--------------- QuickDiag | g3n-h@ckm@n | V6.328.20.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/12/2020 12:39:22 Updated 23/11/2020 | 22:45 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [POP (Administrator)] - [FRÉDÉRIC] (S-1-5-21-142700032-3544243614-1917230365-1001) System: Microsoft Windows 10 Professionnel - - (10.0.19041) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (2004) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk0\Partition2 Boot : Normal boot PC: OptiPlex 760 - Dell Inc. - IdNumber: 6YZ394J - UUID: 4C4C4544-0059-5A10-8033-B6C04F39344A Processor : X64 - 2993 Mhz - Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Phoenix ROM BIOS PLUS Version 1.10 A02 - en|US|iso8859-1 - Dell Inc. - S/N: 6YZ394J - A02 - DELL - 15 CoreTemp : ? Celsius ----------| Quick ---------- | SoundDevice Périphérique High Definition Audio - Status: OK - Manufacturer: Microsoft - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_194A&SUBSYS_1028027F&REV_1004\4&90AEF7&0&0201 ---------- | Video Intel(R) Q45/Q43 Express Chipset (Microsoft Corporation - WDDM 1.1) - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd32.dll,igd10umd32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2E13&SUBSYS_027F1028&REV_03\3&172E68DD&0&11 - AdapterCompatibility: Intel Corporation - RAM: Intel(R) Q45/Q43 Express Chipset (Microsoft Corporation - WDDM 1.1) - Resolution: 1024x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumd32.dll,igd10umd32.dll,igd10umd32.dll - PNPDeviceID: PCI\VEN_8086&DEV_2E12&SUBSYS_027F1028&REV_03\3&172E68DD&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1490868224 Inegrated Video Chipset DeviceName: Intel(R) Q45/Q43 Express Chipset (Microsoft Corporation - WDDM 1.1) - DriverVersion: 8.15.10.2702 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 30680 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22928 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36344 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33280 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 49152 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 30128 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 69120 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\ICCVID.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Radius Inc. - Status: OK ---------- | Memory Pagefile = Total (MB) : 4747 | Free (MB) : 3667 Virtual = Total (MB) : 2097 | Free (MB) : 1835 Physical Memory (MB) -------------------- Total: 3291 Available: 2006 Cached: 1764 Free: 241 System ------ Handles: 29926 Processes: 65 Threads: 1040 ---------- | SID Users Administrateur : [S-1-5-21-142700032-3544243614-1917230365-500] DefaultAccount : [S-1-5-21-142700032-3544243614-1917230365-503] HomeGroupUser$ : [S-1-5-21-142700032-3544243614-1917230365-1002] Invité : [S-1-5-21-142700032-3544243614-1917230365-501] POP : [S-1-5-21-142700032-3544243614-1917230365-1001] WDAGUtilityAccount : [S-1-5-21-142700032-3544243614-1917230365-504] Administrateurs : [S-1-5-32-544] Administrateurs Hyper-V : [S-1-5-32-578] Duplicateurs : [S-1-5-32-552] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579] Opérateurs de chiffrement : [S-1-5-32-569] Opérateurs de configuration réseau : [S-1-5-32-556] Opérateurs de sauvegarde : [S-1-5-32-551] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs avec pouvoir : [S-1-5-32-547] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du Bureau à distance : [S-1-5-32-555] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] HomeUsers : [S-1-5-21-142700032-3544243614-1917230365-1000] ---------- | Drives C:\ -> [Fixed] | [] | Total : 147.98 Go | Free : 112.64 Go -> NTFS [SATA] Drive: 0 Cylinders: 19452 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 160000000000 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Personal Licence ---------- | Browsers IE : 11.0.19041.1 (© Microsoft Corporation. Tous droits réservés.) GC : 87.0.4280.66 (Copyright 2020 Google LLC.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer FlashPlayer ActiveX : 32.0.0.445 ---------- | Security AV : AS : FW : WINDOWS Firewall WMI : OK WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Windows Defender Excl. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths] "C:\Users"=0 "C:\WINDOWS\system32\vlvljeqt"=0 ---------- | Running processes 380 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.546) = C:\Windows\System32\smss.exe [14/10/2020 11:40:11] CPU Usage:0 % 508 | [Owner : Système | Parent : 492() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [14/10/2020 11:40:02] CPU Usage:0 % 588 | [Owner : Système | Parent : 492() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.546) = C:\Windows\System32\wininit.exe [14/10/2020 11:39:59] CPU Usage:0 % 596 | [Owner : Système | Parent : 580() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [14/10/2020 11:40:02] CPU Usage:0 % 676 | [Owner : Système | Parent : 580() | 10.4 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.572) = C:\Windows\System32\winlogon.exe [14/10/2020 11:40:14] CPU Usage:0 % 720 | [Owner : Système | Parent : 588(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.610) = C:\Windows\System32\services.exe [12/11/2020 10:44:55] CPU Usage:0 % 728 | [Owner : Système | Parent : 588(wininit.exe) | 17.64 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.546) = C:\Windows\System32\lsass.exe [14/10/2020 11:40:11] CPU Usage:0 % 836 | [Owner : Système | Parent : 720(services.exe) | 19.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 844 | [Owner : UMFD-0 | Parent : 588(wininit.exe) | 3.02 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.546) = C:\Windows\System32\fontdrvhost.exe [14/10/2020 11:40:13] CPU Usage:0 % 852 | [Owner : UMFD-1 | Parent : 676(winlogon.exe) | 6.64 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.546) = C:\Windows\System32\fontdrvhost.exe [14/10/2020 11:40:13] CPU Usage:0 % 952 | [Owner : SERVICE RÉSEAU | Parent : 720(services.exe) | 10.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1032 | [Owner : DWM-1 | Parent : 676(winlogon.exe) | 45.54 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.508) = C:\Windows\System32\dwm.exe [05/10/2020 11:56:12] CPU Usage:0 % 1148 | [Owner : Système | Parent : 720(services.exe) | 44.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1164 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 15.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1192 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 21.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1220 | [Owner : Système | Parent : 720(services.exe) | 60.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1340 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 19.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1648 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 10.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1676 | [Owner : SERVICE RÉSEAU | Parent : 720(services.exe) | 16.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1728 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 5.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1744 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1884 | [Owner : Système | Parent : 720(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 1952 | [Owner : Système | Parent : 720(services.exe) | 13.44 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.423) = C:\Windows\System32\spoolsv.exe [05/10/2020 11:55:08] CPU Usage:0 % 452 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 15.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 496 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 9.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 2084 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 10.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 2128 | [Owner : SERVICE LOCAL | Parent : 1220(svchost.exe) | 16.3 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 07:07:00] CPU Usage:0 % 2200 | [Owner : Système | Parent : 720(services.exe) | 11.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 3208 | [Owner : SERVICE LOCAL | Parent : 720(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 3460 | [Owner : POP | Parent : 1148(svchost.exe) | 20.26 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.1) = C:\Windows\System32\sihost.exe [07/12/2019 07:06:56] CPU Usage:0 % 3480 | [Owner : POP | Parent : 720(services.exe) | 36.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 3532 | [Owner : POP | Parent : 1148(svchost.exe) | 11.9 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.546) = C:\Windows\System32\taskhostw.exe [14/10/2020 11:40:37] CPU Usage:0 % 3684 | [Owner : POP | Parent : 1220(svchost.exe) | 14.92 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 07:07:26] CPU Usage:0 % 3888 | [Owner : POP | Parent : 3852() | 93.66 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.610) = C:\Windows\explorer.exe [12/11/2020 10:44:17] CPU Usage:0 % 2116 | [Owner : POP | Parent : 720(services.exe) | 16.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 768 | [Owner : POP | Parent : 836(svchost.exe) | 5.96 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [14/10/2020 11:39:57] CPU Usage:0 % 3180 | [Owner : POP | Parent : 836(svchost.exe) | 56.5 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [12/11/2020 10:44:40] CPU Usage:0 % 3040 | [Owner : POP | Parent : 836(svchost.exe) | 17.88 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.1) = C:\Windows\System32\ApplicationFrameHost.exe [07/12/2019 07:07:04] CPU Usage:0 % 4608 | [Owner : POP | Parent : 836(svchost.exe) | 10.78 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.1) = C:\Windows\System32\SettingSyncHost.exe [07/12/2019 07:07:40] CPU Usage:0 % 4916 | [Owner : Système | Parent : 3520() | 0.16 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.36.31) = C:\Program Files\Google\Update\1.3.36.32\GoogleCrashHandler.exe [26/11/2020 10:08:13] CPU Usage:0 % 5356 | [Owner : Système | Parent : 720(services.exe) | 19.58 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.610) = C:\Windows\System32\SearchIndexer.exe [12/11/2020 10:44:32] CPU Usage:0 % 5724 | [Owner : POP | Parent : 3888(explorer.exe) | 52.48 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (20.169.823.8) = C:\Users\POP\AppData\Local\Microsoft\OneDrive\OneDrive.exe [25/11/2020 23:04:34] CPU Usage:0 % 5784 | [Owner : POP | Parent : 3888(explorer.exe) | 10.68 Mo] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (7.0.2.0) = C:\Windows\System32\spool\drivers\w32x86\3\E_TATIIXE.EXE [19/12/2015 17:24:25] CPU Usage:0 % 5872 | [Owner : Système | Parent : 836(svchost.exe) | 8.01 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [14/10/2020 11:38:35] CPU Usage:0 % 5760 | [Owner : POP | Parent : 836(svchost.exe) | 35.59 Mo] - (.Microsoft Corporation -.) - (2001.22012.0.31) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe [05/10/2020 11:57:47] CPU Usage:0 % 4584 | [Owner : POP | Parent : 3888(explorer.exe) | 95.74 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 5432 | [Owner : POP | Parent : 4584(chrome.exe) | 6.5 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 3868 | [Owner : POP | Parent : 4584(chrome.exe) | 41.48 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 1040 | [Owner : POP | Parent : 4584(chrome.exe) | 29.71 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 4020 | [Owner : POP | Parent : 4584(chrome.exe) | 12.96 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 992 | [Owner : POP | Parent : 4584(chrome.exe) | 57.48 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 5236 | [Owner : POP | Parent : 4584(chrome.exe) | 77.99 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 5064 | [Owner : POP | Parent : 4584(chrome.exe) | 42.27 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 5248 | [Owner : POP | Parent : 4584(chrome.exe) | 19.05 Mo] - (.Google LLC - Google Chrome.) - (87.0.4280.66) = C:\Program Files\Google\Chrome\Application\chrome.exe [26/11/2020 10:08:59] CPU Usage:0 % 5604 | [Owner : Système | Parent : 720(services.exe) | 16.