--------------- QuickDiag | g3n-h@ckm@n | V7.140.21.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 24/05/2021 17:06:47 Updated 20/05/2021 | 07:20 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [rugby (Administrator)] - [LAPTOP-K9KI7NDF] (S-1-5-21-551630138-3040592011-1240718164-1001) System: Microsoft Windows 10 Famille - - (10.0.19042) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (2009) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: HP Laptop 15-db1xxx - HP - IdNumber: CND9397LVY - UUID: 370F02B3-78DE-E911-8102-040E3CE02A36 Processor : X64 - 2096 Mhz - AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx BIOS : Insyde F.13 - SN : CND9397LVY - Status : OK - Version : HPQOEM - 2 - PrimaryBios : True - CurrentLanguage : en|US|iso8859-1,0 - OtherTargetOS : CoreTemp : 20 Celsius ----------| Quick ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0236&SUBSYS_103C85EA&REV_1000\5&919F2A4&0&0001 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1007\5&1C9A94E7&0&0001 ---------- | Video AMD Radeon(TM) Vega 8 Graphics - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_15D8&SUBSYS_85EA103C&REV_C2\4&26C23DB9&0&0041 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648 Inegrated Video Chipset DeviceName: AMD Radeon(TM) Vega 8 Graphics - DriverVersion: 8.1.1.1634 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MPG4C32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 413760 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\DIVX.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 638976 - Manufacturer: DivXNetworks, Inc. - Status: OK C:\WINDOWS\system32\MCDVD_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 261632 - Manufacturer: MainConcept - Status: OK C:\WINDOWS\system32\VP6VFW.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 438272 - Manufacturer: On2.com - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\ALF2CD.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: NCT Company - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\AC3ACM.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81920 - Manufacturer: fccHandler - Status: OK C:\WINDOWS\system32\LAGARITH.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 216064 - Manufacturer: - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\LAME.AX - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 245760 - Manufacturer: - Status: OK C:\WINDOWS\system32\XVIDVFW.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 139264 - Manufacturer: - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\SCG726.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13239 - Manufacturer: SHARP Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\VCT3216.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Voxware, Inc. - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK ---------- | Memory Pagefile = Total (MB) : 24062 | Free (MB) : 16593 Virtual = Total (MB) : 4194 | Free (MB) : 3922 Physical Memory (MB) -------------------- Total: 6090 Available: 1886 Cached: 1847 Free: 942 System ------ Handles: 105433 Processes: 205 Threads: 2857 ---------- | SID Users Administrateur : [S-1-5-21-551630138-3040592011-1240718164-500] DefaultAccount : [S-1-5-21-551630138-3040592011-1240718164-503] Invité : [S-1-5-21-551630138-3040592011-1240718164-501] postgres : [S-1-5-21-551630138-3040592011-1240718164-1016] rugby : [S-1-5-21-551630138-3040592011-1240718164-1001] WDAGUtilityAccount : [S-1-5-21-551630138-3040592011-1240718164-504] Administrateurs : [S-1-5-32-544] Device Owners : [S-1-5-32-583] Hyper-V Administrators : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] System Managed Accounts Group : [S-1-5-32-581] Utilisateurs : [S-1-5-32-545] Utilisateurs de gestion à distance : [S-1-5-32-580] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] ---------- | Drives C:\ -> [Fixed] | [Windows] | Total : 237.65 Go | Free : 127.09 Go -> NTFS (SSD) Drive: 0 Cylinders: 31130 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 256060514304 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.19041.1 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" ---------- | FlashPlayer ---------- | Security AV : Malwarebytes Enabled AS : FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 576 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.964) = C:\Windows\System32\smss.exe [12/05/2021 00:10:03] CPU Usage:0 % 1016 | [Owner : Système | Parent : 804() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [30/04/2021 11:20:35] CPU Usage:0 % 1080 | [Owner : Système | Parent : 804() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.662) = C:\Windows\System32\wininit.exe [30/04/2021 11:20:33] CPU Usage:0 % 1092 | [Owner : Système | Parent : 1072() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [30/04/2021 11:20:35] CPU Usage:0 % 1188 | [Owner : Système | Parent : 1072() | 4.53 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.906) = C:\Windows\System32\winlogon.exe [30/04/2021 11:20:37] CPU Usage:0 % 1236 | [Owner : Système | Parent : 1080(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.928) = C:\Windows\System32\services.exe [30/04/2021 11:20:36] CPU Usage:0 % 1256 | [Owner : Système | Parent : 1080(wininit.exe) | 14.05 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.906) = C:\Windows\System32\lsass.exe [30/04/2021 11:20:36] CPU Usage:0 % 1380 | [Owner : Système | Parent : 1236(services.exe) | 22.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1404 | [Owner : UMFD-1 | Parent : 1188(winlogon.exe) | 6.34 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.906) = C:\Windows\System32\fontdrvhost.exe [30/04/2021 11:20:37] CPU Usage:0 % 1412 | [Owner : UMFD-0 | Parent : 1080(wininit.exe) | 0.08 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.906) = C:\Windows\System32\fontdrvhost.exe [30/04/2021 11:20:37] CPU Usage:0 % 1472 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.38 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19041.1) = C:\Windows\System32\WUDFHost.exe [07/12/2019 11:08:58] CPU Usage:0 % 1560 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 14.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1620 | [Owner : Système | Parent : 1236(services.exe) | 3.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1704 | [Owner : DWM-1 | Parent : 1188(winlogon.exe) | 47.8 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.746) = C:\Windows\System32\dwm.exe [30/04/2021 11:20:32] CPU Usage:0 % 1796 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 2.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1804 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1820 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 6.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1944 | [Owner : Système | Parent : 1236(services.exe) | 4.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1956 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 4.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1284 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 12.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1400 | [Owner : Système | Parent : 1236(services.exe) | 8.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2084 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2092 | [Owner : Système | Parent : 1236(services.exe) | 4.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2112 | [Owner : Système | Parent : 1236(services.exe) | 1.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2216 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2264 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2368 | [Owner : Système | Parent : 1236(services.exe) | 4.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2472 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2632 | [Owner : Système | Parent : 1236(services.exe) | 2.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2648 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2708 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 2.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2776 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 8.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2840 | [Owner : SERVICE LOCAL | Parent : 2632(svchost.exe) | 8.89 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 11:08:37] CPU Usage:0 % 2924 | [Owner : Système | Parent : 1236(services.exe) | 17.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3032 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 5.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3168 | [Owner : SERVICE RÉSEAU | Parent : 2632(svchost.exe) | 0 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 11:08:37] CPU Usage:0 % 3220 | [Owner : Système | Parent : 1236(services.exe) | 3.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3516 | [Owner : Système | Parent : 1236(services.exe) | 13.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3524 | [Owner : Système | Parent : 1236(services.exe) | 7.57 Mo] - (.HP Inc. -.) - (1.31.2309.0) = C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe [24/03/2021 22:28:42] CPU Usage:0 % 3532 | [Owner : Système | Parent : 1236(services.exe) | 11.18 Mo] - (.HP Inc. -.) - (1.31.2309.0) = C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe [24/03/2021 22:31:28] CPU Usage:0 % 3540 | [Owner : Système | Parent : 1236(services.exe) | 1.79 Mo] - (.HP Inc. -.) - (1.31.2309.0) = C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe [24/03/2021 22:29:20] CPU Usage:0 % 3548 | [Owner : Système | Parent : 1236(services.exe) | 2.11 Mo] - (.HP Inc. -.) - (1.31.2309.0) = C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe [24/03/2021 22:31:00] CPU Usage:0 % 3668 | [Owner : Système | Parent : 1236(services.exe) | 20.13 Mo] - (.HP Inc. - HP Touchpoint Analytics Client Service.) - (4.2.466.0) = C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe [17/03/2021 01:34:36] CPU Usage:0 % 3700 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 9.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3788 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 3968 | [Owner : Système | Parent : 1380(svchost.exe) | 2.08 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.19041.844) = C:\Windows\System32\wbem\unsecapp.exe [30/04/2021 11:19:53] CPU Usage:0 % 4092 | [Owner : Système | Parent : 1380(svchost.exe) | 6.66 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [30/04/2021 11:20:23] CPU Usage:0 % 2872 | [Owner : Système | Parent : 1236(services.exe) | 1.93 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.5.35.54) = C:\Windows\System32\SynTPEnhService.exe [24/04/2020 12:50:54] CPU Usage:0 % 3396 | [Owner : Système | Parent : 1236(services.exe) | 0.67 Mo] - (.AMD - AMD External Events Service Module.) - (27.20.1030.1) = C:\Windows\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\atiesrxx.exe [03/05/2021 21:46:09] CPU Usage:0 % 2900 | [Owner : Système | Parent : 1236(services.exe) | 0.52 Mo] - (.Advanced Micro Devices, Inc. - AMDLOG User Mode Service.) - (20.20.0.1) = C:\Windows\System32\amdlogsr.exe [03/05/2021 21:45:56] CPU Usage:0 % 3628 | [Owner : rugby | Parent : 2872(SynTPEnhService.exe) | 9.12 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.5.35.54) = C:\Windows\System32\SynTPEnh.exe [24/04/2020 12:50:54] CPU Usage:0 % 4136 | [Owner : Système | Parent : 1236(services.exe) | 1.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4144 | [Owner : Système | Parent : 1236(services.exe) | 6.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4156 | [Owner : Système | Parent : 1236(services.exe) | 4.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4168 | [Owner : Système | Parent : 3396(atiesrxx.exe) | 4.1 Mo] - (.AMD - AMD External Events Client Module.) - (27.20.1030.1) = C:\Windows\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\atieclxx.exe [03/05/2021 21:46:09] CPU Usage:0 % 4232 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 8.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4240 | [Owner : Système | Parent : 1236(services.exe) | 2.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4392 | [Owner : rugby | Parent : 2368(svchost.exe) | 33.5 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe [30/04/2021 11:20:16] CPU Usage:0 % 4420 | [Owner : rugby | Parent : 1236(services.exe) | 3.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4428 | [Owner : rugby | Parent : 1236(services.exe) | 18.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4496 | [Owner : rugby | Parent : 1236(services.exe) | 21.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4604 | [Owner : Système | Parent : 1236(services.exe) | 15.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4672 | [Owner : rugby | Parent : 1400(svchost.exe) | 13.37 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe [30/04/2021 11:20:44] CPU Usage:0 % 4840 | [Owner : Système | Parent : 1236(services.exe) | 1.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4900 | [Owner : rugby | Parent : 4840(svchost.exe) | 14.66 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 11:09:00] CPU Usage:0 % 5084 | [Owner : rugby | Parent : 5024() | 124.65 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.964) = C:\Windows\explorer.exe [12/05/2021 00:09:52] CPU Usage:0 % 2260 | [Owner : Système | Parent : 1236(services.exe) | 6.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5156 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 8.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5260 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 5.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5272 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 2.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5280 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 4.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5336 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 12.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5536 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 4.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5672 | [Owner : Système | Parent : 1236(services.exe) | 9.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5756 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 3.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5764 | [Owner : rugby | Parent : 1236(services.exe) | 13.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5844 | [Owner : Système | Parent : 1236(services.exe) | 3.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 5920 | [Owner : Système | Parent : 1236(services.exe) | 8.78 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.964) = C:\Windows\System32\spoolsv.exe [12/05/2021 00:09:52] CPU Usage:0 % 6012 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 11.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6060 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 2.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6200 | [Owner : Système | Parent : 5672(svchost.exe) | 2.66 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.19041.1) = C:\Windows\System32\wlanext.exe [07/12/2019 11:08:13] CPU Usage:0 % 6236 | [Owner : Système | Parent : 1236(services.exe) | 3.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6248 | [Owner : Système | Parent : 6200(wlanext.exe) | 0.14 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.964) = C:\Windows\System32\conhost.exe [12/05/2021 00:10:01] CPU Usage:0 % 6396 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 4.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6680 | [Owner : Système | Parent : 1236(services.exe) | 6.64 Mo] - (.Index Education -.) - (1.1.0.4) = C:\Program Files (x86)\index education\mise a jour automatique\ServiceMiseAJourIndex.exe [21/07/2020 13:24:26] CPU Usage:0 % 6800 | [Owner : Système | Parent : 6680(ServiceMiseAJourIndex.exe) | 0.69 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.964) = C:\Windows\System32\conhost.exe [12/05/2021 00:10:01] CPU Usage:0 % 7060 | [Owner : Système | Parent : 1236(services.exe) | 21.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7068 | [Owner : Système | Parent : 1236(services.exe) | 12.23 Mo] - (.Panda Security, S.L. - Agent Service.) - (1.3.11.0) = C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [19/02/2019 15:22:02] CPU Usage:0 % 7096 | [Owner : Système | Parent : 1236(services.exe) | 4.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7104 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 19.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7112 | [Owner : Système | Parent : 1236(services.exe) | 0.05 Mo] - (.- The non-sucking service manager.) - (2.24.0.74) = C:\ProgramData\myCANAL\nssm.exe [26/06/2019 17:48:40] CPU Usage:0 % 7124 | [Owner : Système | Parent : 1236(services.exe) | ?????] - (.Panda Security S.L. - Antimalware service protection.) - (1.0.0.2) = C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [09/07/2020 14:32:44] CPU Usage:0 % 7160 | [Owner : Système | Parent : 1236(services.exe) | 8.25 Mo] - (.Panda Security, S.L. - PSUAService.) - (20.2.0.0) = C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [02/12/2020 17:34:39] CPU Usage:0 % 4732 | [Owner : Système | Parent : 1236(services.exe) | 3.06 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.365.1) = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [03/05/2021 11:06:18] CPU Usage:0 % 6212 | [Owner : Système | Parent : 1236(services.exe) | 2.76 Mo] - (.Realtek Semiconductor Corp. - Realtek Bluetooth BTDevManager Service Application.) - (1.1.52.1) = C:\Windows\RtkBtManServ.exe [12/06/2020 00:54:38] CPU Usage:0 % 6208 | [Owner : Système | Parent : 1236(services.exe) | 1.21 Mo] - (.Sound Research, Corp. - SECOMNService.exe.) - (2.0.8.64) = C:\Windows\System32\SECOMN64.exe [31/07/2019 02:30:22] CPU Usage:0 % 6880 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6596 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 6920 | [Owner : Système | Parent : 1236(services.exe) | 1.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7268 | [Owner : Système | Parent : 1236(services.exe) | 10.8 Mo] - (.-.) - (1.0.0.437) = C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [20/02/2019 20:19:48] CPU Usage:1 % 7288 | [Owner : rugby | Parent : 1380(svchost.exe) | 45.86 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [30/04/2021 11:20:23] CPU Usage:0 % 7296 | [Owner : Système | Parent : 1236(services.exe) | 13.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7416 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 1.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7500 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7524 | [Owner : Système | Parent : 7112(nssm.exe) | 0.22 Mo] - (.-.) - (0.0.0.0) = C:\ProgramData\myCANAL\myCANAL.Service.exe [29/11/2019 16:09:16] CPU Usage:0 % 7632 | [Owner : Système | Parent : 7524(myCANAL.Service.exe) | 0.64 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.964) = C:\Windows\System32\conhost.exe [12/05/2021 00:10:01] CPU Usage:0 % 7920 | [Owner : Système | Parent : 1236(services.exe) | 4.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 4652 | [Owner : rugby | Parent : 1380(svchost.exe) | 6.07 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 8604 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | 4.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 9132 | [Owner : rugby | Parent : 1380(svchost.exe) | 68.58 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:2 % 9484 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 11.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 9980 | [Owner : rugby | Parent : 1380(svchost.exe) | 3.85 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.746) = C:\Windows\System32\SettingSyncHost.exe [30/04/2021 11:20:53] CPU Usage:0 % 10036 | [Owner : rugby | Parent : 1380(svchost.exe) | 25.56 Mo] - (.Microsoft Corporation - LockApp.exe.) - (10.0.19041.844) = C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [30/04/2021 11:20:43] CPU Usage:0 % 9320 | [Owner : rugby | Parent : 1380(svchost.exe) | 22.67 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 10748 | [Owner : Système | Parent : 1380(svchost.exe) | 4.01 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [30/04/2021 11:20:33] CPU Usage:0 % 10588 | [Owner : rugby | Parent : 1380(svchost.exe) | 13.88 Mo] - (.Microsoft Corporation - YourPhone.) - (1.21042.95.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.95.0_x64__8wekyb3d8bbwe\YourPhone.exe [18/05/2021 07:18:09] CPU Usage:0 % 11316 | [Owner : Système | Parent : 1236(services.exe) | 7.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 11636 | [Owner : rugby | Parent : 1380(svchost.exe) | 13 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 11816 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 4.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 10624 | [Owner : Système | Parent : 1236(services.exe) | 1.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 12392 | [Owner : rugby | Parent : 1236(services.exe) | 6.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 12852 | [Owner : rugby | Parent : 5084(explorer.exe) | 3.92 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe [07/12/2019 11:08:41] CPU Usage:0 % 12884 | [Owner : Système | Parent : 1236(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe [12/05/2021 00:10:01] CPU Usage:0 % 12984 | [Owner : rugby | Parent : 5084(explorer.exe) | 2.79 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.365.1) = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe [03/05/2021 11:06:18] CPU Usage:0 % 13132 | [Owner : rugby | Parent : 5084(explorer.exe) | 1.68 Mo] - (.Realtek - Realtek WOWL Utility.) - (1.0.0.6) = C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [30/09/2019 01:15:04] CPU Usage:0 % 13280 | [Owner : rugby | Parent : 5084(explorer.exe) | 39.82 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (21.73.411.2) = C:\Users\rugby\AppData\Local\Microsoft\OneDrive\OneDrive.exe [12/12/2019 11:50:55] CPU Usage:0 % 14160 | [Owner : rugby | Parent : 14088() | 9.72 Mo] - (.Panda Security, S.L. - AV Console.) - (20.2.0.0) = C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [02/12/2020 17:33:24] CPU Usage:0 % 6428 | [Owner : rugby | Parent : 4104() | 11.56 Mo] - (.HP Inc. - HPSystemEventUtilityHost.) - (1.1.21.0) = C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.21.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe [06/09/2020 18:10:33] CPU Usage:0 % 14300 | [Owner : rugby | Parent : 1400(svchost.exe) | 9.93 Mo] - (.HP Inc. - HPAudioSwitch.) - (1.0.154.0) = C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [18/07/2018 13:30:54] CPU Usage:0 % 13880 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 13804 | [Owner : SERVICE RÉSEAU | Parent : 1236(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 12224 | [Owner : Système | Parent : 1236(services.exe) | 5.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 7848 | [Owner : Système | Parent : 1236(services.exe) | 6.84 Mo] - (.HP Inc. - CommRecovery.) - (2.0.17.0) = C:\Program Files\HPCommRecovery\HPCommRecovery.exe [17/05/2019 10:58:48] CPU Usage:0 % 5708 | [Owner : Système | Parent : 1236(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe [30/04/2021 11:21:32] CPU Usage:0 % 6112 | [Owner : Système | Parent : 1236(services.exe) | 11.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 10972 | [Owner : rugby | Parent : 5084(explorer.exe) | 294.24 Mo] - (.Max Value Software LLC - HoldemManager.Server.) - (3.1.16.0) = C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe [29/03/2021 18:23:06] CPU Usage:0 % 2768 | [Owner : rugby | Parent : 10972(HoldemManager.Server.exe) | 2.07 Mo] - (.Max Value Software, LLC. - Holdem Manager 3 Hud.) - (0.1.127.0) = C:\Program Files (x86)\Holdem Manager 3\HM3Hud.exe [18/03/2021 11:12:16] CPU Usage:0 % 3732 | [Owner : rugby | Parent : 1380(svchost.exe) | 11.58 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 2724 | [Owner : rugby | Parent : 1380(svchost.exe) | 15.28 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 10120 | [Owner : rugby | Parent : 1380(svchost.exe) | 24.22 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe [30/04/2021 11:20:23] CPU Usage:0 % 3440 | [Owner : rugby | Parent : 1380(svchost.exe) | 0.57 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.13426.20910) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxOutlook.exe [03/05/2021 10:57:50] CPU Usage:0 % 10900 | [Owner : rugby | Parent : 1380(svchost.exe) | 6.87 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.13426.20920) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20920.0_x64__8wekyb3d8bbwe\HxTsr.exe [03/05/2021 10:57:50] CPU Usage:0 % 3048 | [Owner : Système | Parent : 1236(services.exe) | 9.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 2792 | [Owner : Système | Parent : 1236(services.exe) | 12.42 Mo] - (.Panda Security, S.L. - Application Host Service.) - (20.2.0.0) = C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [01/12/2020 23:49:30] CPU Usage:0 % 15516 | [Owner : rugby | Parent : 1380(svchost.exe) | 0.31 Mo] - (.-.) - (10.21021.1031.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21021.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe [02/03/2021 14:18:24] CPU Usage:0 % 16304 | [Owner : rugby | Parent : 1380(svchost.exe) | 1.55 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 17000 | [Owner : Système | Parent : 1236(services.exe) | 13.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 19648 | [Owner : Système | Parent : 1236(services.exe) | 6.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 22660 | [Owner : Système | Parent : 1236(services.exe) | 1.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 22492 | [Owner : rugby | Parent : 1380(svchost.exe) | 16.44 Mo] - (.-.) - (1.21042.95.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.95.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe [18/05/2021 07:18:10] CPU Usage:0 % 24232 | [Owner : rugby | Parent : 1380(svchost.exe) | 41.52 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19041.610) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [30/04/2021 11:22:16] CPU Usage:0 % 24020 | [Owner : rugby | Parent : 1380(svchost.exe) | 18.58 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 20068 | [Owner : rugby | Parent : 1380(svchost.exe) | 12.74 Mo] - (.Microsoft Corporation -.) - (2001.22012.0.2020) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe [12/05/2021 00:10:26] CPU Usage:0 % 18796 | [Owner : rugby | Parent : 1380(svchost.exe) | 4.55 Mo] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.19041.746) = C:\Windows\System32\CompPkgSrv.exe [30/04/2021 11:19:50] CPU Usage:0 % 16536 | [Owner : rugby | Parent : 1380(svchost.exe) | 9.02 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [30/04/2021 11:20:33] CPU Usage:0 % 8504 | [Owner : rugby | Parent : 1380(svchost.exe) | 13.74 Mo] - (.Microsoft Corporation - Microsoft OneDriveFile Co-Authoring Executable.) - (21.73.411.2) = C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileCoAuth.exe [11/05/2021 11:01:45] CPU Usage:0 % 16720 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 1.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 24068 | [Owner : rugby | Parent : 17492() | 17.39 Mo] - (.Piriform Software Ltd - CCleaner.) - (5.79.0.8704) = C:\Program Files\CCleaner\CCleaner64.exe [22/04/2021 12:52:04] CPU Usage:0 % 6268 | [Owner : Système | Parent : 1236(services.exe) | 1.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 14852 | [Owner : Système | Parent : 1236(services.exe) | 271.08 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.970) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [19/05/2021 21:44:28] CPU Usage:0 % 9252 | [Owner : rugby | Parent : 14852(MBAMService.exe) | 28.02 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (4.0.0.987) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [19/05/2021 21:44:28] CPU Usage:0 % 22804 | [Owner : rugby | Parent : 5084(explorer.exe) | 60.41 Mo] - (.Malwarebytes - Malwarebytes.) - (4.0.0.987) = C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe [19/05/2021 21:44:28] CPU Usage:0 % 14968 | [Owner : rugby | Parent : 1400(svchost.exe) | 10.16 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe [30/04/2021 11:20:44] CPU Usage:0 % 15992 | [Owner : Système | Parent : 1236(services.exe) | 2.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 1340 | [Owner : rugby | Parent : 1380(svchost.exe) | 0.33 Mo] - (.-.) - (10.2103.8.0) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe [28/04/2021 08:32:09] CPU Usage:0 % 23828 | [Owner : rugby | Parent : 1380(svchost.exe) | 1.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [30/04/2021 11:20:04] CPU Usage:0 % 16104 | [Owner : rugby | Parent : 5084(explorer.exe) | 147.22 Mo] - (.Max Value Software LLC - Holdem Manager 3.) - (3.1.16.0) = C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe [29/03/2021 18:23:06] CPU Usage:1 % 9656 | [Owner : rugby | Parent : 16104(HoldemManager3.exe) | 7.78 Mo] - (.The CefSharp Authors - CefSharp.BrowserSubprocess.) - (79.1.360.0) = C:\Program Files (x86)\Holdem Manager 3\CefSharp.BrowserSubprocess.exe [05/01/2020 18:16:33] CPU Usage:0 % 10656 | [Owner : rugby | Parent : 16104(HoldemManager3.exe) | 6.98 Mo] - (.The CefSharp Authors - CefSharp.BrowserSubprocess.) - (79.1.360.0) = C:\Program Files (x86)\Holdem Manager 3\CefSharp.BrowserSubprocess.exe [05/01/2020 18:16:33] CPU Usage:0 % 13364 | [Owner : rugby | Parent : 16104(HoldemManager3.exe) | 5.77 Mo] - (.The CefSharp Authors - CefSharp.BrowserSubprocess.) - (79.1.360.0) = C:\Program Files (x86)\Holdem Manager 3\CefSharp.BrowserSubprocess.exe [05/01/2020 18:16:33] CPU Usage:0 % 15320 | [Owner : SERVICE RÉSEAU | Parent : 1380(svchost.exe) | 13.45 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [30/04/2021 11:20:23] CPU Usage:0 % 5168 | [Owner : rugby | Parent : 5084(explorer.exe) | 1.12 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.746) = C:\Windows\System32\rundll32.exe [30/04/2021 11:20:52] CPU Usage:0 % 25148 | [Owner : rugby | Parent : 25224() | 258.88 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:1 % 12848 | [Owner : rugby | Parent : 25148(firefox.exe) | 103.22 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 17380 | [Owner : rugby | Parent : 25148(firefox.exe) | 84.88 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 25116 | [Owner : rugby | Parent : 25148(firefox.exe) | 90.9 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 16648 | [Owner : Système | Parent : 1236(services.exe) | 25.12 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.13929.20250) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [21/05/2021 22:10:54] CPU Usage:0 % 19300 | [Owner : rugby | Parent : 2768(HM3Hud.exe) | 1.31 Mo] - (.Max Value Software, LLC. - Holdem Manager 3 Hud Process.) - (0.1.127.0) = C:\Program Files (x86)\Holdem Manager 3\HM3HudProcess.exe [18/03/2021 11:12:16] CPU Usage:0 % 4588 | [Owner : Système | Parent : 16648(OfficeClickToRun.exe) | 0.08 Mo] - (.Microsoft Corporation - Microsoft Application Virtualization Client Shell Notifier.) - (10.0.19041.562) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe [21/05/2021 22:10:54] CPU Usage:0 % 15856 | [Owner : rugby | Parent : 16648(OfficeClickToRun.exe) | 0.06 Mo] - (.Microsoft Corporation - Microsoft Application Virtualization Client Shell Notifier.) - (10.0.19041.562) = C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe [21/05/2021 22:10:54] CPU Usage:0 % 17104 | [Owner : Système | Parent : 1236(services.exe) | 50.48 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.844) = C:\Windows\System32\SearchIndexer.exe [30/04/2021 11:20:13] CPU Usage:0 % 8744 | [Owner : rugby | Parent : 25148(firefox.exe) | 6 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 17496 | [Owner : rugby | Parent : 1380(svchost.exe) | 85.66 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.964) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [12/05/2021 00:10:28] CPU Usage:0 % 15544 | [Owner : Système | Parent : 1236(services.exe) | 18.