--------------- QuickDiag | g3n-h@ckm@n | V8.028.22.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 02/02/2022 14:46:58 Updated 28/01/2022 | 10:00 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [nicol (Administrator)] - [LAPTOP-VTVIGEQ7] (S-1-5-21-3117338434-2494139373-3240853406-1001) PC : Acer Aspire A315-34 x64-based PC System: Microsoft Windows 10 Famille - X64 - (10.0.19043) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (21H1) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: Aspire A315-34 - Acer - IdNumber: NXHXDEF00502606B372N00 - UUID: 71731FC3-366E-4193-B7C8-FE8774EBBE38 Processor : Intel(R) Celeron(R) N4020 CPU @ 1.10GHz (GenuineIntel) - Clock Speed : 1101 - Socket : U3E1 - Stauts : OK BIOS : Insyde Corp. V1.07 - SN : NXHXDEF00502606B372N00 - Status : OK - Version : ACRSYS - 3 - PrimaryBios : True - CurrentLanguage : - OtherTargetOS : CoreTemp : 58 Celsius ----------| Quick ---------- | SoundDevice Realtek Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_10EC&DEV_0256&SUBSYS_10251360&REV_1000\4&1E184F1&0&0001 Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_8086&DEV_280D&SUBSYS_80860101&REV_1000\4&1E184F1&0&0201 ---------- | Video Intel(R) UHD Graphics 600 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_3185&SUBSYS_13601025&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) UHD Graphics 600 - DriverVersion: 27.20.100.8280 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 - Manufacturer: Microsoft Corporation - Status: OK ---------- | Memory Pagefile = Total (MB) : 7666 | Free (MB) : 3321 Virtual = Total (MB) : 4194 | Free (MB) : 3935 Physical Memory (MB) -------------------- Total: 3902 Available: 440 Cached: 423 Free: 365 System ------ Handles: 78445 Processes: 193 Threads: 2105 ---------- | Drives C:\ -> [Fixed] | [Acer] | Total : 118.13 Go | Free : 22.81 Go -> NTFS (SSD) Drive: 0 Cylinders: 15566 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 128035676160 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Volume License ---------- | Browsers IE : 11.0.19041.1202 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer ---------- | Security AV : Malwarebytes Disabled AS : FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 408 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.964) = C:\Windows\System32\smss.exe [17/05/2021 09:00:55] 548 | [Owner : Système | Parent : 488() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [20/03/2021 16:12:44] 932 | [Owner : Système | Parent : 488() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.1202) = C:\Windows\System32\wininit.exe [21/09/2021 08:21:48] 940 | [Owner : Système | Parent : 924() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [20/03/2021 16:12:44] 1004 | [Owner : Système | Parent : 932(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.928) = C:\Windows\System32\services.exe [18/04/2021 13:25:47] 276 | [Owner : Système | Parent : 924() | 9.22 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.1387) = C:\Windows\System32\winlogon.exe [17/12/2021 16:53:55] 468 | [Owner : Système | Parent : 932(wininit.exe) | 3.35 Mo] - (.Microsoft Corporation - Credential Guard & Key Guard.) - (10.0.19041.1466) = C:\Windows\System32\LsaIso.exe [13/01/2022 14:19:37] 572 | [Owner : Système | Parent : 932(wininit.exe) | 20.02 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.1266) = C:\Windows\System32\lsass.exe [17/10/2021 19:52:48] 692 | [Owner : UMFD-1 | Parent : 276(winlogon.exe) | 15.47 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1387) = C:\Windows\System32\fontdrvhost.exe [17/12/2021 16:53:54] 696 | [Owner : UMFD-0 | Parent : 932(wininit.exe) | 4.06 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1387) = C:\Windows\System32\fontdrvhost.exe [17/12/2021 16:53:54] 708 | [Owner : Système | Parent : 1004(services.exe) | 32.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 800 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 10.48 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19041.1466) = C:\Windows\System32\WUDFHost.exe [13/01/2022 14:19:35] 648 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 16.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1028 | [Owner : Système | Parent : 1004(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1144 | [Owner : DWM-1 | Parent : 276(winlogon.exe) | 107.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.746) = C:\Windows\System32\dwm.exe [20/03/2021 16:12:41] 1232 | [Owner : Système | Parent : 1004(services.exe) | 7.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1252 | [Owner : Système | Parent : 1004(services.exe) | 5.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1288 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1324 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 11.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1376 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 10.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1392 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 6.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1416 | [Owner : Système | Parent : 1004(services.exe) | 9.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1468 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 11.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1680 | [Owner : Système | Parent : 1004(services.exe) | 16.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1708 | [Owner : Système | Parent : 1004(services.exe) | 7.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1740 | [Owner : Système | Parent : 1004(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1756 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 22.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1832 | [Owner : Système | Parent : 1004(services.exe) | 9.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1880 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1972 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 9.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1984 | [Owner : Système | Parent : 1004(services.exe) | 14.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 1960 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2104 | [Owner : Système | Parent : 1004(services.exe) | 10.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2148 | [Owner : Système | Parent : 1004(services.exe) | 16.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2240 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2288 | [Owner : Système | Parent : 1004(services.exe) | 11.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2300 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 11.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2320 | [Owner : Système | Parent : 1004(services.exe) | 5.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2396 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 12.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2476 | [Owner : Système | Parent : 1004(services.exe) | 8.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2512 | [Owner : Système | Parent : 1004(services.exe) | 7.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2548 | [Owner : Système | Parent : 1004(services.exe) | 9.27 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.100.8280) = C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe [28/09/2020 08:54:19] 2572 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 10.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2596 | [Owner : SERVICE LOCAL | Parent : 2512(svchost.exe) | 12.49 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 10:08:37] 2612 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 9.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2632 | [Owner : Système | Parent : 1004(services.exe) | 7.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2824 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 8.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2884 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2908 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 10.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3020 | [Owner : Système | Parent : 1004(services.exe) | 9.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2588 | [Owner : Système | Parent : 1004(services.exe) | 6.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3128 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 13.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3168 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 22.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3200 | [Owner : Système | Parent : 1004(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3288 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 9.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3300 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 6.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3320 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 9.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3460 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3500 | [Owner : Système | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3544 | [Owner : Système | Parent : 1004(services.exe) | 6.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3584 | [Owner : Système | Parent : 1004(services.exe) | 18.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3640 | [Owner : Système | Parent : 1004(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3684 | [Owner : Système | Parent : 1004(services.exe) | 17.67 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.1415) = C:\Windows\System32\spoolsv.exe [17/12/2021 16:53:20] 3780 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 7.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3900 | [Owner : Système | Parent : 1004(services.exe) | 6.07 Mo] - (.Adobe Inc. - Adobe Acrobat Update Service.) - (1.824.45.8876) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [17/11/2021 23:40:34] 3912 | [Owner : Système | Parent : 1004(services.exe) | 10.26 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (7.6.0.52) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [23/09/2020 02:30:00] 3920 | [Owner : Système | Parent : 1004(services.exe) | 8.23 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (7.6.0.52) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [11/05/2018 10:50:54] 3928 | [Owner : Système | Parent : 1004(services.exe) | 7.58 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe [16/10/2019 13:34:30] 3956 | [Owner : Système | Parent : 1004(services.exe) | 7.51 Mo] - (.Apple Inc. - Bonjour Service.) - (2.0.2.0) = C:\Program Files (x86)\Bonjour\mDNSResponder.exe [18/05/2010 15:35:14] 3992 | [Owner : Système | Parent : 1004(services.exe) | 7.08 Mo] - (.Intel Corporation - Intel HD Graphics Drivers for Windows(R).) - (25.20.100.8280) = C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\IntelCpHDCPSvc.exe [28/09/2020 08:54:19] 4028 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 13.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4048 | [Owner : Système | Parent : 1004(services.exe) | 16.75 Mo] - (.- DCIService.exe.) - (3.0.2.12) = C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe [15/12/2021 21:07:26] 4064 | [Owner : Système | Parent : 1004(services.exe) | 34.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4084 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 19.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3576 | [Owner : Système | Parent : 1004(services.exe) | 19.18 Mo] - (.Intel Corporation - Intel® Graphics Command Center Service.) - (1.0.0.0) = C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe [28/09/2020 08:54:20] 3788 | [Owner : Système | Parent : 1004(services.exe) | 7.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4112 | [Owner : Système | Parent : 1004(services.exe) | 22.25 Mo] - (.Intel - IntelAudioService.) - (1.1.45.0) = C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe [22/05/2020 02:42:13] 4152 | [Owner : Système | Parent : 1004(services.exe) | 17.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4160 | [Owner : Système | Parent : 1004(services.exe) | 5.02 Mo] - (.Intel Corporation - Intel(R) Dynamic Tuning Service.) - (8.6.10401.9906) = C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe [16/10/2019 13:38:45] 4200 | [Owner : Système | Parent : 1004(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4248 | [Owner : SERVICE RÉSEAU | Parent : 1004(services.exe) | 10.7 Mo] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:34:24] 4268 | [Owner : Système | Parent : 1004(services.exe) | 5.27 Mo] - (.Qualcomm Technologies Inc. - Qualcomm Atheros Universal WLAN Driver Service.) - (1.0.0.1) = C:\Windows\System32\drivers\QcomWlanSrvx64.exe [16/10/2019 13:38:27] 4276 | [Owner : Système | Parent : 1004(services.exe) | 12.68 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.1.437.1) = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe [24/01/2022 09:39:33] 4284 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 6.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4344 | [Owner : Système | Parent : 1004(services.exe) | 5.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4368 | [Owner : Système | Parent : 1004(services.exe) | 39.3 Mo] - (.- SPWindowsService.) - (1.0.0.0) = C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [15/12/2021 21:07:06] 4392 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4488 | [Owner : Système | Parent : 1004(services.exe) | 21.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4584 | [Owner : Système | Parent : 1004(services.exe) | 10.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4632 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 5.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 4812 | [Owner : Système | Parent : 1004(services.exe) | 11.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 5112 | [Owner : Système | Parent : 708(svchost.exe) | 6.48 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.19041.1320) = C:\Windows\System32\wbem\unsecapp.exe [14/11/2021 10:46:49] 5696 | [Owner : nicol | Parent : 1984(svchost.exe) | 28.29 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe [20/03/2021 16:12:27] 3060 | [Owner : nicol | Parent : 1004(services.exe) | 31.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3276 | [Owner : nicol | Parent : 1004(services.exe) | 36.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 6184 | [Owner : Système | Parent : 1004(services.exe) | 21.