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [14/10/2020 11:39:55] CPU Usage:0 % 3192 | [Owner : POP | Parent : 836(svchost.exe) | 19.69 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.546) = C:\Windows\System32\smartscreen.exe [14/10/2020 11:38:44] CPU Usage:0 % 3132 | [Owner : SERVICE LOCAL | Parent : 1648(svchost.exe) | 10.62 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.19041.546) = C:\Windows\System32\audiodg.exe [14/10/2020 11:38:25] CPU Usage:0 % 1384 | [Owner : SERVICE RÉSEAU | Parent : 836(svchost.exe) | 19.01 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [14/10/2020 11:38:35] CPU Usage:0 % 1616 | [Owner : POP | Parent : 3888(explorer.exe) | 59 Mo] - (.SosVirus - QuickDiag.) - (6.328.20.1) = C:\Users\POP\Desktop\QuickDiag.exe [01/12/2020 11:27:10] CPU Usage:0 % ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\TextShaping.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (.Intel Corporation.-.LDDM User Mode Driver for Intel(R) Graphics Technology.) - (8.15.10.2702) -- C:\WINDOWS\SYSTEM32\igd10umd32.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.The ICU Project.-.ICU Combined Library.) - (64.2.0.0) -- C:\Windows\System32\icu.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\system32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\System32\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU OneDrive - ("C:\Users\POP\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\...\Run]) - User: FRÉDÉRIC\POP EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIIXE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2510 Series" [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\...\Run]) - User: FRÉDÉRIC\POP CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\...\Run]) - User: FRÉDÉRIC\POP SoftEther VPN Client Manager Startup - (C:\Program Files\SoftEther VPN Client\vpncmgr.exe /startup [Common Startup]) - User: Public WinZip Préchargeur - (C:\Program Files\WinZip\WzPreloader.exe [Common Startup]) - User: Public SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\POP\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "EPLTarget\P0000000000000000"=C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TATIIXE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2510 Series" "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "CCleaner Smart Cleaning"=0x01000000BD4CE4E3DAC4D601 "OneDrive"=0x020000000000000000000000 [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Device"=Microsoft Print to PDF,winspool,Ne01: "Documents"= "DosPrint"=no "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "MenuDropAlignment"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D6B8D86F7D490D [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List CCleaner Update CCleanerSkipUAC GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-142700032-3544243614-1917230365-1001 PCAT_POP_PCSpeedCat_LG_DailyTask PCAT_POP_PCSpeedCat_LogonTask PCAT_POP_PCSpeedCat_RS_DailyTask PCAT_POP_PCSpeedCat_RS_WeeklyTask ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [18/12/2015 11:24:31] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=728 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RailShowallNotifyIcons"=1 "RCDependentServices"=SessionEnv CertPropSvc "RDPVGCInstalled"=1 "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=0670f082-391f-40a9-a029-aa68455 "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "LeftOverlapChars"=3 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "ForegroundLockTimeout"=150000 "MenuShowDelay"=0 "PreferredUILanguages"=fr-FR "WindowArrangementActive"=0 "WallPaper"=C:\Users\POP\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f62392df-9bde-402b-9a44-1352ec75a3e2}.JPG "UserPreferencesMask"=0x9E1E078012000000 "WaitToKillAppTimeout"=2000 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC3010063193B00C0100000900C000000AD0A0EA056BF0143003A005C00550073006500720073005C0050004F0050005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00500068006F0074006F0073005F003800770065006B007900620033006400380062006200770065005C004C006F00630061006C00530074006100740065005C00500068006F0074006F0073004100700070004200610063006B00670072006F0075006E0064005C007B00660036003200330039003200640066002D0039006200640065002D0034003000320062002D0039006100340034002D003100330035003200650063003700350061003300650032007D002E004A0050004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "AutoColorization"=0 "HungAppTimeout"=2000 "AutoEndTasks"=1 [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D0302000010901EF8A46ECE11A7FF00AA003CA9F6BB0000000114020000000000C000000000000046BF020000BD0E0C47735D584D9CEDE91E22E232827701000062B06A59D2B415429F74E9109B0A8153EA000000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=24 "FirstRunTelemetryComplete"=1 "EdgeDesktopShortcutCreated"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "EnableStartMenu"=1 "Start_TrackProgs"=0 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "ShowCortanaButton"=1 "TaskbarStateLastRun"=0x5AD4BE5F "StartMigratedBrowserPin"=1 "TaskbarMigratedBrowserPin"=1 "ReindexedProfile"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=RequireAdmin "GlobalAssocChangedCounter"=4 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19041 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x6D607463010002000D001100D03800001151000011510000D200000002002600B6FA143176330100492C0100BC1D0000751C000087010000000000000000000000000000A22B0100E60400003700000005D2E19FD3C7D601D03800000000000001000000D0380000614A0000900000008365440000000000 "DP"=0xD200E800050002000D0000006D60746372F1C6000000000005D2E19FD3C7D601D9B4D445B5C7D601414F26000000000085160000A9470E000000000000000000000000000000000000000000000000000000000000000000000000000000F03F805101000AFB0080081C0A42081C0E43354A01000186C00401C6C20CCC20018040084410448A64519A2B01000E280C0E0EA8CC2EA20E008000938417069384170057008080300405E8304505CC0D00004661002047652029740C0080080B8010080B8010394B018000060230908F8230112200800300110E0309155E5A3001400400CC20A400CD60 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "SkipNextFirstLogonAnimation"=1 "LastLogOffEndTimePerfCounter"=113596553611 "ShutdownFlags"=2147483687 "AutoAdminLogon"=1 "DefaultDomainName"=POP-PC "DefaultUserName"=fredericlomonaco@sfr.fr "DisableCAD"=1 "ShutdownWithoutLogon"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-142700032-3544243614-1917230365-1001 "LastUsedUsername"=fredericlomonaco@sfr.fr ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [07/12/2019 13:21:23] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\POP\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078970600F363070001000000000000000000000A00210000FB3BED90C4ACD5010000000100000000 "C:\Users\POP\Desktop\wipersoft.exe"=0x5341435001000000000000000700000028000000801FFC0012D7FC0001000000000000000000030600010000FB3BED90C4ACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000A9B00C00000000000200000002000000 "C:\Program Files\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0591F00678F1F0001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000BC3B0B00000000000A0000000A000000 "C:\Users\POP\Desktop\ccsetup574.exe"=0x534143500100000000000000070000002800000078EDD00153AFD10101000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000CAC20200000000000100000001000000 "C:\Users\POP\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\setup (1).exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000CC6D1E00000000000100000001000000 "C:\Users\POP\Desktop\TextSpeaker.exe"=0x5341435001000000000000000700000028000000788928014E04290101000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F8240100000000000100000001000000 "C:\Users\POP\Desktop\pdftextreader.exe"=0x5341435001000000000000000700000028000000D8263100DE06320001000000000000000000010571000000FB3BED90C4ACD5010000000000000000 "C:\Users\POP\Desktop\windows-10-utilitaire-de-mise-a-jour_octobre-2020-20h2_fr_431147.exe"=0x534143500100000000000000070000002800000018FD28018008290101000000000000000000000A00210000FB3BED90C4ACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000028FD4600000000000100000001000000 "C:\Users\POP\Desktop\desetup_en_1.0.0.1100.exe"=0x5341435001000000000000000700000028000000B09738001819390001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000EE660200000000000200000002000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C8730C00FB620D0001000000010000000000000A00210000FB3BED90C4ACD5010000000000000000 "C:\Users\POP\Desktop\adwcleaner_8.0.8.exe"=0x5341435001000000000000000700000028000000B0E480009F05810001000000000000000000000A00210000FB3BED90C4ACD5010000000000000000 "C:\Users\POP\Desktop\ZHPSuite.exe"=0x5341435001000000000000000700000028000000808B340002A2340001000000000000000000000A00210000FB3BED90C4ACD501000000000000000002000000280000000000000000000040000000000000000000000000000000002D6B0A00000000000700000007000000 "C:\Users\POP\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\ZHPSuite (1).exe"=0x5341435001000000000000000700000028000000808B340002A2340001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000D0140000000000000100000001000000 "C:\Program Files\360\360teslacryptdecoder\uninst.exe"=0x5341435001000000000000000700000028000000666B06001819390001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000CD880200000000000100000001000000 "C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe"=0x534143500100000000000000070000002800000038D4630036E9630001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000223E0000000000000100000001000000 "C:\Program Files\Deskshare\Text Speaker 3\unins000.exe"=0x5341435001000000000000000700000028000000487D0F00322C100001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C3040000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner.exe"=0x5341435001000000000000000700000028000000B8A89801B86C990101000000000000000000000A00210000FB3BED90C4ACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000 "C:\Users\POP\Desktop\MediaCreationTool20H2.exe"=0x534143500100000000000000070000002800000018FD28018008290101000000000000000000000A00210000FB3BED90C4ACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000005285000000000000200000002000000 "C:\Users\POP\Desktop\BitwarSetup.exe"=0x5341435001000000000000000700000028000000001F730105CA730101000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000F42E4400000000000100000001000000 "C:\Users\POP\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000098294A00C4E34A0001000000000000000000000A00210000FB3BED90C4ACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000768E0300000000000300000003000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [172.217.171.206] avec 32 octets de donn?es?: R?ponse de 172.217.171.206?: octets=32 temps=11 ms TTL=118 R?ponse de 172.217.171.206?: octets=32 temps=11 ms TTL=118 R?ponse de 172.217.171.206?: octets=32 temps=11 ms TTL=118 R?ponse de 172.217.171.206?: octets=32 temps=11 ms TTL=118 Statistiques Ping pour 172.217.171.206: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 11ms, Maximum = 11ms, Moyenne = 11ms ---------- | @ [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=39g3hch "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2400000024000000440300007C020000 "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF90000000540000001003000034020000 [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EnableNegotiate"=1 "ZonesSecurityUpgrade"=0xFA9DB0696DC3D601 "WarnonZoneCrossing"=0 "ProxyEnable"=0 "MigrateProxy"=1 "LockDatabase"=132508563543203181 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [07/12/2019 07:07:21] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects ---------- | Chrome C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx C:\Users\POP\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx ---------- | Opera ---------- | Firefox ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{17579bd5-c7ed-4488-bb72-2bea81048234}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{17579bd5-c7ed-4488-bb72-2bea81048234}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power BrokerInfrastructure LSM PlugPlay DcomLaunch DeviceInstall SystemEventsBroker "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "PeerDist"=PeerDistSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "AssignedAccessManagerSvc"=AssignedAccessManagerSvc "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=ConsentUxUserSvc DevicePickerUserSvc DeviceAssociationBrokerSvc DevicesFlowUserSvc ---------- | SvcHost - Netsvcs (Whitelist) XblGameSave - %SystemRoot%\System32\XblGameSave.