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 12132 | [Owner : SERVICE LOCAL | Parent : 1236(services.exe) | 5.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 20496 | [Owner : rugby | Parent : 3532(SysInfoCap.exe) | 24.39 Mo] - (.HP Inc. -.) - (1.31.2309.0) = C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\BridgeCommunication.exe [24/03/2021 22:28:52] CPU Usage:0 % 5184 | [Owner : Système | Parent : 1380(svchost.exe) | 17.76 Mo] - (.Microsoft Corporation - MoUSO Core Worker Process.) - (10.0.19041.964) = C:\Windows\System32\MoUsoCoreWorker.exe [12/05/2021 00:09:57] CPU Usage:0 % 11928 | [Owner : Système | Parent : 1236(services.exe) | 5.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [30/04/2021 11:20:33] CPU Usage:0 % 19972 | [Owner : rugby | Parent : 25148(firefox.exe) | 165.82 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 16608 | [Owner : rugby | Parent : 25148(firefox.exe) | 118.24 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 2332 | [Owner : Système | Parent : 17104(SearchIndexer.exe) | 13.21 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.19041.844) = C:\Windows\System32\SearchProtocolHost.exe [30/04/2021 11:20:13] CPU Usage:0 % 22352 | [Owner : rugby | Parent : 25148(firefox.exe) | 166.46 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 3720 | [Owner : rugby | Parent : 1380(svchost.exe) | 1.78 Mo] - (.-.) - (2020.20120.4004.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe [13/03/2021 15:16:42] CPU Usage:0 % 18900 | [Owner : rugby | Parent : 25148(firefox.exe) | 106.62 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 15692 | [Owner : SERVICE LOCAL | Parent : 5156(svchost.exe) | 20.04 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.19041.906) = C:\Windows\System32\audiodg.exe [30/04/2021 11:19:51] CPU Usage:0 % 11452 | [Owner : rugby | Parent : 1380(svchost.exe) | 36.62 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.844) = C:\Windows\System32\smartscreen.exe [30/04/2021 11:20:03] CPU Usage:0 % 12388 | [Owner : rugby | Parent : 25148(firefox.exe) | 59.42 Mo] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe [21/05/2021 22:08:51] CPU Usage:0 % 7480 | [Owner : rugby | Parent : 5084(explorer.exe) | 62.04 Mo] - (.SosVirus - QuickDiag.) - (7.140.21.2) = C:\Users\rugby\Downloads\QuickDiag.exe [20/05/2021 10:46:39] CPU Usage:0 % 2772 | [Owner : SERVICE RÉSEAU | Parent : 1380(svchost.exe) | 11.04 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [30/04/2021 11:21:00] CPU Usage:0 % ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\TextShaping.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (.HP Inc..-.HP DeskBand.) - (8.2.20.0) -- C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFMessenger9_3\HPSFTaskbar.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (27.20.1030.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (27.20.1030.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (27.20.1030.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\atidxx64.dll (.Advanced Micro Devices, Inc..-.Radeon Settings: Host Service.) - (2.0.0.1788) -- C:\WINDOWS\SYSTEM32\amdihk64.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Panda Security, S.L..-.Shell extension.) - (4.0.11.0) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Free Time.-.FormatFactory Shell Menu Module.) - (1.5.0.0) -- C:\Program Files\FormatFactory\ShellEx_108.dll (.The ICU Project.-.ICU Combined Library.) - (64.2.0.0) -- C:\Windows\System32\icu.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\system32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (..-..) - (0.0.0.0) -- c:\windows\system32\TextShaping.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL HPSEU_Host_Launcher - (C:\System.sav\util\HpseuHostLauncher.exe [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU HPSEU_Host_Launcher - (C:\System.sav\util\HpseuHostLauncher.exe [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU HPSEU_Host_Launcher - (C:\System.sav\util\HpseuHostLauncher.exe [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\...\Run]) - User: LAPTOP-K9KI7NDF\rugby OneDrive - ("C:\Users\rugby\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\...\Run]) - User: LAPTOP-K9KI7NDF\rugby HoldemManager.Server - (C:\Users\rugby\AppData\Roaming\Max Value Software\Holdem Manager\3.0\HoldemManager.Server.lnk [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\...\Run]) - User: LAPTOP-K9KI7NDF\rugby CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\...\Run]) - User: LAPTOP-K9KI7NDF\rugby SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public RtkAudUService - ("C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe" -background [HKLM\SOFTWARE\...\Run]) - User: Public RtlS5Wake - (C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion\Run] "HPSEU_Host_Launcher"=C:\System.sav\util\HpseuHostLauncher.exe [30/09/2019 01:21:01] "OneDrive"="C:\Users\rugby\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "HoldemManager.Server"=C:\Users\rugby\AppData\Roaming\Max Value Software\Holdem Manager\3.0\HoldemManager.Server.lnk [05/01/2020 18:16:35] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "HPSEU_Host_Launcher"=0x020000000000000000000000 "OneDrive"=0x020000000000000000000000 "GoogleChromeAutoLaunch_5ADD7A1019CB2E9C22E77B34C0C2A831"=0x020000000000000000000000 "HoldemManager.Server"=0x020000000000000000000000 "Web Companion"=0x020000000000000000000000 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Canon MG5700 series,winspool,Ne03: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtkAudUService"="C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe" -background "RtlS5Wake"=C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [30/09/2019 01:15:04] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RUNFBI"=0x040000000000000000000000 "RtkAudUService"=0x060000000000000000000000 "RtlS5Wake"=0x060000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "PSUAMain"=0x020000000000000000000000 "SunJavaUpdateSched"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D746B260A0E7C4 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "PSUAMain"="C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List CCleaner Update CCleanerSkipUAC HPAudioSwitch MicrosoftEdgeUpdateTaskMachineCore MicrosoftEdgeUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-551630138-3040592011-1240718164-1001 ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=2 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [12/12/2019 11:43:16] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=1256 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "PendingFileRenameOperations"=\??\C:\WINDOWS\TEMP\{EF4168C0-095F-4CFC-8CB3-139A11AC89BE}\psUniqueExecution.ini \??\C:\WINDOWS\TEMP\GlobalExe.exe \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\a\asdk.dll \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\a\ \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\p\pfBL.dll \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\p\ \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\ui\pfUI.dll \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\ui\res\Montserrat-Regular.otf \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\ui\res\ \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\ui\ \??\C:\Users\rugby\AppData\Local\Temp\nsd46E3.tmp\ \??\C:\WINDOWS\TEMP\MBInstallTemp\dbclspkg\Actions.dll !\??\C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll \??\C:\WINDOWS\TEMP\MBInstallTemp\dbclspkg\BrowserSDKDLL.dll !\??\C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll \??\C:\WINDOWS\TEMP\MBInstallTemp\dbclspkg\MBAMCore.dll !\??\C:\Program Files\Malwarebytes\Anti-Malware\MBAMCore.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\vcruntime140_1.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\vcruntime140.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\streamserver.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\repoman.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\officeclicktorun.exe \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\msvcp140.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\msix.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386\apiclient.dll \??\c:\program files\common files\microsoft shared\clicktorun\updates\16.0.13929.20386 \??\C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates \??\C:\WINDOWS\fonts\OFFSYM.TTF \??\C:\WINDOWS\fonts\OFFSYMB.TTF \??\C:\WINDOWS\fonts\OFFSYML.TTF \??\C:\WINDOWS\fonts\OFFSYMSB.TTF \??\C:\WINDOWS\fonts\OFFSYMSL.TTF \??\C:\WINDOWS\fonts\OFFSYMXL.TTF \??\C:\WINDOWS\fonts\flat_officeFontsPreview.ttf \??\C:\Users\rugby\AppData\Local\Temp\ab2450d9-3579-425d-ae22-9b3a36ae55dd.tmp \??\C:\Users\rugby\AppData\Local\Temp\GoogleUpdate.exe1dfb5dfb \??\C:\Users\rugby\AppData\Local\Temp\goopdate.dll1dfb5e1a [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=a9f59686-c5d3-4ed4-90de-b64d1ad "GlassSessionId"=1 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "WallPaper"=C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg [30/09/2019 01:25:49] "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1408 "MaxMonitorDimension"=1408 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100093A0B00560500000103000000A1AB98DD4ED30143003A005C00770069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C004800500020004200610063006B00670072006F0075006E00640073005C006200610063006B00670072006F0075006E006400440065006600610075006C0074002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "EdgeDesktopShortcutCreated"=1 "ExcludedFromStableAnaheimDownloadPromotionSL"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D11050000FB9A790967ADD111ABCD00C04FC30936BB0000004DE6B8A97E3F324D8FC9E391DEE67D7529010000BD0E0C47735D584D9CEDE91E22E23282620200000114020000000000C000000000000046F4010000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=61 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "FirstRunTelemetryComplete"=1 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x5213A46000000000 "ShowCortanaButton"=1 "ReindexedProfile"=1 "TaskbarMigratedBrowserPin"=1 "ShellViewReentered"=1 "TaskbarSizeMove"=0 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 "MaxGPOScriptWait"=600 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 "MaxGPOScriptWait"=600 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=2 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19042 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x23E86B570100020007006D00E6B00300910C0400910C0400D2000000020009001D47B08382FC1E00D327050079D501002198010055450000000000000000000000000000089E0400921800001B0200008B172E26AB50D701E6B003000000000001000000E6B00300624A0000000000000000000000000000 "DP"=0xD200E800300002000700000023E86B5700000000000000009C3E2E26AB50D7019C3E2E26AB50D701000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F805101007D00010040407B0060487B00F001010020A3E03123A3E03753FC0000789A0040789A0144BBA5000064880442648A4C62DA1901005128280051A9B9129D0300800072001D02F6001D3F8900008624400186244001C6140100804D340D884F340DF31A01000C0DC4210E4DC4211E2400800210304C02103A4C211701800188282803E82829 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=5928821921031 "ShutdownFlags"=2147483687 "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-551630138-3040592011-1240718164-1001 "LastUsedUsername"=rugby [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [07/12/2019 11:08:49] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [07/12/2019 16:50:50] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [07/12/2019 16:50:50] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\SysInfoEx.exe"=0x534143500100000000000000070000002800000028A21000EEF9100001000000000000000000000A73220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008BF6862E000000000300000003000000 "C:\Users\rugby\Desktop\MCPR.exe"=0x53414350010000000000000002000000280000000000000000000040000000000000000000000000000000001DF20400000000000100000001000000 "C:\Users\rugby\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000D822002D9E230001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000038EA0200000000000200000002000000 "C:\Users\rugby\Desktop\kprm_2.8.exe"=0x5341435001000000000000000700000028000000A8EF2A00DCEC2B0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000054EC0000000000000100000001000000 "C:\Program Files (x86)\e-methode Espagnol\e-methode Espagnol.exe"=0x5341435001000000000000000700000028000000002E020097EF000001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000019301700000000000100000001000000 "C:\Program Files\LibreOffice\program\soffice.exe"=0x53414350010000000000000007000000280000003055010086FE010001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000A8C4632E000000009A0300009A030000 "C:\Program Files\LibreOffice\program\swriter.exe"=0x5341435001000000000000000700000028000000303F0100E8DD010001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000088B7C013000000000600000006000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.052.0311.0011\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787F0500BA45060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Screencast-O-Matic\v2\Screencast-O-Matic.exe"=0x5341435001000000000000000700000028000000D8AC0100B2FE010001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000002D7EB609000000000900000009000000 "C:\Program Files (x86)\GeoGebra 5.0\GeoGebra.exe"=0x534143500100000000000000070000002800000030E60200F42603000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000000001000000000000000000000000000002A3FF648000000002000000020000000 "SIGN.MEDIA=1C9AC0 TI-SmartView CE USB pour la famille TI-83.exe"=0x534143500100000000000000070000002800000000860400E993040001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000149E5C05000000000200000002000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000689F05002C93060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Index Education\Pronote 2019\Réseau\Client\Client PRONOTE.exe"=0x534143500100000000000000070000002800000068DE020806E7020801000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003237CB00000000000300000003000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078AD0500288B060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.114.0607.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070FF050011A7060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070010600B470060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000785BA1003FB2A10001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000CB030600000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.134.0705.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000680D060024A7060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\Downloads\VdhCoAppSetup-1.5.0.exe"=0x534143500100000000000000070000002800000030449702BC9F970201000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000082840000000000000300000003000000 "C:\Users\rugby\Downloads\Install_PRNclient_FR_2020.0.2.1_win64.exe"=0x5341435001000000000000000700000028000000F016DD08847FDD0801000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000DB70200A000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000687906004ACF060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\EduPython\EduPython.exe"=0x53414350010000000000000007000000280000007D6241000000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000232C6601000000000700000007000000 "SIGN.MEDIA=6206B77 Jean Gi 2019-2020\SNT\Filius.exe"=0x5341435001000000000000000700000028000000E4B01800CAFD010001000000000000000000000A71200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000B060000000000000100000001000000 "C:\Program Files (x86)\Filius\Filius.exe"=0x5341435001000000000000000700000028000000A1BF18002297010001000000000000000000000A71200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000006850D303000000000600000006000000 "SIGN.MEDIA=1B4F Jean Gi 2019-2020\SNT\Filius.exe"=0x5341435001000000000000000700000028000000A1BF18002297010001000000000000000000000A71200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000068010000000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.169.0823.0006\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006897060033E3060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078970600F363070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\GeoGebra_6\Update.exe"=0x53414350010000000000000002000000280000000000000000000000000000000000000000000000000000000F9200000000000002000000020000000700000028000000B83A1700E517180001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\rugby\Desktop\Demande de prêt\Installe_Sinequanon.exe"=0x534143500100000000000000070000002800000021C776010000000001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000974F0000000000000100000001000000 "C:\Program Files (x86)\Sine qua non\sinequanon.exe"=0x5341435001000000000000000700000028000000001649000000000001000000000000000000000A71200000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001DE16901000000000200000002000000 "C:\Users\rugby\Downloads\utweb_installer.exe"=0x5341435001000000000000000700000028000000C8BE3B0160E43B0101000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006B540300000000000100000001000000 "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe"=0x534143500100000000000000070000002800000060B00500F52A060001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000001B5C0300000000000100000001000000 "C:\ProgramData\EnigmaSoft Limited\sh5_installer.exe"=0x534143500100000000000000070000002800000038D46300DAF9630001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C9FD0000000000000100000001000000 "C:\Users\rugby\AppData\Roaming\uTorrent Web\Uninstall.exe"=0x5341435001000000000000000700000028000000A0F703005B24040001000000000000000000000A00210000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C72D0000000000000100000001000000 "C:\Users\rugby\Downloads\uTorrent.exe"=0x534143500100000000000000070000002800000080824E00B5564F0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000003B1F0100000000000100000001000000 "C:\Users\rugby\Downloads\vlc-3.0.11-win64.exe"=0x5341435001000000000000000700000028000000A82F7E02F3577E0201000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000076A70100000000000100000001000000 "C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F007B260F0001000000000000000000000600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003F4F7200000000000B0000000B000000 "C:\Users\rugby\Downloads\formatfactory-5-4-5-1.exe"=0x534143500100000000000000070000002800000060994805887E490501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000F299D500000000000100000001000000 "C:\Program Files\FormatFactory\FormatFactory.exe"=0x5341435001000000000000000700000028000000B0083A006CB23A0001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000345B400A000000000100000001000000 "C:\Users\rugby\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000D83E2000482C210001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000007336636D000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000789D06009504070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\LibreOffice\program\scalc.exe"=0x53414350010000000000000007000000280000003027010053B5010001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008FFF4800000000000700000007000000 "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000388BB10339B6B10301000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.002.0104.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068B10600CBBF060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000609B1C00EC5F1D0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.016.0124.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000080B70600E2DC060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe"=0x534143500100000000000000070000002800000098E805009F8A060001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000080000000000000000000000000000000000000006F768002000000000100000001000000 "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe"=0x5341435001000000000000000700000028000000008502009CA2020001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000058715C00000000000200000002000000 "C:\Users\rugby\Downloads\PokerStoveSetup124.exe"=0x5341435001000000000000000700000028000000093E15000000000001000000000000000000030600010000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F9560000000000000100000001000000 "C:\Program Files (x86)\PokerStove\PokerStove.exe"=0x534143500100000000000000070000002800000000E446002502470001000000000000000000030671220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000001F490000000000000100000001000000 "C:\Users\rugby\Downloads\equilab.exe"=0x5341435001000000000000000700000028000000949FA1000000000001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000008E7C0100000000000100000001000000 "C:\Program Files (x86)\PokerStove\unins000.exe"=0x5341435001000000000000000700000028000000C92A12000000000001000000000000000000030600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000000200000000000000000000000000003D1D0000000000000100000001000000 "C:\Program Files (x86)\PokerStrategy.com\PokerStrategy.com Equilab\Equilab.exe"=0x534143500100000000000000070000002800000000688E0089398F0001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000F29D1B00000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068BF0600235C070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078C70600A1F7060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Index Education\Pronote 2020\Réseau\Client\Client PRONOTE.exe"=0x534143500100000000000000070000002800000068B89C0829759D0801000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000759C6C07000000001300000013000000 "C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe"=0x5341435001000000000000000700000028000000702820004956200001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000CC697104000000000100000001000000 "C:\Users\rugby\AppData\Roaming\Movavi Video Editor Plus 2021\VideoEditorPlus.exe"=0x534143500100000000000000070000002800000080E2160082C1170001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000301A0000000000000100000001000000 "C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe"=0x5341435001000000000000000700000028000000C8A60A0035980B0001000000000000000000000A7522000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000083C60D24000000000300000003000000 "C:\Program Files\Shotcut\shotcut.exe"=0x5341435001000000000000000700000028000000E08D2E004ADC2E0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000059B71700000000000100000001000000 "C:\Users\rugby\AppData\Roaming\Movavi Video Editor Plus 2021\uninst.exe"=0x5341435001000000000000000700000028000000802812000C28130003000000000000000000010600010000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000800000000000000080000000000009300000000000000100000001000000010000000400000001000000 "C:\Program Files\Shotcut\uninstall.exe"=0x5341435001000000000000000700000028000000C05D0100B437F40403000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000 "C:\Program Files\OpenShot Video Editor\unins000.exe"=0x5341435001000000000000000700000028000000C8EC2A00FB4B2B0003000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000E2A0000000000000100000001000000 "C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe"=0x5341435001000000000000000700000028000000A84EA803E82CA90301000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000077D63D02000000000200000002000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070890700E2DC070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000080BF390241B93A0201000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078890700F37F080001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x53414350010000000000000007000000280000007090240003C9240001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000077010000000000000400000004000000 "C:\Users\rugby\AppData\Local\Betclic Poker.fr\casino.exe"=0x534143500100000000000000070000002800000070362B0092932B0001000000000000000000000A7120000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000EEE2CF11000000000900000009000000 "C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe"=0x5341435001000000000000000700000028000000C8248F0097678F0001000000000000000000000A7322000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000020200000000000000000000000000220A0000000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000A051D80082A8D80001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003C100000000000000100000001000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000048340202F326030201000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000024070000000000000100000001000000 "C:\Users\rugby\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x534143500100000000000000070000002800000068151E00FFD81E0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x534143500100000000000000070000002800000098B5320051FD320001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\setup.exe"=0x5341435001000000000000000700000028000000683629001C352A0003000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\rugby\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000F04A4500D48C450001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000084A30000000000000100000001000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf] ""=@SYS:DoesNotExist [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132642956269466073 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "DisableAntiSpyware"=1 "TrustedImageIdentifier"=19WW1W6T601#SABF#DABF "ProductType"=2 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\ "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x53C87DCF1F77D501 "LastEnabledTime"=0xDF1BDAD01A4CD701 "OOBEInstallTime"=0xA9B2A239113ED701 "DisableAntiVirus"=1 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:807::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:807::200e?: temps=314 ms R?ponse de 2a00:1450:4007:807::200e?: temps=10 ms R?ponse de 2a00:1450:4007:807::200e?: temps=10 ms R?ponse de 2a00:1450:4007:807::200e?: temps=67 ms Statistiques Ping pour 2a00:1450:4007:807::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 10ms, Maximum = 314ms, Moyenne = 100ms ---------- | @ [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Start Page"=about:blank "Default_Page_URL"=http://hp17win10.msn.com/?pc=HCTE "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "ImageStoreRandomFolder"=jh1i826 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x9401482F993DD701 "WarnonZoneCrossing"=0 "LockDatabase"=132661456191606329 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Start Page"=about:blank "Default_Page_URL"=http://hp17win10.msn.com/?pc=HCTE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [30/04/2021 11:20:39] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho.dll [21/05/2021 22:08:51] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [12/12/2019 12:06:31] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho.dll [21/05/2021 22:08:51] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [03/03/2021 22:11:21] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [12/12/2019 12:06:31] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL C:\Users\rugby\AppData\Roaming\Mozilla\Firefox\Profiles\6o2rfoob.default-release\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20210504152106"); user_pref("browser.startup.homepage_override.mstone", "88.0.1"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.blocklist.pingCountVersion", 0); user_pref("extensions.databaseSchema", 33); user_pref("extensions.getAddons.cache.lastUpdate", 1621868130); user_pref("extensions.getAddons.databaseSchema", 6); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20210504152106"); user_pref("extensions.lastAppVersion", "88.0.1"); user_pref("extensions.lastPlatformVersion", "88.0.1"); user_pref("extensions.pendingOperations", true); user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.extension.hidden", false); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.ui.plugin.hidden", false); user_pref("extensions.webcompat.enable_shims", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.https-everywhere@eff.