de l’application défaillante : 0x01d56e47c4bf6338 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 6fd074eb-5a97-4c54-b4fa-9d31eb9facd0 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x1ba8 Heure de début de l’application défaillante : 0x01d56e47b0e6b7f9 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : fd0bf4e8-9d37-4edf-be25-a8dc3a86bf0f Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.18362.329, horodatage : 0x5d65fa38 Nom du module défaillant : edgehtml.dll, version : 11.0.18362.356, horodatage : 0x1c3b385f Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000054767e ID du processus défaillant : 0x350 Heure de début de l’application défaillante : 0x01d56e47a824cc62 Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : fb730f26-cf5e-4c19-be5b-23ca0986f3b0 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.18362.329.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante StartMenuExperienceHost.exe, version : 0.0.0.0, horodatage : 0x5d65fb6a Nom du module défaillant : StartTileData.dll, version : 10.0.18362.329, horodatage : 0x44e0b107 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000187153 ID du processus défaillant : 0x2250 Heure de début de l’application défaillante : 0x01d56e472c6037bf Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\StartTileData.dll ID de rapport : ba412a12-b621-48c8-9980-a06ddb14998e Nom complet du package défaillant : Microsoft.Windows.StartMenuExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante StartMenuExperienceHost.exe, version : 0.0.0.0, horodatage : 0x5d65fb6a Nom du module défaillant : StartTileData.dll, version : 10.0.18362.329, horodatage : 0x44e0b107 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000000000187153 ID du processus défaillant : 0x1b90 Heure de début de l’application défaillante : 0x01d56e4723de983e Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\StartTileData.dll ID de rapport : a47f38ca-8801-48ad-aeeb-4107539c752b Nom complet du package défaillant : Microsoft.Windows.StartMenuExperienceHost_10.0.18362.329_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ svchost (7436,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (1700,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ svchost (4276,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log. ------------ ----------( EOF)---------- - 4381 | 20:45:00