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p DmEnrollmentSvc - %systemroot%\system32\Windows.Internal.Management.dll : %systemroot%\system32\svchost.exe -k netsvcs -p shpamsvc - %systemroot%\system32\Windows.SharedPC.AccountManager.dll : %SystemRoot%\System32\svchost.exe -k netsvcs -p Install - : LxpSvc - %SystemRoot%\System32\LanguageOverlayServer.dll : %SystemRoot%\system32\svchost.exe -k netsvcs PushToInstall - %SystemRoot%\system32\PushToInstall.dll : %SystemRoot%\System32\svchost.exe -k netsvcs -p TroubleshootingSvc - %systemroot%\system32\MitigationClient.dll : %systemroot%\system32\svchost.exe -k netsvcs -p DsmSvc - %SystemRoot%\System32\DeviceSetupManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p XboxGipSvc - %SystemRoot%\System32\XboxGipSvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p NcaSvc - %SystemRoot%\System32\ncasvc.dll : %SystemRoot%\System32\svchost.exe -k NetSvcs -p wlidsvc - %SystemRoot%\system32\wlidsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p WManSvc - %systemroot%\system32\Windows.Management.Service.dll : %systemroot%\system32\svchost.exe -k netsvcs -p Wpn - : lfsvc - %SystemRoot%\System32\lfsvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p XblAuthManager - %SystemRoot%\System32\XblAuthManager.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p UsoSvc - %systemroot%\system32\usosvc.dll : %systemroot%\system32\svchost.exe -k netsvcs -p XboxNetApiSvc - %SystemRoot%\system32\XboxNetApiSvc.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p NaturalAuthentication - %SystemRoot%\System32\NaturalAuth.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p wisvc - %systemroot%\system32\flightsettings.dll : %systemroot%\system32\svchost.exe -k netsvcs -p dmwappush - : ---------- | Software [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\AppDataLow] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\AvastAdSDK] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Deskshare] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\EPSON] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Google] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Piriform] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Policies] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\RegisteredApplications] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Spoon] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\WnRecoverMaster6] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\WOW6432Node] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\ZHP] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\BitwarDataRecovery] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\DirectInput] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\DirectX Diagnostic Tool] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Microsoft Management Console] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\MicrosoftEdge] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\MobilePC] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Shared Tools] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\SkyDrive] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\UEV] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows Script Host] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-142700032-3544243614-1917230365-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\360Safe] [HKLM\Software\ATT] [HKLM\Software\Bitwar] [HKLM\Software\BitwarDataRecovery] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\EPSON] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\Macromedia] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Voice] [HKLM\Software\Windows] [HKLM\Software\WnRecoverMaster6] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\AppV] [HKLM\SOFTWARE\Microsoft\ASP.NET] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\BitwarDataRecovery] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\DevDiv] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\Direct3D] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\DownloadManager] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\Exchange] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\Jet] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RAS AutoDial] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Settings] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\SoftGrid] [HKLM\SOFTWARE\Microsoft\SPEECH] [HKLM\SOFTWARE\Microsoft\SpeechAPI] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\UEV] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\Updates] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\VisualStudio] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\WBEM] [HKLM\SOFTWARE\Microsoft\wcmsvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Embedded] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKLM\Software\Microsoft\Windows\AssignedAccessCsp] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [14/07/2009 03:36:15] - |SHD| - [244403] - C:\$Recycle.Bin [30/11/2020 16:53:34] - |HD| - [344174] - C:\$SysReset [30/11/2020 17:35:26] - |HD| - [1024317828] - C:\$WINDOWS.~BT [30/11/2020 17:11:29] - |HD| - [341035] - C:\$Windows.~WS [02/10/2020 15:54:40] - |HD| - [2220] - C:\$WinREAgent [30/11/2020 13:46:06] - |D| - [0] - C:\360DecodeFiles [21/07/2020 10:09:11] - |D| - [146102559] - C:\AdwCleaner [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 03:04:04] - |A| - (.-.) - [24] - (0.0.0.0) - C:\autoexec.bat [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 07:22:14] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.C0B03F687A1F42840EF6143BF183E331] - [30/11/2020 19:27:47] - |SH| - (.-.) - [112] - (0.0.0.0) - C:\bootTel.dat [21/09/2016 16:53:50] - |D| - [553038] - C:\chrono cam openpli [26/10/2019 16:17:54] - |SHD| - [378000] - C:\Config.Msi [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 03:04:04] - |A| - (.-.) - [10] - (0.0.0.0) - C:\config.sys [27/12/2015 13:14:42] - |D| - [2169032] - C:\configdm800oe1.5oscam [27/12/2015 13:14:40] - |D| - [205446767] - C:\configvu+ [14/07/2009 05:53:55] - |SHD| - [0] - C:\Documents and Settings [10/06/2020 15:35:51] - |D| - [2551662] - C:\Dork Analyzer [18/12/2015 20:05:45] - |D| - [282885] - C:\Drivers [MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/12/2015 13:52:09] - |A| - (.-.) - [0] - (0.0.0.0) - C:\driver_log.log [MD5.A05D38EDDA7B3F532621146FE459C770] - [05/10/2020 11:17:13] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/11/2020 13:27:00] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [01/05/2016 13:32:38] - |D| - [929872] - C:\EnigmaTV [20/11/2018 11:59:32] - |D| - [3664369161] - C:\ESD [MD5.77900DCFEBD46741D0259321FEED8582] - [24/08/2016 08:01:22] - |A| - (.-.) - [2208] - (0.0.0.0) - C:\GUDownLoaddebug.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/11/2020 19:28:26] - |ASH| - (.-.) - [2588622848] - (0.0.0.0) - C:\hiberfil.sys [18/12/2015 20:05:45] - |D| - [33573520] - C:\Hotfix [17/01/2018 13:11:43] - |D| - [5388542] - C:\IDPhotoStudio [27/12/2015 12:14:42] - |D| - [10838] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/12/2015 18:54:19] - |RASH| - (.-.) - [0] - (0.0.0.0) - C:\IO.SYS [05/06/2020 09:49:33] - |D| - [2220] - C:\Malwarebytes [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/12/2015 18:54:19] - |RASH| - (.-.) - [0] - (0.0.0.0) - C:\MSDOS.SYS [MD5.01DAB5E1DA4846B0DACECB434B9FE7BD] - [10/03/2016 18:02:49] - |A| - (.-.) - [614804] - (0.0.0.0) - C:\oscam [MD5.4F50557F0745D85076EB220C7E0EA0C5] - [11/03/2016 13:09:49] - |A| - (.-.) - [1278] - (0.0.0.0) - C:\oscam.conf [MD5.C4AF5B52E262E5792905902DF3582A9B] - [11/03/2016 13:09:44] - |A| - (.-.) - [9368] - (0.0.0.0) - C:\oscam.services [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/11/2020 19:28:28] - |ASH| - (.-.) - [1409286144] - (0.0.0.0) - C:\pagefile.sys [25/11/2020 21:47:57] - |D| - [0] - C:\PerfLogs [07/12/2019 07:12:07] - |RD| - [2707613265] - C:\Program Files [25/11/2020 16:41:55] - |D| - [0] - C:\Program Files (x86) [25/11/2020 21:47:57] - |HD| - [710704794] - C:\ProgramData [08/06/2020 18:40:25] - |D| - [10612729] - C:\Python27 [01/12/2020 11:27:33] - |D| - [314751] - C:\QuickDiag [MD5.D5F0E687973BB95F285452489EE934D6] - [01/12/2020 12:39:22] - |A| - (.-.) - [103847] - (0.0.0.0) - C:\QuickDiag.txt [MD5.458F40814C981CFA85F4E1F33C456BA1] - [01/12/2020 11:31:56] - |RAST| - (.-.) - [242662] - (0.0.0.0) - C:\QuickDiag_01_12_2020_11_31_56.txt [MD5.2C134DC1328D6D73763A1F6422A23941] - [01/12/2020 12:30:57] - |RAST| - (.-.) - [243749] - (0.0.0.0) - C:\QuickDiag_01_12_2020_12_30_57.txt [MD5.999E9CBAA0FAE20B3E19E5AD92B20143] - [01/12/2020 12:39:05] - |RAST| - (.-.) - [245844] - (0.0.0.0) - C:\QuickDiag_01_12_2020_12_39_05.txt [MD5.418635A2BE20CBCFFA31A8576D7C173D] - [26/11/2020 16:43:44] - |A| - (.-.) - [2178] - (0.0.0.0) - C:\RakhniDecryptor.1.22.1.0_26.11.2020_16.43.44_log.txt [MD5.EBD2343275B95C6945B8718E1AD04BB5] - [26/11/2020 16:45:51] - |A| - (.-.) - [1976] - (0.0.0.0) - C:\RakhniDecryptor.1.22.1.0_26.11.2020_16.45.51_log.txt [MD5.D3CE75A77F48CE103C02FE2163A7DE14] - [26/11/2020 16:45:58] - |A| - (.-.) - [2178] - (0.0.0.0) - C:\RakhniDecryptor.1.22.1.0_26.11.2020_16.45.58_log.txt [25/11/2020 22:07:12] - |SHD| - [1079] - C:\Recovery [MD5.AB094107A0765BB200A0CAA164305E77] - [26/11/2020 16:40:07] - |A| - (.-.) - [1970] - (0.0.0.0) - C:\ShadeDecryptor.1.2.0.0_26.11.2020_16.40.07_log.txt [MD5.609309968C2D6BFBA248F4AEC35DD0F1] - [26/11/2020 16:40:51] - |A| - (.-.) - [2512] - (0.0.0.0) - C:\ShadeDecryptor.1.2.0.0_26.11.2020_16.40.51_log.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/11/2020 19:28:28] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [18/12/2015 11:06:52] - |SHD| - [0] - C:\System Volume Information [25/11/2020 16:43:01] - |D| - [42] - C:\SystemID [25/11/2020 21:36:20] - |RD| - [16539217204] - C:\Users [03/07/2016 17:22:14] - |D| - [732455] - C:\wicardd [03/07/2016 18:00:41] - |D| - [730627] - C:\wicarddvu++ [07/12/2019 07:03:30] - |D| - [12325390743] - C:\Windows [30/11/2020 19:16:18] - |D| - [10283309] - C:\Windows.old [09/06/2020 16:20:37] - |D| - [1110] - C:\Words ---------- | C:\WINDOWS [25/11/2020 21:53:51] - |D| - [802] - C:\WINDOWS\addins [25/11/2020 21:47:57] - |D| - [4511866] - C:\WINDOWS\appcompat [25/11/2020 21:47:57] - |D| - [9935740] - C:\WINDOWS\apppatch [25/11/2020 21:47:57] - |D| - [0] - C:\WINDOWS\AppReadiness [25/11/2020 21:47:57] - |RD| - [430097372] - C:\WINDOWS\assembly [25/11/2020 21:47:57] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.F1E2DBA8BFD7722AB2ECEC749CE384D0] - [14/10/2020 11:38:26] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [62976] - (10.0.19041.572) - C:\WINDOWS\bfsvc.exe [25/11/2020 21:47:57] - |SHD| - [578547] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [25/11/2020 21:47:57] - |D| - [39793991] - C:\WINDOWS\Boot [MD5.C9893F512A3349A1C46E5A03368576F2] - [25/11/2020 21:56:14] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [25/11/2020 21:47:57] - |D| - [2458616] - C:\WINDOWS\Branding [25/11/2020 21:41:49] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.31ECB365EE8ECF5EAAB77EC5480D6C7C] - [30/11/2020 14:02:00] - |A| - (.-.) - [3843] - (0.0.0.0) - C:\WINDOWS\comsetup.log [25/11/2020 21:47:57] - |D| - [0] - C:\WINDOWS\CSC [25/11/2020 21:47:57] - |D| - [11501377] - C:\WINDOWS\Cursors [25/11/2020 21:47:57] - |D| - [273172] - C:\WINDOWS\debug [MD5.67FC5B9D0957C4FBB37376DE49A2B170] - [30/11/2020 13:38:35] - |A| - (.-.) - [1890] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [25/11/2020 21:47:57] - |D| - [4520308] - C:\WINDOWS\diagnostics [25/11/2020 21:47:57] - |D| - [1701715] - C:\WINDOWS\DiagTrack [MD5.67FC5B9D0957C4FBB37376DE49A2B170] - [30/11/2020 13:38:35] - |A| - (.