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.uBlock0@raymondhill.net", true); user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"6cc2eb14-3865-469c-9542-bf72af2970c2\",\"formautofill@mozilla.org\":\"735ebf7b-c84b-4d22-a3d1-311385904890\",\"pictureinpicture@mozilla.org\":\"24c1d066-a490-4c1c-860f-798a2de917ea\",\"screenshots@mozilla.org\":\"4118ee33-f5e4-4bce-96a9-c9692e9ce492\",\"webcompat-reporter@mozilla.org\":\"0b4190dd-7403-4aef-8b5b-f8a25726d743\",\"webcompat@mozilla.org\":\"63e36930-ae18-4eda-af96-fe2dfc5d988c\",\"default-theme@mozilla.org\":\"3dd36235-78f5-4559-8a9b-8d11290e4466\",\"google@search.mozilla.org\":\"f2b58f8f-8e1c-4280-a393-7206c8a97e99\",\"wikipedia@search.mozilla.org\":\"47faa417-dcc3-432a-8411-acf8b22cb63d\",\"bing@search.mozilla.org\":\"5f0127e9-5106-480d-95ec-a601367fbd80\",\"amazon@search.mozilla.org\":\"e33a15a5-e4e8-4433-80ce-84cfca0010d2\",\"ddg@search.mozilla.org\":\"02bf1a69-6bae-4727-a182-02aecf71c738\",\"ebay@search.mozilla.org\":\"53db3288-c61a-4ce9-bdd5-c38d471a2937\",\"qwant@search.mozilla.org\":\"37a3c44f-af9b-482c-9f97-65e870530d41\",\"https-everywhere@eff.org\":\"4873f5d6-3120-4ee9-8223-177d665ddb0b\",\"uBlock0@raymondhill.net\":\"540342c8-9b64-4f60-b9dd-70309462c31e\",\"2.0@disconnect.me\":\"6123c2fc-516a-4ad0-bc1c-09a293d2f7d3\"}"); C:\Users\rugby\AppData\Roaming\Mozilla\Firefox\Profiles\6o2rfoob.default-release C:\Users\rugby\AppData\Roaming\Mozilla\Firefox\Profiles\86ku5atv.default [Profile0] - Name=default-release -> Profiles/6o2rfoob.default-release ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{027989d1-1d22-4cd0-beae-c8f1f9d0aea2}] "DhcpNameServer"=192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{027989d1-1d22-4cd0-beae-c8f1f9d0aea2}] "DhcpNameServer"=192.168.1.1 ---------- | Applications [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Classes\Applications\HoldemManager.exe] : "C:\Program Files (x86)\Holdem Manager 2\HoldemManager.exe" "%1" [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Classes\Applications\HoldemManager3.exe] : "C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe" "%1" [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Classes\Applications\soffice.exe] : "C:\Program Files (x86)\OpenOffice 4\program\soffice.exe" "%1" [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\rugby\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc ConsentUxUserSvc DevicePickerUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "AarSvcGroup"=AarSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Algobox] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\AMD] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\AppDataLow] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\ATI] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\AvastAdSDK] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\BetclicPoker.fr] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\betclicpokerfr/config] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\BitTorrent] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\BitTorrentPersist] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\C:/Users/rugby/AppData/Roaming/PokerClient/default_config.ini] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Canon] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Chromium] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\FlashIntegro] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\FreeTime] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Google] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\HoldemManager] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\HoldemManager3] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\HP] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Imagination Technologies] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Index Education] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Lavasoft] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Malwarebytes] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Max Value Software] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Meltytech] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Movavi] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Mozilla] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\NATHAN] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Netscape] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\ODBC] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\OpenOffice] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Opera Stable Offer] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\PASG] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Piriform] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\PokerStove] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Policies] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\PTECH] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\QtProject] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Realtek] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\RegisteredApplications] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Synaptics] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\SyncEngines] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\The Document Foundation] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\VB and VBA Program Settings] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\WixSharp] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Wow6432Node] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\ColorFiltering] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Connection Manager] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\DeviceDirectory] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Ease of Access] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Edge] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\EdgeUpdate] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Exchange] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\FamilyStore] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\FileSquirt] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Ieak] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\IMEMIP] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Installer] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Internet Mail and News] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Messaging] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\MicrosoftEdge] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\MS Design Tools] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Office] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Shared] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Shared Tools] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Silverlight] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\SkyDrive] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\StorageLibrary] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\UserDataService] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows Defender Security Center] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\RestartManager] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Algobox] [HKLM\Software\AMD] [HKLM\Software\AMDLOG] [HKLM\Software\Canon] [HKLM\Software\Chromium] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\DownloadHelper] [HKLM\Software\FlashIntegro] [HKLM\Software\FormatPlayer] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\HoldemManager2] [HKLM\Software\HP] [HKLM\Software\Index Education] [HKLM\Software\Intel] [HKLM\Software\LibreOffice] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\SoundResearch] [HKLM\Software\Synaptics] [HKLM\Software\SyncIntegrationClients] [HKLM\Software\The Document Foundation] [HKLM\Software\VideoLAN] [HKLM\Software\WinChipHead] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\AppV] [HKLM\SOFTWARE\Microsoft\AppVISV] [HKLM\SOFTWARE\Microsoft\ASP.NET] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\CloudManagedUpdate] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\DevDiv] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Edge] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\Hvsi] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\LPKSetup] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\Office] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\Pim] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayReady] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Schema Library] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Shared] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\StrongName] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\VisualStudio] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Performance Toolkit] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\SOFTWARE\Microsoft\XboxLive] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\Oasis] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Algobox] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Hewlett-Packard] [HKLM\Software\WOW6432Node\HP] [HKLM\Software\WOW6432Node\HP Inc.] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\JavaSoft] [HKLM\Software\WOW6432Node\JreMetrics] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\MCPR] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenOffice] [HKLM\Software\WOW6432Node\Oracle] [HKLM\Software\WOW6432Node\Panda Security] [HKLM\Software\WOW6432Node\Panda Software] [HKLM\Software\WOW6432Node\PostgreSQL] [HKLM\Software\WOW6432Node\PostgreSQL Global Development Group] [HKLM\Software\WOW6432Node\Wow6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\ASP.NET] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\Edge] [HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\InputPersonalization] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\Personalization] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Schema Library] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\Silverlight] [HKLM\Software\WOW6432Node\Microsoft\SoftGrid] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\VisualStudio] [HKLM\Software\WOW6432Node\Microsoft\VSTA Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\VSTO Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [19/03/2019 06:52:43] - |SHD| - [774] - C:\$Recycle.Bin [19/09/2020 00:20:21] - |HD| - [0] - C:\$WinREAgent [12/12/2019 09:33:44] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/05/2021 00:18:45] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [29/01/2020 15:19:50] - |D| - [1214449872] - C:\EduPython [12/12/2020 13:45:47] - |D| - [8742178636] - C:\FFOutput [MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/09/2019 01:46:48] - |ASH| - (.-.) - [2554388480] - (0.0.0.0) - C:\hiberfil.sys [03/01/2020 11:25:10] - |D| - [820229291] - C:\HM2Archive [05/01/2020 18:18:52] - |D| - [5604364288] - C:\HM3 Files [07/01/2020 23:51:05] - |D| - [116458159] - C:\HM3Archive [13/05/2019 22:03:28] - |HD| - [1281496] - C:\hp [03/05/2021 21:45:22] - |D| - [1260784673] - C:\hpswsetup [07/05/2020 18:26:32] - |D| - [1793] - C:\KPRM [14/05/2020 14:12:16] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/12/2019 09:33:37] - |ASH| - (.-.) - [18253611008] - (0.0.0.0) - C:\pagefile.sys [07/12/2019 11:14:52] - |D| - [0] - C:\PerfLogs [06/01/2020 19:50:12] - |D| - [156820854] - C:\postgreSQL [07/12/2019 11:14:52] - |RD| - [10756935945] - C:\Program Files [07/12/2019 11:14:52] - |RD| - [3405068014] - C:\Program Files (x86) [07/12/2019 11:14:52] - |HD| - [3256207970] - C:\ProgramData [20/05/2021 10:47:34] - |D| - [464094] - C:\QuickDiag [MD5.B3FFE1CEC0ED42726C588C9251928704] - [24/05/2021 17:06:47] - |A| - (.-.) - [195092] - (0.0.0.0) - C:\QuickDiag.txt [MD5.C42F6EB81BDE2DF2FB9B9C8950359174] - [20/05/2021 10:57:43] - |RAST| - (.-.) - [464059] - (0.0.0.0) - C:\QuickDiag_20_05_2021_10_57_43.txt [17/05/2019 20:12:12] - |HD| - [2674211400] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/05/2019 10:39:22] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [17/05/2019 12:10:05] - |SHD| - [0] - C:\System Volume Information [26/04/2019 18:34:24] - |AHD| - [160283557] - C:\SYSTEM.SAV [07/12/2019 11:03:44] - |RD| - [29866398321] - C:\Users [MD5.96B61B8E069832E6B809F24EA74567BA] - [26/09/2018 01:11:08] - |A| - (.Copyright (c) Microsoft Corporation. - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501.) - [7194312] - (12.0.30501.0) - C:\vcredist_x64.exe [07/12/2019 11:03:44] - |D| - [34640648476] - C:\Windows ---------- | C:\WINDOWS [07/12/2019 16:51:10] - |D| - [802] - C:\WINDOWS\addins [07/12/2019 11:14:52] - |D| - [13494107] - C:\WINDOWS\appcompat [07/12/2019 11:14:52] - |D| - [9892148] - C:\WINDOWS\apppatch [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\AppReadiness [07/12/2019 11:14:52] - |RD| - [1117787471] - C:\WINDOWS\assembly [07/12/2019 11:14:52] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.862251351EC170BB3BD59CB219491811] - [30/04/2021 11:19:51] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [77824] - (10.0.19041.746) - C:\WINDOWS\bfsvc.exe [07/12/2019 11:14:52] - |D| - [40888156] - C:\WINDOWS\Boot [MD5.544C74EF14055493EFAFA1932B9A78CB] - [30/04/2021 11:32:27] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [07/12/2019 11:14:52] - |D| - [2450448] - C:\WINDOWS\Branding [07/12/2019 11:03:44] - |D| - [0] - C:\WINDOWS\CbsTemp [07/12/2019 11:14:52] - |D| - [34067960] - C:\WINDOWS\Containers [MD5.C6C52AF48A75DCC59644DC894D2F524E] - [07/12/2019 16:53:23] - |A| - (.-.) - [29857] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.1F334AC7713E228137147CBFBB7BC9AA] - [02/04/2019 01:09:13] - |A| - (.-.) - [33951] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.094FB09D9BF23CF0B578811D9B588123] - [17/05/2019 20:31:18] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [07/12/2019 11:14:52] - |D| - [11501377] - C:\WINDOWS\Cursors [07/12/2019 11:14:52] - |D| - [4446273] - C:\WINDOWS\debug [MD5.050C668A459D689E7C033DBCA4417642] - [01/05/2021 00:33:06] - |A| - (.-.) - [22863] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [07/12/2019 11:14:52] - |D| - [4307035] - C:\WINDOWS\diagnostics [07/12/2019 11:14:52] - |D| - [1701843] - C:\WINDOWS\DiagTrack [MD5.050C668A459D689E7C033DBCA4417642] - [01/05/2021 00:33:06] - |A| - (.-.) - [22863] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [07/12/2019 16:49:55] - |D| - [0] - C:\WINDOWS\DigitalLocker [07/12/2019 11:14:52] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [07/12/2019 11:14:52] - |HD| - [66600] - C:\WINDOWS\ELAMBKUP [07/12/2019 16:49:55] - |D| - [0] - C:\WINDOWS\en-US [MD5.F5883F210AF1795C1868AE570FCB7185] - [12/05/2021 00:09:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4826160] - (10.0.19041.964) - C:\WINDOWS\explorer.exe [07/12/2019 11:14:52] - |RSD| - [477650718] - C:\WINDOWS\Fonts [07/12/2019 16:49:55] - |D| - [111616] - C:\WINDOWS\fr-FR [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [07/12/2019 11:14:52] - |D| - [57008773] - C:\WINDOWS\Globalization [07/12/2019 11:14:52] - |D| - [1315831] - C:\WINDOWS\Help [MD5.86AE3BE50DF246C646DA76E7223A968E] - [30/04/2021 11:21:37] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1076736] - (10.0.19041.906) - C:\WINDOWS\HelpPane.exe [MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.19041.1) - C:\WINDOWS\hh.exe [30/04/2021 10:44:50] - |D| - [155812897] - C:\WINDOWS\HoloShell [30/09/2019 01:19:19] - |D| - [125176263] - C:\WINDOWS\HP [MD5.773CA29CF52A53CBC931606F2D941BC8] - [17/05/2019 20:12:11] - |A| - (.Copyright (c) 2015 Hewlett-Packard Development Company, L.P. - HPCUST1.) - [3322568] - (1.0.0.1) - C:\WINDOWS\HPCUST1.exe [MD5.8D73B7ED5D099EB7E7F83FB23FB2208D] - [17/05/2019 20:12:11] - |A| - (.Copyright (c) 2015 Hewlett-Packard Development Company, L.P. - HPCUST2.) - [3322384] - (1.0.0.1) - C:\WINDOWS\HPCUST2.exe [07/12/2019 11:14:52] - |D| - [30327] - C:\WINDOWS\IdentityCRL [07/12/2019 11:14:52] - |D| - [28822470] - C:\WINDOWS\IME [07/12/2019 11:14:52] - |RD| - [8165404] - C:\WINDOWS\ImmersiveControlPanel [07/12/2019 11:13:02] - |D| - [127266002] - C:\WINDOWS\INF [07/12/2019 11:14:52] - |D| - [38193580] - C:\WINDOWS\InputMethod [07/12/2019 11:14:52] - |SHD| - [643827921] - C:\WINDOWS\Installer [07/12/2019 11:14:52] - |D| - [109650] - C:\WINDOWS\L2Schemas [07/12/2019 11:14:52] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\LiveKernelReports [07/12/2019 11:14:52] - |D| - [17497954] - C:\WINDOWS\Logs [07/12/2019 11:14:52] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 11:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [07/12/2019 11:14:52] - |RD| - [814280420] - C:\WINDOWS\Microsoft.NET [07/12/2019 11:14:52] - |D| - [3323] - C:\WINDOWS\Migration [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.423D3ADE2F14572C5BD5F546973EB493] - [30/04/2021 11:22:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [202240] - (10.0.19041.746) - C:\WINDOWS\notepad.exe [07/12/2019 16:51:57] - |D| - [199472] - C:\WINDOWS\OCR [07/12/2019 11:14:52] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [30/04/2021 08:54:19] - |DC| - [229888657] - C:\WINDOWS\Panther [07/12/2019 11:14:52] - |D| - [432724] - C:\WINDOWS\Performance [MD5.083947B49AEDB5B3CADD1F34550A569E] - [17/05/2019 10:39:21] - |A| - (.-.) - [314424] - (0.0.0.0) - C:\WINDOWS\PFRO.log [07/12/2019 11:14:52] - |D| - [1136442] - C:\WINDOWS\PLA [07/12/2019 11:14:52] - |D| - [2932885] - C:\WINDOWS\PolicyDefinitions [01/05/2021 00:23:16] - |D| - [4764806] - C:\WINDOWS\Prefetch [07/12/2019 11:14:52] - |RD| - [2234382] - C:\WINDOWS\PrintDialog [07/12/2019 11:14:52] - |D| - [6016999] - C:\WINDOWS\Provisioning [MD5.999A30979F6195BF562068639FFC4426] - [30/04/2021 11:21:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [370176] - (10.0.19041.746) - C:\WINDOWS\regedit.exe [07/12/2019 11:14:52] - |D| - [22588] - C:\WINDOWS\Registration [07/12/2019 11:14:52] - |D| - [5919488] - C:\WINDOWS\rescache [07/12/2019 11:14:52] - |D| - [3471899] - C:\WINDOWS\Resources [MD5.2BCC47E9B4EC087F02DD4F406CA5D778] - [12/06/2020 00:54:38] - |A| - (.Realtek All Rights Reserved - Realtek Bluetooth BTDevManager Service Application.) - [798296] - (1.1.52.1) - C:\WINDOWS\RtkBtManServ.exe [MD5.61521B5E44C611F8BE37D420C03831D7] - [12/06/2020 00:44:00] - |A| - (.-.) - [50100] - (0.0.0.0) - C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new [MD5.F534F369A0095BC6DDABFC6710B220BF] - [12/06/2020 00:44:00] - |A| - (.-.) - [50048] - (0.0.0.0) - C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1 [MD5.E5EBB4FE029342A38406ECEDD1203720] - [20/12/2020 17:15:44] - |A| - (.-.) - [63880] - (0.0.0.0) - C:\WINDOWS\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new [MD5.E168243E0C98DD0B0A7B598501960B7D] - [20/12/2020 17:15:44] - |A| - (.-.) - [52616] - (0.0.0.0) - C:\WINDOWS\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new [MD5.9B35CE57B1C94C75C27EB0500BF9536A] - [20/12/2020 17:15:44] - |A| - (.-.) - [50624] - (0.0.0.0) - C:\WINDOWS\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new [MD5.DA0D9D8BFF39F419DE1D8EFB67184D25] - [20/12/2020 17:15:44] - |A| - (.-.) - [61128] - (0.0.0.0) - C:\WINDOWS\rtl8822c_mp_chip_bt40_fw_asic_rom_patch_new [MD5.D926D627FBEC22AEDB702DB80D092ADC] - [20/12/2020 17:15:44] - |A| - (.-.) - [53716] - (0.0.0.0) - C:\WINDOWS\rtl8852a_mp_chip_bt40_fw_asic_rom_patch_new [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\SchCache [07/12/2019 11:14:52] - |D| - [126782] - C:\WINDOWS\schemas [07/12/2019 11:14:52] - |D| - [5317298] - C:\WINDOWS\security [30/04/2021 11:30:55] - |D| - [4731523949] - C:\WINDOWS\ServiceProfiles [07/12/2019 11:14:52] - |D| - [4096] - C:\WINDOWS\ServiceState [07/12/2019 11:03:44] - |D| - [1103489619] - C:\WINDOWS\servicing [07/12/2019 11:18:25] - |D| - [106591] - C:\WINDOWS\Setup [07/12/2019 11:14:52] - |D| - [5500416] - C:\WINDOWS\ShellComponents [07/12/2019 11:14:52] - |D| - [19058688] - C:\WINDOWS\ShellExperiences [07/12/2019 11:14:52] - |D| - [3070736] - C:\WINDOWS\SKB [12/12/2019 09:33:46] - |D| - [49182280] - C:\WINDOWS\SoftwareDistribution [07/12/2019 11:14:52] - |D| - [86037697] - C:\WINDOWS\Speech [07/12/2019 11:14:52] - |D| - [64508236] - C:\WINDOWS\Speech_OneCore [MD5.D037F0B45155C32F25C26937A30C809B] - [30/04/2021 11:19:53] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [136192] - (10.0.19041.746) - C:\WINDOWS\splwow64.exe [07/12/2019 11:14:52] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [19/03/2019 06:49:35] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [07/12/2019 11:03:44] - |D| - [5602045473] - C:\WINDOWS\System32 [07/12/2019 11:14:52] - |D| - [1879195145] - C:\WINDOWS\SystemApps [07/12/2019 11:14:52] - |D| - [168162609] - C:\WINDOWS\SystemResources [07/12/2019 11:14:52] - |D| - [1129870067] - C:\WINDOWS\SysWOW64 [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\TAPI [19/03/2019 06:52:46] - |D| - [6] - C:\WINDOWS\Tasks [07/12/2019 11:14:52] - |D| - [421102357] - C:\WINDOWS\Temp [30/04/2021 10:44:54] - |D| - [11502592] - C:\WINDOWS\TextInput [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\tracing [07/12/2019 11:14:52] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 11:10:00] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [07/12/2019 11:14:52] - |D| - [12420] - C:\WINDOWS\Vss [07/12/2019 11:14:52] - |D| - [33188] - C:\WINDOWS\WaaS [07/12/2019 11:14:52] - |D| - [17304068] - C:\WINDOWS\Web [MD5.60CDAF0811BF825164C0E246F4F5620D] - [19/03/2019 06:49:35] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 11:09:09] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [19/05/2021 21:59:20] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 11:10:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\WINDOWS\winhlp32.exe [07/12/2019 11:03:44] - |D| - [15314078225] - C:\WINDOWS\WinSxS [MD5.EA3ECB92A2EA3A42273CB3B308CA1A5B] - [22/04/2021 11:39:14] - |A| - (.-.) - [156910] - (0.0.0.0) - C:\WINDOWS\WMSysPr8.prx [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 11:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 16:52:21] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy [MD5.EEC158508F48CE5831F3DFBBB67FA8E9] - [01/04/2021 13:29:48] - |A| - (.-.) - [22] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini [08/03/2020 00:11:15] - |D| - [12] - C:\WINDOWS\System32\GroupPolicy\Machine ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [10/03/2021 18:02:10] - C:\WINDOWS\Installer\1e54db97.msi : (Panda Cloud Antivirus - Panda Security) [Header ok : D0CF11E0A1B11AE10000000000000000] [19/02/2019 16:41:01] - C:\WINDOWS\Installer\1e54dbb3.msi : (Panda Devices Agent - Panda Security) [Header ok : D0CF11E0A1B11AE10000000000000000] [16/04/2020 12:01:34] - C:\WINDOWS\Installer\26e6825.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Header ok : D0CF11E0A1B11AE10000000000000000] [18/07/2018 23:55:30] - C:\WINDOWS\Installer\2c991.msi : (HP Audio Switch - HP Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [21/07/2020 13:25:10] - C:\WINDOWS\Installer\51f46ba1.msi : (Blank Project Template - InstallShield) [Header ok : D0CF11E0A1B11AE10000000000000000] [26/02/2021 22:44:37] - C:\WINDOWS\Installer\a6f1f9d3.msi : (PokerStrategy.com Equilab - PokerStrategy.com) [Header ok : D0CF11E0A1B11AE10000000000000000] [04/09/2019 03:09:54] - C:\WINDOWS\Installer\fad63e6.msi : (OpenOffice 4.1.7 - OpenOffice) [Header ok : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [07/12/2019 11:09:39] - [3329] - C:\WINDOWS\System32\ieuinit.inf [01/05/2021 00:36:11] - [1923758] - C:\WINDOWS\System32\PerfStringBackup.INI [04/02/2021 00:38:10] - [41348] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.CTLR_DEV_34C8&LINKTYPE_05&DEVTYPE_05&VEN_8086&DEV_AE35.zip [04/02/2021 00:38:10] - [41214] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.CTLR_DEV_A0C8&LINKTYPE_05&DEVTYPE_05&VEN_8086&DEV_AE35.zip [04/02/2021 00:38:10] - [41371] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.DSP_CTLR_DEV_A0C8&VEN_8086&DEV_0222.zip [04/02/2021 00:38:10] - [731926] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0215.zip [04/02/2021 00:38:10] - [48216] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0225.zip [04/02/2021 00:38:10] - [1874159] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0236.zip [04/02/2021 00:38:10] - [613544] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0245.zip [04/02/2021 00:38:10] - [285441] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0256.zip [04/02/2021 00:38:10] - [313202] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0274.zip [04/02/2021 00:38:10] - [2689815] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0285.zip [04/02/2021 00:38:10] - [245305] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0287.zip [04/02/2021 00:38:10] - [41303] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0293.zip [04/02/2021 00:38:10] - [532891] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0295.zip [04/02/2021 00:38:10] - [48198] - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0298.zip [30/09/2019 01:37:10] - [1032] - C:\WINDOWS\System32\setup.inf [07/12/2019 11:09:05] - [60124] - C:\WINDOWS\System32\tcpmon.ini [07/12/2019 11:08:46] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [07/12/2019 11:10:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [02/01/2020 21:20:54] - [1853830] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [07/12/2019 11:09:22] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.00000000000000000000000000000000] - |D| - [24/05/2021 17:01:08] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.37082FE99A0300E394D3812954AAC549] - |A| - [18/05/2021 21:18:48] - (.-.) - [606.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210518-2118.log [MD5.BA7F025E085304EA8A74D14297C14B7F] - |A| - [18/05/2021 22:37:15] - (.-.) - [53.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210518-2237.log [MD5.6961098983837429356FCD48B4342252] - |A| - [19/05/2021 06:54:37] - (.-.) - [41.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-0654.log [MD5.6F4129EDC5F32C7C295FD6F7B6EEC9D6] - |A| - [19/05/2021 06:57:32] - (.-.) - [42.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-0657.log [MD5.B5BF23769A69B9DF529400537AD16F84] - |A| - [19/05/2021 07:10:48] - (.-.) - [47.64 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-0710.log [MD5.DB5911DEAA61FA288BD438D2169786CE] - |A| - [19/05/2021 07:28:46] - (.-.) - [47.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-0728.log [MD5.6F470B391693959D4E7D99BEAAD8828A] - |A| - [19/05/2021 07:32:14] - (.-.) - [50.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-0732.log [MD5.40747B3D03BA37481C85A018FD878CEB] - |A| - [19/05/2021 14:59:56] - (.-.) - [50.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-1459.log [MD5.BBB1A00A399D325F948AD964B48EE27E] - |A| - [19/05/2021 15:53:28] - (.-.) - [47.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-1553.log [MD5.A8871D6ADB10F1F680BB6BABAE7D9C5E] - |A| - [19/05/2021 22:30:40] - (.-.) - [49.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210519-2230.log [MD5.D127B85D79117F5176AB5E12FF790F3F] - |A| - [20/05/2021 07:08:00] - (.-.) - [50.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-0708.log [MD5.CF03F730AD2E1DF8BDB35A4EF22880FD] - |A| - [20/05/2021 07:26:12] - (.-.) - [61.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-0726.log [MD5.0D3A3AF239E67DEA8F7FD0AB9096F3B6] - |A| - [20/05/2021 10:47:00] - (.-.) - [42.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1047.log [MD5.676B7633F2F17E6807477BAC6B9EB728] - |A| - [20/05/2021 10:54:22] - (.-.) - [49.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1054.log [MD5.8641A82741709C95423AA536C5A16053] - |A| - [20/05/2021 11:45:24] - (.-.) - [50.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1145.log [MD5.81FD1C21ACDF68A5B849D49A7641DFDE] - |A| - [20/05/2021 11:47:28] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1147.log [MD5.2E717448901312A559C566F8027E2632] - |A| - [20/05/2021 11:54:37] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1154.log [MD5.B71A90434447C4B663DC13164E306429] - |A| - [20/05/2021 13:32:13] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1332.log [MD5.B31D811DB48C0CDC737596D0A1F7A7E0] - |A| - [20/05/2021 14:17:05] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1417.log [MD5.B0DECCF181A16353B5E8033A46006D69] - |A| - [20/05/2021 14:43:24] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1443.log [MD5.D2B9CB9008278664977422AE2822197C] - |A| - [20/05/2021 17:57:33] - (.-.) - [49.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1757.log [MD5.9C2A43C9F752B2AAB813E807DA1A1F32] - |A| - [20/05/2021 18:46:14] - (.-.) - [49.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-1846.log [MD5.0C6599CCCCB7FBD7D14B9C69116D248D] - |A| - [20/05/2021 22:48:36] - (.-.) - [50.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210520-2248.log [MD5.AEA1CA2A7F47218863448FC6EA614D27] - |A| - [21/05/2021 22:07:45] - (.-.) - [49.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2207.log [MD5.150447C19C0C08064694F45DAF388A7A] - |A| - [21/05/2021 22:10:41] - (.-.) - [44.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2210.log [MD5.3B30BAB5D4C0EBD4CF8DADC12ED5F30F] - |A| - [21/05/2021 22:10:41] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2210a.log [MD5.7ADD925245AB2EDD6EB97B7651901328] - |A| - [21/05/2021 22:11:03] - (.-.) - [450.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2211.log [MD5.6E19784D07842A4DA27C6D6DB29DF634] - |A| - [21/05/2021 22:14:36] - (.-.) - [509.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2214.log [MD5.A63BBE5DD40E849AD5EE22134F6AFCF7] - |A| - [21/05/2021 22:15:24] - (.-.) - [20.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2215.log [MD5.11B6C4D9162CA128D6033C3801D45479] - |A| - [21/05/2021 22:15:33] - (.-.) - [37.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210521-2215a.log [MD5.EA070C63A5E0F8B899A506789B313D45] - |A| - [22/05/2021 10:27:13] - (.-.) - [44.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210522-1027.log [MD5.E6BB304EEE22CA71B39FCCEE20A68103] - |A| - [22/05/2021 10:29:44] - (.-.) - [46.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210522-1029.log [MD5.01B38AB2845D093BD965ABAEF58A5C33] - |A| - [22/05/2021 10:49:13] - (.-.) - [57.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210522-1049.log [MD5.101C4035D61F229ACB642279E434A3FF] - |A| - [22/05/2021 10:54:28] - (.-.) - [50.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210522-1054.log [MD5.F6FDA7A782CBF21EF22A4F257704C6DF] - |A| - [22/05/2021 11:18:28] - (.-.) - [50.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210522-1118.log [MD5.4E1A682404F37A20877C4C03B4112DF7] - |A| - [24/05/2021 16:46:31] - (.-.) - [49.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210524-1646.log [MD5.6C9E66B56ED2AA08B469943F6BC4968B] - |A| - [24/05/2021 16:46:32] - (.-.) - [55.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210524-1646a.log [MD5.D1BF90EA03C39990312F2784C02BD7BE] - |A| - [24/05/2021 16:46:41] - (.-.) - [256.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-K9KI7NDF-20210524-1646b.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/05/2021 22:09:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mat-debug-16924.