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 6236 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 19.21 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9141) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [20/03/2021 16:00:04] 6356 | [Owner : nicol | Parent : 2548(igfxCUIService.exe) | 15.76 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.100.8280) = C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe [28/09/2020 08:54:19] 6404 | [Owner : nicol | Parent : 1680(svchost.exe) | 14.29 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe [18/04/2021 13:25:52] 6804 | [Owner : Système | Parent : 1004(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 6984 | [Owner : nicol | Parent : 6804(svchost.exe) | 19.5 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 10:09:00] 7028 | [Owner : Système | Parent : 1004(services.exe) | 17.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2052 | [Owner : nicol | Parent : 2316() | 123.3 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.1415) = C:\Windows\explorer.exe [17/12/2021 16:53:21] 6540 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 18.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2124 | [Owner : Système | Parent : 1004(services.exe) | 37.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 7328 | [Owner : nicol | Parent : 1004(services.exe) | 20.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 956 | [Owner : nicol | Parent : 708(svchost.exe) | 79.27 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [20/03/2021 16:12:34] 7896 | [Owner : nicol | Parent : 708(svchost.exe) | 25.07 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 8144 | [Owner : nicol | Parent : 708(svchost.exe) | 54.07 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.1387) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [17/12/2021 16:54:52] 7244 | [Owner : Système | Parent : 1004(services.exe) | 23.15 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.1387) = C:\Windows\System32\SearchIndexer.exe [17/12/2021 16:53:38] 8308 | [Owner : nicol | Parent : 708(svchost.exe) | 27.86 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 8460 | [Owner : nicol | Parent : 708(svchost.exe) | 54.32 Mo] - (.Microsoft Corporation -.) - (1.21121.250.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21121.250.0_x64__8wekyb3d8bbwe\YourPhone.exe [27/01/2022 13:52:10] 8752 | [Owner : nicol | Parent : 708(svchost.exe) | 9.55 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.1320) = C:\Windows\System32\SettingSyncHost.exe [14/11/2021 10:47:21] 9172 | [Owner : nicol | Parent : 708(svchost.exe) | 18.51 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 2784 | [Owner : nicol | Parent : 708(svchost.exe) | 44.19 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19041.1320) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [14/11/2021 10:47:47] 9036 | [Owner : nicol | Parent : 2052(explorer.exe) | 13.09 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe [07/12/2019 10:08:41] 9140 | [Owner : Système | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe [17/10/2021 19:52:46] 1508 | [Owner : nicol | Parent : 708(svchost.exe) | 26.66 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 8252 | [Owner : nicol | Parent : 2052(explorer.exe) | 13.8 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.1.437.1) = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe [24/01/2022 09:39:33] 9524 | [Owner : nicol | Parent : 2052(explorer.exe) | 74.19 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (22.2.103.4) = C:\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe [19/03/2021 01:25:28] 9780 | [Owner : nicol | Parent : 2052(explorer.exe) | 26.64 Mo] - (.Unified Intents AB - Unified Remote.) - (3.10.0.2467) = C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [23/03/2021 19:22:57] 10040 | [Owner : Système | Parent : 6328() | 0.77 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.36.121) = C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe [21/01/2022 19:18:32] 10060 | [Owner : nicol | Parent : 2052(explorer.exe) | 12.27 Mo] - (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 21.5.) - (21.5.20058.47888) = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [27/06/2021 07:22:42] 10112 | [Owner : nicol | Parent : 708(svchost.exe) | 25.72 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.1052) = C:\Windows\System32\smartscreen.exe [15/06/2021 20:52:47] 10200 | [Owner : nicol | Parent : 10060(AdobeCollabSync.exe) | 16.62 Mo] - (.Adobe Systems Incorporated - Adobe Collaboration Synchronizer 21.5.) - (21.5.20058.47888) = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [27/06/2021 07:22:42] 8992 | [Owner : nicol | Parent : 2052(explorer.exe) | 95.02 Mo] - (.Lavasoft - Web Companion.) - (8.9.0.371) = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [15/12/2021 21:07:06] 10000 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3740 | [Owner : Système | Parent : 1004(services.exe) | 12.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 2920 | [Owner : Système | Parent : 6328() | 0.49 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.36.121) = C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe [21/01/2022 19:18:32] 9088 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3696 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 8.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3336 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 9.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 10232 | [Owner : nicol | Parent : 2052(explorer.exe) | 70.03 Mo] - (.Intel Corporation - IGCCTray.) - (1.100.3407.0) = C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe [07/12/2021 10:46:01] 3344 | [Owner : Système | Parent : 1004(services.exe) | 10.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 6904 | [Owner : nicol | Parent : 2052(explorer.exe) | 78.73 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 6152 | [Owner : Système | Parent : 1004(services.exe) | 5.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 10568 | [Owner : nicol | Parent : 7000() | 9.28 Mo] - (.Adobe Systems Inc. - AcroTray.) - (21.5.20058.47888) = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [27/06/2021 07:22:40] 10620 | [Owner : nicol | Parent : 7000() | 21.22 Mo] - (.Wondershare - Wondershare Studio.) - (2.1.0.6) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [29/09/2021 08:29:54] 10720 | [Owner : nicol | Parent : 6904(Skype.exe) | 18.61 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 10928 | [Owner : nicol | Parent : 10704() | 298.29 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 11116 | [Owner : nicol | Parent : 6904(Skype.exe) | 53.33 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 11136 | [Owner : nicol | Parent : 6904(Skype.exe) | 29.11 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 10396 | [Owner : nicol | Parent : 708(svchost.exe) | 52.74 Mo] - (.Intel Corporation - IGCC.) - (1.100.3407.0) = C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\IGCC.exe [07/12/2021 10:46:01] 9340 | [Owner : nicol | Parent : 10928(firefox.exe) | 255.13 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 7780 | [Owner : nicol | Parent : 6904(Skype.exe) | 141.61 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 9764 | [Owner : nicol | Parent : 10928(firefox.exe) | 72.86 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 9292 | [Owner : nicol | Parent : 10928(firefox.exe) | 112.99 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 2580 | [Owner : nicol | Parent : 708(svchost.exe) | 9.8 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 10156 | [Owner : nicol | Parent : 1004(services.exe) | 20.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 3604 | [Owner : Système | Parent : 1004(services.exe) | 12.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 9720 | [Owner : nicol | Parent : 708(svchost.exe) | 52.47 Mo] - (.Microsoft Corporation -.) - (2001.22012.0.3920) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe [17/10/2021 19:53:30] 10600 | [Owner : nicol | Parent : 10928(firefox.exe) | 67.06 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 11328 | [Owner : nicol | Parent : 10928(firefox.exe) | 30.28 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 11336 | [Owner : nicol | Parent : 6904(Skype.exe) | 26.4 Mo] - (.Skype Technologies S.A. - Skype.) - (8.79.0.95) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe [14/12/2021 11:28:07] 11700 | [Owner : nicol | Parent : 708(svchost.exe) | 8.58 Mo] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.19041.746) = C:\Windows\System32\CompPkgSrv.exe [20/03/2021 16:12:04] 11780 | [Owner : Système | Parent : 1004(services.exe) | 21.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 11988 | [Owner : Système | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe [20/03/2021 16:13:24] 604 | [Owner : Système | Parent : 1004(services.exe) | 11.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 7452 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 6160 | [Owner : nicol | Parent : 10928(firefox.exe) | 130.02 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 6552 | [Owner : Système | Parent : 708(svchost.exe) | 9.62 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [20/03/2021 16:12:35] 11608 | [Owner : Système | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 10516 | [Owner : nicol | Parent : 708(svchost.exe) | 19.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 5508 | [Owner : nicol | Parent : 708(svchost.exe) | 62.83 Mo] - (.-.) - (1.21121.250.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21121.250.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe [27/01/2022 13:52:10] 7356 | [Owner : nicol | Parent : 708(svchost.exe) | 48.9 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe [20/03/2021 16:12:35] 10816 | [Owner : nicol | Parent : 708(svchost.exe) | 13.62 Mo] - (.-.) - (10.2103.8.0) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe [03/05/2021 16:52:25] 3668 | [Owner : nicol | Parent : 708(svchost.exe) | 6.81 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [20/03/2021 16:12:16] 1620 | [Owner : nicol | Parent : 708(svchost.exe) | 77.69 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.19041.1320) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [14/11/2021 10:47:56] 8592 | [Owner : nicol | Parent : 708(svchost.exe) | 9.42 Mo] - (.Microsoft Corporation - User OOBE Broker.) - (10.0.19041.746) = C:\Windows\System32\oobe\UserOOBEBroker.exe [20/03/2021 16:12:54] 3096 | [Owner : SERVICE LOCAL | Parent : 1004(services.exe) | 10.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 10500 | [Owner : nicol | Parent : 10928(firefox.exe) | 90.64 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 8828 | [Owner : nicol | Parent : 10928(firefox.exe) | 59.67 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 9900 | [Owner : nicol | Parent : 10928(firefox.exe) | 84.14 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 8376 | [Owner : nicol | Parent : 10928(firefox.exe) | 95.68 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 11512 | [Owner : Système | Parent : 1004(services.exe) | 12.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe [20/03/2021 16:12:43] 972 | [Owner : SERVICE LOCAL | Parent : 3128(svchost.exe) | 15.24 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.19041.1387) = C:\Windows\System32\audiodg.exe [17/12/2021 16:53:19] 2988 | [Owner : Système | Parent : 1004(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2111.5) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [16/12/2021 07:13:22] 6556 | [Owner : nicol | Parent : 708(svchost.exe) | 64.6 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.1387) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [17/12/2021 16:54:52] 7720 | [Owner : nicol | Parent : 708(svchost.exe) | 12.02 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [20/03/2021 16:12:43] 8608 | [Owner : nicol | Parent : 708(svchost.exe) | 76.08 Mo] - (.Microsoft Corporation - Windows Defender application.) - (10.0.19041.844) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe [20/03/2021 16:12:37] 7736 | [Owner : nicol | Parent : 708(svchost.exe) | 9.6 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [16/08/2021 19:49:52] 12240 | [Owner : nicol | Parent : 708(svchost.exe) | 7.78 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [16/08/2021 19:49:52] 4400 | [Owner : nicol | Parent : 10928(firefox.exe) | 64.08 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 8972 | [Owner : nicol | Parent : 10928(firefox.exe) | 31.74 Mo] - (.Mozilla Corporation - Firefox.) - (96.0.3.8061) = C:\Program Files\Mozilla Firefox\firefox.exe [30/01/2022 18:55:36] 4948 | [Owner : nicol | Parent : 10928(firefox.exe) | 55.55 Mo] - (.SosVirus - QuickDiag.) - (8.28.22.1) = C:\Users\nicol\Downloads\QuickDiag.exe [02/02/2022 14:46:29] 5920 | [Owner : SERVICE RÉSEAU | Parent : 708(svchost.exe) | 11.35 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [20/03/2021 16:13:05] ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\TextShaping.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (27.20.100.8280) -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igd10iumd64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (27.20.100.8280) -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igdgmm64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (27.20.100.8280) -- C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\igc64.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (..-..) - (14.0.7226.5000) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf (..-..) - (0.0.0.0) -- C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (2.0.2.0) -- C:\Program Files\Bonjour\mdnsNSP.dll (.The ICU Project.-.ICU Combined Library.) - (64.2.0.0) -- C:\Windows\System32\icu.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\system32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (2.0.2.0) -- C:\Program Files\Bonjour\mdnsNSP.dll (..-..) - (0.0.0.0) -- c:\windows\system32\TextShaping.