-.) - [1890] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [25/11/2020 21:51:27] - |D| - [0] - C:\WINDOWS\DigitalLocker [25/11/2020 21:47:57] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [25/11/2020 21:47:57] - |HD| - [38280] - C:\WINDOWS\ELAMBKUP [25/11/2020 21:51:27] - |D| - [98304] - C:\WINDOWS\en-US [MD5.0E43AA24BF23EAEC5F4A4A77B318AD58] - [12/11/2020 10:44:17] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4069992] - (10.0.19041.610) - C:\WINDOWS\explorer.exe [25/11/2020 21:47:57] - |RSD| - [361774462] - C:\WINDOWS\Fonts [25/11/2020 21:52:49] - |D| - [111104] - C:\WINDOWS\fr-FR [25/11/2020 21:47:57] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [25/11/2020 21:47:57] - |D| - [75074795] - C:\WINDOWS\Globalization [25/11/2020 21:47:57] - |D| - [1893706] - C:\WINDOWS\Help [MD5.BC9584A338CCD9F8E0B2AD9E92F85726] - [07/12/2019 07:07:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [955392] - (10.0.19041.1) - C:\WINDOWS\HelpPane.exe [MD5.25DA176935752443FE077C2F0F819B7E] - [07/12/2019 07:07:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16384] - (10.0.19041.1) - C:\WINDOWS\hh.exe [25/11/2020 21:47:57] - |D| - [30327] - C:\WINDOWS\IdentityCRL [25/11/2020 21:47:57] - |D| - [28824518] - C:\WINDOWS\IME [25/11/2020 21:47:57] - |RD| - [6747526] - C:\WINDOWS\ImmersiveControlPanel [25/11/2020 21:46:11] - |D| - [47335167] - C:\WINDOWS\INF [25/11/2020 21:47:57] - |D| - [38193580] - C:\WINDOWS\InputMethod [25/11/2020 21:47:57] - |SHD| - [61440] - C:\WINDOWS\Installer [25/11/2020 21:47:57] - |D| - [109650] - C:\WINDOWS\L2Schemas [25/11/2020 21:47:57] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [25/11/2020 21:47:57] - |D| - [0] - C:\WINDOWS\LiveKernelReports [25/11/2020 21:47:57] - |D| - [43189670] - C:\WINDOWS\Logs [25/11/2020 21:47:57] - |D| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 07:07:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [25/11/2020 21:47:57] - |RD| - [475604004] - C:\WINDOWS\Microsoft.NET [25/11/2020 21:48:00] - |D| - [3323] - C:\WINDOWS\Migration [25/11/2020 21:48:00] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.9F9FF93A2A945089F9433F458635F9FA] - [05/10/2020 11:57:56] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [165888] - (10.0.19041.488) - C:\WINDOWS\notepad.exe [25/11/2020 21:53:51] - |D| - [419226] - C:\WINDOWS\OCR [25/11/2020 21:48:00] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [25/11/2020 22:06:37] - |D| - [241168137] - C:\WINDOWS\Panther [25/11/2020 21:48:00] - |D| - [2116] - C:\WINDOWS\Performance [MD5.BA549BEF7DA353CBE9F05C41B9A5FB67] - [26/11/2020 13:27:20] - |A| - (.-.) - [1046364] - (0.0.0.0) - C:\WINDOWS\PFRO.log [25/11/2020 21:48:00] - |D| - [1283900] - C:\WINDOWS\PLA [07/12/2019 07:12:08] - |D| - [10283309] - C:\WINDOWS\PolicyDefinitions [25/11/2020 21:48:00] - |D| - [15358469] - C:\WINDOWS\prefetch [25/11/2020 21:48:00] - |RD| - [1736886] - C:\WINDOWS\PrintDialog [25/11/2020 21:48:00] - |D| - [5999772] - C:\WINDOWS\Provisioning [26/11/2020 16:24:36] - |D| - [65536] - C:\WINDOWS\pss [MD5.08D8384279EB3E25242B270860193E1C] - [07/12/2019 07:07:59] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [329728] - (10.0.19041.1) - C:\WINDOWS\regedit.exe [25/11/2020 21:48:00] - |D| - [21544] - C:\WINDOWS\registration [25/11/2020 21:48:00] - |D| - [0] - C:\WINDOWS\RemotePackages [25/11/2020 21:48:00] - |D| - [4215344] - C:\WINDOWS\rescache [25/11/2020 21:48:00] - |D| - [3481115] - C:\WINDOWS\Resources [25/11/2020 21:48:00] - |D| - [0] - C:\WINDOWS\SchCache [25/11/2020 21:48:00] - |D| - [195539] - C:\WINDOWS\schemas [25/11/2020 21:48:00] - |D| - [5337127] - C:\WINDOWS\security [25/11/2020 21:56:05] - |D| - [39913143] - C:\WINDOWS\ServiceProfiles [25/11/2020 21:48:00] - |D| - [4096] - C:\WINDOWS\ServiceState [25/11/2020 21:36:20] - |D| - [30539463] - C:\WINDOWS\servicing [25/11/2020 21:54:27] - |D| - [42] - C:\WINDOWS\Setup [MD5.B6C862997AAA6648A2BE3F24277A3BB6] - [26/11/2020 19:13:17] - |A| - (.-.) - [13321] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/11/2020 19:13:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [25/11/2020 21:48:00] - |D| - [3538432] - C:\WINDOWS\ShellComponents [25/11/2020 21:48:00] - |D| - [12349952] - C:\WINDOWS\ShellExperiences [25/11/2020 21:48:00] - |D| - [6828144] - C:\WINDOWS\SKB [25/11/2020 23:13:54] - |D| - [49947] - C:\WINDOWS\SoftwareDistribution [25/11/2020 21:48:00] - |D| - [180900416] - C:\WINDOWS\Speech [25/11/2020 21:48:00] - |D| - [123247540] - C:\WINDOWS\Speech_OneCore [MD5.B1477E32A3D2768B64F669B636AF67DE] - [05/10/2020 11:55:09] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [113152] - (10.0.19041.388) - C:\WINDOWS\splwow64.exe [25/11/2020 21:48:00] - |D| - [607151] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [25/11/2020 21:48:03] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [25/11/2020 21:36:20] - |D| - [2978033637] - C:\WINDOWS\System32 [25/11/2020 21:48:01] - |D| - [155026637] - C:\WINDOWS\SystemApps [25/11/2020 21:48:01] - |D| - [169564017] - C:\WINDOWS\SystemResources [25/11/2020 21:48:01] - |D| - [0] - C:\WINDOWS\TAPI [25/11/2020 21:48:01] - |D| - [220] - C:\WINDOWS\Tasks [25/11/2020 21:48:01] - |D| - [179827091] - C:\WINDOWS\Temp [25/11/2020 21:48:01] - |D| - [0] - C:\WINDOWS\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [07/12/2019 07:07:49] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\WINDOWS\twain.dll [25/11/2020 21:48:01] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 07:07:49] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [07/12/2019 07:07:49] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\WINDOWS\twunk_16.exe [MD5.43246F4BAE65A946789CC9FB142DDF7C] - [07/12/2019 07:07:49] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [32256] - (1.7.1.0) - C:\WINDOWS\twunk_32.exe [25/11/2020 21:48:01] - |D| - [12420] - C:\WINDOWS\Vss [25/11/2020 21:48:01] - |D| - [33188] - C:\WINDOWS\WaaS [25/11/2020 21:48:01] - |D| - [16568315] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [25/11/2020 21:48:03] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 07:07:36] - |AH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.9A355B75137E8A5F3C384C999CC6DBBC] - [07/12/2019 07:07:34] - |A| - (.Copyright © Microsoft Corp. 1981-1996 - Windows Win16 Application Launcher.) - [8960] - (3.10.0.103) - C:\WINDOWS\winhelp.exe [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 07:07:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\WINDOWS\winhlp32.exe [25/11/2020 21:36:20] - |D| - [6525976445] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 07:08:15] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.3D6FDBA2878656FA9ECB81F6ECE45703] - [07/12/2019 13:22:41] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (10.0.19041.1) - C:\WINDOWS\write.exe [MD5.B317B33694BAC49D492DD3F23E374899] - [07/12/2019 07:07:33] - |A| - (.-.) - [707] - (0.0.0.0) - C:\WINDOWS\_default.pif ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System [07/12/2019 07:08:04] - |A| - [69584] - C:\WINDOWS\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [07/12/2019 07:08:04] - |A| - [109456] - C:\WINDOWS\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\lzexpand.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:08:04] - |A| - [73376] - C:\WINDOWS\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [07/12/2019 07:08:04] - |A| - [25264] - C:\WINDOWS\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [07/12/2019 07:08:04] - |A| - [28160] - C:\WINDOWS\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:08:04] - |A| - [126912] - C:\WINDOWS\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\olecli.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\OLESVR.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\stdole.tlb (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\ver.dll (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) [07/12/2019 07:07:33] - |A| - [8960] - C:\WINDOWS\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows Win16 Application Launcher) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [26/11/2020 10:08:12] - C:\WINDOWS\Installer\1d9a80.msi : (Google Update Helper - Google LLC) [Header ok : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [07/12/2019 07:07:51] - [3329] - C:\WINDOWS\System32\ieuinit.inf [25/11/2020 22:39:18] - [1770906] - C:\WINDOWS\System32\PerfStringBackup.INI [07/12/2019 07:07:34] - [60124] - C:\WINDOWS\System32\tcpmon.ini [07/12/2019 07:07:12] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1996EAFC03BB74B72B820D17D1B49EF3] - |A| - [30/11/2020 11:56:21] - (.-.) - [32 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup [MD5.CBFA31E875CD5393EBE827C953384C46] - |ASH| - [26/11/2020 16:24:36] - (.-.) - [32 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [30/11/2020 11:56:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG1 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [30/11/2020 11:56:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG2 [MD5.F7B7E57C1E3F2F173168EB3783268BA6] - |A| - [25/11/2020 22:21:41] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 11:52:33] - [0 Ko] - C:\WINDOWS\Temp\as_426.tmp [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 18:11:44] - [0 Ko] - C:\WINDOWS\Temp\avast_ash2 [MD5.DECAB6815D326FF1E83E6B824F4CCF1E] - |A| - [26/11/2020 19:17:09] - (.-.) - [25.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20201126191709.log [MD5.60B9BE1E0C8E338DE752D04FD14F2F23] - |A| - [26/11/2020 19:17:12] - (.-.) - [1738.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20201126191709_001_Id.Avira.OE.Setup.Msi.log [MD5.2FC73F7DA5DA18A8419C5C1FB80D5C72] - |A| - [26/11/2020 19:18:00] - (.-.) - [19.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20201126191800.log [MD5.C7FE68BA8B214CBCA40ACB3774AC543C] - |A| - [26/11/2020 19:10:28] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\avira_antivirus_presetup.log [MD5.7456C79CDD848E7D642740964287DDDE] - |A| - [26/11/2020 19:53:45] - (.-.) - [0.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\avira_antivirus_setup.log [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 12:41:34] - [48.92 Ko] - C:\WINDOWS\Temp\cpuz145 [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 10:08:33] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/11/2020 22:59:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/11/2020 22:59:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt [MD5.7D5F105FA4FA5A5B94CDF5FEFBBCCCBB] - |A| - [30/11/2020 11:58:56] - (.-.) - [3.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.A7B1EFAF811B4B028353C4E38275C11E] - |A| - [26/11/2020 18:25:03] - (.-.) - [0.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI4f1c7.LOG [MD5.F8CF1FB54819E2CCF6F00AC2192CA611] - |A| - [26/11/2020 20:03:39] - (.-.) - [86886.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\scaninfo(2596).tmp [MD5.F8CF1FB54819E2CCF6F00AC2192CA611] - |A| - [26/11/2020 20:03:39] - (.-.) - [86886.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\scaninfo(9836).tmp [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 12:41:24] - [0 Ko] - C:\WINDOWS\Temp\Temp [MD5.00000000000000000000000000000000] - |D| - [30/11/2020 13:41:29] - [0 Ko] - C:\WINDOWS\Temp\WinSAT [MD5.00000000000000000000000000000000] - |D| - [26/11/2020 18:10:55] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:51:27] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 07:07:26] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 07:07:12] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 07:07:12] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 07:06:43] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 07:07:21] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 07:07:18] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 07:07:24] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 07:07:57] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 07:07:48] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 07:07:35] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 07:07:40] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 07:07:40] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 07:06:43] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 07:07:34] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WLOGO_48x48.