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/05/2021 22:09:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mat-debug-23116.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:44:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mat-debug-23348.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/05/2021 00:30:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mat-debug-2968.log [MD5.91EE90DE5F511A2CA308AC00C689B1E7] - |A| - [19/05/2021 21:43:55] - (.-.) - [66.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mbamiservice.log [MD5.00000000000000000000000000000000] - |D| - [19/05/2021 21:49:06] - [407686.07 Ko] - C:\WINDOWS\Temp\MBInstallTemp [MD5.FECB9BC5308ADBE751BC61D92BB78971] - |A| - [19/05/2021 21:44:30] - (.-.) - [0.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors999.log [MD5.00000000000000000000000000000000] - |D| - [21/05/2021 22:08:43] - [0.17 Ko] - C:\WINDOWS\Temp\MsEdgeCrashpad [MD5.8988093B8DA991416D8A64EDCE0067CA] - |A| - [21/05/2021 22:08:43] - (.-.) - [31.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\msedge_installer.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/05/2021 22:14:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(202105212214314108).log [MD5.EF78C473057DF14698BD5F0A36A670CE] - |A| - [01/05/2021 00:28:53] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TEMP_CLOUD_FILE_XML_199282822 [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:50:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Tmp1A59.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:54:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Tmp252E.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:54:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Tmp252F.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:53:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TmpFECC.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:50:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TmpFEFF.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/05/2021 16:50:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TmpFF10.tmp [MD5.69691C7BDCC3CE6D5D8A1361F22D04AC] - |A| - [19/05/2021 01:36:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\v64CheckReachable39D2BA1D-E481-4175-A097-86B17DEA09BD [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/05/2021 03:09:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{1B6CEB42-2B40-426A-B7F0-1038A3A6FB9E} - OProcSessId.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 11:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 11:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 11:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 11:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 11:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 11:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 11:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WLOGO_48x48.png [MD5.59683D1E4CD0B1AD6AE32E1D627AE25F] - |A| - [22/04/2021 11:39:14] - (.Copyright © 2003 by fccHandler - AC-3 ACM Decompressor.) - [80 Ko] - (0.7.0.0) - C:\WINDOWS\System32\AC3ACM.acm [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 11:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2786.8 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.A49C26AA0CADD994DE158F51CB7EEFBC] - |A| - [12/05/2021 00:09:51] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.8210141840CE237FBF40B6E26E2DD11D] - |A| - [22/04/2021 11:39:14] - (.NCT Company Copyright 1999 - 2001 - NCT ALF2CD Audio CODEC.) - [38 Ko] - (2.3.1.0) - C:\WINDOWS\System32\alf2cd.acm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [30/09/2019 01:14:12] - [29784.06 Ko] - C:\WINDOWS\System32\AMD [MD5.FE6CC764576CAE8878B4309AE6140EEF] - |A| - [03/05/2021 21:45:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [142.41 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\amdave64.dll [MD5.EA5ADF178F5C1E04AE8709D01D52B724] - |A| - [03/05/2021 21:45:56] - (.-.) - [486.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.8197F0316D3B1CD83BA572ADCAC62D4E] - |A| - [03/05/2021 21:45:56] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [69374.02 Ko] - (10.0.3075.13) - C:\WINDOWS\System32\amdhip64.dll [MD5.F8519EA697EDE827C811BC8C3EB4512E] - |A| - [20/08/2020 11:33:15] - (.Copyright (C) 2020 Advanced Micro Devices, Inc. - Radeon Settings: Host Service.) - [202.09 Ko] - (2.0.0.1788) - C:\WINDOWS\System32\amdihk64.dll [MD5.3C8A86F6E676949CD5023E50EC5D673B] - |A| - [20/08/2020 11:33:15] - (.-.) - [68.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AMDKernelEvents.man [MD5.41577A6662C199B8665E90815D07E3AF] - |A| - [03/05/2021 21:45:56] - (.Copyright (C) 2019 Advanced Micro Devices, Inc. - AMDLOG User Mode Service.) - [474.92 Ko] - (20.20.0.1) - C:\WINDOWS\System32\amdlogsr.exe [MD5.2812222A4BCD9CE88CA6E58FB9B78D5B] - |A| - [03/05/2021 21:45:58] - (.-.) - [464.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdlogum.exe [MD5.C384C52AEC482E9CB5FBB36FFFA03451] - |A| - [03/05/2021 21:45:58] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [927.52 Ko] - (1.0.16.0) - C:\WINDOWS\System32\amdlvr64.dll [MD5.1FC8C02CF6832556CD81EFA0C5DB3F7F] - |A| - [03/05/2021 21:45:59] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [549.02 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmcl64.dll [MD5.5FB15D69DF93A653E5C6B876551DD65B] - |A| - [03/05/2021 21:45:59] - (.-.) - [547.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.3789726FE0CC0E3B893F5EAA0121A3E4] - |A| - [03/05/2021 21:46:00] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [136.82 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\amdpcom64.dll [MD5.CD0EB12BDC11430D6F8375CFFF3C5F7E] - |A| - [03/05/2021 21:46:13] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [432.02 Ko] - (4.13.0.0) - C:\WINDOWS\System32\amdtee_api.dll [MD5.D727BE55AA8D4FA5356132D3A2D51384] - |A| - [03/05/2021 21:46:04] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub64.dll.) - [128.02 Ko] - (8.18.10.357) - C:\WINDOWS\System32\amdxc64.dll [MD5.D6DBDE0E4ECB71C9AB0C1F78345A74EB] - |A| - [03/05/2021 21:46:04] - (.-.) - [63298.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amd_comgr.dll [MD5.E76CC557F4092504FC93CA31BDDC7AD0] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 2016 - AMD MJPEG MFT Component.) - [1669.29 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\amf-mft-mjpeg-decoder64.dll [MD5.3993A4AEA9106D7E2CD0D1459D738531] - |A| - [03/05/2021 21:46:07] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [4530.52 Ko] - (1.4.17.0) - C:\WINDOWS\System32\amfrt64.dll [MD5.A0A0DDB4093498D250FEC2C9ADC14282] - |A| - [26/03/2019 01:17:26] - (.-.) - [1058.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AmRdrIco.icl [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2808.41 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [356 Ko] - C:\WINDOWS\System32\ar-SA [MD5.C9486151C26D64A4933B95BA10BF730A] - |A| - [07/12/2019 11:09:34] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [614 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll [MD5.4DF5B28D830B23472500F7F515BB930A] - |A| - [03/05/2021 21:46:07] - (.© 2004 Advanced Micro Devices, Inc. - eRecord Message Resource File.) - [77.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\ati2erec.dll [MD5.F0DFCF23F6FA95BC01B13182E40B873B] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1741.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atiadlxx.dll [MD5.C2D38A43628326AD3D2273CB4B2253BD] - |A| - [03/05/2021 21:46:07] - (.-.) - [531.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.FA9C064EF1F2F3210004DFB2CDEB7D78] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub64.dll.) - [186.54 Ko] - (8.17.10.1684) - C:\WINDOWS\System32\aticfx64.dll [MD5.FE630E9D77423059D364AF20991F6A3D] - |A| - [03/05/2021 21:46:07] - (.2002-2012 - Graphics DEM.) - [466.02 Ko] - (4.5.7514.28630) - C:\WINDOWS\System32\atidemgy.dll [MD5.D7677E2051BF591BCEF43291040CB0A4] - |A| - [03/05/2021 21:46:09] - (.-.) - [131.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atidxx64.dll [MD5.BF6B81A215AFFF3EE3D4D0E63F22EC7D] - |A| - [03/05/2021 21:46:09] - (.-.) - [454.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.9D5858A704895B2A83C7AE08942B75C9] - |A| - [03/05/2021 21:46:09] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [751.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atieclxx.exe [MD5.A949584759B3348410CFAD9EE41E05CA] - |A| - [03/05/2021 21:46:09] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [248.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atig6txx.dll [MD5.539E04720A630933227FC8B76AA5A81B] - |A| - [03/05/2021 21:46:09] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [136.82 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atimpc64.dll [MD5.FA14C6B44C27E4B6123859707907E4E4] - |A| - [03/05/2021 21:46:09] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [141.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atimuixx.dll [MD5.E851E059803E0E7FDFFE49737A7673CE] - |A| - [03/05/2021 21:46:10] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [171.52 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\atisamu64.dll [MD5.C989CAF1FAF66EEB3ECF304FE0CD028F] - |A| - [03/05/2021 21:46:10] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [20/08/2020 11:33:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [20/08/2020 11:33:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 11:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [347.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5939.64 Ko] - C:\WINDOWS\System32\Boot [MD5.3149A16CF39B9A49BD9A1EF98A1C527B] - |A| - [30/04/2021 11:20:30] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [186.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [84843.65 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [71970.54 Ko] - C:\WINDOWS\System32\catroot2 [MD5.72B4E2CF349C7E36A130BE685C4577A5] - |A| - [03/05/2021 21:46:12] - (.-.) - [340.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.44898DB76EC8A6AA24D111D8E7FBF755] - |A| - [19/01/2020 23:06:04] - (.Copyright CANON INC. 2000-2015 - IJ Language Monitor.) - [397 Ko] - (0.3.0.1) - C:\WINDOWS\System32\CNMLMCS.DLL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [20.62 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [377.5 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [263998.16 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.C113EC3ABF481A1B41F99BD721B513C3] - |A| - [30/04/2021 11:20:20] - (.-.) - [225.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.34 Ko] - C:\WINDOWS\System32\ContainerSettingsProviders [MD5.D28333B58305A94157F38D961F032930] - |A| - [30/04/2021 11:19:50] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [405.5 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.1C3645EBDDBE2DA6A32A5F9FB43A3C23] - |A| - [07/12/2019 11:09:34] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [409 Ko] - C:\WINDOWS\System32\da-DK [MD5.C071699F4F21B82606C72BAE2A430E1D] - |A| - [12/05/2021 00:09:52] - (.-.) - [162 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271.02 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [456.5 Ko] - C:\WINDOWS\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [30/04/2021 11:19:51] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 11:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 11:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 11:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 11:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 11:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 11:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.68B7048CF0088BAED8553F5F94C5579D] - |A| - [03/05/2021 21:46:12] - (.-.) - [490.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dgtrayicon.exe [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [882 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 11:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9884.79 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.902179013800F311AFF57CD5F29BE346] - |A| - [22/04/2021 11:39:14] - (.Copyright (C) DivXNetworks 2001-2003 - DivX Video for Windows Codec.) - [624 Ko] - (5.0.5.830) - C:\WINDOWS\System32\divx.dll [MD5.EFF71E68DD8F9DC0BBD89CD83153C336] - |A| - [22/04/2021 11:39:14] - (.Copyright © DivXNetworks, 2001-2003 - DivX (TM) Decoder Filter.) - [216.03 Ko] - (5.0.5.830) - C:\WINDOWS\System32\divxdec.ax [MD5.5E11A46BEB9134C860E125582311F64B] - |A| - [12/05/2021 00:10:11] - (.-.) - [11.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuthTxt.wim [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.64E652DC979CB9EF1AEE91DBD4F8C624] - |A| - [30/04/2021 11:20:32] - (.-.) - [2201.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 11:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 11:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 11:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.15FA5EDA155D62E94AD0BC3D573A27FB] - |A| - [03/05/2021 21:46:12] - (.-.) - [431.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EEURestart.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [462 Ko] - C:\WINDOWS\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [326.5 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1657.53 Ko] - C:\WINDOWS\System32\en-US [MD5.1D0A840D731A2C1F2E1FB5B8596B4C34] - |A| - [30/04/2021 11:20:27] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [436.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [361.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [320 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [16718.64 Ko] - C:\WINDOWS\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 11:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [30/04/2021 11:20:33] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [414.5 Ko] - C:\WINDOWS\System32\fi-FI [MD5.625477B1616A4D609285E43E92F8944F] - |A| - [01/05/2021 00:23:16] - (.-.) - [784.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [372 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [46838.33 Ko] - C:\WINDOWS\System32\fr-FR [MD5.F5CA01AB732F8723CEB0118923F1AD32] - |A| - [12/05/2021 00:10:15] - (.-.) - [684.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:10] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.02AD1134A0FD6B549CE34384DFC93474] - |A| - [03/05/2021 21:46:12] - (.-.) - [493.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameManager64.dll [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 11:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0.03 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [329.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.6D2BA2902199292D57806E3C53C587BF] - |A| - [30/04/2021 11:20:13] - (.-.) - [299.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.B5B635E1B7F17EBAD35652123FE6AA54] - |A| - [30/04/2021 10:43:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hologramcompositor.lock [MD5.20E6EA53EE975C8BD24FA63C0DF022B4] - |A| - [17/05/2019 10:56:40] - (.Copyright (C) 2014 -.) - [141.29 Ko] - (1.3.0.1) - C:\WINDOWS\System32\HPMUIDir.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [337 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [414 Ko] - C:\WINDOWS\System32\hu-HU [MD5.871CA2345825E86D1D2D2A2E9E475D4F] - |A| - [30/04/2021 11:21:53] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:53:03] - [70474.96 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.061462282D516227FAB40231BAE93F1A] - |A| - [30/04/2021 11:20:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icu.dll [MD5.A7B574704574F326B92DCEA872F1E9E1] - |A| - [30/04/2021 11:20:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4A85A9DEA3D47D95CEF5525586756EA6] - |A| - [30/04/2021 11:20:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.388BE35F952EC7F057CDD79E8EDF9A18] - |A| - [30/04/2021 11:19:48] - (.-.) - [193 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26862.43 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6943 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [437.5 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [327.34 Ko] - C:\WINDOWS\System32\ja-jp [MD5.1ABE72FCC6D923949EFFE03D4C934E8C] - |A| - [20/08/2020 11:33:18] - (.-.) - [122.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin [MD5.13167FBECA48836D4D3B2C9F70FB3A29] - |A| - [20/08/2020 11:33:18] - (.-.) - [118.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [298.5 Ko] - C:\WINDOWS\System32\ko-KR [MD5.69A0628BBE1A404B1BA0B6DCA7610A06] - |A| - [22/04/2021 11:39:14] - (.Copyright (C) 1997 Fraunhofer IIS - MPEG Layer-3 Audio Decoder.) - [96 Ko] - (1.9.0.311) - C:\WINDOWS\System32\L3CODECX.AX [MD5.FA425C74CE2EB719B2A77A7A2ADDAE32] - |A| - [22/04/2021 11:39:15] - (.Copyright © 2011 - Lagarith.) - [211 Ko] - (1.3.27.0) - C:\WINDOWS\System32\Lagarith.dll [MD5.5E6F49F657A509D079C60D08A2EE33A7] - |A| - [22/04/2021 11:39:14] - (.Copyright © 2005 Elecard Ltd. - LAME Audio Encoder.) - [240 Ko] - (1.0.54.50801) - C:\WINDOWS\System32\lame.ax [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 11:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 11:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.14BE6A1C21780D85AD3F1D09283C56DA] - |A| - [12/05/2021 00:10:27] - (.-.) - [1647.5 Ko] - (3.0.2.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [625.17 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [29732.05 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [02/10/2020 20:45:00] - [640 Ko] - C:\WINDOWS\System32\Logs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [335.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [333.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:05] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.712ED6A34D88A575B40F8A4C7D8F8BB2] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [191.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\mantle64.dll [MD5.0D83FBBBA5071557C9254F6B5CE7D5FC] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [171.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\mantleaxl64.dll [MD5.65735234BE6F70E5BA10F12364B1041B] - |A| - [12/05/2021 00:10:08] - (.-.) - [1136.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.521F1463E9733FD867E097727DD90177] - |A| - [22/04/2021 11:39:14] - (.Main Concept Ltd. 1999-2001 - MainConcept DV Codec.) - [255.5 Ko] - (2.0.0.0) - C:\WINDOWS\System32\mcdvd_32.dll [MD5.1C0469FD415C0037F395610D2E84A3B5] - |A| - [03/05/2021 21:46:12] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [97.02 Ko] - (27.20.1030.1) - C:\WINDOWS\System32\mcl64.dll [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 11:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [30/04/2021 11:30:55] - [1115.02 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5596.75 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45343.36 Ko] - C:\WINDOWS\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [17/12/2019 15:53:36] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21.37 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 11:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [404 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1600 Ko] - C:\WINDOWS\System32\NDF [MD5.31341A4C6984AEE3D00CFF57371B59E2] - |A| - [01/05/2021 00:23:17] - (.-.) - [52.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 11:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.0E2D5DA1C7A1A97E46172AC33AD354EC] - |A| - [07/12/2019 11:09:48] - (.-.) - [70.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [432 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [07/12/2019 16:53:03] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [27015.71 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:03] - [3625 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 11:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1724.83 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.4896F3468A193666ED68C1E21BD1B704] - |A| - [30/04/2021 10:44:32] - (.-.) - [1334.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationLeftHandModel.glb [MD5.99DD87AE60B1632FEAF0AA0032FCE393] - |A| - [30/04/2021 10:44:32] - (.-.) - [1336.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationRightHandModel.glb [MD5.9F2C6F7BC8FAEFA25F3A424F6DE8EA14] - |A| - [07/12/2019 11:17:25] - (.-.) - [156.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.DBA10A36D7D1F69A9C1571BF98D4E3AD] - |A| - [07/12/2019 16:49:57] - (.-.) - [163.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 11:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [07/12/2019 16:49:57] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.5369EB382356A75A3B308437E06C77C0] - |A| - [07/12/2019 11:17:25] - (.-.) - [748.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.CDA9D69AE54453E23E93709BF1EE3751] - |A| - [07/12/2019 16:49:57] - (.-.) - [813.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.1EF81D4B16745A83C9D62955FD133186] - |A| - [01/05/2021 00:36:11] - (.-.) - [1878.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 11:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [431.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [456 Ko] - C:\WINDOWS\System32\PointOfService [MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 11:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 11:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [424.5 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [427.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.1ADC3697C0FE7289D92896572FCCEAE6] - |A| - [03/05/2021 21:46:12] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [728.02 Ko] - (2.1.0.20) - C:\WINDOWS\System32\Rapidfire64.dll [MD5.E3F5D58AFC6B9B11F954FE7E358AEA55] - |A| - [03/05/2021 21:46:12] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [54.02 Ko] - (1.2.0.15) - C:\WINDOWS\System32\RapidFireServer64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.1CCB256CE262988EEAB04CC5C337DF35] - |A| - [07/12/2019 11:09:45] - (.-.) - [2315 Ko] - (1.0.1908.26001) - C:\WINDOWS\System32\rdpnano.dll [MD5.42577ED1BA5199ADD53E1186EC4E28A4] - |A| - [30/04/2021 11:19:51] - (.-.) - [72.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2.2 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 11:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 11:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.FFCE40552F1A8BDADC22BA168B78A302] - |A| - [03/05/2021 11:00:26] - (.-.) - [18.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RtEventLog.dll [MD5.E6EEEF05B6B5825BD325FDBB33439382] - |A| - [12/05/2021 00:10:02] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.56B23318DE09559AE0A7EA51F068AC3B] - |A| - [20/08/2020 11:33:19] - (.-.) - [150.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [20/08/2020 11:33:19] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin [MD5.22AC718CDBFCBFAF898BA43822860667] - |A| - [30/09/2019 01:28:58] - (.-.) - [20.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\scanstate.log [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 11:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.C33A9C368AAE985746EDD5F4B1CCD688] - |A| - [04/02/2021 00:38:10] - (.-.) - [239.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0215.zip [MD5.B018DCC6A176C5D7D6FE9B22E2146DDA] - |A| - [04/02/2021 00:38:10] - (.-.) - [675.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0222.zip [MD5.E84F5560EA36BC212ACDDD8AFAF5F2B2] - |A| - [04/02/2021 00:38:10] - (.-.) - [133.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0225.zip [MD5.730DD3C2BD90A404ADDB5796C53F6C2A] - |A| - [04/02/2021 00:38:10] - (.-.) - [2112.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0236.zip [MD5.D290605CD8C56F4C96A89611E71DE234] - |A| - [04/02/2021 00:38:10] - (.-.) - [199.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0245.zip [MD5.BA44F7F6DCC798E8879CEF83DDFD9454] - |A| - [04/02/2021 00:38:10] - (.-.) - [79.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0256.zip [MD5.BE1EA335ADFE01F1E08C0B18E3B62596] - |A| - [04/02/2021 00:38:10] - (.-.) - [385.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0274.zip [MD5.E5DE6AB795856B03AD662E42ACCECDBE] - |A| - [04/02/2021 00:38:10] - (.-.) - [199.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0282.zip [MD5.1581E7C6ED7C68DA66A125B31570D59E] - |A| - [04/02/2021 00:38:10] - (.-.) - [955.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0285.zip [MD5.7DC2C2D094F70F810123724D2B06F8EE] - |A| - [04/02/2021 00:38:10] - (.-.) - [159.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0287.zip [MD5.60267D9A28E6203857B92917A91FCDC9] - |A| - [04/02/2021 00:38:10] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0293.zip [MD5.1F94CFF5C1821C3F343AD4716C43BEFC] - |A| - [04/02/2021 00:38:10] - (.-.) - [479.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0295.zip [MD5.0D1A33DDE9A22C6B4A3310C7193561A7] - |A| - [04/02/2021 00:38:10] - (.-.) - [239.12 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0671.zip [MD5.7D174328ABA8E5A7FA7BBB8B1EF20D7A] - |A| - [04/02/2021 00:38:10] - (.-.) - [237.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.HDAUDIO.FUNC_01&VEN_10EC&DEV_0701.zip [MD5.D88D56FD155D8F1CB45663AB2BBE5F8F] - |A| - [04/02/2021 00:38:10] - (.-.) - [40.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.CTLR_DEV_34C8&LINKTYPE_05&DEVTYPE_05&VEN_8086&DEV_AE35.zip [MD5.ECFD2562208795B2C2DDC0C5BDC794C0] - |A| - [04/02/2021 00:38:10] - (.-.) - [40.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.CTLR_DEV_A0C8&LINKTYPE_05&DEVTYPE_05&VEN_8086&DEV_AE35.zip [MD5.15B57FDD1A3F6A279D560190822F9DFD] - |A| - [04/02/2021 00:38:10] - (.-.) - [40.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.DSP_CTLR_DEV_A0C8&VEN_8086&DEV_0222.zip [MD5.66B2E944C02C2B7873BC6CC625D3CC34] - |A| - [04/02/2021 00:38:10] - (.-.) - [714.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0215.zip [MD5.2E5C670A99252B5275EBBC1505002236] - |A| - [04/02/2021 00:38:10] - (.-.) - [47.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0225.zip [MD5.3EA0581F241FD2F5ED16B80D57C386ED] - |A| - [04/02/2021 00:38:10] - (.-.) - [1830.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0236.zip [MD5.BF487515B98F92959C6903ED6E3EFD0C] - |A| - [04/02/2021 00:38:10] - (.-.) - [599.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0245.zip [MD5.A4F13F70B8891F2C221B625A4035D56E] - |A| - [04/02/2021 00:38:10] - (.-.) - [278.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0256.zip [MD5.924137DF551E01D5AD6B35DF1EAC5BF2] - |A| - [04/02/2021 00:38:10] - (.-.) - [305.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0274.zip [MD5.8268EF7ACB3BE56D0972A6B235DE4D0D] - |A| - [04/02/2021 00:38:10] - (.-.) - [2626.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0285.zip [MD5.C07B81559AFF242D8CBDEC0472CBC72E] - |A| - [04/02/2021 00:38:10] - (.-.) - [239.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0287.zip [MD5.57C787C2F0E39C8F9D350131102DF466] - |A| - [04/02/2021 00:38:10] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0293.zip [MD5.8D08955E267286CC0DCE9FE45374E28D] - |A| - [04/02/2021 00:38:10] - (.-.) - [520.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0295.zip [MD5.7CE9209E395D21D5F5DD1E8F784FD0F6] - |A| - [04/02/2021 00:38:10] - (.-.) - [47.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.INTELAUDIO.FUNC_01&VEN_10EC&DEV_0298.zip [MD5.8559C163C690360643C6D9B65C9E7710] - |A| - [31/07/2019 02:21:58] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SEAPODAT.zip [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 11:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.BE346DDBB769FDFDC85C5ABEA4A0EF47] - |A| - [30/09/2019 01:37:10] - (.-.) - [1.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\setup.inf [MD5.80A3FACBAB38A7B97EAF258A9EB1B197] - |A| - [30/09/2019 01:37:10] - (.-.) - [0.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\setup.rpt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78.59 Ko] - C:\WINDOWS\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1839 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [341 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [337.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [01/05/2021 00:23:17] - [34513.19 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 11:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [13393.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 11:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7625.3 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [12497.68 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [98030.89 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8855.24 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.6 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [339 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 11:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [72648 Ko] - C:\WINDOWS\System32\sru [MD5.862E9C75593E9BB1A90961975276F7FE] - |A| - [30/04/2021 11:19:50] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [410.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.7F1B71F7006EE7E3CBDA583AE1B88C5D] - |A| - [24/04/2020 12:50:54] - (.Copyright (C) Synaptics Incorporated 1996-2020 - SynCOM.) - [802.76 Ko] - (19.5.35.54) - C:\WINDOWS\System32\SynCOM.dll [MD5.825E705FFACCFEF13C4C08C16198AE5D] - |A| - [24/04/2020 12:50:54] - (.Copyright (C) Synaptics Incorporated 1996-2020 - SynTPAPI.) - [269.26 Ko] - (19.5.35.54) - C:\WINDOWS\System32\SynTPAPI.dll [MD5.556770C89DF545A8DC00393BFFA7B2E4] - |A| - [24/04/2020 12:50:54] - (.Copyright (C) Synaptics Incorporated 1996-2020 - Synaptics TouchPad 64-bit Enhancements.) - [4212.76 Ko] - (19.5.35.54) - C:\WINDOWS\System32\SynTPEnh.exe [MD5.A00BC500C282FC5F5E172736F205903A] - |A| - [24/04/2020 12:50:54] - (.Copyright (C) Synaptics Incorporated 1996-2020 - 64-bit Synaptics Pointing Enhance Service.) - [375.26 Ko] - (19.5.35.54) - C:\WINDOWS\System32\SynTPEnhService.exe [MD5.FACD1D19F94D823CF8C7561AB7EE09AF] - |A| - [24/04/2020 12:50:54] - (.Copyright (C) Synaptics Incorporated 1996-2020 - TouchPad Resource Library.) - [19375.76 Ko] - (19.5.35.54) - C:\WINDOWS\System32\SynTPRes.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1417.51 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [938.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.31CB1D35CB82D4E37EEF847F092ECAB5] - |A| - [10/05/2019 15:14:25] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - t-base_client_api dll.) - [420.01 Ko] - (4.9.0.0) - C:\WINDOWS\System32\t-base_client_api.