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | Windows Installer Installations (Microsoft Corporation) Microsoft Office Professional Plus 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7fb.msi (Microsoft Corporation) Microsoft Office OneNote MUI (French) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7db.msi (Microsoft Corporation) Microsoft Office Office 32-bit Components 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7f4.msi (Microsoft Corporation) Microsoft Office Shared 32-bit MUI (French) 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7d7.msi (Microsoft Corporation) Microsoft Office InfoPath MUI (French) 2010 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\2b7df.msi (Microsoft Corporation) Microsoft Office Access MUI (French) 2010 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\2b7e5.msi (Microsoft Corporation) Microsoft Office Excel MUI (French) 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7a5.msi (Microsoft Corporation) Microsoft Office PowerPoint MUI (French) 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7aa.msi (Microsoft Corporation) Microsoft Office Publisher MUI (French) 2010 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\2b7ea.msi (Microsoft Corporation) Microsoft Office Outlook MUI (French) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7b7.msi (Microsoft Corporation) Microsoft Office Groove MUI (French) 2010 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\2b7b2.msi (Microsoft Corporation) Microsoft Office Word MUI (French) 2010 - Install. : 18/04/2021 - Package : C:\WINDOWS\Installer\2b7ef.msi (Microsoft Corporation) Microsoft Office Proofing (French) 2010 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\2b7d3.msi (Microsoft Corporation) Microsoft Office Shared MUI (French) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7a1.msi (Microsoft Corporation) Microsoft Office Proof (Arabic) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7cf.msi (Microsoft Corporation) Microsoft Office Proof (Dutch) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7bb.msi (Microsoft Corporation) Microsoft Office Proof (German) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7bf.msi (Microsoft Corporation) Microsoft Office Proof (English) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7cb.msi (Microsoft Corporation) Microsoft Office Proof (Spanish) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7c3.msi (Microsoft Corporation) Microsoft Office Proof (French) 2010 - Install. : 22/03/2021 - Package : C:\WINDOWS\Installer\2b7c7.msi (Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 - Install. : 19/03/2021 - Package : c:\WINDOWS\Installer\130d02.msi (Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 - Install. : 19/03/2021 - Package : c:\WINDOWS\Installer\130cfa.msi (Microsoft Corporation) Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\64f407f.msi (Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\64f4083.msi (Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.25.28508 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\65cd8a6.msi (Microsoft Corporation) Contrôle d’intégrité du PC Windows - Install. : 27/10/2021 - Package : C:\WINDOWS\Installer\72d5a.msi (Microsoft Corporation) Microsoft Visual C++ 2019 X86 Additional Runtime - 14.25.28508 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\65cd899.msi (Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Install. : 19/03/2021 - Package : c:\WINDOWS\Installer\130d59.msi (Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\64f407b.msi (Adobe Systems Incorporated) Adobe Acrobat DC - Install. : 21/07/2021 - Package : C:\WINDOWS\Installer\4722d78.msi (Adobe Systems Incorporated) Adobe Refresh Manager - Install. : 08/01/2022 - Package : C:\WINDOWS\Installer\14363be9.msi (Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA - Install. : 19/03/2021 - Package : c:\WINDOWS\Installer\130d7a.msi (Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - Install. : 01/04/2021 - Package : c:\WINDOWS\Installer\74adf53.msi (Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\64f4077.msi (Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - Install. : 30/03/2021 - Package : c:\WINDOWS\Installer\2938c5d6.msi (Microsoft Corporation) Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.25.28508 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\65cd8a2.msi (Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 - Install. : 05/04/2021 - Package : C:\WINDOWS\Installer\1bfc2feb.msi (Microsoft Corporation) Microsoft Update Health Tools - Install. : 06/10/2021 - Package : C:\WINDOWS\Installer\4bff3cdd.msi (Ciel) Ciel Auto-entrepreneur Premium 6.1 - Install. : 19/03/2021 - Package : C:\WINDOWS\Installer\6d8b1.msi (Microsoft Corporation) Windows Subsystem for Linux Update - Install. : 27/01/2022 - Package : C:\WINDOWS\Installer\9271413.msi (Apple Inc.) Bonjour - Install. : 30/03/2021 - Package : C:\WINDOWS\Installer\2938c5dc.msi (Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 - Install. : 05/04/2021 - Package : C:\WINDOWS\Installer\1bfc2fe3.msi (Microsoft Corporation) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 - Install. : 05/04/2021 - Package : C:\WINDOWS\Installer\1bfc2fe7.msi (Microsoft Corporation) Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.25.28508 - Install. : 23/03/2021 - Package : C:\WINDOWS\Installer\65cd885.msi (Microsoft Corporation) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 - Install. : 05/04/2021 - Package : C:\WINDOWS\Installer\1bfc2fdf.msi ---------- | Windows Updates KB5008876 - Installed On : 01/14/2022 - [Update] KB4562830 - Installed On : 03/20/2021 - [Update] KB4577586 - Installed On : 04/01/2021 - [Update] KB4580325 - Installed On : 03/22/2021 - [Security Update] KB4589212 - Installed On : 04/12/2021 - [Update] KB5000736 - Installed On : 09/21/2021 - [Update] KB5009543 - Installed On : 01/14/2022 - [Security Update] KB5006753 - Installed On : 11/14/2021 - [Update] KB5007273 - Installed On : 12/17/2021 - [Update] KB5005699 - Installed On : 09/21/2021 - [Security Update] ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDrive] : "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Unified Remote V3] : "C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Adobe Acrobat Synchronizer] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[btweb] : "C:\Users\nicol\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Web Companion] : C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CCleaner Smart Cleaning] : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SecurityHealth] : %windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[RtkAudUService] : "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe" -background [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[BCSSync] : "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[AdobeGCInvoker-1.0] : "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[AdobeAAMUpdater-1.0] : "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Unified Remote V3"="C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe" "Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" "btweb"="C:\Users\nicol\AppData\Roaming\BitTorrent Web\btweb.exe" /MINIMIZED "Web Companion"=C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "OneDrive"=0x020000000000000000000000 "Unified Remote V3"=0x020000000000000000000000 "Adobe Acrobat Synchronizer"=0x020000000000000000000000 "btweb"=0x020000000000000000000000 "Web Companion"=0x020000000000000000000000 "Docker Desktop"=0x000000000000000000000000 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=cmd\1 "MRUList"=a [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Canon MG4200 series Printer,winspool,Ne05: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 "MenuDropAlignment"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtkAudUService"="C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe" -background "BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" "AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 "RtkAudUService"=0x020000000000000000000000 "BCSSync"=0x020000000000000000000000 "AdobeGCInvoker-1.0"=0x020000000000000000000000 "AdobeAAMUpdater-1.0"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "Acrobat Assistant 8.0"=0x020000000000000000000000 ""=0x020000000000000000000000 "Wondershare Helper Compact.exe"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D808802F092099 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" ""= "Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [29/09/2021 08:29:54] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List Adobe Acrobat Update Task AdobeGCInvoker-1.0 App Explorer S CCleaner Update CCleanerSkipUAC - nicol GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA MicrosoftEdgeUpdateTaskMachineCore1d71d9e455f9f3 MicrosoftEdgeUpdateTaskMachineUA OneDrive Reporting Task-S-1-5-21-3117338434-2494139373-3240853406-1001 OneDrive Standalone Update Task-S-1-5-21-3117338434-2494139373-3240853406-1001 OneDrive Standalone Update Task-S-1-5-21-3117338434-2494139373-3240853406-500 Opera scheduled Autoupdate 1643806990 User_Feed_Synchronization-{683053BD-CF41-4741-8F1E-EEBFA98EF2F5} ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN HYPERVISORLAUNCHTYPE=AUTO NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=3 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [14/09/2020 20:07:39] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=572 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=715d2c62-6658-4c3b-8341-9a95b11 "GlassSessionId"=1 ---------- | .LNK with Arguments C:\oem\Preload\Weblinks\Booking.com.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Args: ("hxxps://s3.amazonaws.com/amundsen/redirect/19q2/booking.html?utm_source=smode&utm_medium=taskbar") - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\nicol\AppData\Roaming\Mozilla\Firefox\Fond d’écran.bmp [19/03/2021 13:37:16] "WallpaperStyle"=0 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=3200 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100B6242E00B004000076020000F1347EB13FBFD70143003A005C00550073006500720073005C006E00690063006F006C005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006F007A0069006C006C0061005C00460069007200650066006F0078005C0046006F006E006400200064001920E9006300720061006E002E0062006D0070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "LockScreenAutoLockActive"=0 "EnablePerProcessSystemDPI"=0 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExcludedFromStableAnaheimDownloadPromotionSL"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0xD15C59A677BF0A43A45218696685F7C7AE0A0000550F3DCB2CBC1A4C85ED23ED75B5106B4C100000BD0E0C47735D584D9CEDE91E22E23282CE0A00000114020000000000C000000000000046830C00003673466C8182604E8204430CED96822DA7350000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=672 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "FirstRunTelemetryComplete"=1 "Browse For Folder Width"=404 "Browse For Folder Height"=354 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "StoreAppsOnTaskbar"=1 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0x50C1F26100000000 "ShowCortanaButton"=0 "ReindexedProfile"=1 "StartMigratedBrowserPin"=1 "ShowTaskViewButton"=0 [HKLM\Software\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=37 "SmartScreenEnabled"=Off [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "EnableSmartScreen"=0 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=58 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19043 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x23E86B5701000200040124043DCE1F0078E9380078E93800D200000002002600F12731E5A6CF9B01D26A3B00D5AA0C000A0A0A00A0E401000000000000000000CE690A0050A63200F9EB0000BD1B0000CDCA50453B18D8013DCE1F0000000000010000003DCE1F00624A0000232400003BF83A0000000000 "DP"=0xD200E800BA0102000401000023E86B577D60350000000000D072EFA53918D801205DE6803118D801E7602F000000000000000000000000000000000000000000FAB325000000000000000000000000001F00000000000000000000000000F03F80510100336900C0318B4A70718F4A716E4E00004232C9024232F90240F900000019A30200DDA702AE03008008310B0C08710B0CF9BE0080955D456ED55DC56EFD270180142093141520D314CBF5008050E0E80552E0E847186D00C0068101120681991234DC008029400A0429404E0493E7008040958011E09580191E9E00C02110220925382A09 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=572327985935 "ShutdownFlags"=2147483687 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-3117338434-2494139373-3240853406-1001 "LastUsedUsername"=nicol [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\WINDOWS\system32\userinit.exe [07/12/2019 10:08:49] ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command] ""="C:\Users\nicol\AppData\Local\Programs\Opera\Launcher.exe" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo] "ReinstallCommand"="C:\Users\nicol\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [21/09/2021 08:22:34] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [21/09/2021 08:22:34] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\nicol\AppData\Local\Programs\Opera\Launcher.exe"=32 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000308104009156050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.030.0211.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068BF0600235C070001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000C02E1E0052EB1E0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000 "C:\Users\nicol\Downloads\winrar-x64-600fr.exe"=0x5341435001000000000000000700000028000000C85F3400277B340001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000D83F0000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000301E2800E3AD280001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000001CB9B601000000005700000057000000 "C:\Users\nicol\Downloads\ciel-autoentrepreneur-500.exe"=0x5341435001000000000000000700000028000000EF93520281D1120001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000051C80000000000000100000001000000 "SIGN.MEDIA=D181B Setup.exe"=0x5341435001000000000000000700000028000000508C06000EA8060001000000000000000000000A00210000631F6E6F0EDED40100000090000000000200000028000000000000000000000000000000000000000000000000000000F98D0300000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000780BA201D714A20101000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D2FC0600000000000100000001000000 "C:\Program Files (x86)\Ciel\Professionnel indépendant\WPI.exe"=0x5341435001000000000000000700000028000000008A1100000000000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000000001000000000000000000000000000006729F21C000000007F0000007F000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x534143500100000000000000070000002800000070EDB000A85FB10001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006C160200000000000200000002000000 "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"=0x534143500100000000000000070000002800000018016300238D630001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000004000000000000000000000000000000F7530100000000000600000006000000 "C:\Users\nicol\Downloads\suite-microsoft-office-2007-sp2_suite_microsoft_office_2007_sp2_francais_284216.exe"=0x534143500100000000000000070000002800000028BB04136EF8041301000000000000000000000671020000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000005000000000000000000000000000000000C1260000000000000100000001000000 "C:\Users\nicol\Downloads\office2007sp3-kb2526086-fullfile-fr-fr.exe"=0x534143500100000000000000070000002800000000AC0E17E4CD0E1701000000000000000000010671020000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000500000000000000000000000000000000001270000000000000100000001000000 "C:\Users\nicol\Downloads\microsoft_office_starter_2010_fr.exe"=0x5341435001000000000000000700000028000000B8E91800E0F3180001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000465F0000000000000100000001000000 "C:\Users\nicol\Downloads\microsoft_office_starter_2010_fr(1).exe"=0x5341435001000000000000000700000028000000B8E91800E0F3180001000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000B5AD0000000000000100000001000000 "C:\Users\nicol\Downloads\patch_office2010_windows10_kb2598285.exe"=0x534143500100000000000000070000002800000080829001BC64910101000000000000000000010671020000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000CEA10000000000000100000001000000 "C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe"=0x5341435001000000000000000700000028000000006205000000000001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000009440F701000000004200000042000000 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE"=0x5341435001000000000000000700000028000000E8F23000906B310001000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000023CC0800000000000100000001000000 "C:\Users\nicol\Downloads\powerpointloc2010-kb2965234-fullfile-x64-glb.exe"=0x53414350010000000000000007000000280000008095C1025BADC10201000000000000000000010671020000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000068280000000000000100000001000000 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHBS.EXE"=0x534143500100000000000000070000002800000090CE050013B6060001000000000000000000010600010000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000C98E0200000000000100000001000000 "C:\Users\nicol\Desktop\MICROSOFT OFFICE 2010 VF 64\setup.exe"=0x534143500100000000000000070000002800000078051500D62A150001000000000000000000010600210000631F6E6F0EDED40100000000000000000200000028000000000000000000005000000000000000000000000000000000C95C0600000000000100000001000000 "C:\Users\nicol\Downloads\readerdc_fr_xa_crd_install.exe"=0x5341435001000000000000000700000028000000D0F612009FE2130001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000013D00300000000000100000001000000 "C:\Users\nicol\Downloads\FileZilla_Server-0_9_60_2.exe"=0x5341435001000000000000000700000028000000C0322200F9EB220001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000EE720000000000000100000001000000 "C:\Users\nicol\Downloads\FileZilla_3.53.0_win64_sponsored-setup.exe"=0x534143500100000000000000070000002800000088B7D8008278D90001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000027C20000000000000100000001000000 "C:\Program Files (x86)\FileZilla Server\Uninstall.exe"=0x5341435001000000000000000700000028000000C3CC0000F9EB220001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000059280000000000000100000001000000 "SIGN.MEDIA=2975322 LWPIAP610\Install.exe"=0x5341435001000000000000000700000028000000FE119702DB00130001000000000000000000020600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000065A80000000000000100000001000000 "C:\Users\nicol\Downloads\VdhCoAppSetup-1.6.1.exe"=0x5341435001000000000000000700000028000000402EA502C477A50201000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000085520000000000000200000002000000 "C:\Users\nicol\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000060E61300B497140001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000000FC60000000000000100000001000000 "C:\Users\nicol\Downloads\Zoom_cm_fo42lnktZ9vvrZo4_mtMv-i-fzv4ZwI4mpNT8t5krBFxQinLkD4-n9@leI8KYMPcUR7E9rx_ke31a9530365770e9_.exe"=0x5341435001000000000000000700000028000000584501008830020001000000000000000000000A7120000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000A8050100000000000100000001000000 "C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B004210076B221000100000000000000000001060001000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Roaming\Zoom\bin\Zoom.exe"=0x5341435001000000000000000700000028000000F002040002EA040001000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000005FD96800000000000700000007000000 "C:\Users\nicol\Desktop\PCRemoteReceiverSetup_7_1_0.exe"=0x5341435001000000000000000700000028000000D6ADB9020000000001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000C2560500000000000100000001000000 "C:\Program Files (x86)\PC Remote Receiver\uninst.exe"=0x5341435001000000000000000700000028000000EAAD02000000000001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000E02E0000000000000100000001000000 "C:\Users\nicol\Downloads\ServerSetup-3.10.0.2467.exe"=0x5341435001000000000000000700000028000000E80B4602DC68460201000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000002F1CA901000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D0C217002883180001000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000008A370000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000088CD6C055FD06C0501000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000010000000000000000000000000000000000B11C608000000002700000027000000 "C:\Users\nicol\Downloads\MAMP_MAMP_PRO_4.2.0.exe"=0x5341435001000000000000000700000028000000E049A51CD09CA51C01000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F2B00300000000000100000001000000 "C:\MAMP\MAMP.exe"=0x534143500100000000000000070000002800000078C41400F8A7150001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000077CA5C01000000000B0000000B000000 "C:\MAMPPRO\MAMPPRO.exe"=0x534143500100000000000000070000002800000078F622004EBF230001000000000000000000000A7122000050BB64EDDDACD5010000000000000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.052.0314.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078C70600A1F7060001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Downloads\Sublime Text Build 3211 x64 Setup.exe"=0x5341435001000000000000000700000028000000F0CBA6002785A70001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D2890000000000000200000002000000 "C:\Program Files\Sublime Text 3\sublime_text.exe"=0x534143500100000000000000070000002800000090AF7F00A7C37F0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000DCD67C00000000000D0000000D000000 "C:\MAMP\unins000.exe"=0x5341435001000000000000000700000028000000A8CA2900AA512A0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000E1EC0000000000000100000001000000 "C:\Program Files\Sublime Text 3\unins000.exe"=0x5341435001000000000000000700000028000000902712004B16130001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000561E0000000000000100000001000000 "C:\Users\nicol\Downloads\bluegriffon-3.1.win-x86_64.exe"=0x5341435001000000000000000700000028000000137BCE0F0000000001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000B93E1500000000000200000002000000 "C:\Users\nicol\Downloads\MobiriseSetup.exe"=0x534143500100000000000000070000002800000008370A0046320B0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000222B0100000000000100000001000000 "C:\Program Files (x86)\Mobirise\Mobirise.exe"=0x5341435001000000000000000700000028000000909A5D06F70C5E0601000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Mobirise\Uninstall Mobirise.exe"=0x5341435001000000000000000700000028000000F8690200C8AE020001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000059130000000000000100000001000000 "C:\Program Files\BlueGriffon\unins000.exe"=0x5341435001000000000000000700000028000000213C0D000000000001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000008E120000000000000100000001000000 "C:\Users\nicol\Downloads\openElement.exe"=0x53414350010000000000000007000000280000002806CE03D629CE0301000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000BA3E0100000000000100000001000000 "C:\Program Files (x86)\openElement\openElement 1.57 R9\openElement.exe"=0x5341435001000000000000000700000028000000D0A6BF007150C00001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000042930B00000000000100000001000000 "C:\Users\nicol\Downloads\nvu-1.0-win32-installer-full.exe"=0x5341435001000000000000000700000028000000202469000000000001000000000000000000000A4120000050BB64EDDDACD50100000000000000000200000028000000000000000008004000000000000000000000000000000000FF240600000000000100000001000000 "C:\Program Files (x86)\Nvu\unins000.exe"=0x53414350010000000000000007000000280000000A9D0B000000000001000000000000000000000A4120000050BB64EDDDACD50100000000000000000200000028000000000000000008004000000000000000000000000000000000EA220000000000000100000001000000 "C:\Users\nicol\Downloads\local-5.10.3-windows.exe"=0x53414350010000000000000007000000280000009011461C21F4461C01000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000E7B60100000000000100000001000000 "C:\Program Files\Microsoft Office\Office14\OIS.EXE"=0x534143500100000000000000070000002800000048960400114905000100000000000000000002067322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000FD310000000000000200000002000000 "C:\Users\nicol\Downloads\KeyManagementServiceHost_fr-fr.exe"=0x5341435001000000000000000700000028000000A8790E000BBB05000100000000000000000001067102000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000082770000000000000100000001000000 "C:\Users\nicol\Desktop\Ratiborus KMS Tools 10.02.2021_TrucNet.com\KMS Tools Unpack.exe"=0x5341435001000000000000000700000028000000007C52030000000001000000000000000000000A7122000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000492D0000000000000100000001000000 "C:\Users\nicol\Desktop\Ratiborus KMS Tools 10.02.2021_TrucNet.com\KMSTools.exe"=0x5341435001000000000000000700000028000000B09948035F90490301000000000000000000000A7122000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000B1080200000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.062.0328.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070890700E2DC070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"=0x53414350010000000000000007000000280000007858A601A0AFA6010100000000000000000001060001000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Desktop\IT6DSETWin_2230FR\Setup64.exe"=0x5341435001000000000000000700000028000000C0F31500363E160001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000C22F0500000000000400000004000000 "C:\Users\nicol\Desktop\IT6DSETWin_2230FR\SetupSub\UinsExec.exe"=0x53414350010000000000000007000000280000006019010014A101000100000000000000000002067102000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003E000000000000000100000001000000 "C:\Users\nicol\Desktop\IT6DSETWin_2230FR\Setup.exe"=0x5341435001000000000000000700000028000000C0D70F006624100001000000000000000000000A0021000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008D000000000000000100000001000000 "C:\Users\nicol\Desktop\BHC360iDCAWin_150MU\setup.exe"=0x5341435001000000000000000700000028000000C05E5602AE66560201000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000BD431100000000000200000002000000 "C:\Program Files\KONICA MINOLTA\PrinterDrivers\BHC750i_BHC650i_BHC360i_BHC287i_BHC286i_BHC4050i_BHC4000i_BHC3320i\Setup64.exe"=0x5341435001000000000000000700000028000000C0F31500363E160001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000036740000000000000100000001000000 "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"=0x534143500100000000000000070000002800000070DE1500A51116000100000000000000000001060001000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.073.0411.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078890700F37F080001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3325.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe"=0x5341435001000000000000000700000028000000006A05000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000797B4901000000003900000039000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000788B0700B2FA070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.099.0516.0003\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000688B0700009F070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000E01030000C89300001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000100000000000000000000000000000000056D37800000000001700000017000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000080DF8D062D058E0601000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000100000000000000000000000000000000087E44B11000000000D0000000D000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.109.0530.0001\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000789B070044B2070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Programs\Local\Local.exe"=0x5341435001000000000000000700000028000000285DCA06DBBACA0601000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\nicol\Downloads\MediaCreationTool21H1.exe"=0x534143500100000000000000070000002800000018FD28018008290101000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000004826D200000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.119.0613.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000080A70700C37C080001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Downloads\readerdc_fr_xa_acr_install.exe"=0x5341435001000000000000000700000028000000F8041300AD45130001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000DB0D0000000000000100000001000000 "C:\Users\nicol\Desktop\Adobe Acrobat Pro DC 2021.005.20054_TrucNet.com\Acrobat_DC_Web_WWMUI.exe"=0x5341435001000000000000000700000028000000207211220626122201000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000500000000000000000000040000000000000000000000000000000002577030000000000010000000100000000000000000000000000000000000000000000000000000072C70100000000000100000000000000 "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeCleanUpUtility.exe"=0x5341435001000000000000000700000028000000C8240C0020E80C0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000DE4B0000000000000100000001000000 "C:\Users\nicol\Desktop\adobe.snr.patch.v2.0-painter.exe"=0x5341435001000000000000000700000028000000002E09000000000001000000000000000000000A0021000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000062C60900000000000200000002000000 "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"=0x5341435001000000000000000700000028000000E0D25000D720510001000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000009D08A106000000000400000004000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000687B090032F9090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000E0F03900DE863A0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000005B8E4E2E000000000601000006010000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000068AFCB06F6EACB0601000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000E578AE0F000000000800000008000000 "C:\Users\nicol\Desktop\Adobe Acrobat Pro DC 2021.005.20058_TrucNet.com\Acrobat_DC_Web_WWMUI.exe"=0x5341435001000000000000000700000028000000207211220626122201000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003B9C3900000000000200000002000000 "SIGN.MEDIA=56BCBE0 LogbookFactory\Logbook Factory.exe"=0x534143500100000000000000070000002800000065511600000000000100000000000000000001067100000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000B3EB0100000000000400000004000000 "C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe"=0x5341435001000000000000000700000028000000007005000000000001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003A0AC401000000005600000056000000 "C:\Users\nicol\Desktop\LogbookFactory\Logbook Factory.exe"=0x534143500100000000000000070000002800000065511600000000000100000000000000000001067100000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000030911B00000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileSyncConfig.exe"=0x53414350010000000000000007000000280000008075090045E2090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Downloads\FreeScreenVideoRecorder_3.0.50.708_r.exe"=0x5341435001000000000000000700000028000000D8411102BAA5110201000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000BF670400000000000100000001000000 "C:\Users\nicol\Downloads\bbflbk5.exe"=0x5341435001000000000000000700000028000000A0D79D018AB59E0101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000068DA0C00000000000100000001000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02009295020001000000010000000000000A6122000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Blueberry Software\FlashBack Pro 5\uninstall.exe"=0x534143500100000000000000070000002800000048740400D62E050001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000A0360000000000000100000001000000 "C:\Program Files (x86)\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe"=0x5341435001000000000000000700000028000000401724005971240001000000000000000000000A7122000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000939C0C00000000000200000002000000 "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"=0x5341435001000000000000000700000028000000408D060010B9060003000000000000000000000A7122000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000000C250000000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.150.0725.0001\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068810900284F0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.75.140.