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 07:07:04] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [1860.8 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.E5CDA52CD709780E81013C4D5ABA58BF] - |A| - [07/12/2019 07:06:29] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [2648.05 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |SD| - [25/11/2020 21:48:00] - [287.99 Ko] - C:\WINDOWS\System32\AppV [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [355 Ko] - C:\WINDOWS\System32\ar-SA [MD5.DDE41441FE1A8A540354DA849E3FBC79] - |A| - [07/12/2019 07:07:41] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [519.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.BE7A838B0EE20A372DB32F2CDE25A67F] - |A| - [07/12/2019 07:08:24] - (.-.) - [365 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AssignedAccessCsp.dll [MD5.30475F091008E24550523515A023270D] - |A| - [25/11/2020 21:48:10] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\autoexec.nt [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 07:06:30] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [348 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 07:06:28] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 07:06:28] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 07:06:28] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 07:06:28] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [4929.51 Ko] - C:\WINDOWS\System32\Boot [MD5.2D97D6CC75BD07D4EB30AB48D164CFCA] - |A| - [07/12/2019 07:07:12] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [158.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:36:20] - [22150.27 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [20705.26 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [2897.5 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [321.5 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:36:20] - [271303.76 Ko] - C:\WINDOWS\System32\config [MD5.01C47C2ECED034EF6F8C1552A97CFF00] - |A| - [25/11/2020 21:48:10] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\config.nt [MD5.00000000000000000000000000000000] - |SD| - [25/11/2020 21:48:00] - [86.84 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [0.34 Ko] - C:\WINDOWS\System32\ContainerSettingsProviders [MD5.D564F04112AF07AEAFCFE6F9F463933A] - |A| - [07/12/2019 07:06:30] - (.-.) - [235 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [410 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.4329254E74AD91D047E3CEDCC7C138C3] - |A| - [07/12/2019 07:07:41] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [413 Ko] - C:\WINDOWS\System32\da-DK [MD5.79BDF79B3625F40D0240585F4C51229E] - |A| - [14/10/2020 11:38:35] - (.-.) - [125 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [271.02 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [461 Ko] - C:\WINDOWS\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 07:06:43] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [05/10/2020 11:55:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [25/11/2020 21:48:10] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 07:07:41] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 07:07:41] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.194797B13DBEBAE91073186EF6847162] - |A| - [07/12/2019 07:07:18] - (.-.) - [26.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 07:07:04] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 07:07:08] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.DCB460D3ABA051F45340C54C2C35F519] - |A| - [07/12/2019 07:08:20] - (.-.) - [110 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeviceUpdateCenterCsp.dll [MD5.00000000000000000000000000000000] - |SD| - [25/11/2020 21:48:00] - [658 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 07:07:00] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [7886.98 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.371FF9B819DF8264589BF89E93B7CC01] - |A| - [07/12/2019 07:07:15] - (.-.) - [1754.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 07:06:30] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 07:06:30] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 07:06:30] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.8308BAE7E50B395BD8997682A1D1008E] - |A| - [20/02/2013 19:02:06] - (.-.) - [3.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\e1k6332.din [MD5.9BC7CDE0324BD840D8BC6962D0E8AB0B] - |A| - [12/11/2020 10:44:45] - (.-.) - [116 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [441 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [320 Ko] - C:\WINDOWS\System32\et-EE [MD5.A622A7F07406723EC2A34D8E2788A5EA] - |A| - [19/12/2015 17:24:28] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_DCINST.) - [8 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_DCINST.DLL [MD5.1CF87116EAD931C33BD1E00FADBAE75A] - |A| - [19/12/2015 17:24:24] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB x86.) - [79.5 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_TD4BIXE.DLL [MD5.52CEA1A344A14D6B3AD8F3BB29220A16] - |A| - [19/12/2015 17:24:26] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2011. - EPSON Bi-directional Monitor x86.) - [93 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_TLBIXE.DLL [MD5.00000000000000000000000000000000] - |SD| - [25/11/2020 21:48:00] - [14218.65 Ko] - C:\WINDOWS\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 07:07:06] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [05/10/2020 11:56:00] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [418.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.781B6C1F3E6EEEFB4F1AE20315E91491] - |A| - [25/11/2020 22:08:08] - (.-.) - [249.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:52:52] - [3490.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [371.5 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [48357.78 Ko] - C:\WINDOWS\System32\fr-FR [MD5.5FC8FDAF3E91FFB2299EA4191D488E9A] - |A| - [07/12/2019 07:08:00] - (.-.) - [443.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:53:51] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 07:08:02] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 13:21:32] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\System32\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [329.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.EF363E24A6FF08E8084A0EC3F0C3E7A3] - |A| - [07/12/2019 07:06:55] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [337 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [419 Ko] - C:\WINDOWS\System32\hu-HU [MD5.818706666AD4835996E241F36A6D48F4] - |A| - [14/10/2020 11:41:13] - (.-.) - [35.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.8DFBAF2E92AAC3D4D94EE60406230ED5] - |A| - [07/12/2019 07:06:56] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |A| - [07/12/2019 07:06:56] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |A| - [07/12/2019 07:06:56] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.7CAACE1DF07B3656E458D07115A71600] - |A| - [23/03/2012 18:08:56] - (.-.) - [429.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igcompkrng500.bin [MD5.385B8EFE468E3A4A3E2E65FC8764E4BF] - |A| - [23/03/2012 18:08:56] - (.-.) - [90.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfcg500m.bin [MD5.C4CF4FA6C9399B277E86D602BF251A11] - |A| - [23/03/2012 18:08:56] - (.-.) - [959.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igkrng500.bin [MD5.99AF886F548DFA1AEC9868A8BF0F74FC] - |A| - [23/03/2012 17:54:38] - (.-.) - [1876.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa32.cpa [MD5.7FEF5563D091D8A44B96DD4EBE0350AA] - |A| - [23/03/2012 17:54:38] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa32.vp [MD5.A16E966DEBE65033E703CA9514753E11] - |A| - [23/03/2012 17:54:38] - (.-.) - [58.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc32.vp [MD5.251D22DE1DF611739E4D0C7BAB2E80D6] - |A| - [23/03/2012 17:54:38] - (.-.) - [58.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg32.vp [MD5.CB4DCAF11675F52D39035BCEE14ABA77] - |A| - [23/03/2012 17:54:38] - (.-.) - [58.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo32.vp [MD5.8A635007641541BF8916A4EC341CB77D] - |A| - [23/03/2012 18:41:54] - (.-.) - [50.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs32.vp [MD5.DF77BB42D943A5690A0572FA929761F2] - |A| - [12/11/2020 10:44:14] - (.-.) - [145 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:00] - [22156.92 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [5121 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [441 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [330.84 Ko] - C:\WINDOWS\System32\ja-JP [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [4924.44 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [302 Ko] - C:\WINDOWS\System32\ko-KR [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 07:07:04] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 07:06:30] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.DC45A553DDDC4CBD35CC74D5975FD874] - |A| - [07/12/2019 13:21:37] - (.-.) - [1291 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [128932.25 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [25190.08 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:53:51] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [07/12/2019 07:08:43] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.98FCA9860F8C46056D94B33C812C9196] - |A| - [14/10/2020 11:40:42] - (.-.) - [918.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 07:06:30] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:56:05] - [1132.41 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [5473.75 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [41657.08 Ko] - C:\WINDOWS\System32\migwiz [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [25/11/2020 21:48:10] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [21.37 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 07:07:12] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [408 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 07:08:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.6E99FFCF29B4EE9502C0ACFDED1E4756] - |A| - [07/12/2019 07:08:02] - (.-.) - [55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [85 Ko] - C:\WINDOWS\System32\networklist [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [25/11/2020 21:48:10] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 07:08:17] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [21137.28 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:53:51] - [2925.5 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 07:06:30] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [164 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.6343DDDFC7D6195618E2D15CAA7935BE] - |A| - [25/11/2020 21:49:31] - (.-.) - [129.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.2676F32B2B255AB806568E0C5B2C5BF2] - |A| - [25/11/2020 21:52:54] - (.-.) - [146.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [25/11/2020 21:49:31] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [25/11/2020 21:52:54] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.3D2BE316082E8F14DCA1385A654854C6] - |A| - [25/11/2020 21:49:31] - (.-.) - [684.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.9094DC9FDDD947DD8BE113E6EBC93B52] - |A| - [25/11/2020 21:52:54] - (.-.) - [773.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.E1B2F630DD4BED671B7E1D8300961EC6] - |A| - [25/11/2020 22:39:18] - (.-.) - [1729.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 07:06:28] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [435 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [338 Ko] - C:\WINDOWS\System32\PointOfService [MD5.DD2C554E008F9BE4C2D2FD1F5E7F565F] - |A| - [07/12/2019 07:06:56] - (.-.) - [31.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:51:28] - [974.02 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 07:06:42] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [429 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [431 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.8051D7F8A1730553A6565807E646148F] - |A| - [07/12/2019 07:07:59] - (.