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8.16 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.4D188B08E9274E1360062B22E88A2F3F] - |A| - [07/12/2019 11:09:34] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [52 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [665.74 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [613.08 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.FC0F0C53B3C30F264C69491661EBD765] - |A| - [10/05/2019 15:14:25] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [463.81 Ko] - (4.6.1.1) - C:\WINDOWS\System32\tbaseregistry64.dll [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 11:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.911465F081B49450A5E2671A3A7951D1] - |A| - [30/04/2021 11:20:14] - (.-.) - [2208 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.74B20E14C597763501A603ED2DA2AD65] - |A| - [30/04/2021 11:20:13] - (.-.) - [690.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [318.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.CF7677327BE3C6395B9F3333CC0F1C15] - |A| - [30/04/2021 11:20:33] - (.-.) - [1.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ThirdPartyNoticesBySHS.txt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.8F62B9FD83E2B04251560B55760F32E2] - |A| - [07/12/2019 11:08:13] - (.-.) - [266 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [394 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 11:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 11:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [337 Ko] - C:\WINDOWS\System32\uk-UA [MD5.8CDD866E0707A71952FBA8BE899B7512] - |A| - [30/04/2021 11:19:51] - (.-.) - [63.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [2196.59 Ko] - C:\WINDOWS\System32\UNP [MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 11:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 11:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.83A083A42F97BCF3F8E016820178DDE2] - |A| - [22/04/2021 11:39:14] - (.Copyright © 1998, Voxware, Inc. - Voxware Audio Compression Manager Driver.) - [81 Ko] - (1.6.0.17) - C:\WINDOWS\System32\vct3216.acm [MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 11:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VhfUm.dll [MD5.A10725A4632FFFEAE250E09ADA553F94] - |A| - [30/04/2021 11:22:12] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.FAC0D5B16EFA7376CA81047490187D0D] - |A| - [22/04/2021 11:39:15] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [428 Ko] - (6.4.2.0) - C:\WINDOWS\System32\vp6vfw.dll [MD5.1427C251E56349783AEEECA11E3BC423] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1068.34 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.1427C251E56349783AEEECA11E3BC423] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1068.34 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1.dll [MD5.F6AE8EE1814FACB71E651BFCA529B2A4] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1750.52 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.F6AE8EE1814FACB71E651BFCA529B2A4] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1750.52 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [141433.11 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [119848.59 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 11:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.1D64ACF3675288CC086E6361EAC748C4] - |A| - [07/12/2019 11:08:52] - (.-.) - [144.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [50263.29 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.0F3E3F74BDEE538D4A2E38C297EBEA9D] - |A| - [30/04/2021 11:20:16] - (.-.) - [628 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowManagementAPI.dll [MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 11:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10592.61 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 11:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [115784 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6278.84 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\WINDOWS\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 11:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 11:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 11:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 11:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.1D9FB9784F32276EFB43512A81217753] - |A| - [22/04/2021 11:39:14] - (.-.) - [52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvid.ax [MD5.0B86EF053161AA4AC3F973FE370EED96] - |A| - [22/04/2021 11:39:14] - (.-.) - [512 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvidcore.dll [MD5.E8F602CA1E700496240CF07D9681D040] - |A| - [22/04/2021 11:39:14] - (.-.) - [136 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvidvfw.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [288.49 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [258.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1864.83 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.E556115BD4E751178310F842E457CA22] - |A| - [30/04/2021 11:20:57] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe [MD5.D28E3CB9E3B044DCF1FACA856B0FF273] - |A| - [03/05/2021 21:45:56] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [126.95 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\amdave32.dll [MD5.326424846C394BCDF035EFA8D454C48E] - |A| - [03/05/2021 21:45:56] - (.-.) - [379.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.F3E18B13638CF3E25F94EDA04D4674C2] - |A| - [20/08/2020 11:33:15] - (.Copyright (C) 2020 Advanced Micro Devices, Inc. - Radeon Settings: Host Service.) - [171.9 Ko] - (2.0.0.1788) - C:\WINDOWS\SysWOW64\amdihk32.dll [MD5.588807BF2CC06B55AC2A68434CABE949] - |A| - [03/05/2021 21:45:58] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [759.02 Ko] - (1.0.16.0) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.0884A8A55CB5978D24A580A62B0AEB8A] - |A| - [03/05/2021 21:45:59] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [383.02 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmcl32.dll [MD5.990CDCE1AFBDA377BC0D8050B72FE6FA] - |A| - [03/05/2021 21:46:00] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [115.07 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.23D0E99564939F26C491F99B1896E6BE] - |A| - [03/05/2021 21:46:13] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [347.52 Ko] - (4.13.0.0) - C:\WINDOWS\SysWOW64\amdtee_api.dll [MD5.0F098A52C7424B1B8DD856AB288C3F66] - |A| - [03/05/2021 21:46:03] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub32.dll.) - [113.02 Ko] - (8.18.10.357) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.7A1F0EA415F1B9B00D7979F5994E829E] - |A| - [03/05/2021 21:46:04] - (.-.) - [52444.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amd_comgr32.dll [MD5.93C70A59C52BD966A5D00BA23D40678F] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 2016 - AMD MJPEG MFT Component.) - [1353.38 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll [MD5.EE4B68028A4E083583305AFE101661B9] - |A| - [03/05/2021 21:46:07] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [4052.52 Ko] - (1.4.17.0) - C:\WINDOWS\SysWOW64\amfrt32.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [174 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.DDE41441FE1A8A540354DA849E3FBC79] - |A| - [07/12/2019 11:09:57] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [519.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.7EE669BDEBC1941A698D57E4B9BAAFE3] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1318.52 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.7EE669BDEBC1941A698D57E4B9BAAFE3] - |A| - [20/08/2020 11:33:17] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1318.52 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.C2D38A43628326AD3D2273CB4B2253BD] - |A| - [03/05/2021 21:46:07] - (.-.) - [531.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.44373BB100A458C3A83977F440C7EF72] - |A| - [03/05/2021 21:46:07] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub32.dll.) - [163.35 Ko] - (8.17.10.1684) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.54F0E9CCA182874F72641FFD8684EC05] - |A| - [03/05/2021 21:46:08] - (.-.) - [113.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.29203A58446689941415CA332A0F277C] - |A| - [03/05/2021 21:46:09] - (.-.) - [352.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.F994098D38B9C1115021CCF5EA8563DC] - |A| - [03/05/2021 21:46:09] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [216.52 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.F62D0E4D8CEC1F3781FAC0DFEB6DBC0E] - |A| - [03/05/2021 21:46:09] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [115.07 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.77692DB2F0367640E23917562435B1ED] - |A| - [03/05/2021 21:46:10] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [146.02 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\atisamu32.dll [MD5.8C8D959FB4FA540E29EA296000973675] - |A| - [03/05/2021 21:46:11] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [20/08/2020 11:33:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [20/08/2020 11:33:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [147.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [316.5 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26.74 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.6545DE4EF5217AA2FFC7FFD27725A971] - |A| - [30/04/2021 11:20:57] - (.-.) - [235 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [206 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.4329254E74AD91D047E3CEDCC7C138C3] - |A| - [07/12/2019 11:09:57] - (.© 1996 - 2017 Daniel Stenberg, . - The curl executable.) - [377.5 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [207 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [229 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [188 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7592.54 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.5743B943D197786581835E102BBCAAF7] - |A| - [03/05/2021 21:46:12] - (.-.) - [379.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GameManager32.dll [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 16:50:56] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [166 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.DF0C9C776F8367E213210FB256AC30EC] - |A| - [30/04/2021 11:21:08] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [142.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [212.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.8DFBAF2E92AAC3D4D94EE60406230ED5] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21642.16 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [216.5 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [154 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\WINDOWS\SysWOW64\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [154.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [145.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [142 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:05] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.4E334421C74840B461C3B8F3438396F3] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [161.52 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\mantle32.dll [MD5.A5CE21C8E840C9EBA1115E823BDE7059] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [147.52 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\mantleaxl32.dll [MD5.5B1089718BF41C02B378F5DE92711E7A] - |A| - [03/05/2021 21:46:12] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [82.02 Ko] - (27.20.1030.1) - C:\WINDOWS\SysWOW64\mcl32.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2819.09 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [816.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21.37 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [205.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 11:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [761.33 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [79.5 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.5548C3BCD4038216FFDAF759CAFA919F] - |A| - [02/01/2020 21:20:54] - (.-.) - [1810.38 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [217 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [214.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.03AB7B5C77F966692157B716CB7F4EFA] - |A| - [03/05/2021 21:46:12] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [615.02 Ko] - (2.1.0.20) - C:\WINDOWS\SysWOW64\Rapidfire.dll [MD5.C39425804B9C1D5B3D3553FD632EE213] - |A| - [03/05/2021 21:46:12] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [51.02 Ko] - (1.2.0.15) - C:\WINDOWS\SysWOW64\RapidFireServer.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [147.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [214 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [143.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [143 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4039.32 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8718.66 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1308.09 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.6 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [142 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.BDC53957962AFBEBE6A25EF941C261B3] - |A| - [30/04/2021 11:20:57] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [207.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.84EE2209BB6477A3F02A965042C72844] - |A| - [10/05/2019 15:14:24] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - t-base_client_api dll.) - [337.01 Ko] - (4.9.0.0) - C:\WINDOWS\SysWOW64\t-base_client_api.dll [MD5.4B26D4CD5CD5F7B074E31793979F17C5] - |A| - [07/12/2019 11:09:57] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00A7E2B2FA44BCD342F3C6144A9A3F66] - |A| - [10/05/2019 15:14:25] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [367.81 Ko] - (4.6.1.1) - C:\WINDOWS\SysWOW64\tbaseregistry32.dll [MD5.5C678F08A307A26636D2A00E49E76FF3] - |A| - [30/04/2021 11:21:09] - (.-.) - [1302.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.9CEDDB7AB658F4AC4C4F1757098278C3] - |A| - [30/04/2021 11:21:08] - (.-.) - [597.61 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [129 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.321E99EF65F37E5F7DFC40D1E95684F5] - |A| - [07/12/2019 11:09:13] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [201 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [145 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [30/04/2021 11:21:13] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.AB1F512C8099BB8AD92FCA5A53A68971] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [930.49 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.AB1F512C8099BB8AD92FCA5A53A68971] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [930.49 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.3D224A93927AFB02FB27A44105764EDA] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1350.52 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.3D224A93927AFB02FB27A44105764EDA] - |A| - [03/05/2021 21:46:12] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1350.52 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15757.56 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [30/09/2019 01:26:26] - [0.47 Ko] - C:\WINDOWS\SysWOW64\WildTangent [MD5.7C4123BBFCDFB64C4FFE4872AB8B341E] - |A| - [30/04/2021 11:21:10] - (.-.) - [445 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 11:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9338.44 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6278.98 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 11:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [30/04/2021 10:35:54] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [135.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [136 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [postgres] [30/04/2021 11:33:16] - |HD| - [1251495] - C:\Users\postgres\AppData [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Application Data [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Cookies [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Desktop [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Documents [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Downloads [02/01/2020 21:19:56] - |AD| - [798] - C:\Users\postgres\Favorites [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Links [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Local Settings [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Menu Démarrer [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Mes documents [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Modèles [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Music [30/04/2021 11:33:16] - |AH| - [262144] - C:\Users\postgres\NTUSER.DAT [30/04/2021 11:33:17] - |ASH| - [8192] - C:\Users\postgres\ntuser.dat.LOG1 [30/04/2021 11:33:17] - |ASH| - [0] - C:\Users\postgres\ntuser.dat.LOG2 [30/04/2021 11:33:17] - |ASH| - [65536] - C:\Users\postgres\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [30/04/2021 11:33:17] - |ASH| - [524288] - C:\Users\postgres\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [30/04/2021 11:33:17] - |ASH| - [524288] - C:\Users\postgres\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Pictures [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Recent [02/01/2020 21:19:56] - |D| - [0] - C:\Users\postgres\Saved Games [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\SendTo [02/01/2020 21:19:56] - |RD| - [0] - C:\Users\postgres\Videos [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Voisinage d'impression [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\Voisinage réseau [30/04/2021 11:33:16] - |D| - [1228158] - C:\Users\postgres\AppData\Local [02/01/2020 21:19:56] - |D| - [0] - C:\Users\postgres\AppData\LocalLow [30/04/2021 11:33:16] - |D| - [23337] - C:\Users\postgres\AppData\Roaming [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\AppData\Local\Application Data [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\AppData\Local\Historique [30/04/2021 11:33:16] - |D| - [1228158] - C:\Users\postgres\AppData\Local\Microsoft [30/04/2021 11:33:16] - |D| - [0] - C:\Users\postgres\AppData\Local\Temp [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\AppData\Local\Temporary Internet Files [30/04/2021 11:33:16] - |SD| - [23337] - C:\Users\postgres\AppData\Roaming\Microsoft [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [02/01/2020 21:19:56] - |RD| - [18185] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/04/2021 11:33:16] - |RD| - [3888] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/04/2021 11:33:16] - |RD| - [218] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [30/04/2021 11:33:17] - |ASH| - [47] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/04/2021 11:33:16] - |D| - [170] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/04/2021 11:33:17] - |A| - [1105] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [30/04/2021 11:33:16] - |RD| - [4913] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/04/2021 11:33:16] - |D| - [7844] - C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | [postgres.LAPTOP-K9KI7NDF] [30/04/2021 11:33:19] - |HD| - [1251495] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Application Data [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Cookies [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Desktop [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Documents [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Downloads [03/01/2020 11:15:16] - |AD| - [798] - C:\Users\postgres.LAPTOP-K9KI7NDF\Favorites [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Links [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Local Settings [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Menu Démarrer [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Mes documents [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Modèles [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Music [30/04/2021 11:33:19] - |AH| - [262144] - C:\Users\postgres.LAPTOP-K9KI7NDF\NTUSER.DAT [30/04/2021 11:33:19] - |ASH| - [8192] - C:\Users\postgres.LAPTOP-K9KI7NDF\ntuser.dat.LOG1 [30/04/2021 11:33:19] - |ASH| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\ntuser.dat.LOG2 [30/04/2021 11:33:19] - |ASH| - [65536] - C:\Users\postgres.LAPTOP-K9KI7NDF\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [30/04/2021 11:33:19] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [30/04/2021 11:33:19] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Pictures [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Recent [03/01/2020 11:15:16] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Saved Games [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\SendTo [03/01/2020 11:15:16] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Videos [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Voisinage d'impression [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\Voisinage réseau [30/04/2021 11:33:19] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local [03/01/2020 11:15:17] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\LocalLow [30/04/2021 11:33:19] - |D| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local\Application Data [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local\Historique [30/04/2021 11:33:19] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local\Microsoft [30/04/2021 11:33:19] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local\Temp [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Local\Temporary Internet Files [30/04/2021 11:33:19] - |SD| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [03/01/2020 11:15:16] - |RD| - [18185] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/04/2021 11:33:19] - |RD| - [3888] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/04/2021 11:33:19] - |RD| - [218] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [30/04/2021 11:33:19] - |ASH| - [47] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/04/2021 11:33:19] - |D| - [170] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/04/2021 11:33:19] - |A| - [1105] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [30/04/2021 11:33:19] - |RD| - [4913] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/04/2021 11:33:19] - |D| - [7844] - C:\Users\postgres.LAPTOP-K9KI7NDF\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | [postgres.LAPTOP-K9KI7NDF.000] [30/04/2021 11:33:18] - |HD| - [1251495] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Application Data [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Cookies [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Desktop [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Documents [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Downloads [05/01/2020 20:54:27] - |AD| - [798] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Favorites [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Links [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Local Settings [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Menu Démarrer [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Mes documents [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Modèles [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Music [30/04/2021 11:33:18] - |AH| - [262144] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\NTUSER.DAT [30/04/2021 11:33:19] - |ASH| - [8192] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\ntuser.dat.LOG1 [30/04/2021 11:33:19] - |ASH| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\ntuser.dat.LOG2 [30/04/2021 11:33:19] - |ASH| - [65536] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [30/04/2021 11:33:19] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [30/04/2021 11:33:19] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Pictures [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Recent [05/01/2020 20:54:27] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Saved Games [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\SendTo [05/01/2020 20:54:27] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Videos [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Voisinage d'impression [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\Voisinage réseau [30/04/2021 11:33:18] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local [05/01/2020 20:54:27] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\LocalLow [30/04/2021 11:33:18] - |D| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local\Application Data [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local\Historique [30/04/2021 11:33:18] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local\Microsoft [30/04/2021 11:33:18] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local\Temp [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Local\Temporary Internet Files [30/04/2021 11:33:18] - |SD| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft [30/04/2021 11:33:19] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [05/01/2020 20:54:27] - |RD| - [18185] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/04/2021 11:33:18] - |RD| - [3888] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/04/2021 11:33:18] - |RD| - [218] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [30/04/2021 11:33:18] - |ASH| - [47] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/04/2021 11:33:18] - |D| - [170] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/04/2021 11:33:18] - |A| - [1105] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [30/04/2021 11:33:18] - |RD| - [4913] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/04/2021 11:33:18] - |D| - [7844] - C:\Users\postgres.LAPTOP-K9KI7NDF.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | [postgres.LAPTOP-K9KI7NDF.000.001] [30/04/2021 11:33:17] - |HD| - [1251495] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Application Data [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Cookies [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Desktop [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Documents [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Downloads [06/01/2020 19:50:48] - |AD| - [798] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Favorites [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Links [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Local Settings [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Menu Démarrer [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Mes documents [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Modèles [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Music [30/04/2021 11:33:17] - |AH| - [262144] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\NTUSER.DAT [30/04/2021 11:33:17] - |ASH| - [8192] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\ntuser.dat.LOG1 [30/04/2021 11:33:17] - |ASH| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\ntuser.dat.LOG2 [30/04/2021 11:33:17] - |ASH| - [65536] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [30/04/2021 11:33:17] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [30/04/2021 11:33:17] - |ASH| - [524288] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Pictures [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Recent [06/01/2020 19:50:48] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Saved Games [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\SendTo [06/01/2020 19:50:48] - |RD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Videos [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Voisinage d'impression [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\Voisinage réseau [30/04/2021 11:33:17] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local [06/01/2020 19:50:48] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\LocalLow [30/04/2021 11:33:17] - |D| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local\Application Data [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local\Historique [30/04/2021 11:33:17] - |D| - [1228158] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local\Microsoft [30/04/2021 11:33:17] - |D| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local\Temp [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Local\Temporary Internet Files [30/04/2021 11:33:17] - |SD| - [23337] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft [30/04/2021 11:33:17] - |SHD| - [0] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [06/01/2020 19:50:48] - |RD| - [18185] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/04/2021 11:33:17] - |RD| - [3888] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/04/2021 11:33:17] - |RD| - [218] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [30/04/2021 11:33:17] - |ASH| - [47] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [30/04/2021 11:33:17] - |D| - [170] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [30/04/2021 11:33:17] - |A| - [1105] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [30/04/2021 11:33:17] - |RD| - [4913] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [30/04/2021 11:33:17] - |D| - [7844] - C:\Users\postgres.LAPTOP-K9KI7NDF.000.