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000078C5CB06A33BCC0601000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000626C3708000000001100000011000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.160.0808.0001\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000808F09007B6E0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.160.0808.0002\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000808F09005D90090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "SIGN.MEDIA=5F120396 ClickShare_for_Windows.exe"=0x5341435001000000000000000700000028000000803ABE00C7E2BE0001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000000112702000000000800000008000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.170.0822.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078B50900B6220A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Downloads\Luniistore-2.0.3-64bits-setup.exe"=0x534143500100000000000000070000002800000020115C037EE25C0301000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000007CDB0000000000000100000001000000 "C:\Program Files\Luniistore\Luniistore.exe"=0x5341435001000000000000000700000028000000004C01000000000001000000000000000000000A7320000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000006FF51D00000000000200000002000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.180.0905.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000070A90900B1100A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerLauncher.exe"=0x5341435001000000000000000700000028000000887000009826010001000000000000000000000A7522000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000013210700000000000100000001000000 "C:\Program Files\MySQL\MySQL Shell 8.0\bin\mysqlsh.exe"=0x53414350010000000000000007000000280000000018FB010000000001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000005F1F0000000000000100000001000000 "C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe"=0x534143500100000000000000070000002800000000CE07000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000090520100000000000100000001000000 "C:\Users\nicol\Downloads\pdf-password-remover_full2331.exe"=0x534143500100000000000000070000002800000008269F00E0829F000100000000000000000001060001000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Wondershare\PDFPasswordRemover\unins000.exe"=0x5341435001000000000000000700000028000000636C1700000000000100000000000000000001060001000050BB64EDDDACD50100000000000000000200000050000000000000000000000000000000000000000000000000000000483D00000000000002000000020000000000000000000040001202000000000000000000000000004C2A0000000000000200000000000000 "C:\Users\nicol\Downloads\pdf-password-recovery.exe"=0x5341435001000000000000000700000028000000EDF27C000000000001000000000000000000000A4120000050BB64EDDDACD5010000000000000000020000002800000000000000000800400000000000000000000000000000000071660200000000000100000001000000 "C:\Program Files (x86)\iSeePasswordDr.PDF\unins000.exe"=0x5341435001000000000000000700000028000000C92D0100000000000300000000000000000001054120000050BB64EDDDACD501000000000000000002000000280000000000000000080000000000000000000000000000000000009B150000000000000100000001000000 "C:\Users\nicol\Downloads\a-pdf-rr.exe"=0x5341435001000000000000000700000028000000D89A3A00C5353B000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000000F090200000000000100000001000000 "C:\Program Files (x86)\A-PDF Restrictions Remover\PdfRR.exe"=0x5341435001000000000000000700000028000000000234000000000001000000000000000000000A6120000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000001A0D0100000000000100000001000000 "C:\Program Files (x86)\A-PDF Restrictions Remover\unins000.exe"=0x5341435001000000000000000700000028000000F5FD0A00000000000300000000000000000001060001000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D1190000000000000100000001000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000B02E0075F32E0001000000010000000000000A7322000050BB64EDDDACD5010000000000000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.196.0921.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068B909002C4B0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\Downloads\KMSpico_setup.exe"=0x5341435001000000000000000700000028000000F046310050D931000100000000000000000003060001000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000FC600000000000000200000002000000 "C:\Program Files\KMSpico\UninsHs.exe"=0x534143500100000000000000070000002800000000760000000000000100000000000000000000067120000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000000000000000000000000000000003240000000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.205.1003.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000080BF0900FBA30A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.205.1003.0003\Microsoft.SharePoint.exe"=0x5341435001000000000000000700000028000000800F0B005BFF0B0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000153B0000000000000800000008000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x53414350010000000000000007000000280000006881CB06182ECC0601000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.205.1003.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078BF090060CF090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.205.1003.0005\Microsoft.SharePoint.exe"=0x5341435001000000000000000700000028000000780F0B002EE80B0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000091290000000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078BB090004430A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x53414350010000000000000007000000280000008081CB066BB2CB0601000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000273A7700000000000300000003000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\Microsoft.SharePoint.exe"=0x5341435001000000000000000700000028000000788F0E002BE30E0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000BDC30000000000001000000010000000 "C:\Program Files\Microsoft Office\Office14\MSPUB.EXE"=0x53414350010000000000000007000000280000007857C3000E81C3000100000000000000000001060001000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068C10900A94D0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.230.1107.0004\Microsoft.SharePoint.exe"=0x534143500100000000000000070000002800000078950E0084F30E0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000039080100000000001600000016000000 "C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe"=0x5341435001000000000000000700000028000000007205000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000068CBAD01000000002300000023000000 "C:\Users\nicol\Downloads\btweb_installer.exe"=0x534143500100000000000000070000002800000050614801AFDE480101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000095D60E00000000000100000001000000 "C:\Users\nicol\AppData\Roaming\BitTorrent Web\btweb.exe"=0x534143500100000000000000070000002800000020745B00B0CF5B0001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000090E90B00000000000200000002000000 "C:\Program Files\Avast Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000018310401815B040101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000028700800000000000100000001000000 "C:\Program Files\Avast Software\Avast\setup\instup.exe"=0x5341435001000000000000000700000028000000486935000000000001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000004EF0000000000000200000002000000 "C:\Users\nicol\AppData\Roaming\BitTorrent Web\Uninstall.exe"=0x5341435001000000000000000700000028000000783E04002C68040001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000001000000000000000000000000000000000D7540000000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x5341435001000000000000000700000028000000A0E9AF060D3BB00601000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000010000000000000000000000000000000000E784533000000000F0000000F000000 "C:\Users\nicol\Downloads\audacity-win-3.1.2-64bit.exe"=0x5341435001000000000000000700000028000000407712022C4B130201000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000004CAF9101000000000100000001000000 "C:\Users\nicol\Downloads\droidkit-fr-setup.exe"=0x5341435001000000000000000700000028000000C0B68A0000478B000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000005BA6EF01000000000100000001000000 "C:\Program Files (x86)\iMobie\DroidKit\uninstall.exe"=0x534143500100000000000000070000002800000028A0160004A916000100000000000000000001060001000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000D843DB01000000000100000001000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000068570A00507C0A0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\21.245.1128.0002\Microsoft.SharePoint.exe"=0x5341435001000000000000000700000028000000A0470F000ED70F0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000FC460000000000000B0000000B000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000685BF402090AF50201000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\nicol\AppData\Local\Microsoft\OneDrive\22.002.0103.0004\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0870A00AA290B0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Local\Local.exe"=0x5341435001000000000000000700000028000000607ECA06AC01CB0601000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000065031426000000001A0000001A000000 "C:\Users\nicol\Downloads\DevKinsta.exe"=0x534143500100000000000000070000002800000030786B043E5F6C0401000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000105B0000000000000200000002000000 "C:\Program Files\DevKinsta\DevKinsta.exe"=0x5341435001000000000000000700000028000000D8C66308857C640801000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000089111600000000000300000003000000 "C:\Users\nicol\Downloads\Docker Desktop Installer.exe"=0x5341435001000000000000000700000028000000906BA51E3325A61E01000000000000000000000A6322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000086D21300000000000100000001000000 "C:\Program Files\Docker\Docker\Docker Desktop.exe"=0x534143500100000000000000070000002800000070CF690015F4690001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000002A060000000000000200000002000000 "C:\Program Files\DevKinsta\Uninstall DevKinsta.exe"=0x5341435001000000000000000700000028000000908E040057E9040001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000027380000000000000100000001000000 "C:\Program Files\Docker\Docker\Docker Desktop Installer.exe"=0x534143500100000000000000070000002800000090A96D0063056E0001000000000000000000000A6322000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000006F4D0100000000000100000001000000 "C:\Program Files\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000583326005645260001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D0F2A824000000000A0000000A000000 "C:\Program Files\FileZilla FTP Client\filezilla.exe"=0x534143500100000000000000070000002800000028663A009E603B0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000002C60600000000000200000002000000 "C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"=0x534143500100000000000000070000002800000050D901007C4202000100000000000000000001067322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000046CAE50F000000000200000002000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000B83B090003A2090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x5341435001000000000000000700000028000000884D3400559C340001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000050000000000000000000001000000000000000000000000000000000B80B0000000000000900000009000000000000000000000000000000000000000000000000000000E8566D00000000000100000000000000 "C:\Users\nicol\Downloads\MBSetup.exe"=0x5341435001000000000000000700000028000000B86E2C00D9D02C0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000055E71000000000000100000001000000 "C:\Users\nicol\Downloads\ccsetup589.exe"=0x5341435001000000000000000700000028000000100D2E028C0B2F0201000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000B0B43A00000000000100000001000000 "C:\Users\nicol\Downloads\OperaSetup.exe"=0x5341435001000000000000000700000028000000D096280043B2280001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000000AF1D00000000000100000001000000 "C:\Users\nicol\AppData\Local\Programs\Opera\launcher.exe"=0x5341435001000000000000000700000028000000D09C23000899240001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000AAF50000000000000100000001000000 "C:\Users\nicol\Downloads\Clean_Dns.exe"=0x5341435001000000000000000700000028000000F0DA3100DA34320001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000074070300000000000200000002000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000B8B014001224150001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000098060000000000000200000002000000 "C:\Users\nicol\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000F0444500FEBC450001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132607280624397783 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "DisableAntiSpyware"=0 "TrustedImageIdentifier"=POP01S0071X8JC03-PAP010UC71X84C61 "ProductType"=2 "InstallTime"=0xC0ADE507541CD701 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\ "ManagedDefenderProductType"=0 "OOBEInstallTime"=0xD0059ED29E1DD701 "ProductStatus"=0 "DisableAntiVirus"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0 "PUAProtection"=1 "LastEnabledTime"=0x43DB37143B18D801 "IsServiceRunning"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts # MAMP PRO hosts section START---------- 127.0.0.1 localhost # MAMP PRO hosts section END ---------- # Added by Docker Desktop 192.168.43.76 host.docker.internal 192.168.43.76 gateway.docker.internal [45] More lines ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.213.78] avec 32 octets de donn?es?: R?ponse de 216.58.213.78?: octets=32 temps=78 ms TTL=115 R?ponse de 216.58.213.78?: octets=32 temps=46 ms TTL=115 R?ponse de 216.58.213.78?: octets=32 temps=62 ms TTL=115 R?ponse de 216.58.213.78?: octets=32 temps=49 ms TTL=115 Statistiques Ping pour 216.58.213.78: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 46ms, Maximum = 78ms, Moyenne = 58ms ---------- | @ [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=www.google.com "Default_Page_URL"=http://www.msn.com/?pc=ACTE "ImageStoreRandomFolder"=chj8y62 "OperationalData"=13 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2A0000002A000000DA040000CD020000 "Start Page_TIMESTAMP"=0xDD032D654715D801 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000057000000D95521F150356F792194E09205EE95CF04746BB61F2C239170B4FF64950231D667FD5A386706A7C9FADC1C2D4A8C5D7B111367DA81F39FD3406D64B32C35ADA9E6C345E998FFCB64055D3223ED4B33DC0EF0E69C38BD08020000000E000000517643705A775676767941253364 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ZonesSecurityUpgrade"=0x9BA8698AE0AED701 "WarnonZoneCrossing"=0 "LockDatabase"=132882321427418294 "ProxyOverride"=*.local "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "AutoConfigProxy"=wininet.dll [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm] "Application"=wmplayer.exe [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv] "Application"=wmplayer.exe ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [20/03/2021 16:12:49] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:44:34] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} -- C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -- C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} -- C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} -- C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -- C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook ---------- | Toolbar [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8} [HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00 [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) - [] ---------- | SearchScopes [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F49A0A1D-E950-4FBA-8C11-4A5C85C54BC7}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{A5CEE1D7-734C-43B6-8A62-7CF1DE3E2CE8}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{F49A0A1D-E950-4FBA-8C11-4A5C85C54BC7}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRACE1&src=IE11TR&pc=ACTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.76\BHO\ie_to_edge_bho.dll [29/01/2022 17:48:43] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [27/06/2021 07:22:40] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [06/03/2013 07:37:48] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [27/06/2021 07:22:40] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.76\BHO\ie_to_edge_bho.dll [29/01/2022 17:48:43] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL [19/12/2013 00:41:02] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [27/06/2021 07:22:40] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [06/03/2013 07:37:48] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [27/06/2021 07:22:40] ---------- | Chrome C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj = : __MSG_web2pdfExtnDescription__ - __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\ihcjicgdanjaechkgeegckofjjedodee = : Google & co - Malwarebytes Browser Guard - permissions:[alarmsdownloadsstoragetabswebRequestwebRequestBlockingunlimitedStorage\u003Call_urls>contextMenus] - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\nicol\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ihcjicgdanjaechkgeegckofjjedodee] ---------- | Opera C:\Users\nicol\AppData\Roaming\Opera Software\Opera Stable\extensions\enegjkbbakeegngfapepobipndnebkdk = - Rich Hints Agent - https://extension-updates.opera.com/api/omaha/update/ C:\Users\nicol\AppData\Roaming\Opera Software\Opera Stable\extensions\kbmoiomgmchbpihhdpabemajcbjpcijk = - Amazon Assistant Promotion - https://extension-updates.opera.com/api/omaha/update/ ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "web2pdfextension.17@acrobat.adobe.com"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "web2pdfextension.17@acrobat.adobe.com"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Acrobat] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll C:\Users\nicol\AppData\Roaming\Mozilla\Firefox\Profiles\xpk619tw.default\Prefs.js user_pref("browser.startup.homepage", "https://mysearchengine.co/homepage?hp=1&bitmask=9996&pId=BT170603&iDate=2021-12-15 08:08:07&bName="); C:\Users\nicol\AppData\Roaming\Mozilla\Firefox\Profiles\ygtc76k7.default-release-1634146213003\Prefs.js user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20220126154723"); user_pref("browser.startup.homepage_override.mstone", "96.0.3"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.databaseSchema", 34); user_pref("extensions.getAddons.cache.lastUpdate", 1643748993); user_pref("extensions.getAddons.databaseSchema", 6); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20220126154723"); user_pref("extensions.lastAppVersion", "96.0.3"); user_pref("extensions.lastPlatformVersion", "96.0.3"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); user_pref("extensions.reset_default_search.runonce.3", true); user_pref("extensions.reset_default_search.runonce.reason", "previousRun"); user_pref("extensions.screenshots.disabled", true); user_pref("extensions.systemAddon.update.enabled", false); user_pref("extensions.systemAddon.update.url", ""); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.extension.hidden", false); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.webcompat.enable_shims", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{242af0bb-db11-4734-b7a0-61cb8a9b20fb}", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{a658a273-612e-489e-b4f1-5344e672f4f5}", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}", true); user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"354482a7-fcd8-43b5-92f7-875b09ca7559\",\"formautofill@mozilla.org\":\"8ce142ff-2a21-47ea-b985-65506ea5276e\",\"pictureinpicture@mozilla.org\":\"ccf707ae-c05b-4407-82b0-adae3e79f1a5\",\"screenshots@mozilla.org\":\"12b083d2-4878-4273-8219-a4add27d9e22\",\"webcompat-reporter@mozilla.org\":\"3451e999-5756-4ebb-a304-b289019ec5e0\",\"webcompat@mozilla.org\":\"8890bbb9-24cd-4506-a48e-729934371fd9\",\"default-theme@mozilla.org\":\"22794f7b-ead9-45ae-8025-34b6d6a764af\",\"google@search.mozilla.org\":\"44f394d5-5f34-4faa-9d5c-5677143a1f70\",\"wikipedia@search.mozilla.org\":\"45ba620f-52b5-4e32-abd8-d354f23e68fe\",\"bing@search.mozilla.org\":\"17dab63d-d3b7-4ce4-b06e-93655ea82641\",\"ddg@search.mozilla.org\":\"31556c3e-6764-4a03-9505-04896ebeca83\",\"ebay@search.mozilla.org\":\"883af986-d4ad-49b5-917f-3a123310163f\",\"qwant@search.mozilla.org\":\"a9ca0de7-2aa5-4358-8b32-88e2b8b3d7e2\",\"amazon@search.mozilla.org\":\"f3ec86cd-7117-490d-86ea-cb53c75c5977\",\"addons-search-detection@mozilla.com\":\"32e53d10-2b5e-4595-94f1-21af10ac4f6c\",\"reset-search-defaults@mozilla.com\":\"318f2826-41ef-4d0e-82c3-c9169348199f\",\"proxy-failover@mozilla.com\":\"74611e60-6046-4f89-bd99-d5c00b3fc9ed\",\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":\"94c04c94-a034-4bf7-8c9d-0168caec1b34\",\"{a658a273-612e-489e-b4f1-5344e672f4f5}\":\"c751816d-aec8-4d56-bd13-7b82b23a3c97\",\"{242af0bb-db11-4734-b7a0-61cb8a9b20fb}\":\"ff56600b-6f86-49e3-a4c6-146546b767e2\"}"); [Profile0] - Name=default-release -> Profiles/ygtc76k7.default-release-1634146213003 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{76015d38-9d43-4587-930a-4d465f3507ce}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8274d812-7521-4ca0-beac-71824a45e575}] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{97463d4a-a482-4539-8fd2-bbc6a00596ef}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b3cf458a-48e7-4e92-b4e5-8fc7bef7c2bc}] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{76015d38-9d43-4587-930a-4d465f3507ce}] "DhcpNameServer"=192.168.42.129 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8274d812-7521-4ca0-beac-71824a45e575}] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{97463d4a-a482-4539-8fd2-bbc6a00596ef}] "DhcpNameServer"=192.168.0.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b3cf458a-48e7-4e92-b4e5-8fc7bef7c2bc}] "DhcpNameServer"=192.168.43.1 ---------- | Applications [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\nicol\AppData\Local\Programs\Opera\Launcher.exe" "%1" [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Classes\Applications\sublime_text.exe] : "C:\Program Files\Sublime Text 3\sublime_text.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\OIS.EXE] : C:\PROGRA~1\MICROS~2\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\OIS.EXE] : C:\PROGRA~1\MICROS~2\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc ConsentUxUserSvc DevicePickerUserSvc "LxssManagerUser"=LxssManagerUser [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "AarSvcGroup"=AarSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\A-PDF] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Adobe] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\AppDataLow] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Appsolute] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\ASProtect] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\AVAST Software] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\AvastAdSDK] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Barco] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Blueberry Software] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Canon] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Chromium] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Clients] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Google] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Haali] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\IM Providers] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Intel] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\KONICA MINOLTA] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\LAV] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Lavasoft] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\LogSys] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Malwarebytes] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Mobirise.com] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Monect] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Mozilla] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\MPC-HC] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Netscape] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\ODBC] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Opera Software] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Opera Stable Offer] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Oracle] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Piriform] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Policies] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\qzapproducts] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Realtek] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\SyncEngines] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\WinRAR] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\WinRAR SFX] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\WixSharp] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Wondershare] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\WOW6432Node] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\ZoomUMX] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Common] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Connection Manager] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\DeviceDirectory] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\DirectInput] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Ease of Access] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Edge] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\EdgeUpdate] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\FileSquirt] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Ieak] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\IMEMIP] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet ExplorerInternet Explorer] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Internet Mail and News] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Messaging] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Microsoft Management Console] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\MPEG2Demultiplexer] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\MS Design Tools] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\MTS_COM1] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Office] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Shared] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Shared Tools] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\SkyDrive] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\SoftGrid] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\StorageLibrary] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\UserDataService] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\VBA] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Web Service Providers] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Defender Security Center] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Media] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Script Host] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\RestartManager] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Adobe] [HKLM\Software\Atheros] [HKLM\Software\Avast Software] [HKLM\Software\Canon] [HKLM\Software\Chromium] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\Docker Inc.] [HKLM\Software\DownloadHelper] [HKLM\Software\FileZilla 3] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Intel] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Windows] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\AppVISV] [HKLM\SOFTWARE\Microsoft\ASP.NET] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\ClickToRun] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\CloudManagedUpdate] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\DevDiv] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\DiskSnapshot] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Edge] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\Exchange] [HKLM\SOFTWARE\Microsoft\eXdi] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\Hvsi] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\Loki] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\Microsoft Reference] [HKLM\SOFTWARE\Microsoft\Microsoft SQL Server Compact Edition] [HKLM\SOFTWARE\Microsoft\MicrosoftEdge] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MSOSOAP] [HKLM\SOFTWARE\Microsoft\MSSearch36] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\Office] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\PCHC] [HKLM\SOFTWARE\Microsoft\PCHealthCheck] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\Pim] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RAS AutoDial] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Schema Library] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Shared] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\SnippingTool] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\StrongName] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\VBA] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\VisualStudio] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Performance Toolkit] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\SOFTWARE\Microsoft\XboxLive] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LxssManagerUser] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Adobee] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\appsolute] [HKLM\Software\WOW6432Node\Avast Software] [HKLM\Software\WOW6432Node\Canon] [HKLM\Software\WOW6432Node\db9b6d64-7ad2-556e-893c-24e21cb471e1] [HKLM\Software\WOW6432Node\DigitalWave] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\HaaliMkx] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Lavasoft] [HKLM\Software\WOW6432Node\LogSys] [HKLM\Software\WOW6432Node\MAXSOFT-OCRON] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\MySQL AB] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OEM] [HKLM\Software\WOW6432Node\Sage] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\Wondershare] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\ASP.NET] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\Edge] [HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\InputPersonalization] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\MSSOAP] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\PCHealth] [HKLM\Software\WOW6432Node\Microsoft\Personalization] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Schema Library] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\Visio] [HKLM\Software\WOW6432Node\Microsoft\VisualStudio] [HKLM\Software\WOW6432Node\Microsoft\VSTA] [HKLM\Software\WOW6432Node\Microsoft\VSTA Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\VSTAHost] [HKLM\Software\WOW6432Node\Microsoft\VSTAHostConfig] [HKLM\Software\WOW6432Node\Microsoft\VSTO Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows CE Services] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [19/03/2019 05:52:43] - |SHD| - [516] - C:\$Recycle.Bin [19/03/2021 00:30:41] - |HD| - [68751103] - C:\$SysReset [22/06/2021 10:11:00] - |D| - [13372] - C:\$WINDOWS.~BT [22/06/2021 10:10:58] - |HD| - [335053] - C:\$Windows.~WS [13/01/2022 14:08:30] - |HD| - [0] - C:\$WinREAgent [14/02/2021 02:38:18] - |D| - [0] - C:\9d68269571d3dd6d1f07dddbb734 [29/01/2022 19:10:08] - |D| - [21659] - C:\cache [MD5.CD4B5ED961F5F215CDC7E304772FD5EC] - [03/05/2021 20:38:53] - |AH| - (.-.) - [40] - (0.0.0.0) - C:\CB6CD2A917E6 [02/02/2022 14:12:36] - |D| - [1675552] - C:\Clean_Dns [15/09/2020 01:59:56] - |SHD| - [0] - C:\Documents and Settings [14/09/2020 20:36:31] - |D| - [0] - C:\Données Ciel [MD5.91C29CAB235B737BD2F9B70581FECBD9] - [20/03/2021 16:25:49] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/03/2021 16:25:49] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [18/03/2021 20:15:38] - |D| - [4925681972] - C:\ESD [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1028.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1031.txt [MD5.99C22D4A31F4EAD4351B71D6F4E5F6A1] - [07/11/2007 07:00:40] - |A| - (.-.) - [10134] - (0.0.0.0) - C:\eula.1033.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1036.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1040.txt [MD5.9B15A3A055CC6E67EA191A1B7885649A] - [07/11/2007 07:00:40] - |A| - (.-.) - [118] - (0.0.0.0) - C:\eula.1041.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1042.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.2052.txt [MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 07:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.3082.txt [MD5.0A6B586FABD072BD7382B5E24194EAC7] - [07/11/2007 07:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - C:\globdata.ini [MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/03/2021 16:28:41] - |ASH| - (.-.) - [1636896768] - (0.0.0.0) - C:\hiberfil.sys [05/01/2022 22:08:13] - |D| - [0] - C:\iMobie [05/01/2022 22:08:13] - |D| - [0] - C:\iMobieBackup [MD5.520A6D1CBCC9CF642C625FE814C93C58] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - C:\install.exe [MD5.0DA9AB4977F3E7BA8C65734DF42FDAB6] - [07/11/2007 07:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - C:\install.ini [MD5.4151A4D07640863783F837E588235837] - [07/11/2007 07:03:18] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [76304] - (9.0.21022.8) - C:\install.res.1028.dll [MD5.3B8A82E04238655EAEF97E074FB29911] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [96272] - (9.0.21022.8) - C:\install.res.1031.dll [MD5.9EDEB8B1C5C0A4CD3A3016B85108127D] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [91152] - (9.0.21022.8) - C:\install.res.1033.dll [MD5.5B6FF470CFA7087690E61F87E81EF78A] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [97296] - (9.0.21022.8) - C:\install.res.1036.dll [MD5.6310AB8FC9E3DBEE80592FC453A34FEE] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [95248] - (9.0.21022.8) - C:\install.res.1040.dll [MD5.13ED4517152203DE4BC52ACC0255D952] - [07/11/2007 07:03:18] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [81424] - (9.0.21022.8) - C:\install.res.1041.dll [MD5.0D4FB4095EA49C1EC89B9E8DB0B936A3] - [07/11/2007 07:03:18] - |A| - (.(C) Microsoft Corporation. - UI ?? ??? DLL.) - [79888] - (9.0.21022.8) - C:\install.res.1042.dll [MD5.D7366B34E8AFB605C39EF56E2201FE85] - [07/11/2007 07:03:18] - |A| - (.(C) Microsoft Corporation???????? - ???????? DLL.) - [75792] - (9.0.21022.8) - C:\install.res.2052.dll [MD5.41BB37A347121F3E5E88D85100638B79] - [07/11/2007 07:03:18] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [96272] - (9.0.21022.8) - C:\install.res.3082.dll [28/06/2020 18:35:38] - |HD| - [0] - C:\Intel [30/03/2021 13:47:29] - |D| - [409201616] - C:\MAMP [30/03/2021 13:50:13] - |D| - [336984] - C:\MAMPPRO [15/09/2020 08:53:35] - |RHD| - [1357927558] - C:\MSOCache [07/11/2019 09:28:43] - |HD| - [122826247] - C:\oem [14/09/2020 20:34:53] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/06/2020 03:29:26] - |ASH| - (.-.) - [3758096384] - (0.0.0.0) - C:\pagefile.sys [07/12/2019 10:14:52] - |D| - [0] - C:\PerfLogs [07/12/2019 10:14:52] - |RD| - [7705883167] - C:\Program Files [07/12/2019 10:14:52] - |RD| - [6001865313] - C:\Program Files (x86) [07/12/2019 10:14:52] - |HD| - [2313489339] - C:\ProgramData [02/02/2022 14:46:53] - |D| - [33] - C:\QuickDiag [MD5.C816294184305B87C400FA2A16108D7D] - [02/02/2022 14:46:58] - |A| - (.-.) - [240480] - (0.0.0.0) - C:\QuickDiag.txt [29/06/2020 03:51:30] - |HD| - [1689403749] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/06/2020 18:00:17] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [28/06/2020 18:00:14] - |SHD| - [0] - C:\System Volume Information [07/12/2019 10:03:44] - |RD| - [43289639022] - C:\Users [20/12/2020 00:43:40] - |D| - [660] - C:\usr [MD5.06FBA95313F26E300917C6CEA4480890] - [07/11/2007 07:00:40] - |A| - (.-.) - [5686] - (0.0.0.0) - C:\vcredist.bmp [MD5.E10F2F6E6379E9185F71AEC1421F37B4] - [07/11/2007 07:09:22] - |A| - (.-.) - [1442522] - (0.0.0.0) - C:\VC_RED.cab [MD5.E0951D3CB1038EB2D2B2B2F336E1AB32] - [07/11/2007 07:12:28] - |A| - (.-.) - [232960] - (0.0.0.0) - C:\VC_RED.MSI [07/12/2019 10:03:44] - |D| - [28311518892] - C:\Windows [11/03/2021 14:55:48] - |D| - [20651348] - C:\Windows10Upgrade ---------- | C:\WINDOWS [07/12/2019 15:51:10] - |D| - [802] - C:\WINDOWS\addins [07/12/2019 10:14:52] - |D| - [17787287] - C:\WINDOWS\appcompat [07/12/2019 10:14:52] - |D| - [9916510] - C:\WINDOWS\apppatch [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\AppReadiness [07/12/2019 10:14:52] - |RSD| - [1147127613] - C:\WINDOWS\assembly [07/12/2019 10:14:52] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.820B97429E4153A743708B376807EE69] - [21/09/2021 08:21:30] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [81408] - (10.0.19041.1237) - C:\WINDOWS\bfsvc.exe [07/12/2019 10:14:52] - |D| - [40889582] - C:\WINDOWS\Boot [MD5.513507404DB73DDCB71FDA50A5A79D69] - [20/03/2021 16:21:46] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [07/12/2019 10:14:52] - |D| - [2450432] - C:\WINDOWS\Branding [07/12/2019 10:03:44] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.4F9BCAEE7EE5B6C8B8408D10023AC034] - [08/11/2019 17:52:08] - |A| - (.-.) - [41] - (0.0.0.0) - C:\WINDOWS\ChangeLang_Done.tag [07/12/2019 10:14:52] - |D| - [37293838] - C:\WINDOWS\Containers [MD5.C6C52AF48A75DCC59644DC894D2F524E] - [07/12/2019 15:53:23] - |A| - (.-.) - [29857] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.8963473041CBBC7421D0E8961C0490E1] - [29/06/2020 03:34:45] - |A| - (.-.) - [10] - (0.0.0.0) - C:\WINDOWS\CSUP.txt [07/12/2019 10:14:52] - |D| - [11501377] - C:\WINDOWS\Cursors [07/12/2019 10:14:52] - |D| - [20974050] - C:\WINDOWS\debug [MD5.692CA5EBC9E0CEF0A8D0BE4DF7400CEE] - [20/03/2021 16:34:07] - |A| - (.-.) - [9528] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [07/12/2019 10:14:52] - |D| - [4307035] - C:\WINDOWS\diagnostics [07/12/2019 10:14:52] - |D| - [1702804] - C:\WINDOWS\DiagTrack [MD5.57FD8A5B8E926356DB5EF9274611E99C] - [20/03/2021 16:34:07] - |A| - (.-.) - [12985] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [07/12/2019 15:49:55] - |D| - [0] - C:\WINDOWS\DigitalLocker [07/12/2019 10:14:52] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [07/12/2019 10:14:52] - |HD| - [88536] - C:\WINDOWS\ELAMBKUP [07/12/2019 15:49:55] - |D| - [0] - C:\WINDOWS\en-US [MD5.744F2D2E4AF2C1C64643FDBC60A21B27] - [17/12/2021 16:53:21] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4971808] - (10.0.19041.1415) - C:\WINDOWS\explorer.exe [07/12/2019 10:14:52] - |RSD| - [420624738] - C:\WINDOWS\Fonts [07/12/2019 15:49:55] - |D| - [111616] - C:\WINDOWS\fr-FR [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [07/12/2019 10:14:52] - |D| - [57013171] - C:\WINDOWS\Globalization [07/12/2019 10:14:52] - |D| - [1315831] - C:\WINDOWS\Help [MD5.7E8FAEC2E175C8B45B6D380A6A4C9503] - [16/08/2021 19:50:07] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1075712] - (10.0.19041.1151) - C:\WINDOWS\HelpPane.exe [MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 10:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.19041.1) - C:\WINDOWS\hh.exe [07/12/2019 10:14:52] - |D| - [30327] - C:\WINDOWS\IdentityCRL [07/12/2019 10:14:52] - |D| - [28822470] - C:\WINDOWS\IME [07/12/2019 10:14:52] - |RD| - [8179781] - C:\WINDOWS\ImmersiveControlPanel [07/12/2019 10:13:02] - |D| - [115869573] - C:\WINDOWS\INF [07/12/2019 10:14:52] - |D| - [38193580] - C:\WINDOWS\InputMethod [07/12/2019 10:14:52] - |SHD| - [5036104772] - C:\WINDOWS\Installer [MD5.ACE55651B5689F13960252E3F3EC9E42] - [19/04/2021 21:06:08] - |A| - (.Copyright (C) 2009 KONICA MINOLTA, INC. - KMWOW64 ????????.) - [160664] - (3.6.0.0) - C:\WINDOWS\KOBDrvAPIW64.EXE [07/12/2019 10:14:52] - |D| - [109650] - C:\WINDOWS\L2Schemas [07/12/2019 10:14:52] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\LiveKernelReports [07/12/2019 10:14:52] - |D| - [12640570] - C:\WINDOWS\Logs [07/12/2019 10:14:52] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 10:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [07/12/2019 10:14:52] - |RD| - [814192364] - C:\WINDOWS\Microsoft.NET [07/12/2019 10:14:52] - |D| - [3323] - C:\WINDOWS\Migration [03/09/2021 20:42:03] - |D| - [0] - C:\WINDOWS\Minidump [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\ModemLogs [08/11/2019 17:37:34] - |D| - [17337475] - C:\WINDOWS\NAPP_Dism_Log [MD5.8003F61648CB72F9F647D44A95FE788A] - [14/11/2021 10:47:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [208384] - (10.0.19041.1320) - C:\WINDOWS\notepad.exe [07/12/2019 15:51:57] - |D| - [199472] - C:\WINDOWS\OCR [MD5.AB17CA5E018F353D06C279C6965DE4E9] - [27/09/2021 12:59:43] - |A| - (.-.) - [23] - (0.0.0.0) - C:\WINDOWS\ODBCINST.INI [07/12/2019 10:14:52] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [20/03/2021 00:59:59] - |DC| - [336020351] - C:\WINDOWS\Panther [22/03/2021 12:44:19] - |D| - [0] - C:\WINDOWS\PCHEALTH [07/12/2019 10:14:52] - |D| - [317016] - C:\WINDOWS\Performance [MD5.6C9383FF750C2D1ACB01603A1F369945] - [19/03/2021 01:05:31] - |A| - (.