-.) - [1473.5 Ko] - (1.0.1908.26001) - C:\WINDOWS\System32\rdpnano.dll [MD5.503A14BEF444E080A58F0C007626D347] - |A| - [07/12/2019 07:06:30] - (.-.) - [56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.3DE65F20C0FA1056AEFDFA789331900E] - |A| - [07/12/2019 07:08:26] - (.Copyright (C) 2009 - RemoteFX Helper.) - [84.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [2.15 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.95EEA84CBC7F7C23F45AC5725E3AF5C9] - |A| - [07/12/2019 07:07:40] - (.-.) - [85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.53D4873C5972E689CD090086F8D30767] - |A| - [07/12/2019 07:08:08] - (.-.) - [7.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.3458C5BF07E964F9871D7553B2BC14C9] - |A| - [07/12/2019 07:08:08] - (.-.) - [6.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.D44380947CC2025F60D239C11033C768] - |A| - [07/12/2019 07:08:08] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriLMImageList [MD5.04E2BD7D082337A2290D4612AE573F22] - |A| - [07/12/2019 07:08:08] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriULMImageList [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 07:07:04] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 07:07:04] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [351 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [426.5 Ko] - C:\WINDOWS\System32\ru-RU [MD5.5EE5DE10F713D57F32A23A4E2643528B] - |A| - [05/10/2020 11:56:18] - (.-.) - [43.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 07:08:37] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 07:06:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [1496 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [341 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [337.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 22:08:15] - [4321.94 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:51:28] - [98.06 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 07:06:30] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:36:20] - [9449.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 07:06:28] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 07:06:28] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.DEA45BCFA556BC2915055FD473948F4B] - |A| - [07/12/2019 07:08:06] - (.-.) - [29.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [6462.8 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [11374.39 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [81359.21 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [15077.55 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [23.6 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [339 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 07:08:08] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 07:08:08] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 07:07:59] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [2712 Ko] - C:\WINDOWS\System32\sru [MD5.83052C619E61E9A92384E6E6E4E7CBE7] - |A| - [07/12/2019 07:06:30] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [414.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.1A3C3A3B800A784A57D376215E916727] - |A| - [26/11/2020 18:11:44] - (.-.) - [12.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\swhealthex.log [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [07/12/2019 07:08:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:47:57] - [1078.55 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [764.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [8.16 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.4B26D4CD5CD5F7B074E31793979F17C5] - |A| - [07/12/2019 07:07:41] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [622.22 Ko] - C:\WINDOWS\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 07:07:34] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.EFE10C1C9A37E6F46CDD8E0C432E4F04] - |A| - [14/10/2020 11:39:24] - (.-.) - [1302 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.1FCD6B5A7E46692ECF848B990BAA2B80] - |A| - [14/10/2020 11:39:22] - (.-.) - [597.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [317.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.321E99EF65F37E5F7DFC40D1E95684F5] - |A| - [07/12/2019 07:06:35] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [398.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 07:06:36] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 07:06:36] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [07/12/2019 07:08:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [07/12/2019 07:08:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [14/10/2020 11:38:27] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [25/11/2020 21:48:01] - [1716.05 Ko] - C:\WINDOWS\System32\UNP [MD5.77808A0B91019A85F0470C14F23326A9] - |A| - [07/12/2019 07:07:00] - (.-.) - [34.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.57EBCA0297700C7129CCDEFF254A20F4] - |A| - [07/12/2019 07:07:04] - (.-.) - [29.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.261F4EA4677E0B0FF3A3A46BB458949B] - |A| - [07/12/2019 07:08:24] - (.-.) - [91.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcfgmgmt.dll [MD5.2C30049748AD8FAAB758DF6A16DF5965] - |A| - [07/12/2019 07:08:24] - (.-.) - [128.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcsp.dll [MD5.5F7C1929E7C7AA9F9B411937B27F795C] - |A| - [07/12/2019 07:08:24] - (.-.) - [26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfservicingapi.dll [MD5.5074EECF832AFC0FDE50AF0BE2E0A21A] - |A| - [07/12/2019 07:06:32] - (.-.) - [25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VhfUm.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [91907.76 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:51:28] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [39049.72 Ko] - C:\WINDOWS\System32\WDI [MD5.BDDF10F9D8E179323BC1B49603809EB0] - |A| - [07/12/2019 07:07:12] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.67A76FBAFF197FD7CEB4057CBF4610F4] - |A| - [07/12/2019 07:07:18] - (.-.) - [104.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [1.09 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [48847.92 Ko] - C:\WINDOWS\System32\WinBioPlugins [MD5.6CB089050E025AAB3FE38A224132738A] - |A| - [14/10/2020 11:39:26] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 07:06:55] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [11326.31 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 07:07:06] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [87280 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [6278.46 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:51:28] - [207.67 Ko] - C:\WINDOWS\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 07:06:35] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 07:06:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 07:07:15] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 07:06:46] - (.-.) - [59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:53:51] - [10.16 Ko] - C:\WINDOWS\System32\XPSViewer [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 07:07:04] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [291.49 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [25/11/2020 21:48:01] - [261.5 Ko] - C:\WINDOWS\System32\zh-TW ---------- | [POP] [03/08/2016 16:34:55] - |D| - [385] - C:\Users\POP\.oracle_jre_usage [14/12/2017 18:47:33] - |RD| - [298] - C:\Users\POP\3D Objects [25/11/2020 22:25:11] - |HD| - [1405793892] - C:\Users\POP\AppData [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Application Data [18/12/2015 11:24:37] - |RD| - [57390] - C:\Users\POP\Contacts [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Cookies [12/05/2018 15:37:35] - |AH| - [9] - C:\Users\POP\dat [18/12/2015 11:24:31] - |RD| - [1616031970] - C:\Users\POP\Desktop [22/06/2020 08:22:00] - |D| - [458] - C:\Users\POP\DFDWiz [18/12/2015 11:24:31] - |RD| - [12676569371] - C:\Users\POP\Documents [18/12/2015 11:24:31] - |RD| - [112284119] - C:\Users\POP\Downloads [08/10/2017 13:33:10] - |A| - [577] - C:\Users\POP\dsj.xml.lisp [18/12/2015 11:24:31] - |RD| - [8331] - C:\Users\POP\Favorites [20/04/2020 12:12:35] - |A| - [33] - C:\Users\POP\langu.ini [18/12/2015 11:24:31] - |RD| - [2376] - C:\Users\POP\Links [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Local Settings [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Menu Démarrer [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Mes documents [17/12/2017 00:42:08] - |HD| - [2644585] - C:\Users\POP\MicrosoftEdgeBackups [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Modèles [22/06/2020 08:12:23] - |D| - [468] - C:\Users\POP\msconfig [18/12/2015 11:24:31] - |RD| - [1738758] - C:\Users\POP\Music [25/11/2020 22:25:11] - |AH| - [1572864] - C:\Users\POP\ntuser.dat [25/11/2020 22:25:11] - |ASH| - [507904] - C:\Users\POP\ntuser.dat.log1 [25/11/2020 22:25:11] - |ASH| - [450560] - C:\Users\POP\ntuser.dat.log2 [25/11/2020 22:25:12] - |ASH| - [65536] - C:\Users\POP\NTUSER.DAT{46240d6c-2f62-11eb-b18a-0023ae812b47}.TM.blf [25/11/2020 22:25:12] - |ASH| - [524288] - C:\Users\POP\NTUSER.DAT{46240d6c-2f62-11eb-b18a-0023ae812b47}.TMContainer00000000000000000001.regtrans-ms [25/11/2020 22:25:12] - |ASH| - [524288] - C:\Users\POP\NTUSER.DAT{46240d6c-2f62-11eb-b18a-0023ae812b47}.TMContainer00000000000000000002.regtrans-ms [27/11/2020 17:24:07] - |ASH| - [65536] - C:\Users\POP\ntuser.dat{a84b5187-30c9-11eb-b1a3-ad6e0cca84f3}.TM.blf [27/11/2020 17:24:07] - |ASH| - [524288] - C:\Users\POP\ntuser.dat{a84b5187-30c9-11eb-b1a3-ad6e0cca84f3}.TMContainer00000000000000000001.regtrans-ms [27/11/2020 17:24:07] - |ASH| - [524288] - C:\Users\POP\ntuser.dat{a84b5187-30c9-11eb-b1a3-ad6e0cca84f3}.TMContainer00000000000000000002.regtrans-ms [01/12/2020 09:09:58] - |ASH| - [65536] - C:\Users\POP\ntuser.dat{c7e8b404-3339-11eb-b194-0023ae812b47}.TM.blf [01/12/2020 09:09:58] - |ASH| - [524288] - C:\Users\POP\ntuser.dat{c7e8b404-3339-11eb-b194-0023ae812b47}.TMContainer00000000000000000001.regtrans-ms [01/12/2020 09:09:58] - |ASH| - [524288] - C:\Users\POP\ntuser.dat{c7e8b404-3339-11eb-b194-0023ae812b47}.TMContainer00000000000000000002.regtrans-ms [25/11/2020 22:59:15] - |SH| - [20] - C:\Users\POP\ntuser.ini [31/12/2015 19:17:50] - |RD| - [94] - C:\Users\POP\OneDrive [18/12/2015 11:24:31] - |RD| - [3074884] - C:\Users\POP\Pictures [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Recent [18/12/2015 11:24:31] - |RD| - [282] - C:\Users\POP\Saved Games [25/11/2020 22:59:37] - |RD| - [1875] - C:\Users\POP\Searches [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\SendTo [26/11/2020 13:14:46] - |D| - [0] - C:\Users\POP\Start Menu [22/06/2020 08:12:23] - |D| - [480] - C:\Users\POP\tpmvscmgrsvr [18/12/2015 11:24:31] - |RD| - [808] - C:\Users\POP\Videos [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Voisinage d'impression [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\Voisinage réseau [25/11/2020 16:48:28] - |A| - [1110] - C:\Users\POP\_readme.txt [22/07/2016 13:52:07] - |A| - [358] - C:\Users\POP\AppData\AdobeACBCache.dat.lisp [25/11/2020 22:25:11] - |D| - [1380920726] - C:\Users\POP\AppData\Local [18/12/2015 11:24:31] - |D| - [14170247] - C:\Users\POP\AppData\LocalLow [25/11/2020 22:25:11] - |D| - [10702561] - C:\Users\POP\AppData\Roaming [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\AppData\Local\Application Data [26/11/2020 18:14:29] - |D| - [0] - C:\Users\POP\AppData\Local\CEF [26/11/2020 09:24:45] - |D| - [18898948] - C:\Users\POP\AppData\Local\Comms [25/11/2020 22:59:18] - |D| - [2548761] - C:\Users\POP\AppData\Local\ConnectedDevicesPlatform [26/11/2020 18:22:26] - |D| - [1445651] - C:\Users\POP\AppData\Local\CrashDumps [26/11/2020 09:26:55] - |D| - [0] - C:\Users\POP\AppData\Local\CrashRpt [26/11/2020 20:31:34] - |D| - [199500] - C:\Users\POP\AppData\Local\D3DSCache [26/11/2020 10:31:08] - |D| - [0] - C:\Users\POP\AppData\Local\DeskShare Data [26/11/2020 