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | [Public] [15/04/2019 17:39:24] - |RHD| - [221440] - C:\Users\Public\AccountPictures [19/03/2019 06:52:44] - |RHD| - [6360] - C:\Users\Public\Desktop [07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini [19/03/2019 06:52:44] - |RD| - [278] - C:\Users\Public\Documents [19/03/2019 06:52:44] - |RD| - [174] - C:\Users\Public\Downloads [07/12/2019 11:14:52] - |RHD| - [1135] - C:\Users\Public\Libraries [19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Music [19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Pictures [19/03/2019 06:52:44] - |RD| - [380] - C:\Users\Public\Videos ---------- | [rugby] [02/03/2020 15:10:52] - |D| - [401110] - C:\Users\rugby\.matplotlib [22/04/2021 11:11:08] - |D| - [352330] - C:\Users\rugby\.openshot_qt [12/12/2019 11:48:53] - |RD| - [298] - C:\Users\rugby\3D Objects [30/04/2021 11:33:18] - |HD| - [5781528204] - C:\Users\rugby\AppData [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Application Data [12/12/2019 11:48:53] - |RD| - [412] - C:\Users\rugby\Contacts [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Cookies [16/03/2020 13:03:11] - |RD| - [17379261998] - C:\Users\rugby\Desktop [12/12/2019 11:43:16] - |D| - [0] - C:\Users\rugby\Documents [12/12/2019 11:43:16] - |RD| - [793112559] - C:\Users\rugby\Downloads [28/08/2020 11:59:54] - |D| - [5250144] - C:\Users\rugby\dwhelper [12/12/2019 11:43:16] - |RD| - [1488] - C:\Users\rugby\Favorites [12/12/2019 11:43:16] - |RD| - [1963] - C:\Users\rugby\Links [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Local Settings [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Menu Démarrer [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Mes documents [12/12/2019 11:49:15] - |HD| - [5261987] - C:\Users\rugby\MicrosoftEdgeBackups [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Modèles [12/12/2019 11:43:16] - |RD| - [504] - C:\Users\rugby\Music [30/04/2021 11:33:18] - |AH| - [6553600] - C:\Users\rugby\NTUSER.DAT [30/04/2021 11:33:18] - |ASH| - [753664] - C:\Users\rugby\ntuser.dat.LOG1 [30/04/2021 11:33:18] - |ASH| - [1753088] - C:\Users\rugby\ntuser.dat.LOG2 [30/04/2021 11:33:18] - |ASH| - [65536] - C:\Users\rugby\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [30/04/2021 11:33:18] - |ASH| - [524288] - C:\Users\rugby\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [30/04/2021 11:33:18] - |ASH| - [524288] - C:\Users\rugby\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [01/05/2021 00:34:20] - |SH| - [20] - C:\Users\rugby\ntuser.ini [12/12/2019 11:50:55] - |RAD| - [2401207619] - C:\Users\rugby\OneDrive [12/12/2019 11:43:16] - |D| - [520] - C:\Users\rugby\Pictures [02/03/2020 15:20:48] - |A| - [0] - C:\Users\rugby\py [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Recent [12/12/2019 11:43:16] - |RD| - [282] - C:\Users\rugby\Saved Games [12/12/2019 11:48:53] - |RD| - [1875] - C:\Users\rugby\Searches [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\SendTo [12/12/2019 11:43:16] - |RD| - [219899925] - C:\Users\rugby\Videos [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Voisinage d'impression [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\Voisinage réseau [30/04/2021 11:33:18] - |D| - [2807822228] - C:\Users\rugby\AppData\Local [12/12/2019 11:43:17] - |D| - [1025707] - C:\Users\rugby\AppData\LocalLow [30/04/2021 11:33:18] - |D| - [2972745805] - C:\Users\rugby\AppData\Roaming [11/03/2020 15:59:18] - |D| - [1296] - C:\Users\rugby\AppData\Local\.filius [19/03/2020 11:20:44] - |D| - [0] - C:\Users\rugby\AppData\Local\Adobe [12/12/2019 11:49:02] - |D| - [11622657] - C:\Users\rugby\AppData\Local\AMD [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\AppData\Local\Application Data [22/04/2021 23:55:02] - |D| - [461443245] - C:\Users\rugby\AppData\Local\Betclic Poker.fr [12/12/2020 10:39:18] - |D| - [172769] - C:\Users\rugby\AppData\Local\BitTorrentHelper [12/12/2020 14:23:32] - |D| - [32472] - C:\Users\rugby\AppData\Local\cache [19/12/2019 11:25:06] - |D| - [0] - C:\Users\rugby\AppData\Local\CEF [12/12/2019 11:50:09] - |D| - [26439712] - C:\Users\rugby\AppData\Local\Comms [12/12/2019 11:48:51] - |D| - [10409998] - C:\Users\rugby\AppData\Local\ConnectedDevicesPlatform [21/05/2021 00:48:10] - |D| - [18285294] - C:\Users\rugby\AppData\Local\CrashDumps [21/04/2021 19:47:46] - |D| - [0] - C:\Users\rugby\AppData\Local\CrashRpt [12/12/2019 11:49:02] - |D| - [1833816] - C:\Users\rugby\AppData\Local\D3DSCache [25/04/2020 23:24:16] - |D| - [0] - C:\Users\rugby\AppData\Local\Diagnostics [26/02/2021 22:44:38] - |D| - [9903068] - C:\Users\rugby\AppData\Local\Downloaded Installations [26/02/2021 22:46:19] - |D| - [191] - C:\Users\rugby\AppData\Local\Equilab [12/12/2020 13:45:52] - |D| - [0] - C:\Users\rugby\AppData\Local\FTMod [17/12/2019 17:31:43] - |D| - [520254969] - C:\Users\rugby\AppData\Local\GeoGebra_6 [12/12/2019 11:55:53] - |D| - [116141] - C:\Users\rugby\AppData\Local\Google [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\AppData\Local\Historique [03/01/2020 11:44:21] - |D| - [1092] - C:\Users\rugby\AppData\Local\Hold'em_Manager [15/12/2019 13:49:36] - |D| - [6472] - C:\Users\rugby\AppData\Local\HP [23/12/2019 21:35:28] - |D| - [12001] - C:\Users\rugby\AppData\Local\HP_Inc [03/05/2021 21:49:42] - |AH| - [23635] - C:\Users\rugby\AppData\Local\IconCache.db [03/01/2020 10:52:14] - |D| - [528] - C:\Users\rugby\AppData\Local\IsolatedStorage [05/01/2020 20:32:39] - |D| - [5563] - C:\Users\rugby\AppData\Local\Max_Value_Software_LLC [19/05/2021 21:44:55] - |D| - [2811692] - C:\Users\rugby\AppData\Local\mbam [22/04/2021 10:41:12] - |D| - [2962737] - C:\Users\rugby\AppData\Local\Meltytech [30/04/2021 11:33:18] - |D| - [673894241] - C:\Users\rugby\AppData\Local\Microsoft [12/12/2019 11:49:05] - |D| - [65906] - C:\Users\rugby\AppData\Local\MicrosoftEdge [21/04/2021 19:47:45] - |D| - [9272851] - C:\Users\rugby\AppData\Local\Movavi [21/05/2021 22:09:03] - |D| - [105928995] - C:\Users\rugby\AppData\Local\Mozilla [24/02/2020 11:04:57] - |D| - [0] - C:\Users\rugby\AppData\Local\myCANAL [22/02/2020 19:52:34] - |D| - [31284] - C:\Users\rugby\AppData\Local\OneDrive [12/12/2019 11:48:52] - |D| - [507390538] - C:\Users\rugby\AppData\Local\Packages [12/12/2019 11:53:31] - |D| - [3573] - C:\Users\rugby\AppData\Local\PlaceholderTileLogoFolder [22/04/2021 23:55:53] - |D| - [22829886] - C:\Users\rugby\AppData\Local\PokerClient [03/01/2020 11:25:11] - |D| - [0] - C:\Users\rugby\AppData\Local\PokerStars [02/01/2020 21:19:06] - |D| - [18999780] - C:\Users\rugby\AppData\Local\PokerStars.FR [29/01/2020 15:19:39] - |D| - [0] - C:\Users\rugby\AppData\Local\Programs [12/12/2019 12:05:35] - |D| - [1711915] - C:\Users\rugby\AppData\Local\Publishers [19/03/2020 18:17:19] - |D| - [137604386] - C:\Users\rugby\AppData\Local\Screencast-O-Matic-v2 [12/08/2020 16:58:00] - |D| - [940] - C:\Users\rugby\AppData\Local\speech [17/12/2019 17:31:42] - |D| - [145324309] - C:\Users\rugby\AppData\Local\SquirrelTemp [30/04/2021 11:33:18] - |D| - [46319092] - C:\Users\rugby\AppData\Local\Temp [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\AppData\Local\Temporary Internet Files [24/05/2021 17:06:11] - |A| - [0] - C:\Users\rugby\AppData\Local\Temprad2336C.tmp [21/04/2021 19:47:45] - |D| - [0] - C:\Users\rugby\AppData\Local\VideoEditorPlus [12/12/2019 11:48:52] - |D| - [0] - C:\Users\rugby\AppData\Local\VirtualStore [19/03/2020 18:17:13] - |D| - [76183984] - C:\Users\rugby\AppData\Local\WebLaunchRecorder [12/12/2019 11:56:37] - |D| - [0] - C:\Users\rugby\AppData\LocalLow\AMD [19/05/2021 21:50:03] - |D| - [819400] - C:\Users\rugby\AppData\LocalLow\IGDump [12/12/2019 11:44:30] - |SD| - [174687] - C:\Users\rugby\AppData\LocalLow\Microsoft [21/05/2021 22:09:03] - |D| - [0] - C:\Users\rugby\AppData\LocalLow\Mozilla [11/03/2020 15:51:56] - |D| - [15236] - C:\Users\rugby\AppData\LocalLow\Sun [16/01/2021 01:32:39] - |D| - [16384] - C:\Users\rugby\AppData\LocalLow\uTorrent [12/12/2019 11:48:52] - |D| - [547781] - C:\Users\rugby\AppData\Roaming\Adobe [21/03/2020 20:30:26] - |D| - [3887383] - C:\Users\rugby\AppData\Roaming\AnMacPc-3902 [25/03/2020 12:08:24] - |D| - [0] - C:\Users\rugby\AppData\Roaming\com.ti.et.smartview.TISmartviewApp [22/04/2021 11:40:17] - |D| - [12786281] - C:\Users\rugby\AppData\Roaming\FlashIntegro [17/12/2019 17:31:46] - |D| - [10878800] - C:\Users\rugby\AppData\Roaming\GeoGebra [06/02/2020 19:00:10] - |D| - [50757537] - C:\Users\rugby\AppData\Roaming\GeoGebra 5.0 [03/01/2020 11:25:09] - |D| - [0] - C:\Users\rugby\AppData\Roaming\HEM Data [12/12/2019 12:06:35] - |D| - [0] - C:\Users\rugby\AppData\Roaming\Hewlett-Packard [03/01/2020 10:52:10] - |D| - [1307037192] - C:\Users\rugby\AppData\Roaming\HoldemManager [12/12/2019 11:50:10] - |D| - [135] - C:\Users\rugby\AppData\Roaming\HP [17/12/2019 17:51:19] - |D| - [0] - C:\Users\rugby\AppData\Roaming\java [17/12/2019 16:03:24] - |D| - [73275714] - C:\Users\rugby\AppData\Roaming\LibreOffice [19/03/2020 11:20:45] - |D| - [313696] - C:\Users\rugby\AppData\Roaming\Macromedia [05/01/2020 18:15:04] - |D| - [1340030386] - C:\Users\rugby\AppData\Roaming\Max Value Software [30/04/2021 11:33:18] - |SD| - [62588975] - C:\Users\rugby\AppData\Roaming\Microsoft [21/05/2021 22:09:03] - |D| - [69657272] - C:\Users\rugby\AppData\Roaming\Mozilla [15/12/2019 12:48:08] - |D| - [12472851] - C:\Users\rugby\AppData\Roaming\OpenOffice [08/03/2020 00:11:10] - |D| - [611] - C:\Users\rugby\AppData\Roaming\Panda Security [22/04/2021 23:55:53] - |D| - [687543] - C:\Users\rugby\AppData\Roaming\PokerClient [03/01/2020 11:25:11] - |D| - [15121] - C:\Users\rugby\AppData\Roaming\Roaming [12/12/2019 11:48:54] - |D| - [0] - C:\Users\rugby\AppData\Roaming\Synaptics [23/12/2019 12:33:02] - |D| - [0] - C:\Users\rugby\AppData\Roaming\temp [25/03/2020 12:08:19] - |D| - [3011518] - C:\Users\rugby\AppData\Roaming\Texas Instruments [12/12/2020 10:38:59] - |D| - [23926316] - C:\Users\rugby\AppData\Roaming\uTorrent [12/12/2020 13:19:48] - |D| - [104522] - C:\Users\rugby\AppData\Roaming\vlc [12/12/2019 11:48:51] - |D| - [485] - C:\Users\rugby\AppData\Roaming\WildTangent [31/03/2020 16:39:39] - |D| - [938] - C:\Users\rugby\AppData\Roaming\xm1 [19/03/2020 11:20:37] - |D| - [5120] - C:\Users\rugby\AppData\Roaming\YDP [06/05/2020 12:31:23] - |D| - [694095] - C:\Users\rugby\AppData\Roaming\ZHP [22/04/2021 23:55:35] - |A| - [1852] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Betclic Poker.fr.lnk [12/12/2019 11:48:53] - |SH| - [174] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [30/04/2021 11:33:18] - |SHD| - [0] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [12/12/2019 11:43:16] - |RD| - [42286] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [30/04/2021 11:33:18] - |RD| - [3888] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [30/04/2021 11:33:18] - |RD| - [1681] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [12/12/2019 11:48:53] - |RD| - [174] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [30/04/2021 11:33:18] - |SH| - [264] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [22/03/2020 01:53:55] - |A| - [1459] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-methode Espagnol.lnk [12/12/2020 13:41:38] - |D| - [3624] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory [05/01/2020 18:15:04] - |D| - [4948] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Holdem Manager 3 [30/04/2021 11:33:18] - |D| - [170] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [24/02/2020 11:04:53] - |A| - [2507] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myCANAL.lnk [30/04/2021 11:33:18] - |A| - [2408] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [02/01/2020 21:19:06] - |D| - [6360] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR [12/12/2019 11:48:53] - |RD| - [174] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [30/04/2021 11:33:18] - |RD| - [4913] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [12/12/2020 10:35:34] - |A| - [1872] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk [30/04/2021 11:33:18] - |D| - [7844] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [12/12/2019 11:48:53] - |SH| - [174] - C:\Users\rugby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [19/03/2020 11:20:50] - |D| - [0] - C:\ProgramData\Adobe [01/05/2021 00:33:49] - |SHD| - [0] - C:\ProgramData\Application Data [12/12/2019 09:33:44] - |SHD| - [0] - C:\ProgramData\Bureau [19/01/2020 23:06:12] - |HD| - [34159528] - C:\ProgramData\CanonBJ [01/05/2021 00:33:49] - |SHD| - [0] - C:\ProgramData\Desktop [01/05/2021 00:33:49] - |SHD| - [0] - C:\ProgramData\Documents [30/09/2019 01:12:24] - |D| - [18040] - C:\ProgramData\Hewlett-Packard [17/05/2019 10:56:28] - |D| - [1287843894] - C:\ProgramData\HP [19/12/2019 11:24:32] - |D| - [107147893] - C:\ProgramData\IndexEducation [21/04/2021 19:45:17] - |A| - [12310] - C:\ProgramData\juutbubq.wrj [19/05/2021 21:44:28] - |D| - [146585185] - C:\ProgramData\Malwarebytes [12/12/2019 09:33:44] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [07/12/2019 11:14:52] - |SD| - [1368062879] - C:\ProgramData\Microsoft [01/05/2021 00:36:29] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [21/04/2021 19:45:17] - |A| - [16] - C:\ProgramData\mntemp [12/12/2019 09:33:44] - |SHD| - [0] - C:\ProgramData\Modèles [21/05/2021 22:08:56] - |D| - [6554] - C:\ProgramData\Mozilla [24/02/2020 11:04:26] - |D| - [15955003] - C:\ProgramData\myCANAL [17/12/2019 17:51:13] - |D| - [113] - C:\ProgramData\Oracle [05/01/2020 18:15:43] - |D| - [29708018] - C:\ProgramData\Package Cache [30/09/2019 01:14:14] - |D| - [196608] - C:\ProgramData\Packages [08/03/2020 00:08:00] - |D| - [193604616] - C:\ProgramData\Panda Security [30/09/2019 01:15:48] - |D| - [3936286] - C:\ProgramData\Realtek [07/12/2019 11:14:52] - |D| - [4222] - C:\ProgramData\regid.1991-06.com.microsoft [07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution [30/04/2021 11:27:57] - |D| - [0] - C:\ProgramData\ssh [01/05/2021 00:33:49] - |SHD| - [0] - C:\ProgramData\Start Menu [01/05/2021 00:33:49] - |SHD| - [0] - C:\ProgramData\Templates [07/12/2019 11:14:52] - |D| - [8093696] - C:\ProgramData\USOPrivate [07/12/2019 11:14:52] - |D| - [7569408] - C:\ProgramData\USOShared [30/09/2019 01:19:09] - |D| - [53294030] - C:\ProgramData\WildTangent [07/12/2019 16:53:03] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices [03/01/2020 10:52:14] - |D| - [11189] - C:\ProgramData\XHEO INC ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [12/12/2019 09:33:44] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [07/12/2019 11:14:52] - |RD| - [164997] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [10/01/2020 19:18:24] - |A| - [2421] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [07/12/2019 11:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [07/12/2019 11:14:52] - |RD| - [15703] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [07/12/2019 11:14:52] - |RD| - [22956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [31/03/2020 16:38:38] - |D| - [1135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algobox [19/05/2021 21:44:03] - |D| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [07/12/2019 11:14:54] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/01/2020 15:22:18] - |D| - [1655] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EduPython [10/01/2020 19:18:24] - |A| - [2420] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [11/03/2020 15:58:04] - |D| - [3281] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filius [21/05/2021 22:08:58] - |A| - [1012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [22/04/2021 11:39:39] - |D| - [9979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro [17/12/2019 17:51:10] - |D| - [4136] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5 [17/05/2019 10:58:06] - |A| - [2127] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk [17/05/2019 10:57:21] - |RD| - [2407] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support [07/12/2019 11:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [17/12/2019 16:02:54] - |D| - [9058] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.3 [07/12/2019 11:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [19/05/2021 21:44:41] - |A| - [2040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk [26/06/2020 21:10:40] - |A| - [2449] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [10/01/2020 19:18:24] - |D| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools [24/02/2020 11:04:50] - |D| - [2345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [15/12/2019 12:45:36] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.7 [10/01/2020 19:18:24] - |A| - [2414] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [17/05/2021 22:02:15] - |D| - [9273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome [17/05/2021 22:02:15] - |A| - [2305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk [26/02/2021 22:46:07] - |D| - [4617] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com [06/01/2020 19:50:37] - |D| - [13497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4 [10/01/2020 19:18:24] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [28/08/2020 15:13:56] - |D| - [2304] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRONOTE Réseau 2020 [10/01/2020 19:18:24] - |A| - [2408] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [06/12/2020 12:24:53] - |D| - [1139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sine qua non [07/12/2019 11:14:52] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [07/12/2019 11:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [30/09/2019 01:19:09] - |RD| - [17233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games [07/12/2019 16:52:28] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [10/01/2020 19:18:24] - |A| - [2458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [19/03/2020 11:20:49] - |D| - [339068] - C:\Program Files (x86)\Adobe [31/03/2020 16:38:38] - |D| - [164947041] - C:\Program Files (x86)\Algobox [07/12/2019 11:14:52] - |D| - [75459039] - C:\Program Files (x86)\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [21/03/2020 20:28:57] - |AD| - [80710450] - C:\Program Files (x86)\e-methode Espagnol [11/03/2020 15:58:04] - |D| - [15214691] - C:\Program Files (x86)\Filius [17/12/2019 17:50:56] - |D| - [383229155] - C:\Program Files (x86)\GeoGebra 5.0 [12/12/2019 11:56:03] - |D| - [0] - C:\Program Files (x86)\Google [03/05/2021 21:45:27] - |D| - [0] - C:\Program Files (x86)\Hewlett-Packard [05/01/2020 18:15:02] - |D| - [402221701] - C:\Program Files (x86)\Holdem Manager 3 [17/05/2019 10:56:29] - |D| - [51755388] - C:\Program Files (x86)\HP [23/07/2020 10:57:03] - |D| - [3326056] - C:\Program Files (x86)\index education [17/05/2019 10:58:47] - |HD| - [17473148] - C:\Program Files (x86)\InstallShield Installation Information [07/12/2019 11:14:52] - |D| - [1984175] - C:\Program Files (x86)\Internet Explorer [30/04/2021 11:28:22] - |D| - [893811132] - C:\Program Files (x86)\Microsoft [24/02/2020 11:04:32] - |D| - [42884494] - C:\Program Files (x86)\Microsoft Silverlight [07/12/2019 11:14:52] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [21/05/2021 22:08:57] - |D| - [335109] - C:\Program Files (x86)\Mozilla Maintenance Service [30/04/2021 10:35:51] - |D| - [25757] - C:\Program Files (x86)\MSBuild [17/05/2019 10:57:29] - |RD| - [1182629] - C:\Program Files (x86)\Online Services [15/12/2019 12:45:15] - |D| - [331029564] - C:\Program Files (x86)\OpenOffice 4 [08/03/2020 00:09:37] - |D| - [154922730] - C:\Program Files (x86)\Panda Security [02/01/2020 21:19:05] - |D| - [477603865] - C:\Program Files (x86)\PokerStars.FR [26/02/2021 22:46:06] - |D| - [17816849] - C:\Program Files (x86)\PokerStrategy.com [06/01/2020 19:49:41] - |D| - [43754240] - C:\Program Files (x86)\PSQLINSTALL [30/09/2019 01:15:04] - |D| - [53659495] - C:\Program Files (x86)\Realtek [30/04/2021 10:35:51] - |D| - [38479105] - C:\Program Files (x86)\Reference Assemblies [19/03/2020 18:40:55] - |D| - [76151033] - C:\Program Files (x86)\Screencast-O-Matic [06/12/2020 12:24:47] - |D| - [41209392] - C:\Program Files (x86)\Sine qua non [30/09/2019 01:19:14] - |D| - [680296] - C:\Program Files (x86)\WildGames [30/09/2019 01:19:14] - |D| - [7326051] - C:\Program Files (x86)\WildTangent Games [07/12/2019 11:14:52] - |D| - [1823008] - C:\Program Files (x86)\Windows Defender [07/12/2019 11:14:52] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [07/12/2019 16:53:03] - |D| - [3237741] - C:\Program Files (x86)\Windows Media Player [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6080856] - C:\Program Files (x86)\Windows NT [07/12/2019 16:53:03] - |D| - [5261760] - C:\Program Files (x86)\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [07/12/2019 11:14:52] - |D| - [2250695] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [03/05/2021 21:47:05] - |D| - [80478] - C:\Program Files\AMD [19/05/2021 21:44:01] - |D| - [70430448] - C:\Program Files\CCleaner [07/12/2019 11:14:52] - |D| - [293564494] - C:\Program Files\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini [12/12/2019 09:33:44] - |SHD| - [0] - C:\Program Files\Fichiers communs [22/04/2021 11:39:14] - |D| - [242351550] - C:\Program Files\FlashIntegro [12/12/2020 13:40:57] - |D| - [232960291] - C:\Program Files\FormatFactory [17/05/2019 10:56:35] - |D| - [257671801] - C:\Program Files\HP [17/05/2019 10:58:47] - |D| - [5009634] - C:\Program Files\HPCommRecovery [28/08/2020 15:13:42] - |D| - [373260580] - C:\Program Files\Index Education [07/12/2019 11:14:52] - |D| - [2661562] - C:\Program Files\Internet Explorer [17/12/2019 16:02:00] - |D| - [614937068] - C:\Program Files\LibreOffice [19/05/2021 21:43:51] - |D| - [230688126] - C:\Program Files\Malwarebytes [17/05/2019 11:00:03] - |D| - [2948541726] - C:\Program Files\Microsoft Office [17/05/2019 11:00:03] - |D| - [6789984] - C:\Program Files\Microsoft Office 15 [02/10/2020 20:45:00] - |D| - [2086984] - C:\Program Files\Microsoft Update Health Tools [07/12/2019 11:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [21/05/2021 22:08:49] - |D| - [221314786] - C:\Program Files\Mozilla Firefox [30/04/2021 10:35:51] - |D| - [25757] - C:\Program Files\MSBuild [28/08/2020 11:59:24] - |D| - [93984029] - C:\Program Files\net.downloadhelper.coapp [17/05/2019 10:57:30] - |RD| - [1230] - C:\Program Files\Online Services [30/04/2021 10:35:51] - |D| - [36883625] - C:\Program Files\Reference Assemblies [15/04/2019 17:38:16] - |HD| - [0] - C:\Program Files\Uninstall Information [29/05/2020 13:18:23] - |D| - [16384000] - C:\Program Files\UNP [12/12/2020 13:18:29] - |D| - [174753878] - C:\Program Files\VideoLAN [07/12/2019 11:14:52] - |D| - [13853406] - C:\Program Files\Windows Defender [07/12/2019 11:14:52] - |D| - [639488] - C:\Program Files\Windows Mail [07/12/2019 16:53:03] - |D| - [4601233] - C:\Program Files\Windows Media Player [07/12/2019 16:53:03] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6435160] - C:\Program Files\Windows NT [07/12/2019 16:53:03] - |D| - [6179784] - C:\Program Files\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [48528] - C:\Program Files\Windows Portable Devices [07/12/2019 11:14:52] - |D| - [111709] - C:\Program Files\Windows Security [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 11:14:52] - |HD| - [4898089913] - C:\Program Files\WindowsApps [07/12/2019 11:14:52] - |D| - [2545983] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [19/03/2020 11:20:46] - |D| - [48616129] - C:\Program Files (x86)\Common Files\Adobe AIR [07/12/2019 11:14:52] - |D| - [17266949] - C:\Program Files (x86)\Common Files\Microsoft Shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/12/2019 11:14:52] - |D| - [9573259] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [17/05/2019 11:01:41] - |D| - [32784] - C:\Program Files\Common files\DESIGNER [22/04/2021 11:39:15] - |D| - [128050856] - C:\Program Files\Common files\FlashIntegro [07/12/2019 11:14:52] - |D| - [154896253] - C:\Program Files\Common files\microsoft shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files\Common files\Services [07/12/2019 11:14:52] - |D| - [10581899] - C:\Program Files\Common files\System ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [01/05/2021 00:33:46] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.5981B42F7F6DB3B3D6AAFB206FA73719] - [19/05/2021 21:44:04] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.05747B0D337BE76311CF4E6C6B4F52D8] - [19/05/2021 21:44:04] - |A| - [2888] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.00000000000000000000000000000000] - [01/05/2021 00:33:46] - |D| - [15138] - C:\WINDOWS\System32\Tasks\Hewlett-Packard [MD5.00000000000000000000000000000000] - [01/05/2021 00:33:46] - |D| - [2372] - C:\WINDOWS\System32\Tasks\HP [MD5.916E063434E13B8ADFF65F56C60230B7] - [01/05/2021 00:33:46] - |A| - [2766] - C:\WINDOWS\System32\Tasks\HPAudioSwitch : "C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe" [MD5.00000000000000000000000000000000] - [01/05/2021 00:33:46] - |D| - [4492] - C:\WINDOWS\System32\Tasks\McAfee [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [634984] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.159BB191BB71CB8531C16BAFB4296564] - [01/05/2021 00:33:46] - |A| - [3338] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.157C31503760169A639D059C44AB1F83] - [01/05/2021 00:33:46] - |A| - [3562] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.00000000000000000000000000000000] - [21/05/2021 22:08:59] - |D| - [4862] - C:\WINDOWS\System32\Tasks\Mozilla [MD5.C4D388012D13534E0A750060E1C5001D] - [01/05/2021 00:33:46] - |A| - [3378] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-551630138-3040592011-1240718164-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "{03B9F167-A722-4034-B285-8AE1892CD7CC}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\Updater.exe|Name=VSDC Free Video Editor Updater| "{99D34B93-C357-4023-B659-4E3CE913C683}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\Updater.exe|Name=VSDC Free Video Editor Updater| "{3D8E7831-A941-480D-9F6E-DCCAEF089DA0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\Activation.exe|Name=VSDC Free Video Editor Activater| "{0A5E492E-2A3D-4803-95C4-6AFA924733F1}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\Activation.exe|Name=VSDC Free Video Editor Activater| "{E0479671-755E-4938-81D3-C6166BD04E12}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe|Name=VSDC Free Video Editor| "{F4FCB83C-020D-44A9-A941-3EC2913C2A06}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe|Name=VSDC Free Video Editor| "{26370997-E83B-4AD8-AA1C-3558ACF0FFD2}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=HP Privacy Settings|Desc=HP Privacy Settings|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1305378616-436760563-3799702697-1432832710-515330926-1828185488-2900786176|EmbedCtxt=HP Privacy Settings|Platform=2:6:2|Platform2=GTEQ| "{F3317B5D-13EC-438E-B062-E3D8F2AC865B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|Desc=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-919809942-2132619914-2252889538-1417933825-3888566155-4108240615-1551254447|EmbedCtxt=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|Platform=2:6:2|Platform2=GTEQ| "{ABCB0DE7-2466-46FD-95C4-DF4521E9CD40}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|Desc=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-919809942-2132619914-2252889538-1417933825-3888566155-4108240615-1551254447|EmbedCtxt=@{26720RandomSaladGamesLLC.SimpleSolitaire_7.2.5.0_x64__kx24dqmazqk8j?ms-resource://26720RandomSaladGamesLLC.SimpleSolitaire/Resources/gameName}|Platform=2:6:2|Platform2=GTEQ| "{9687769D-9F99-4593-92CA-51C7F62E7173}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=sMedio True DVD for HP|Desc=sMedio True DVD for HP|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2589358799-2906147270-2134167831-1546325357-719876545-1218762686-3786993172|EmbedCtxt=sMedio True DVD for HP|Platform=2:6:2|Platform2=GTEQ| "{7E19329C-81CB-4670-8C5A-6DD2E944C54C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=WildTangent Games|Desc=WildTangent Games|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2020458108-3121542460-4114555256-2426173656-3149777993-1233942418-2099583436|EmbedCtxt=WildTangent Games|Platform=2:6:2|Platform2=GTEQ| "{2F7EE0C8-BAF7-4673-B337-D5E5B468E470}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|Desc=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2430459080-3874123450-115833119-3123715186-837955346-2537275713-2107184994|EmbedCtxt=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{017D098B-0425-4FD5-B084-CCF1FDA10EAF}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|Desc=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2430459080-3874123450-115833119-3123715186-837955346-2537275713-2107184994|EmbedCtxt=@{5A894077.McAfeeSecurity_2.1.60.0_x64__wafk5atnkzcwy?ms-resource://5A894077.McAfeeSecurity/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{C34DBBA8-A2EE-4CF6-9580-4FF6974DCBD9}"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe|Name=HoldemManager.Server| "{C6B2CD26-7D71-4CD8-9CBB-7B37D7BE39D8}"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe|Name=HoldemManager.Server| "{D121AEB0-98D9-4895-9AF3-B7F083C0DE48}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe|Name=HoldemManager.Server| "{0B911CD0-5BBF-466A-B848-54E4C6A61F84}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager.Server.exe|Name=HoldemManager.Server| "{9C7ED261-10EA-4D55-9ED0-0FF4E0E7958A}"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe|Name=Holdem Manager 3| "{68501134-4220-48C8-AFF6-4FB4B93B6773}"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe|Name=Holdem Manager 3| "{BA932919-E15E-442D-8734-0F9A747C29B2}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe|Name=Holdem Manager 3| "{63FF3ABD-2D8D-4169-8061-31767C00C2A7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe|Name=Holdem Manager 3| "{56F5B259-0938-4821-80A4-E81A731180A0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide|Desc=Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-737941717-1380326950-912452652-3127346196-1709294207-3426380244-420973270|EmbedCtxt=Booking.com EMEA: Big savings on hotels in 96,000 destinations worldwide|Platform=2:6:2|Platform2=GTEQ| "{69553A48-158F-492F-92D7-74A7B15EF533}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\FormatFactory\FormatFactory.exe|Name=Format Factory| "{B532D260-1502-49AC-B192-DCECE41E21F9}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\rugby\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{87AABC48-A291-46EA-AC22-A45948DFCC31}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\rugby\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{2622FF10-7F96-420A-A44B-6B1B07026514}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=HP System Event Utility|Desc=HP System Event Utility|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-85879656-1542618320-4153938686-2412467340-1945280019-2736652297-2444013066|EmbedCtxt=HP System Event Utility|Platform=2:6:2|Platform2=GTEQ| "{12BA9DCC-EDF7-4C34-904F-820CD265D7D0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9351D96A-2D5C-4DDA-BAE7-C05019E59958}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{EFD633A6-B001-4291-9897-E6D8381C1598}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ| "UDP Query User{72B9D9B0-D21F-4039-97AF-CD332A601CF1}C:\edupython\app\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\edupython\app\python.exe|Name=python|Desc=python|Defer=User| "TCP Query User{D58DBB80-23A6-43EC-95F9-B3B1421F4D4E}C:\edupython\app\python.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\edupython\app\python.exe|Name=python|Desc=python|Defer=User| "{0D670DC4-FA7C-4841-8EE0-91C0F8065A31}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|Desc=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-957046722-3704396400-4010937963-411832198-1131521071-1207666172-2334532315|EmbedCtxt=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{3CDEB410-AA49-469E-9508-E95CE680E82F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|Desc=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-957046722-3704396400-4010937963-411832198-1131521071-1207666172-2334532315|EmbedCtxt=@{C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96?ms-resource://C27EB4BA.DropboxOEM/Resources/OEMAppName}|Platform=2:6:2|Platform2=GTEQ| "{C2ADD94C-ED25-41CF-8441-ACAA0BB95A1C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=5432|Name=postgres| "{66765001-DA97-47C7-83C1-B9487C7B3CC7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=LinkedIn|Desc=LinkedIn|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1533805960-1361140506-3522412665-444267899-2804526817-2114574598-1215170270|EmbedCtxt=LinkedIn|Platform=2:6:2|Platform2=GTEQ| "{EA273FAB-3CE7-48E6-9651-3AA298BDF5A0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{461BAE98-B886-4F9A-B18F-90A84AFC153D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ| "{0202C78D-97FF-4629-83EA-BB74F3ABC8EC}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ| "{88D7733A-15D5-4059-9F2A-42A434BA14CA}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Energy Star|Desc=Energy Star|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3491547126-1731274546-2243617366-1922895713-1564680418-2664622467-2553186582|EmbedCtxt=Energy Star|Platform=2:6:2|Platform2=GTEQ| "{D2313C54-65F1-4C07-95A1-6E9CF11DCD2D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ| "{953A597B-0B35-4AD8-AF17-DD2021B8BA73}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=AMD Radeon™ Settings Lite|Desc=AMD Radeon™ Settings Lite|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1000|AppPkgId=S-1-15-2-1036060538-1371916910-1721558205-1771714225-809698444-271080112-3243963158|EmbedCtxt=AMD Radeon™ Settings Lite|Platform=2:6:2|Platform2=GTEQ| "{E3DB0E59-1C0C-4808-9951-B31A81394A69}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{4E12E6E2-F596-4DD2-8F18-F17391DFC65D}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|Desc=McAfee Shared Service Host| "{606D77D9-FE01-4ECF-99A6-6FD8141CD9D4}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe|Name=McAfee Management Service Host (x64)|Desc=McAfee Management Service Host (x64)| "{E418F76C-805A-4B8C-9363-4DAAAD8AA135}"=v2.30|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe|Name=McAfee Management Service Host (x86)|Desc=McAfee Management Service Host (x86)| "{A695008B-AFA5-4F00-B7F1-8E77776B8A67}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{EnvironmentsApp_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{B8F2FBDA-C056-469F-8788-04FAE46F3714}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{6274E793-EA03-4F14-ACC6-9B9F6375576B}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Name=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Desc=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-2916343524-3430662180-516348105-118121672-2355345734-3902897351-118975284|EmbedCtxt=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{B9544C24-4920-46DF-803E-882EE28D129A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Desc=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-2916343524-3430662180-516348105-118121672-2355345734-3902897351-118975284|EmbedCtxt=@{HoloShell_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1C2BC1F1-25A3-42BF-BC93-AA3C18242519}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ| "{52284D34-A815-4053-807A-7DB2017F9C0B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=@{WhatsNew_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/DisplayName}|Desc=@{WhatsNew_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-1687054363-15095580-2859471963-1230534554-1518709919-3560964332-4233409059|EmbedCtxt=@{WhatsNew_10.0.18362.1_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{D63EF63E-A625-41CC-90BC-895231892497}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Sign In|Desc=WebAuthenticationBroker for intranet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-168312401-1186129728-2879228958-3534056057-3739041822-2673398168-478682142|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{79D21CF5-DE9E-4807-B77A-260543ABFE1B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Sign In|Desc=WebAuthenticationBroker for intranet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-168312401-1186129728-2879228958-3534056057-3739041822-2673398168-478682142|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{A8817E7C-AF04-4A86-B04A-35BA6C80A1AD}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Sign In|Desc=WebAuthenticationBroker for internet|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-777323214-1456873515-2100271053-3995458047-951240702-1549495420-549187529|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{F3DBF6C1-8238-4B2E-8233-0D33DFCF8B93}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Sign In|Desc=WebAuthenticationBroker for internet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-4206727600-193109770-4000318383-1063311987-682381861-3218376292-321053016|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{67399E91-3255-4EBD-B625-C93D3380BF71}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-551630138-3040592011-1240718164-500|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ| "{AA7C6885-5849-43E6-B9CD-812BF7974D3C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=AMD Radeon™ Settings Lite|Desc=AMD Radeon™ Settings Lite|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1036060538-1371916910-1721558205-1771714225-809698444-271080112-3243963158|EmbedCtxt=AMD Radeon™ Settings Lite|Platform=2:6:2|Platform2=GTEQ| "{53F88A6B-9F07-461E-BDB9-02748E82F6D4}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ| "{B8511EA4-1120-4CCB-9F22-4F2D5F4ABBFA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{FF484239-4BB3-47D2-9AAE-78CA969E09A1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{9C411C18-C548-46FD-92F2-37E13F5FADFC}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{AA851C77-5456-4466-87CE-2929DBED337D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=AMD Radeon Software|Desc=AMD Radeon Software|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-294289212-3488760467-1310642356-273862413-4133819423-753142902-1174973337|EmbedCtxt=AMD Radeon Software|Platform=2:6:2|Platform2=GTEQ| "{70BEE9E4-4A73-42D0-B80E-91B64295DF7D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Edge|Desc=Microsoft Edge|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=Microsoft Edge|Platform=2:6:2|Platform2=GTEQ| "{80795B24-6568-46A0-8310-D5B0CBF10A1E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Edge|Desc=Microsoft Edge|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=Microsoft Edge|Platform=2:6:2|Platform2=GTEQ| "{ACFC3665-C6E4-4CC3-9354-1BABC20D9166}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Windows Feature Experience Pack|Desc=Windows Feature Experience Pack|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-283421221-3183566570-1718213290-751554359-3541592344-2312209569-3374928651|EmbedCtxt=Windows Feature Experience Pack|Platform=2:6:2|Platform2=GTEQ| "{18F2124C-A30E-4AAE-AD73-AD63BB24028C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{WhatsNew_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/DisplayName}|Desc=@{WhatsNew_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1687054363-15095580-2859471963-1230534554-1518709919-3560964332-4233409059|EmbedCtxt=@{WhatsNew_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://WhatsNew/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6C9DEE02-27FD-4036-921B-26D4D7CD07E0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sign In|Desc=WebAuthenticationBroker for intranet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-168312401-1186129728-2879228958-3534056057-3739041822-2673398168-478682142|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{84268503-0C04-41BF-A3A6-9892B16932F5}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Sign In|Desc=WebAuthenticationBroker for intranet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-168312401-1186129728-2879228958-3534056057-3739041822-2673398168-478682142|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{5A88BE06-AAA8-436A-9673-7A1A83062B66}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sign In|Desc=WebAuthenticationBroker for internet|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-777323214-1456873515-2100271053-3995458047-951240702-1549495420-549187529|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{0D419342-5E96-4A48-9029-8925397D88A8}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sign In|Desc=WebAuthenticationBroker for internet single sign on|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-4206727600-193109770-4000318383-1063311987-682381861-3218376292-321053016|EmbedCtxt=Sign In|Platform=2:6:2|Platform2=GTEQ| "{A1153350-0392-47A1-BEE9-D7C97D6F46E0}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=NcsiUwpApp|Desc=NcsiUwpApp|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-138780814-3997110584-2874353029-2041838810-3659441231-3169655024-3643974355|EmbedCtxt=NcsiUwpApp|Platform=2:6:2|Platform2=GTEQ| "{30A5A9F7-C98C-4FCF-AC7A-C9910A347D3A}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Desc=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2916343524-3430662180-516348105-118121672-2355345734-3902897351-118975284|EmbedCtxt=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{FA68F336-188B-4200-B34D-10DE1641E62C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Desc=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2916343524-3430662180-516348105-118121672-2355345734-3902897351-118975284|EmbedCtxt=@{HoloShell_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloShell/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{EA3277A5-2D05-4059-9756-AB42C44BD238}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{HoloItemPlayerApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloItemPlayerApp/resources/DisplayName}|Desc=@{HoloItemPlayerApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloItemPlayerApp/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=@{HoloItemPlayerApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://HoloItemPlayerApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6B6ACE8F-6664-4AA5-AD67-76D6AEE98A0F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.19041.964_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{B9874E81-14AA-475C-B5D1-9E6B23D81C29}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{1BBF3A63-B058-4AA4-9CD3-D7DB06C99690}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{0BE33FEC-D062-478B-967C-A8DDB463978D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ| "{0731995C-5330-446E-B44A-33D00ADFFA75}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9415A5D4-66D5-4D40-89D8-D654FDC2354F}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{F0039C3B-5E68-424D-9094-6197286176D6}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Whiteboard|Desc=Microsoft Whiteboard|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3735478025-739183490-1814864596-1535103387-921526206-3802103983-1935489164|EmbedCtxt=Microsoft Whiteboard|Platform=2:6:2|Platform2=GTEQ| "{B8D8E44D-95E4-4DD6-B24E-8048076310F6}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Whiteboard|Desc=Microsoft Whiteboard|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-3735478025-739183490-1814864596-1535103387-921526206-3802103983-1935489164|EmbedCtxt=Microsoft Whiteboard|Platform=2:6:2|Platform2=GTEQ| "{A411B07D-22CD-4D9C-9B4A-95E9E864F2C1}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge| "{A92D7E22-9B54-4731-A41B-7672A4D8611C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge WebView2 Runtime| "{DD5A14AC-771C-47A8-B825-FFF4B2D36051}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{F5D89C03-D4E0-4683-B849-F632BBD7B05A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{EC8338B8-B962-4E11-ACCE-265CFB070C69}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP JumpStarts|Desc=HP JumpStarts|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2516701018-422869360-2902537096-444945985-345509139-4090192224-4170163341|EmbedCtxt=HP JumpStarts|Platform=2:6:2|Platform2=GTEQ| "{CAAFB575-9CE5-4517-9F30-8A831361BF5C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP JumpStarts|Desc=HP JumpStarts|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-2516701018-422869360-2902537096-444945985-345509139-4090192224-4170163341|EmbedCtxt=HP JumpStarts|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D275E60A-CCD9-4888-8289-0BE7AC751725}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Support Assistant|Desc=HP Support Assistant performs routine updates that keep your devices in good working order and help prevent potential problems. It also provides valuable system information about your devices that you will need when troubleshooting problems.|LUOwn=S-1-5-21-551630138-3040592011-1240718164-1001|AppPkgId=S-1-15-2-1646630659-602517981-4172226136-2205870809-2199411998-3541915648-1769184179|EmbedCtxt=HP Support Assistant|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1e1edbfb-642e-48af-a602-8ee25db9d1fc}] : (PSINFile) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem60.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{74132997-900d-482a-9f2c-68c4e4f68132}] : (PSINProt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bc4a8197-8b77-4253-8670-1526dcb2ca08}] : (PSINReg) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d6cd03d8-ac95-4ee2-aba5-dbc70b014e75}] : (PSINProc) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d7fdc164-2f5b-4d33-931d-7cf4b9500039}] : (PSINAflt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [30/04/2021 11:20:20] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\Drivers\CimFS.SYS [23/11/2020 10:04:24] - (6.2.0.85) - (Panda Security, S.L. - Network Activity Hook Server LWF) - C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [17/05/2021 22:02:22] - (4.0.5.1) - (Panda Security, S.L. - PSINKNC Kernel Controller for WLH64) - C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [17/05/2021 22:02:26] - (2.2.0.374) - (Panda Security, S.L. - Streamer) - C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [17/05/2021 22:02:32] - (1.5.0.261) - (Panda Security, S.L. - Smtp Parser) - C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [17/05/2021 22:02:25] - (6.4.0.374) - (Panda Security, S.L. - Network Provider) - C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [17/05/2021 22:02:29] - (6.4.0.360) - (Panda Security, S.L. - Network Protector) - C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [17/05/2021 22:02:31] - (1.7.0.331) - (Panda Security, S.L. - Pop3 Parser) - C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [17/05/2021 22:02:28] - (1.5.0.223) - (Panda Security, S.L. - Process Info Hook Server WFP) - C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [17/05/2021 22:02:27] - (2.3.0.350) - (Panda Security, S.L. - Process Info Colorizer Client) - C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [17/05/2021 22:02:27] - (2.1.0.347) - (Panda Security, S.L. - Intrusion Detection System) - C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [17/05/2021 22:02:30] - (1.8.0.198) - (Panda Security, S.L. - Https Parser) - C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [17/05/2021 22:02:29] - (1.8.0.357) - (Panda Security, S.L. - Http Parser) - C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [17/05/2021 22:02:33] - (1.3.0.102) - (Panda Security, S.L. - Dns Parser) - C:\WINDOWS\system32\DRIVERS\NNSDNS.sys [16/11/2017 14:00:25] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\aftap0901.sys [24/04/2020 12:50:54] - (19.5.35.54) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\System32\drivers\SynTP.sys [24/04/2020 12:50:54] - (19.5.35.54) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [08/06/2020 08:59:28] - (2.1.14.1) - (HP - HP Wireless Button Driver) - C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [19/04/2019 00:33:54] - (1.0.0.1) - (HP Inc. - HP Custom Capabilities Driver) - C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1f5602eb8a12ac4c\x64\hpcustomcapdriver.sys [17/05/2021 22:02:36] - (4.0.5.0) - (Panda Security, S.L. - PSINAflt Filter Driver for WLH64) - C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [17/05/2021 22:02:35] - (4.0.5.1) - (Panda Security, S.L. - PSINProt for WLH64) - C:\WINDOWS\system32\DRIVERS\PSINProt.sys [27/12/2020 17:14:06] - (4.0.5.1) - (Panda Security, S.L. - PSINFile Filter Driver for W764) - C:\WINDOWS\system32\DRIVERS\PSINFile.sys [27/12/2020 17:17:45] - (4.0.5.1) - (Panda Security, S.L. - PSINProc Filter Driver for WLH64) - C:\WINDOWS\system32\DRIVERS\PSINProc.sys [17/05/2021 22:02:34] - (4.0.5.0) - (Panda Security, S.L. - PSINReg Filter Driver for WLH64) - C:\WINDOWS\system32\DRIVERS\PSINReg.sys [08/03/2020 00:10:29] - (1.1.0.21) - (Panda Security, S.L. - Panda Kernel Memory Access Driver (x64)) - C:\WINDOWS\System32\DRIVERS\PSKMAD.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware (3ware) -> C:\WINDOWS\system32\drivers\3ware.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> C:\WINDOWS\system32\drivers\ACPI.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> C:\WINDOWS\system32\Drivers\acpiex.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ADP80XX (ADP80XX) -> C:\WINDOWS\system32\drivers\ADP80XX.SYS - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - amdpsp (AMD PSP Service) -> C:\WINDOWS\system32\drivers\amdpsp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - amdsata (amdsata) -> C:\WINDOWS\system32\drivers\amdsata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsbs (amdsbs) -> C:\WINDOWS\system32\drivers\amdsbs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdxata (amdxata) -> C:\WINDOWS\system32\drivers\amdxata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - arcsas (Pilote miniport Storport Adaptec SAS/SATA-II RAID) -> C:\WINDOWS\system32\drivers\arcsas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - atapi (Canal IDE) -> C:\WINDOWS\system32\drivers\atapi.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - b06bdrv (Carte réseau QLogic VBD) -> C:\WINDOWS\system32\drivers\bxvbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - bttflt (Filtre Microsoft Hyper-V VHDPMEM BTT) -> C:\WINDOWS\system32\drivers\bttflt.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - cht4iscsi (cht4iscsi) -> C:\WINDOWS\system32\drivers\cht4sx64.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - CLFS (Common Log (CLFS)) -> C:\WINDOWS\system32\drivers\CLFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - CNG (CNG) -> C:\WINDOWS\system32\Drivers\cng.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - disk (Pilote de disque) -> C:\WINDOWS\system32\drivers\disk.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ebdrv (Carte QLogic 10 Gigabit Ethernet VBD) -> C:\WINDOWS\system32\drivers\evbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - EhStorClass (Enhanced Storage Filter Driver) -> C:\WINDOWS\system32\drivers\EhStorClass.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - EhStorTcgDrv (Pilote Microsoft pour dispositif de stockage prenant en charge les protocoles IEEE 1667 et TCG) -> C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [File System Driver] - FileInfo (File Information FS MiniFilter) -> C:\WINDOWS\system32\drivers\fileinfo.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - FltMgr (FltMgr) -> C:\WINDOWS\system32\drivers\fltmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - fvevol (Pilote de filtre de chiffrement de lecteur BitLocker) -> C:\WINDOWS\system32\DRIVERS\fvevol.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - HpSAMD (HpSAMD) -> C:\WINDOWS\system32\drivers\HpSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - hwpolicy (Hardware Policy Driver) -> C:\WINDOWS\system32\drivers\hwpolicy.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorAVC (Contrôleur RAID SATA de circuit microprogrammé Intel) -> C:\WINDOWS\system32\drivers\iaStorAVC.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorV (Contrôleur RAID Intel Windows 7) -> C:\WINDOWS\system32\drivers\iaStorV.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - intelide (intelide) -> C:\WINDOWS\system32\drivers\intelide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - intelpep (Pilote de plug-in du moteur d’alimentation Intel(R)) -> C:\WINDOWS\system32\drivers\intelpep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - iorate (Pilote du filtre du taux d’E/S du disque) -> C:\WINDOWS\system32\drivers\iorate.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - isapnp (isapnp) -> C:\WINDOWS\system32\drivers\isapnp.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - ItSas35i (ItSas35i) -> C:\WINDOWS\system32\drivers\ItSas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - KSecDD (KSecDD) -> C:\WINDOWS\system32\Drivers\ksecdd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - KSecPkg (KSecPkg) -> C:\WINDOWS\system32\Drivers\ksecpkg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS (LSI_SAS) -> C:\WINDOWS\system32\drivers\lsi_sas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS2i (LSI_SAS2i) -> C:\WINDOWS\system32\drivers\lsi_sas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS3i (LSI_SAS3i) -> C:\WINDOWS\system32\drivers\lsi_sas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SSS (LSI_SSS) -> C:\WINDOWS\system32\drivers\lsi_sss.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas (megasas) -> C:\WINDOWS\system32\drivers\megasas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas2i (megasas2i) -> C:\WINDOWS\system32\drivers\MegaSas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas35i (megasas35i) -> C:\WINDOWS\system32\drivers\megasas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasr (megasr) -> C:\WINDOWS\system32\drivers\megasr.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - mountmgr (Gestionnaire des points de montage) -> C:\WINDOWS\system32\drivers\mountmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - msisadrv (msisadrv) -> C:\WINDOWS\system32\drivers\msisadrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Mup (Mup) -> C:\WINDOWS\system32\Drivers\mup.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - mvumis (mvumis) -> C:\WINDOWS\system32\drivers\mvumis.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - NDIS (Pilote système NDIS) -> C:\WINDOWS\system32\drivers\ndis.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - nvdimm (Pilote de périphérique NVDIMM Microsoft) -> C:\WINDOWS\system32\drivers\nvdimm.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvraid (nvraid) -> C:\WINDOWS\system32\drivers\nvraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvstor (nvstor) -> C:\WINDOWS\system32\drivers\nvstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - partmgr (Gestionnaire de partitions) -> C:\WINDOWS\system32\drivers\partmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> C:\WINDOWS\system32\drivers\pci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - pciide (pciide) -> C:\WINDOWS\system32\drivers\pciide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pcmcia (pcmcia) -> C:\WINDOWS\system32\drivers\pcmcia.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> C:\WINDOWS\system32\drivers\pcw.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pdc (CDP) -> C:\WINDOWS\system32\drivers\pdc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - percsas2i (percsas2i) -> C:\WINDOWS\system32\drivers\percsas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - percsas3i (percsas3i) -> C:\WINDOWS\system32\drivers\percsas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pmem (Pilote de disque de mémoire persistante Microsoft) -> C:\WINDOWS\system32\drivers\pmem.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - psinelam (psinelam) -> C:\WINDOWS\system32\DRIVERS\psinelam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> C:\WINDOWS\system32\DRIVERS\ramdisk.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> C:\WINDOWS\system32\drivers\rdyboost.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - sbp2port (Pilote de bus de transport/protocole SBP-2) -> C:\WINDOWS\system32\drivers\sbp2port.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - scmbus (Pilote de bus de mémoire de classe stockage Microsoft) -> C:\WINDOWS\system32\drivers\scmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - SgrmAgent (System Guard Runtime Monitor Agent) -> C:\WINDOWS\system32\drivers\SgrmAgent.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid2 (SiSRaid2) -> C:\WINDOWS\system32\drivers\SiSRaid2.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid4 (SiSRaid4) -> C:\WINDOWS\system32\drivers\sisraid4.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SmartSAMD (SmartSAMD) -> C:\WINDOWS\system32\drivers\SmartSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - spaceport (Pilote des espaces de stockage) -> C:\WINDOWS\system32\drivers\spaceport.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - stexstor (stexstor) -> C:\WINDOWS\system32\drivers\stexstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storahci (Lecteur AHCI SATA Microsoft standard) -> C:\WINDOWS\system32\drivers\storahci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storflt (Accélérateur de stockage Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vmstorfl.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - stornvme (Pilote NVM Express standard de Microsoft) -> C:\WINDOWS\system32\drivers\stornvme.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - storufs (Pilote Universal Flash Storage (UFS) Microsoft) -> C:\WINDOWS\system32\drivers\storufs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storvsc (storvsc) -> C:\WINDOWS\system32\drivers\storvsc.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Tcpip (Pilote pour protocole TCP/IP) -> C:\WINDOWS\system32\drivers\tcpip.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - Telemetry (Service de télémétrie Intel(R)) -> C:\WINDOWS\system32\drivers\IntelTA.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - vdrvroot (Énumérateur de lecteur virtuel Microsoft) -> C:\WINDOWS\system32\drivers\vdrvroot.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vmbus (Bus VMBus) -> C:\WINDOWS\system32\drivers\vmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - volmgr (Pilote du gestionnaire de volumes) -> C:\WINDOWS\system32\drivers\volmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volmgrx (Gestionnaire de volumes dynamiques) -> C:\WINDOWS\system32\drivers\volmgrx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volsnap (Pilote de cliché instantané du volume) -> C:\WINDOWS\system32\drivers\volsnap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volume (Pilote de volume) -> C:\WINDOWS\system32\drivers\volume.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vpci (Bus PCI virtuel Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vpci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - vsmraid (vsmraid) -> C:\WINDOWS\system32\drivers\vsmraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - VSTXRAID (Pilote Windows du contrôleur RAID de stockage VIA StorX) -> C:\WINDOWS\system32\drivers\vstxraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Wdf01000 (Service Infrastructure de pilote en mode noyau) -> C:\WINDOWS\system32\drivers\Wdf01000.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WFPLWFS (Plateforme de filtrage Microsoft Windows) -> C:\WINDOWS\system32\drivers\wfplwfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRTProxy (Service sécurisé d'exécution approuvée Microsoft Windows) -> C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> C:\WINDOWS\system32\drivers\Wof.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - MbamElam (MbamElam) -> C:\WINDOWS\system32\DRIVERS\MbamElam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R1 - [Kernel Driver] - AFD (Pilote de fonction connexe pour Winsock) -> C:\WINDOWS\system32\drivers\afd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - afunix (afunix) -> C:\WINDOWS\system32\drivers\afunix.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ahcache (Application Compatibility Cache) -> C:\WINDOWS\system32\DRIVERS\ahcache.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - amdsfhkmdf (AMD SFH KMDF I2C Service) -> C:\WINDOWS\system32\drivers\amdsfhkmdfi2c.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - bam (Background Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\bam.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicDisplay (BasicDisplay) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicRender (BasicRender) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Beep (Beep) -> C:\WINDOWS\system32\drivers\Beep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> C:\WINDOWS\system32\drivers\cdrom.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - CimFS (CimFS) -> C:\WINDOWS\system32\drivers\CimFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S1 - [Kernel Driver] - dam (Desktop Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\dam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R1 - [File System Driver] - Dfsc (Pilote du client de l’espace de noms DFS) -> C:\WINDOWS\system32\Drivers\dfsc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> C:\WINDOWS\system32\drivers\dxgkrnl.