10:36:47] - |D| - [170243] - C:\Users\POP\AppData\Local\ElevatedDiagnostics [26/11/2020 10:07:45] - |D| - [915841890] - C:\Users\POP\AppData\Local\Google [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\AppData\Local\Historique [30/11/2020 12:55:50] - |AH| - [35872] - C:\Users\POP\AppData\Local\IconCache.db [26/11/2020 10:39:02] - |D| - [776360] - C:\Users\POP\AppData\Local\mbam [26/11/2020 10:37:48] - |D| - [235676] - C:\Users\POP\AppData\Local\mbamtray [25/11/2020 22:25:11] - |D| - [295912238] - C:\Users\POP\AppData\Local\Microsoft [25/11/2020 23:03:45] - |D| - [65405] - C:\Users\POP\AppData\Local\MicrosoftEdge [26/11/2020 09:34:30] - |D| - [55824] - C:\Users\POP\AppData\Local\OneDrive [25/11/2020 22:59:30] - |D| - [53253080] - C:\Users\POP\AppData\Local\Packages [26/11/2020 09:40:34] - |D| - [0] - C:\Users\POP\AppData\Local\PeerDistRepub [26/11/2020 11:08:37] - |D| - [0] - C:\Users\POP\AppData\Local\Pipeer [26/11/2020 09:26:45] - |D| - [0] - C:\Users\POP\AppData\Local\Programs [25/11/2020 23:01:38] - |D| - [0] - C:\Users\POP\AppData\Local\Publishers [26/11/2020 10:31:40] - |D| - [940] - C:\Users\POP\AppData\Local\speech [26/11/2020 10:31:00] - |D| - [0] - C:\Users\POP\AppData\Local\Spoon [25/11/2020 22:25:11] - |D| - [91362336] - C:\Users\POP\AppData\Local\Temp [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\AppData\Local\Temporary Internet Files [25/11/2020 22:59:17] - |D| - [0] - C:\Users\POP\AppData\Local\VirtualStore [30/11/2020 16:22:13] - |D| - [118002] - C:\Users\POP\AppData\Local\ZHP [04/01/2016 18:18:01] - |D| - [11100005] - C:\Users\POP\AppData\LocalLow\Adobe [26/12/2015 18:49:39] - |D| - [0] - C:\Users\POP\AppData\LocalLow\Company [24/08/2020 13:58:27] - |D| - [333] - C:\Users\POP\AppData\LocalLow\IObit [18/12/2015 10:23:19] - |SD| - [868993] - C:\Users\POP\AppData\LocalLow\Microsoft [01/01/2017 15:36:01] - |D| - [0] - C:\Users\POP\AppData\LocalLow\Mozilla [25/11/2020 16:42:55] - |D| - [1382304] - C:\Users\POP\AppData\LocalLow\nb98wqnehe8bw89hb [22/07/2016 13:51:10] - |D| - [785844] - C:\Users\POP\AppData\LocalLow\Sun [01/03/2017 20:42:10] - |D| - [0] - C:\Users\POP\AppData\LocalLow\Temp [14/05/2018 11:15:38] - |D| - [32768] - C:\Users\POP\AppData\LocalLow\uTorrent [25/11/2020 16:43:36] - |D| - [0] - C:\Users\POP\AppData\LocalLow\Wallets [25/11/2020 22:59:30] - |D| - [0] - C:\Users\POP\AppData\Roaming\Adobe [30/11/2020 17:25:07] - |D| - [172489] - C:\Users\POP\AppData\Roaming\BitwarDataRecovery [26/11/2020 10:33:49] - |D| - [3097739] - C:\Users\POP\AppData\Roaming\CTdeveloping [26/11/2020 12:38:21] - |D| - [0] - C:\Users\POP\AppData\Roaming\IObit [25/11/2020 22:25:11] - |SD| - [3433131] - C:\Users\POP\AppData\Roaming\Microsoft [26/11/2020 18:44:54] - |D| - [12] - C:\Users\POP\AppData\Roaming\WinRAR [30/11/2020 16:22:13] - |D| - [3999190] - C:\Users\POP\AppData\Roaming\ZHP [18/12/2015 11:24:59] - |ASH| - [174] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [25/11/2020 22:25:11] - |SHD| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [31/12/2015 18:29:31] - |RD| - [22787] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [25/11/2020 22:25:11] - |RD| - [3888] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [25/11/2020 22:25:11] - |RD| - [1670] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [26/12/2015 19:55:11] - |RD| - [174] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/11/2020 17:25:07] - |D| - [3882] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitwar [17/08/2017 08:57:25] - |A| - [279] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Corbeille.lnk [25/11/2020 22:25:11] - |ASH| - [264] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/06/2020 08:36:53] - |D| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc [31/12/2015 19:16:05] - |A| - [1047] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk [06/02/2016 09:31:06] - |D| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [25/11/2020 22:25:11] - |D| - [170] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [05/08/2017 14:26:30] - |D| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Megaupload Downloader [07/10/2020 15:43:42] - |D| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Molotov [25/11/2020 22:25:11] - |A| - [2395] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [26/12/2015 19:50:07] - |RD| - [174] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [25/11/2020 22:25:11] - |RD| - [4913] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [25/11/2020 22:25:11] - |D| - [3931] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/09/2017 17:26:00] - |D| - [0] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [26/12/2015 19:50:07] - |ASH| - [174] - C:\Users\POP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [31/12/2015 19:14:24] - |RHD| - [83373] - C:\Users\Public\AccountPictures [14/07/2009 03:37:05] - |RHD| - [4794] - C:\Users\Public\Desktop [25/11/2020 21:48:03] - |ASH| - [174] - C:\Users\Public\desktop.ini [14/07/2009 03:37:05] - |RD| - [278] - C:\Users\Public\Documents [14/07/2009 03:37:05] - |RD| - [174] - C:\Users\Public\Downloads [14/07/2009 03:37:05] - |RHD| - [0] - C:\Users\Public\Favorites [25/11/2020 21:47:57] - |RHD| - [1135] - C:\Users\Public\Libraries [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Music [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Pictures [21/11/2010 01:47:05] - |RD| - [0] - C:\Users\Public\Recorded TV [14/07/2009 03:37:05] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Application Data [26/11/2020 18:08:38] - |D| - [2416125] - C:\ProgramData\Avast Software [26/11/2020 19:10:53] - |D| - [95060656] - C:\ProgramData\Avira [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Bureau [26/11/2020 10:31:10] - |D| - [9491] - C:\ProgramData\Deskshare [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Documents [30/11/2020 12:12:17] - |D| - [0] - C:\ProgramData\DumpFiles [30/11/2020 14:06:15] - |D| - [6911378] - C:\ProgramData\EPSON [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Favoris [26/11/2020 14:48:36] - |D| - [1685106] - C:\ProgramData\GridinSoft [26/11/2020 12:40:39] - |D| - [32028] - C:\ProgramData\IObit [26/11/2020 12:31:51] - |RASHD| - [1024] - C:\ProgramData\Key-Base [26/11/2020 10:37:18] - |D| - [69660949] - C:\ProgramData\Malwarebytes [26/11/2020 10:37:16] - |RA| - [0] - C:\ProgramData\MB3Install [26/11/2020 10:37:16] - |RA| - [0] - C:\ProgramData\mb3migration [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [25/11/2020 21:47:57] - |SD| - [514589063] - C:\ProgramData\Microsoft [25/11/2020 23:03:59] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [25/11/2020 22:43:58] - |SHD| - [0] - C:\ProgramData\Modèles [26/11/2020 17:42:53] - |D| - [18490600] - C:\ProgramData\Package Cache [25/11/2020 23:00:53] - |D| - [0] - C:\ProgramData\Packages [26/11/2020 12:41:12] - |D| - [56] - C:\ProgramData\ProductData [25/11/2020 21:47:57] - |D| - [997] - C:\ProgramData\regid.1991-06.com.microsoft [25/11/2020 21:47:57] - |D| - [0] - C:\ProgramData\SoftwareDistribution [25/11/2020 21:53:51] - |D| - [0] - C:\ProgramData\ssh [25/11/2020 21:47:57] - |D| - [61440] - C:\ProgramData\USOPrivate [25/11/2020 21:47:57] - |D| - [1785856] - C:\ProgramData\USOShared [26/11/2020 12:31:51] - |D| - [0] - C:\ProgramData\{5401539F-D056-2B08-9C5F-22DD12A33D09} [26/11/2020 12:41:22] - |D| - [0] - C:\ProgramData\{F86B0233-9A85-4589-8AAF-524CC4F8211B} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [25/11/2020 21:48:03] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [18/12/2015 11:24:20] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [25/11/2020 21:47:57] - |RD| - [149165] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [25/11/2018 16:36:01] - |A| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [02/04/2020 13:49:30] - |D| - [1919] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [25/11/2020 21:47:57] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [25/11/2020 21:47:57] - |RD| - [19695] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [12/04/2017 14:57:11] - |A| - [2106] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [04/01/2016 18:16:51] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [25/11/2020 21:47:57] - |RD| - [24193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [04/01/2016 18:03:10] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandizip [10/04/2020 13:17:11] - |D| - [2106] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc [30/11/2020 16:51:38] - |D| - [1134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [29/01/2019 08:40:00] - |D| - [8662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify Hotspot 2019 [25/11/2020 21:48:03] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [25/11/2020 15:27:51] - |D| - [2784] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 8 [19/12/2015 17:24:40] - |D| - [6965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [19/12/2015 17:18:36] - |D| - [1086] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software [01/01/2017 15:35:50] - |A| - [1186] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [24/08/2016 08:01:51] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft [27/04/2020 14:22:06] - |A| - [2245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [26/11/2020 10:09:00] - |A| - [2317] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [26/11/2020 14:48:46] - |D| - [75] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware [07/12/2019 07:08:35] - |AS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [22/07/2016 13:41:35] - |D| - [1215] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility [06/02/2016 09:31:06] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager [07/11/2020 18:12:55] - |D| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPVanish [17/01/2018 13:11:43] - |D| - [3860] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares [25/11/2020 21:47:57] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [07/10/2020 07:55:26] - |D| - [2147] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [02/07/2020 10:26:42] - |A| - [2371] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [18/10/2017 20:55:17] - |D| - [2491] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery [26/11/2020 09:57:14] - |D| - [3510] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2020 [26/11/2020 13:53:17] - |D| - [80] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [25/11/2018 16:36:01] - |D| - [24854] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client [25/11/2020 21:47:57] - |RD| - [4318] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [25/11/2020 21:47:57] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [26/11/2020 10:30:58] - |A| - [1322] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Text Speaker 3.lnk [04/06/2017 11:01:54] - |D| - [6936] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [25/11/2020 21:53:50] - |RD| - [1527] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [13/09/2017 17:26:00] - |D| - [4409] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [02/04/2020 08:04:08] - |D| - [2107] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [02/04/2020 08:04:08] - |A| - [2087] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [25/11/2020 21:48:03] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [25/11/2018 16:36:02] - |A| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [02/04/2020 08:04:08] - |A| - [1953] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Préchargeur.lnk ---------- | C:\Program Files [30/11/2020 13:45:44] - |D| - [0] - C:\Program Files\360 [26/11/2020 10:30:54] - |D| - [12759584] - C:\Program Files\ATTNaturalVoices [26/11/2020 19:10:57] - |D| - [301581212] - C:\Program Files\Avira [26/11/2020 09:57:10] - |D| - [3854648] - C:\Program Files\AxBx [30/11/2020 17:25:07] - |D| - [56618524] - C:\Program Files\Bitwar [30/11/2020 16:51:36] - |D| - [35440490] - C:\Program Files\CCleaner [25/11/2020 21:47:57] - |D| - [48322382] - C:\Program Files\Common Files [26/11/2020 10:30:57] - |D| - [33704861] - C:\Program Files\Deskshare [25/11/2020 21:48:02] - |ASH| - [174] - C:\Program Files\desktop.ini [25/11/2020 22:43:58] - |SHD| - [0] - C:\Program