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - FileCrypt (FileCrypt) -> C:\WINDOWS\system32\drivers\filecrypt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - GpuEnergyDrv (GPU Energy Driver) -> C:\WINDOWS\system32\drivers\gpuenergydrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Msfs (Msfs) -> C:\WINDOWS\system32\drivers\Msfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> C:\WINDOWS\system32\drivers\mssmbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NdisCap (Capture NDIS Microsoft) -> C:\WINDOWS\system32\drivers\ndiscap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> C:\WINDOWS\system32\drivers\netbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NetBT (NetBT) -> C:\WINDOWS\system32\DRIVERS\netbt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSDNS (NNSDNS) -> C:\WINDOWS\system32\DRIVERS\NNSDNS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSHTTP (NNSHTTP) -> C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSHTTPS (NNSHTTPS) -> C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSIDS (NNSIDS) -> C:\WINDOWS\system32\DRIVERS\NNSIDS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSNAHSL (NNSNAHSL) -> C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSPICC (NNSPICC) -> C:\WINDOWS\system32\DRIVERS\NNSPICC.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSPIHSW (NNSPIHSW) -> C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSPOP3 (NNSPOP3) -> C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSPROT (NNSPROT) -> C:\WINDOWS\system32\DRIVERS\NNSPROT.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSPRV (NNSPRV) -> C:\WINDOWS\system32\DRIVERS\NNSPRV.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSSMTP (NNSSMTP) -> C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NNSSTRM (NNSSTRM) -> C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Npfs (Npfs) -> C:\WINDOWS\system32\drivers\Npfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - npsvctrig (Named pipe service trigger provider) -> C:\WINDOWS\system32\drivers\npsvctrig.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - nsiproxy (NSI Proxy Service Driver) -> C:\WINDOWS\system32\drivers\nsiproxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Null (Null) -> C:\WINDOWS\system32\drivers\Null.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Psched (Planificateur de paquets QoS) -> C:\WINDOWS\system32\drivers\pacer.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - PSINKNC (PSINKNC) -> C:\WINDOWS\system32\DRIVERS\PSINKNC.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - rdbss (Sous-système de mise en mémoire tampon redirigée) -> C:\WINDOWS\system32\DRIVERS\rdbss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - tdx (Pilote de prise en charge TDI héritée NetIO) -> C:\WINDOWS\system32\DRIVERS\tdx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Vid (Vid) -> C:\WINDOWS\system32\drivers\Vid.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> C:\WINDOWS\system32\drivers\vwififlt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - bindflt (Windows Bind Filter Driver) -> C:\WINDOWS\system32\drivers\bindflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> C:\WINDOWS\system32\drivers\cldflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AMD External Events Utility (AMD External Events Utility) -> C:\WINDOWS\System32\DriverStore\FileRepository\u0358405.inf_amd64_a27d0449e7158fd4\B357813\atiesrxx.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AMD Log Utility (AMD Log Utility) -> C:\WINDOWS\System32\amdlogsr.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - AudioEndpointBuilder (Générateur de points de terminaison du service Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Audiosrv (Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BFE (Moteur de filtrage de base) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BrokerInfrastructure (Service d’infrastructure des tâches en arrière-plan) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CDPSvc (Service de plateforme des appareils connectés) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ClickToRunSvc (Microsoft Office Click-to-Run Service) -> "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CoreMessagingRegistrar (CoreMessaging) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CryptSvc (Services de chiffrement) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DcomLaunch (Lanceur de processus serveur DCOM) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DeviceAssociationService (Service d’association de périphérique) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dhcp (Client DHCP) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DiagTrack (Expériences des utilisateurs connectés et télémétrie) -> C:\WINDOWS\System32\svchost.exe -k utcsvc -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DispBrokerDesktopSvc (Service de stratégie d'affichage) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - lltdio (Pilote E/S de mappage de découverte de topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\lltdio.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - luafv (Virtualisation de fichier UAC) -> C:\WINDOWS\system32\drivers\luafv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MMCSS (Multimedia Class Scheduler) -> C:\WINDOWS\system32\drivers\mmcss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MsLldp (Protocole LLDP (Link Layer Discovery Protocol) Microsoft) -> C:\WINDOWS\system32\drivers\mslldp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - Ndu (Windows Network Data Usage Monitoring Driver) -> C:\WINDOWS\system32\drivers\Ndu.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> C:\WINDOWS\system32\drivers\peauth.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PSINAflt (PSINAflt) -> C:\WINDOWS\system32\DRIVERS\PSINAflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - PSINFile (PSINFile) -> C:\WINDOWS\system32\DRIVERS\PSINFile.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - PSINProc (PSINProc) -> C:\WINDOWS\system32\DRIVERS\PSINProc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PSINProt (PSINProt) -> C:\WINDOWS\system32\DRIVERS\PSINProt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PSINReg (PSINReg) -> C:\WINDOWS\system32\DRIVERS\PSINReg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - rspndr (Répondeur de découverte de la topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\rspndr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dnscache (Client DNS) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DoSvc (Optimisation de livraison) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DPS (Service de stratégie de diagnostic) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DusmSvc (Consommation des données) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - edgeupdate (Microsoft Edge Update Service (edgeupdate)) -> "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - EventLog (Journal d’événements Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - EventSystem (Système d’événement COM+) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - FontCache (Service de cache de police Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Share Process] - gpsvc (Client de stratégie de groupe) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - HP Comm Recover (HP Comm Recovery) -> "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - HPAppHelperCap (HP App Helper HSA Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\AppHelperCap.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - HPDiagsCap (HP Diagnostics HSA Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\DiagsCap.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - HPNetworkCap (HP Network HSA Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\NetworkCap.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - HPSysInfoCap (HP System Info HSA Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_d9cbd6bbac564232\x64\SysInfoCap.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - HpTouchpointAnalyticsService (HP Analytics service) -> C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_eb7ea98d07646ece\x64\TouchpointAnalyticsClientService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - iphlpsvc (Assistance IP) -> C:\WINDOWS\System32\svchost.exe -k NetSvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - storqosflt (Pilote de filtre de qualité de service de stockage) -> C:\WINDOWS\system32\drivers\storqosflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> C:\WINDOWS\system32\drivers\tcpipreg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - wanarp (Pilote ARP IP d’accès à distance) -> C:\WINDOWS\system32\DRIVERS\wanarp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - wcifs (Windows Container Isolation) -> C:\WINDOWS\system32\drivers\wcifs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> C:\WINDOWS\system32\Drivers\MbamChameleon.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanServer (Serveur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanWorkstation (Station de travail) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LSM (Gestionnaire de session locale) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - MajIndexEducationService (Mise à jour automatique - Index Education) -> "C:\program files (x86)\index education\mise a jour automatique\ServiceMiseAJourIndex.exe" -svc - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - MapsBroker (Gestionnaire des cartes téléchargées) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - mpssvc (Pare-feu Windows Defender) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - myCANAL Server (myCANAL Server) -> C:\ProgramData\myCANAL\nssm.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - NanoServiceMain (Panda Cloud Antivirus Service) -> "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe" - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - NlaSvc (Connaissance des emplacements réseau) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - nsi (Service Interface du magasin réseau) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - PandaAgent (Panda Devices Agent) -> "C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Power (Alimentation) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ProfSvc (Service de profil utilisateur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - pselamsvc (Panda Elam Service Protection) -> "C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - PSUAService (Panda Product Service) -> "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RasMan (Gestionnaire des connexions d’accès à distance) -> C:\WINDOWS\System32\svchost.exe -k netsvcs - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RpcEptMapper (Mappeur de point de terminaison RPC) -> C:\WINDOWS\system32\svchost.exe -k RPCSS -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - RpcSs (Appel de procédure distante (RPC)) -> C:\WINDOWS\system32\svchost.exe -k rpcss -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - RtkAudioUniversalService (Realtek Audio Universal Service) -> "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_bb0c442560f99618\RtkAudUService64.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - RtkBtManServ (Realtek Bluetooth Device Manager Service) -> C:\WINDOWS\RtkBtManServ.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SamSs (Gestionnaire de comptes de sécurité) -> C:\WINDOWS\system32\lsass.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - Schedule (Planificateur de tâches) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SECOMNService (Sound Research SECOMN Service) -> "C:\WINDOWS\System32\SECOMN64.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SENS (Service de notification d’événements système) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SgrmBroker (Service Broker du moniteur d'exécution System Guard) -> C:\WINDOWS\system32\SgrmBroker.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ShellHWDetection (Détection matériel noyau) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Spooler (Spouleur d’impression) -> C:\WINDOWS\System32\spoolsv.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : True S2 - [Own Process] - sppsvc (Protection logicielle) -> C:\WINDOWS\system32\sppsvc.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - stisvc (Acquisition d’image Windows (WIA)) -> C:\WINDOWS\system32\svchost.exe -k imgsvc - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - StorSvc (Service de stockage) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SynTPEnhService (SynTPEnhService) -> C:\WINDOWS\System32\SynTPEnhService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SysMain (SysMain) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SystemEventsBroker (Service Broker des événements système) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Themes (Thèmes) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - TrkWks (Client de suivi de lien distribué) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UserManager (Gestionnaire des utilisateurs) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UsoSvc (Mettre à jour le service Orchestrator) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Wcmsvc (Gestionnaire des connexions Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WildTangentHelper (WildTangentHelper) -> "C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Winmgmt (Infrastructure de gestion Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WlanSvc (Service de configuration automatique WLAN) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - WpnService (Service du système de notifications Push Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - wscsvc (Centre de sécurité) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WSearch (Windows Search) -> C:\WINDOWS\system32\SearchIndexer.exe /Embedding - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - CDPUserSvc_4f8d0 (CDPUserSvc_4f8d0) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - OneSyncSvc_4f8d0 (OneSyncSvc_4f8d0) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - WpnUserService_4f8d0 (WpnUserService_4f8d0) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - MBAMInstallerService (Malwarebytes Installer Service) -> "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe" - AcceptPause : False - AcceptStop : False - DesktopInteract : False ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\2080585768.player.canalplus.fr] : (myCANAL.-.player.canalplus.fr) -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe -uninstallApp 2080585768.player.canalplus.fr [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BetclicPoker.fr] : (Betclic Poker.fr.-.Betclic Poker.fr) -> "C:\Users\rugby\AppData\Local\Betclic Poker.fr\SetupPokerUninstall1619128525138_na_fr.exe" /executeuninstall /trafficsource='na' /profile='na' /userid='8E2D069602F14971A104AC0F98188033UI' /skinid='new_client' /fallbackfolder='' [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GeoGebra_6] : (GeoGebra Classic.-.International GeoGebra Institute) -> "C:\Users\rugby\AppData\Local\GeoGebra_6\Update.exe" --uninstall [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\rugby\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL [HKU\S-1-5-21-551630138-3040592011-1240718164-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WebLaunchRecorder] : (Web Launch Recorder.-.) -> C:\Users\rugby\AppData\Local\WebLaunchRecorder\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HP_Documentation] : (HP Documentation.-.HP Inc.) -> CMD /C "C:\Program Files\HP\Documentation\Doc_Uninstall.cmd" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 88.0.1 (x64 fr)] : (Mozilla Firefox 88.0.1 (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> "C:\Program Files\VideoLAN\VLC\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VSDC Free Video Editor_is1] : (VSDC Free Video Editor version 6.6.7.275.-.Flash-Integro LLC) -> "C:\Program Files\FlashIntegro\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\weh-iss-net.downloadhelper.coapp_is1] : (VdhCoApp 1.5.0.-.DownloadHelper) -> "C:\Program Files\net.downloadhelper.coapp\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{191F4D69-B671-4163-BB01-901B89A20D04}] : (LibreOffice 6.3.4.2.-.The Document Foundation) -> MsiExec.exe /I{191F4D69-B671-4163-BB01-901B89A20D04} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 4.3.3.116.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe" /Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EF4168C0-095F-4CFC-8CB3-139A11AC89BE}] : (Panda Dome.-.Panda Security) -> MsiExec.exe /X{EF4168C0-095F-4CFC-8CB3-139A11AC89BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\EduPython_2.7_is1] : (EduPython 2.7.-.V. MAILLE) -> "C:\EduPython\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Filius] : (Filius 1.8.1.-.Stefan Freischlad) -> C:\Program Files (x86)\Filius\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FormatFactory] : (FormatFactory 5.4.5.1.-.Free Time) -> C:\Program Files\FormatFactory\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GeoGebra 5] : (GeoGebra 5.-.International GeoGebra Institute) -> "C:\Program Files (x86)\GeoGebra 5.0\uninstaller.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\myCANAL] : (myCANAL.-.UCAYA) -> C:\ProgramData\myCANAL\uninstall.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Devices Agent] : (Panda Devices Agent.-.Panda Security) -> MsiExec.exe /X{DB0164A2-ADE9-4FEE-B080-D506BDD6427F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Universal Agent Endpoint] : (Panda Dome.-.Panda Security) -> "C:\Program Files (x86)\Panda Security\Panda Security Protection\Setup.exe" /X{EF4168C0-095F-4CFC-8CB3-139A11AC89BE} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PokerStars.fr] : (PokerStars.fr.-.PokerStars.fr) -> "C:\Program Files (x86)\PokerStars.FR\PokerStarsUninstall.exe" /u:PokerStars.fr [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PostgreSQL 8.4] : (PostgreSQL 8.4.-.PostgreSQL Global Development Group) -> C:\postgreSQL\uninstall-postgresql.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sine qua non_is1] : (Sine qua non version 2.9.3.4.-.25 novembre 2018 Patrice Rabiller et Patrick Pradeau) -> "C:\Program Files (x86)\Sine qua non\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WildTangent wildgames Master Uninstall] : (Jeux WildTangent.-.WildTangent) -> "C:\Program Files (x86)\WildGames\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}] : (HP Audio Switch.-.HP Inc.) -> MsiExec.exe /I{20A40E7C-E470-4E9F-9B5C-DDB2C205E856} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{31B9D218-FED2-4C6C-B19F-7294FFC130B0}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{31B9D218-FED2-4C6C-B19F-7294FFC130B0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{52F13A9C-7815-4F65-BA5A-CC7E09191930}] : (INDEX EDUCATION - Client PRONOTE 2020 - 64bit.-.Index Education) -> "C:\Program Files (x86)\InstallShield Installation Information\{52F13A9C-7815-4F65-BA5A-CC7E09191930}\setup.exe" -runfromtemp -l0x040c -uninst -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}] : (HP Connection Optimizer.-.HP Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\Setup.exe" -runfromtemp -l0x040c -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6CE23139-4FCC-4819-970B-F37B7DD83243}] : (Algobox 1.0.2 (64-bit).-.Algobox) -> MsiExec.exe /I{6CE23139-4FCC-4819-970B-F37B7DD83243} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{775E087D-A428-428C-A5FD-000010004000}] : (Mise à jour automatique.-.Index Education) -> MsiExec.exe /X{775E087D-A428-428C-A5FD-000010004000} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80831F60-19D7-43B3-A60C-5CAF8C478DF6}] : (WildTangent ShortcutProvider.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\ShortcutProvider\uninstaller.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}] : (PokerStrategy.com Equilab.-.PokerStrategy.com) -> MsiExec.exe /I{86D09F48-CDAB-4B4C-8806-F6C16F17935A} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{924D3ABC-FC75-4042-9DDB-FB846A45848D}] : (HP PC Hardware Diagnostics UEFI.-.HP) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}] : (WildTangent Helper.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\Integration\uninstaller.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A9222889-1CDA-42BD-B11B-113E7C91C1C7}] : (OpenOffice 4.1.7.-.Apache Software Foundation) -> MsiExec.exe /I{A9222889-1CDA-42BD-B11B-113E7C91C1C7} ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}] : (Panda Devices Agent.-.Panda Security) -> MsiExec.exe /X{DB0164A2-ADE9-4FEE-B080-D506BDD6427F} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F1A0512A-1DDC-4C61-887E-20A9F274603A}] : (Holdem Manager 3.-.Max Value Software) -> MsiExec.exe /X{F1A0512A-1DDC-4C61-887E-20A9F274603A} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C80090400100000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\0C8614FEF590CFC4C83B31A911CA98EB] : Panda Dome [HKCR\Installer\Products\2A4610BD9EDAEEF40B085D60DB6D24F7] : Panda Devices Agent -> C:\windows\Installer\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\812D9B132DEFC6C41BF92749FF1C030B] : Adobe AIR [HKCR\Installer\Products\84F90D68BADCC4B488606F1CF67139A5] : PokerStrategy.com Equilab -> C:\windows\Installer\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\93132EC6CCF4918479B03FB7D78D2334] : Algobox 1.0.2 (64-bit) -> C:\windows\Installer\{6CE23139-4FCC-4819-970B-F37B7DD83243}\algobox.ico [HKCR\Installer\Products\96D4F191176B3614BB1009B1982AD040] : LibreOffice 6.3.4.2 -> C:\windows\Installer\{191F4D69-B671-4163-BB01-901B89A20D04}\soffice.ico [HKCR\Installer\Products\9882229AADC1DB241BB111E3C7191C7C] : OpenOffice 4.1.7 -> C:\windows\Installer\{A9222889-1CDA-42BD-B11B-113E7C91C1C7}\soffice.ico [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\C7E04A02074EF9E4B9C5DD2B2C508E65] : HP Audio Switch -> c:\windows\Installer\{20A40E7C-E470-4E9F-9B5C-DDB2C205E856}\HPlogo_blue.ico [HKCR\Installer\Products\CBA3D42957CF2404D9BDBF48A65448D8] : HP PC Hardware Diagnostics UEFI -> C:\windows\Installer\{924D3ABC-FC75-4042-9DDB-FB846A45848D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D780E577824AC8245ADF000001000400] : INDEX EDUCATION - Mise à jour automatique -> C:\windows\Installer\{775E087D-A428-428C-A5FD-000010004000}\ARPPRODUCTICON.exe ---------- | UserSettings [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\48684d4a-8524-4093-8a63-ea7132b79c1c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\48684d4a-8524-4093-8a63-ea7132b79c1c]~[FriendlyName] : @C:\ProgramData\Hewlett-Packard\System Default Settings\muires.dll,-101 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\48684d4a-8524-4093-8a63-ea7132b79c1c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\48684d4a-8524-4093-8a63-ea7132b79c1c]~[FriendlyName] : @C:\ProgramData\Hewlett-Packard\System Default Settings\muires.dll,-101 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance ---------- | ADS ---------- | 20 LastEventLog Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.19041.423, horodatage : 0x0431d1e3 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x4178 Heure de début de l’application défaillante : 0x01d750ae367851bf Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : b6d6f444-149e-4320-ba75-dabc4f05b800 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante CHXSmartScreen.exe, version : 10.0.19041.423, horodatage : 0x0431d1e3 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x2ecc Heure de début de l’application défaillante : 0x01d750ae0d5957fd Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 2033a872-6d6f-402d-86aa-30844d895e58 Nom complet du package défaillant : Microsoft.Windows.Apprep.ChxApp_1000.19041.964.0_neutral_neutral_cw5n1h2txyewy ID de l’application relative au package défaillant : App ------------ Nom de l’application défaillante wwahost.exe, version : 10.0.19041.789, horodatage : 0x9bbd7506 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x4b98 Heure de début de l’application défaillante : 0x01d750abdb817c2d Chemin d’accès de l’application défaillante : C:\windows\system32\wwahost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 73c87322-3e16-442b-88a7-2323e86760c2 Nom complet du package défaillant : 4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 ID de l’application relative au package défaillant : Netflix.App ------------ Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.19041.546, horodatage : 0x1d3a15e7 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x3c58 Heure de début de l’application défaillante : 0x01d750abc1381c26 Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : eb458fdf-c78f-4d94-a490-b514462f1f6e Nom complet du package défaillant : AD2F1837.HPSupportAssistant_9.7.433.0_x64__v10z8vjag6ke6 ID de l’application relative au package défaillant : AD2F1837.HPSupportAssistant ------------ Nom de l’application défaillante GameBar.exe, version : 5.621.4222.0, horodatage : 0x60818071 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0xc0000409 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x1ab4 Heure de début de l’application défaillante : 0x01d74e7d5c28a063 Chemin d’accès de l’application défaillante : C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe\GameBar.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 11012e82-d628-4cb4-b12a-e5954cb30e53 Nom complet du package défaillant : Microsoft.XboxGamingOverlay_5.621.4222.0_x64__8wekyb3d8bbwe ID de l’application relative au package défaillant : App ------------ Le programme Client PRONOTE.exe version 2020.0.2.7 a cessé d'interagir avec Windows et a été fermé. Pour voir si plus d'informations sur le problème sont disponibles, vérifiez l'historique des problèmes dans le Panneau de configuration Sécurité et maintenance. ID de processus : 4480 Heure de début : 01d74ee44c759307 Heure d'arrêt : 4294967295 Chemin d'accès à l'application : C:\Program Files\Index Education\Pronote 2020\Réseau\Client\Client PRONOTE.exe ID de rapport : 21a60f45-5930-4e5a-a5b0-b97b3f282add Nom complet du package défectueux : ID de l'application relative à un package défectueux : Type de blocage : Top level window is idle ------------ Nom de l’application défaillante wwahost.exe, version : 10.0.19041.789, horodatage : 0x9bbd7506 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80040154 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x4fd8 Heure de début de l’application défaillante : 0x01d74e88b07f11c4 Chemin d’accès de l’application défaillante : C:\windows\system32\wwahost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : e2b02166-86ce-4cc3-96cc-0ecad333b694 Nom complet du package défaillant : 4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 ID de l’application relative au package défaillant : Netflix.App ------------ Nom de l’application défaillante wwahost.exe, version : 10.0.19041.789, horodatage : 0x9bbd7506 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x5300 Heure de début de l’application défaillante : 0x01d74e7d1605ffea Chemin d’accès de l’application défaillante : C:\windows\system32\wwahost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : b60e5268-03ba-49b7-b274-fea99ff5b254 Nom complet du package défaillant : 4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 ID de l’application relative au package défaillant : Netflix.App ------------ Nom de l’application défaillante wwahost.exe, version : 10.0.19041.789, horodatage : 0x9bbd7506 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.964, horodatage : 0x812662a7 Code d’exception : 0x80070005 Décalage d’erreur : 0x000000000010b39c ID du processus défaillant : 0x4cf4 Heure de début de l’application défaillante : 0x01d74dca344ef579 Chemin d’accès de l’application défaillante : C:\windows\system32\wwahost.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 2b47d001-a47c-429b-a49c-9a53c9547b42 Nom complet du package défaillant : 4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 ID de l’application relative au package défaillant : Netflix.App ------------ Security Center n'a pas pu valider l'appelant. Erreur DC040780. ------------ Erreur lors de la mise à jour du statut vers SECURITY_PRODUCT_STATE_OFF. ------------ Security Center n'a pas pu valider l'appelant. Erreur DC040780. ------------ Security Center n'a pas pu valider l'appelant. Erreur DC040780. ------------ Application : PSUAMain.exe Version du Framework : v4.0.30319 Description : le processus a été arrêté en raison d'une exception non gérée. Informations sur l'exception : System.NullReferenceException à System.Windows.Threading.Dispatcher.ShutdownImplInSecurityContext(System.Object) à System.Windows.Threading.Dispatcher.ShutdownImpl() à System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) à MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) à MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) à System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) à System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) à System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) à MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) ------------ Nom de l’application défaillante HoldemManager3.exe, version : 3.1.16.0, horodatage : 0x606252fa Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000517f00007f ID du processus défaillant : 0x33c0 Heure de début de l’application défaillante : 0x01d7477543cb4a3e Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Holdem Manager 3\HoldemManager3.exe Chemin d’accès du module défaillant: unknown ID de rapport : 872fe120-2439-4624-b312-4a4308116d14 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer. Details: AddWin32ServiceFiles: Unable to back up image of service CloudAvUpdaterFU since QueryServiceConfig API failed System Error: Le fichier spécifié est introuvable. . ------------ Nom de l’application défaillante WUDFHost.exe, version : 10.0.19041.1, horodatage : 0xe092f869 Nom du module défaillant : ntdll.dll, version : 10.0.19041.928, horodatage : 0x9bed63d6 Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000ff0b9 ID du processus défaillant : 0x660 Heure de début de l’application défaillante : 0x01d74050094c0ea6 Chemin d’accès de l’application défaillante : C:\Windows\System32\WUDFHost.exe Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\ntdll.dll ID de rapport : e722c33c-00c5-495f-8d01-5b6fd6eeff79 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Le service Services de chiffrement n’a pas réussi à initialiser la base de données du catalogue. L’erreur ESENT était : -1409. ------------ Le serveur Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca ne s’est pas enregistré sur DCOM avant la fin du temps imparti. ------------ ----------( EOF)---------- - 4960 | 17:21:20