Files\Fichiers communs [26/11/2020 10:08:11] - |D| - [295490092] - C:\Program Files\Google [25/11/2020 21:47:57] - |D| - [2504682] - C:\Program Files\Internet Explorer [26/11/2020 12:40:48] - |D| - [0] - C:\Program Files\IObit [26/11/2020 10:37:18] - |D| - [8725597] - C:\Program Files\Malwarebytes [26/11/2020 17:44:12] - |D| - [7862] - C:\Program Files\Microsoft Silverlight [26/11/2020 17:45:39] - |D| - [3765891] - C:\Program Files\Microsoft XNA [25/11/2020 21:47:57] - |D| - [23935] - C:\Program Files\Microsoft.NET [25/11/2020 21:47:57] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [25/11/2020 21:53:50] - |D| - [25757] - C:\Program Files\MSBuild [26/11/2020 10:34:36] - |D| - [137964] - C:\Program Files\PDF Text Reader [25/11/2020 21:53:50] - |D| - [39220481] - C:\Program Files\Reference Assemblies [25/11/2020 23:02:43] - |HD| - [0] - C:\Program Files\Uninstall Information [25/11/2020 21:47:57] - |D| - [10889638] - C:\Program Files\Windows Defender [25/11/2020 21:47:57] - |D| - [12932816] - C:\Program Files\Windows Defender Advanced Threat Protection [25/11/2020 21:47:57] - |D| - [625664] - C:\Program Files\Windows Mail [25/11/2020 21:53:50] - |D| - [4229521] - C:\Program Files\Windows Media Player [25/11/2020 21:47:57] - |D| - [40232] - C:\Program Files\Windows Multimedia Platform [25/11/2020 21:47:57] - |D| - [6109528] - C:\Program Files\Windows NT [25/11/2020 21:47:57] - |D| - [5305280] - C:\Program Files\Windows Photo Viewer [25/11/2020 21:47:57] - |D| - [40232] - C:\Program Files\Windows Portable Devices [25/11/2020 21:47:57] - |D| - [97357] - C:\Program Files\Windows Security [25/11/2020 21:47:57] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 07:12:07] - |HD| - [1820666070] - C:\Program Files\WindowsApps [25/11/2020 21:47:57] - |D| - [2699677] - C:\Program Files\WindowsPowerShell [26/11/2020 18:42:36] - |D| - [1793114] - C:\Program Files\WinRAR ---------- | C:\Program Files\Common Files [26/11/2020 10:30:58] - |D| - [184320] - C:\Program Files\Common Files\DeskShare Shared [30/11/2020 14:06:19] - |D| - [142432] - C:\Program Files\Common Files\EPSON [26/11/2020 12:41:11] - |D| - [0] - C:\Program Files\Common Files\IObit [25/11/2020 21:47:57] - |D| - [38099157] - C:\Program Files\Common Files\Microsoft Shared [25/11/2020 21:47:57] - |D| - [2702] - C:\Program Files\Common Files\Services [25/11/2020 21:47:57] - |D| - [9893771] - C:\Program Files\Common Files\System ---------- | Tasks [MD5.32D5393056C59F1462ADB6E84B01C3AD] - [27/11/2020 17:24:12] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [25/11/2020 22:14:20] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.55488E53B473154A648B274B7ED4258E] - [26/11/2020 10:24:59] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.CD16683EE7EDD00C7E85D9E39ED4B669] - [26/11/2020 10:24:59] - |A| - [2870] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.A7F535CEB99C8A3F2FD052D398B7CE83] - [26/11/2020 10:08:13] - |A| - [3452] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.0D1506AC7815E7B3AC07A6FF0427031C] - [26/11/2020 10:08:14] - |A| - [3576] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [25/11/2020 21:48:01] - |D| - [603000] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.CE002F2C96E01C444AAF0A7BBDD24785] - [25/11/2020 23:04:35] - |A| - [3360] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-142700032-3544243614-1917230365-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.4B5A38DD2552E1FE02E93B1B0931AF0E] - [30/11/2020 12:12:22] - |A| - [4104] - C:\WINDOWS\System32\Tasks\PCAT_POP_PCSpeedCat_LG_DailyTask : C:\Program Files\SpeedCat\PCSpeedCat\PCSpeedCat.exe [MD5.775D80C140A7F9F63BF24E14C0C1EEEA] - [30/11/2020 12:12:22] - |A| - [3972] - C:\WINDOWS\System32\Tasks\PCAT_POP_PCSpeedCat_LogonTask : C:\Program Files\SpeedCat\PCSpeedCat\PCSpeedCat.exe [MD5.91C420A1A3AFF0F4F7971E32DB41E45A] - [30/11/2020 12:12:22] - |A| - [4358] - C:\WINDOWS\System32\Tasks\PCAT_POP_PCSpeedCat_RS_DailyTask : C:\Program Files\SpeedCat\PCSpeedCat\PCSpeedCat.exe [MD5.ECBCA2FA0228A49C8794DCBA8D1FA659] - [30/11/2020 12:12:22] - |A| - [4528] - C:\WINDOWS\System32\Tasks\PCAT_POP_PCSpeedCat_RS_WeeklyTask : C:\Program Files\SpeedCat\PCSpeedCat\PCSpeedCat.exe ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "{87881976-9408-47BD-8FB4-911665873E84}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Windows Feature Experience Pack|Desc=Windows Feature Experience Pack|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651|EmbedCtxt=Windows Feature Experience Pack|Platform=2:6:2|Platform2=GTEQ| "{B4EEBC6B-B11D-40C8-8F77-E07C1EFA1348}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ| "{84BE08BE-D9C4-4988-8C04-9A13A22EE7B9}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9C4C44AA-A31B-4BE7-82BA-B2F9A7084852}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=NcsiUwpApp|Desc=NcsiUwpApp|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-138780814-3997110584-2874353029-2041838810-3659441231-3169655024-3643974355|EmbedCtxt=NcsiUwpApp|Platform=2:6:2|Platform2=GTEQ| "{187E04C4-004F-4EA9-A2A0-E32375202414}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ| "{18914E7E-C494-42B2-943C-C51318333DE7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{40E486D7-4903-4888-B85E-82B2FC28C65F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "{B1C99EC0-8397-4901-B4C4-5159B2E49FED}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{14F33720-183A-4D54-B4E8-81B5FD785FC9}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{257A17DE-BA0E-4457-8AF1-F16C633AF0D6}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{0030548D-3167-408C-AB7B-0219698AF2F7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{414D21F9-9CE4-4242-823C-BC3C882A2AFB}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{63A6B602-3367-411B-AA93-44B9191DE24A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-142700032-3544243614-1917230365-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{D6575221-7F7A-4D28-AFCF-7A9BC1CE9344}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [07/12/2019 07:07:00] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\Drivers\CimFS.SYS ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Lecteur AHCI SATA Microsoft standard) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - Telemetry (@intelta.inf,%Telemetry.SVCDESC%;Intel(R) Telemetry Service) -> System32\drivers\IntelTA.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_x86_0e40767f5de695ba\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_x86_35f4468a62fc34bc\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - CimFS () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - bindflt (@%systemroot%\system32\drivers\bindflt.sys,-100) -> \SystemRoot\system32\drivers\bindflt.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Parvdm () -> \SystemRoot\System32\drivers\parvdm.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAuth (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AT&T Labs' Natural Voices 1.4 - Desktop Runtime_is1] : (AT&T Labs' Natural Voices 1.4 - Desktop Runtime.-.AT&T Labs) -> "C:\Program Files\ATTNaturalVoices\TTS1.4\Desktop\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Bitwar] : (Bitwar 6.58.-.Bitwar.net) -> C:\Program Files\Bitwar\BitwarDataRecovery\RecoverMaster.exe /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON WF-2510 Series] : (EPSON WF-2510 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_TINSIXE.EXE /R /APD /P:"EPSON WF-2510 Series" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google LLC) -> "C:\Program Files\Google\Chrome\Application\87.0.4280.66\Installer\setup.exe" --uninstall --system-level --verbose-logging [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Multi Virus Cleaner 2020_is1] : (Multi Virus Cleaner 2020.-.AxBx) -> "C:\Program Files\AxBx\Multi Virus Cleaner 2020\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Text Speaker_is1] : (Text Speaker 3.-.Deskshare Inc.) -> "C:\Program Files\Deskshare\Text Speaker 3\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper ---------- | UserSettings [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\d6e64ce2-9304-4f7a-8ff7-b180b20f9af8]~[Description] : Ce plan d'économie d'énergie est optimisé pour une consommation d'énergie faible à une vitesse rapide. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\d6e64ce2-9304-4f7a-8ff7-b180b20f9af8]~[FriendlyName] : optimisation [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance ---------- | ADS ---------- | Drives ---------- | MBR ---------- | 20 LastEventLog Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0x118c Heure de début de l’application défaillante : 0x01d6c7d3dedb8e63 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 27e5ef0a-ed5f-4285-9e77-ccb8f3c86a39 Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0x16e0 Heure de début de l’application défaillante : 0x01d6c7d3dc8a1cf3 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 5a80d248-480f-441f-92ed-c3edd450a546 Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0x158c Heure de début de l’application défaillante : 0x01d6c7d3da3e0a1f Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : cc6250eb-327c-4f62-bf4b-4bf61d8bed40 Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0x13bc Heure de début de l’application défaillante : 0x01d6c7d3d7ac276a Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : fde3f9c5-53cb-43ef-b25c-440c7bff344f Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0x126c Heure de début de l’application défaillante : 0x01d6c7d3d5740190 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 52a72bb6-b70d-4ec8-babd-b21165e39145 Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.19041.546, horodatage : 0x0bea7cc0 Nom du module défaillant : iertutil.dll, version : 11.0.19041.630, horodatage : 0x4b1e00b9 Code d’exception : 0xc0000409 Décalage d’erreur : 0x001b8b7d ID du processus défaillant : 0xe08 Heure de début de l’application défaillante : 0x01d6c7d3d03a5a8c Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\iertutil.dll ID de rapport : 25f4ab0f-0f10-4b55-8616-dc38a6000a4b Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Nom de l’application défaillante SearchApp.exe, version : 10.0.19041.546, horodatage : 0x030dd797 Nom du module défaillant : edgehtml.dll, version : 11.0.19041.610, horodatage : 0x2633256e Code d’exception : 0x80070005 Décalage d’erreur : 0x005d1b39 ID du processus défaillant : 0xc20 Heure de début de l’application défaillante : 0x01d6c7d3cf7c753f Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll ID de rapport : 83aaee9a-337e-4e67-8558-cf4e6f604b2f Nom complet du package défaillant : Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : CortanaUI ------------ Nom de l’application défaillante MicrosoftEdge.exe, version : 11.0.19041.546, horodatage : 0x0bea7cc0 Nom du module défaillant : iertutil.dll, version : 11.0.19041.630, horodatage : 0x4b1e00b9 Code d’exception : 0xc0000409 Décalage d’erreur : 0x001b8b7d ID du processus défaillant : 0x1438 Heure de début de l’application défaillante : 0x01d6c7cd7b934bb7 Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\iertutil.dll ID de rapport : f939d399-3215-49cc-9f77-753a56073b57 Nom complet du package défaillant : Microsoft.MicrosoftEdge_44.19041.423.0_neutral__8wekyb3d8bbwe ID de l’application relative au package défaillant : MicrosoftEdge ------------ Le programme notepad.exe version 10.0.19041.488 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance. ID de processus : 5a8 Heure de début : 01d6c7c8fae9500f Heure d'arrêt : 25 Chemin d'accès à l'application : C:\Windows\System32\notepad.exe ID de rapport : aa3daf8f-33b6-4a67-a268-aa4c3c1bc121 Nom complet du package défectueux : ID de l'application relative à un package défectueux : Type de blocage : Unknown ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft. System Error: Accès refusé. . ------------ svchost (1240,R,98) SRUJet: L’erreur -1811 (0xfffff8ed) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\SRU\SRU00017.log. ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ ----------( EOF)---------- - 3118 | 12:40:51