-.) - [735954] - (0.0.0.0) - C:\WINDOWS\PFRO.log [07/12/2019 10:14:52] - |D| - [1136442] - C:\WINDOWS\PLA [07/12/2019 10:14:52] - |D| - [2934160] - C:\WINDOWS\PolicyDefinitions [20/03/2021 16:25:50] - |D| - [7274643] - C:\WINDOWS\Prefetch [07/12/2019 10:14:52] - |RD| - [2234380] - C:\WINDOWS\PrintDialog [07/12/2019 10:14:52] - |D| - [6083225] - C:\WINDOWS\Provisioning [MD5.999A30979F6195BF562068639FFC4426] - [20/03/2021 16:13:35] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [370176] - (10.0.19041.746) - C:\WINDOWS\regedit.exe [07/12/2019 10:14:52] - |D| - [1071164] - C:\WINDOWS\Registration [07/12/2019 10:14:52] - |D| - [18524064] - C:\WINDOWS\rescache [07/12/2019 10:14:52] - |D| - [4301183] - C:\WINDOWS\Resources [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\SchCache [07/12/2019 10:14:52] - |D| - [126782] - C:\WINDOWS\schemas [07/12/2019 10:14:52] - |D| - [5317988] - C:\WINDOWS\security [20/03/2021 16:20:32] - |D| - [108481225] - C:\WINDOWS\ServiceProfiles [07/12/2019 10:14:52] - |D| - [6758] - C:\WINDOWS\ServiceState [07/12/2019 10:03:44] - |D| - [2473177975] - C:\WINDOWS\servicing [07/12/2019 10:18:25] - |D| - [98309] - C:\WINDOWS\Setup [07/12/2019 10:14:52] - |D| - [5526016] - C:\WINDOWS\ShellComponents [07/12/2019 10:14:52] - |D| - [19040768] - C:\WINDOWS\ShellExperiences [19/03/2021 03:52:44] - |D| - [98104] - C:\WINDOWS\SHELLNEW [07/12/2019 10:14:52] - |D| - [3070736] - C:\WINDOWS\SKB [28/06/2020 18:04:14] - |D| - [84501797] - C:\WINDOWS\SoftwareDistribution [07/12/2019 10:14:52] - |D| - [86037697] - C:\WINDOWS\Speech [07/12/2019 10:14:52] - |D| - [64508236] - C:\WINDOWS\Speech_OneCore [MD5.74EEC977273BEB6F80B3BB3887B78A33] - [17/12/2021 16:53:20] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [136192] - (10.0.19041.1415) - C:\WINDOWS\splwow64.exe [07/12/2019 10:14:52] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [19/03/2019 05:49:35] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [07/12/2019 10:03:44] - |D| - [7125617919] - C:\WINDOWS\System32 [07/12/2019 10:14:52] - |D| - [147085829] - C:\WINDOWS\SystemApps [07/12/2019 10:14:52] - |D| - [167687545] - C:\WINDOWS\SystemResources [17/12/2021 18:19:06] - |D| - [0] - C:\WINDOWS\SystemTemp [07/12/2019 10:14:52] - |D| - [1131762164] - C:\WINDOWS\SysWOW64 [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\TAPI [19/03/2021 09:41:47] - |D| - [6] - C:\WINDOWS\Tasks [07/12/2019 10:14:52] - |D| - [8323471] - C:\WINDOWS\Temp [19/03/2021 09:41:47] - |D| - [13788672] - C:\WINDOWS\TextInput [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\tracing [07/12/2019 10:14:52] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 10:10:00] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [07/12/2019 10:14:52] - |D| - [12420] - C:\WINDOWS\Vss [07/12/2019 10:14:52] - |D| - [33198] - C:\WINDOWS\WaaS [07/12/2019 10:14:52] - |D| - [23556497] - C:\WINDOWS\Web [MD5.DAA6AAD525D12F8985695B882301336F] - [19/03/2019 05:49:35] - |A| - (.-.) - [167] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 10:09:09] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [02/02/2022 14:35:44] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 10:10:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\WINDOWS\winhlp32.exe [07/12/2019 10:03:44] - |D| - [8589758127] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 10:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 15:52:21] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [08/01/2022 15:45:30] - C:\WINDOWS\Installer\14363be9.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Header ok : D0CF11E0A1B11AE10000000000000000] [03/03/2019 01:03:08] - C:\WINDOWS\Installer\2938c5dc.msi : ([ProductName] Installer - Apple Inc.) [Header ok : D0CF11E0A1B11AE10000000000000000] [17/03/2015 10:06:42] - C:\WINDOWS\Installer\4722d78.msi : (Installers - Adobe Systems Incorporated) [Header ok : D0CF11E0A1B11AE10000000000000000] [03/09/2014 05:17:54] - [4028928] - (.().-. - ()) - C:\WINDOWS\Installer\130cfb.msp [03/09/2014 05:17:54] - [4637184] - (.().-. - ()) - C:\WINDOWS\Installer\130d03.msp [17/06/2015 15:23:28] - [625152] - (.().-. - ()) - C:\WINDOWS\Installer\130d7f.msp [12/07/2016 21:24:22] - [3444224] - (.().-. - ()) - C:\WINDOWS\Installer\130de1.msp [17/03/2021 10:30:22] - [311296] - (.().-. - ()) - C:\WINDOWS\Installer\1ce129df.msp [17/03/2021 10:34:46] - [516096] - (.().-. - ()) - C:\WINDOWS\Installer\1ce129f5.msp [17/03/2021 12:58:36] - [1523712] - (.().-. - ()) - C:\WINDOWS\Installer\1ce12a18.msp [17/03/2021 13:00:34] - [3072000] - (.().-. - ()) - C:\WINDOWS\Installer\1ce12a3a.msp [17/03/2021 13:06:14] - [18595840] - (.().-. - ()) - C:\WINDOWS\Installer\1ce12a4f.msp [24/07/2013 08:15:36] - [1233408] - (.().-. - ()) - C:\WINDOWS\Installer\97eb202.msp [14/08/2013 02:35:34] - [646144] - (.().-. - ()) - C:\WINDOWS\Installer\97eb217.msp [25/10/2013 17:42:58] - [1742848] - (.().-. - ()) - C:\WINDOWS\Installer\97eb247.msp [18/12/2013 18:06:36] - [3619840] - (.().-. - ()) - C:\WINDOWS\Installer\97eb269.msp [17/04/2014 16:02:58] - [402432] - (.().-. - ()) - C:\WINDOWS\Installer\97eb2a1.msp [03/10/2014 16:57:20] - [434688] - (.().-. - ()) - C:\WINDOWS\Installer\97eb2b5.msp [12/11/2014 00:00:20] - [802304] - (.().-. - ()) - C:\WINDOWS\Installer\97eb2ca.msp [11/11/2014 23:59:14] - [2979328] - (.().-. - ()) - C:\WINDOWS\Installer\97eb2e2.msp [20/11/2014 10:05:30] - [2405888] - (.().-. - ()) - C:\WINDOWS\Installer\97eb2fd.msp [20/11/2014 10:05:38] - [170496] - (.().-. - ()) - C:\WINDOWS\Installer\97eb312.msp [17/02/2015 17:42:24] - [1047552] - (.().-. - ()) - C:\WINDOWS\Installer\97eb319.msp [17/02/2015 17:42:30] - [18632192] - (.().-. - ()) - C:\WINDOWS\Installer\97eb32e.msp [17/02/2015 17:31:24] - [740864] - (.().-. - ()) - C:\WINDOWS\Installer\97eb351.msp [22/03/2015 23:31:10] - [943616] - (.().-. - ()) - C:\WINDOWS\Installer\97eb36f.msp [14/05/2015 16:09:16] - [1753600] - (.().-. - ()) - C:\WINDOWS\Installer\97eb3a0.msp [24/06/2015 01:19:24] - [2838528] - (.().-. - ()) - C:\WINDOWS\Installer\97eb3b5.msp [16/07/2015 08:21:06] - [1071616] - (.().-. - ()) - C:\WINDOWS\Installer\97eb3ca.msp [16/07/2015 08:19:48] - [372736] - (.().-. - ()) - C:\WINDOWS\Installer\97eb3df.msp [13/08/2015 06:16:52] - [286208] - (.().-. - ()) - C:\WINDOWS\Installer\97eb3fa.msp [04/09/2015 23:31:04] - [5691392] - (.().-. - ()) - C:\WINDOWS\Installer\97eb410.msp [04/09/2015 23:31:08] - [942592] - (.().-. - ()) - C:\WINDOWS\Installer\97eb42b.msp [14/10/2015 09:45:20] - [90624] - (.().-. - ()) - C:\WINDOWS\Installer\97eb446.msp [09/02/2016 22:43:44] - [6601216] - (.().-. - ()) - C:\WINDOWS\Installer\97eb45d.msp [17/05/2016 17:51:48] - [2981888] - (.().-. - ()) - C:\WINDOWS\Installer\97eb479.msp [17/05/2016 17:54:30] - [9754624] - (.().-. - ()) - C:\WINDOWS\Installer\97eb492.msp [12/07/2016 21:29:18] - [594944] - (.().-. - ()) - C:\WINDOWS\Installer\97eb498.msp [12/07/2016 21:26:38] - [13926400] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4b9.msp [05/06/2017 14:54:28] - [407040] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4c7.msp [05/06/2017 15:15:10] - [14239232] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4d4.msp [05/06/2017 15:15:56] - [13436928] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4e1.msp [05/06/2017 15:15:58] - [8860672] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4ed.msp [05/06/2017 15:15:54] - [6526464] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4f2.msp [05/06/2017 15:15:42] - [9796096] - (.().-. - ()) - C:\WINDOWS\Installer\97eb4ff.msp [05/06/2017 15:15:40] - [4428288] - (.().-. - ()) - C:\WINDOWS\Installer\97eb506.msp [25/08/2017 12:39:24] - [732672] - (.().-. - ()) - C:\WINDOWS\Installer\97eb510.msp [27/08/2017 11:24:20] - [499200] - (.().-. - ()) - C:\WINDOWS\Installer\97eb525.msp [31/12/2017 16:27:32] - [9728] - (.().-. - ()) - C:\WINDOWS\Installer\97eb530.msp [17/05/2018 12:37:00] - [9388032] - (.().-. - ()) - C:\WINDOWS\Installer\97eb545.msp [17/05/2018 13:09:54] - [5316608] - (.().-. - ()) - C:\WINDOWS\Installer\97eb55a.msp [26/06/2018 12:14:26] - [2887680] - (.().-. - ()) - C:\WINDOWS\Installer\97eb56f.msp [26/06/2018 12:14:44] - [536576] - (.().-. - ()) - C:\WINDOWS\Installer\97eb584.msp [30/07/2018 16:27:06] - [3514368] - (.().-. - ()) - C:\WINDOWS\Installer\97eb59e.msp [28/08/2018 15:09:14] - [217088] - (.().-. - ()) - C:\WINDOWS\Installer\97eb5b2.msp [20/10/2018 14:18:40] - [708608] - (.().-. - ()) - C:\WINDOWS\Installer\97eb5c7.msp [30/11/2018 13:33:52] - [1830912] - (.().-. - ()) - C:\WINDOWS\Installer\97eb5dc.msp [29/12/2018 00:33:34] - [425984] - (.().-. - ()) - C:\WINDOWS\Installer\97eb606.msp [18/12/2018 09:48:48] - [876544] - (.().-. - ()) - C:\WINDOWS\Installer\97eb621.msp [22/01/2019 16:39:02] - [5324800] - (.().-. - ()) - C:\WINDOWS\Installer\97eb63d.msp [22/01/2019 16:38:54] - [9383936] - (.().-. - ()) - C:\WINDOWS\Installer\97eb652.msp [15/02/2019 16:04:56] - [3510272] - (.().-. - ()) - C:\WINDOWS\Installer\97eb667.msp [15/02/2019 16:04:30] - [1609728] - (.().-. - ()) - C:\WINDOWS\Installer\97eb67c.msp [14/03/2019 11:50:10] - [544768] - (.().-. - ()) - C:\WINDOWS\Installer\97eb691.msp [18/06/2019 14:56:38] - [3137536] - (.().-. - ()) - C:\WINDOWS\Installer\97eb6a7.msp [25/03/2020 20:01:20] - [9027584] - (.().-. - ()) - C:\WINDOWS\Installer\97eb6c1.msp [23/06/2020 11:36:08] - [9826304] - (.().-. - ()) - C:\WINDOWS\Installer\97eb6cc.msp [24/07/2020 13:16:16] - [753664] - (.().-. - ()) - C:\WINDOWS\Installer\97eb6d2.msp [14/10/2020 13:18:42] - [1757184] - (.().-. - ()) - C:\WINDOWS\Installer\97eb738.msp [16/11/2020 18:13:30] - [1904640] - (.().-. - ()) - C:\WINDOWS\Installer\97eb740.msp [16/12/2020 12:51:42] - [4009984] - (.().-. - ()) - C:\WINDOWS\Installer\97eb7b2.msp [16/02/2021 15:46:20] - [3072000] - (.().-. - ()) - C:\WINDOWS\Installer\97eb7c7.msp [16/02/2021 15:50:28] - [18644992] - (.().-. - ()) - C:\WINDOWS\Installer\97eb7dc.msp [21/07/2011 13:42:12] - [3222016] - (.().-. - ()) - C:\WINDOWS\Installer\ebfe6.msp [21/07/2011 13:50:16] - [204800] - (.().-. - ()) - C:\WINDOWS\Installer\ebffa.msp [26/10/2011 23:23:38] - [18386944] - (.().-. - ()) - C:\WINDOWS\Installer\ec013.msp [26/10/2011 23:23:30] - [1053184] - (.().-. - ()) - C:\WINDOWS\Installer\ec020.msp [21/03/2012 05:33:00] - [133632] - (.().-. - ()) - C:\WINDOWS\Installer\ec026.msp [21/03/2012 05:30:10] - [1868288] - (.().-. - ()) - C:\WINDOWS\Installer\ec03c.msp [27/06/2013 22:01:00] - [11510272] - (.().-. - ()) - C:\WINDOWS\Installer\ec04d.msp [27/06/2013 22:01:36] - [18565632] - (.().-. - ()) - C:\WINDOWS\Installer\ec097.msp [27/06/2013 22:00:20] - [5670400] - (.().-. - ()) - C:\WINDOWS\Installer\ec0bc.msp [27/06/2013 22:11:12] - [1656832] - (.().-. - ()) - C:\WINDOWS\Installer\ec29c.msp [27/06/2013 22:13:06] - [11828736] - (.().-. - ()) - C:\WINDOWS\Installer\ec2ad.msp [27/06/2013 22:03:36] - [15960064] - (.().-. - ()) - C:\WINDOWS\Installer\ec2be.msp [27/06/2013 22:07:14] - [16279552] - (.().-. - ()) - C:\WINDOWS\Installer\ec2c7.msp [27/06/2013 22:04:56] - [3921920] - (.().-. - ()) - C:\WINDOWS\Installer\ec2cf.msp [27/06/2013 22:17:16] - [7203328] - (.().-. - ()) - C:\WINDOWS\Installer\ec2db.msp [14/08/2013 02:41:54] - [209408] - (.().-. - ()) - C:\WINDOWS\Installer\ec2ef.msp [16/10/2013 03:01:22] - [3446784] - (.().-. - ()) - C:\WINDOWS\Installer\ec308.msp ---------- | %System%\*.in* [07/12/2019 10:09:39] - [3329] - C:\WINDOWS\System32\ieuinit.inf [20/03/2021 16:33:15] - [1770910] - C:\WINDOWS\System32\PerfStringBackup.INI [07/12/2019 10:09:05] - [60124] - C:\WINDOWS\System32\tcpmon.ini [07/12/2019 10:08:46] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [07/12/2019 10:10:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [19/03/2021 03:25:58] - [1805252] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [07/12/2019 10:09:22] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.8371E0BA7CED90E2D839A3CF403D3F63] - |A| - [03/05/2021 20:38:15] - (.-.) - [6560.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log [MD5.D48501A6F59D2476AD98817425FD96AB] - |A| - [01/02/2022 20:05:27] - (.-.) - [0.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a06272 [MD5.D48501A6F59D2476AD98817425FD96AB] - |A| - [01/02/2022 17:59:35] - (.-.) - [0.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a06944 [MD5.D48501A6F59D2476AD98817425FD96AB] - |A| - [01/02/2022 22:55:15] - (.-.) - [0.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc_a07028 [MD5.00000000000000000000000000000000] - |D| - [02/02/2022 14:22:09] - [0 Ko] - C:\WINDOWS\Temp\BAE45B6E-530B-486B-A28C-D4212236D238-Sigs [MD5.96B6AC5D16BAE3BD1E8FEA0A6FABBB9E] - |A| - [02/02/2022 00:33:10] - (.-.) - [31.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mbamiservice.log [MD5.E0B89BDD8E682DD9979F0E2C601901E9] - |A| - [02/02/2022 00:34:38] - (.-.) - [0.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\mb_errors999.log [MD5.3E3BCEA959CD9051F3C8DB28C4A95263] - |A| - [20/03/2021 16:34:26] - (.-.) - [1242.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.508F82A299BEBF8B030FC2CB9A965AFF] - |A| - [01/02/2022 22:40:49] - (.-.) - [2.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCopyAccelerator.log [MD5.1388C907DB00A023989B9E4C4B11327C] - |A| - [20/03/2021 21:34:25] - (.-.) - [292.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.105E8B7E04ED7F2048AE0790B744B0E7] - |A| - [03/06/2016 05:18:31] - (.-.) - [8.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\$Acer$.cmd [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:55] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 10:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 10:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 10:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 10:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 10:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 10:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 10:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 10:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 10:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 10:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 10:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 10:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 10:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 10:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WLOGO_48x48.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 10:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.A49C26AA0CADD994DE158F51CB7EEFBC] - |A| - [17/05/2021 09:00:38] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [2894.13 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [279.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.7605725C6464C7272BF3115901DF5776] - |A| - [13/01/2022 14:19:48] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [665.5 Ko] - (3.5.1.0) - C:\WINDOWS\System32\archiveint.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 10:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [258.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 10:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 10:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 10:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 10:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [5943.66 Ko] - C:\WINDOWS\System32\Boot [MD5.3149A16CF39B9A49BD9A1EF98A1C527B] - |A| - [20/03/2021 16:12:40] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [186.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:03:44] - [92656.9 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [59705.21 Ko] - C:\WINDOWS\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [19/03/2021 09:50:26] - [52487.87 Ko] - C:\WINDOWS\System32\cAVS [MD5.A1EE573A3A9F337CD309BAC48FD0DDE8] - |A| - [06/10/2020 19:51:30] - (.-.) - [79.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CNC1763D.TBL [MD5.B399E2C282D74B058CD8EAAFE9F64CDB] - |A| - [06/10/2020 19:51:30] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver 64-bit Edition.) - [281 Ko] - (20.0.0.4) - C:\WINDOWS\System32\CNC_B9C.dll [MD5.B0F07A3C1091DA091174731B82BF6B3F] - |A| - [06/10/2020 19:51:30] - (.Copyright CANON INC. 2012 All Rights Reserved - WIA Scanner Driver Image Enhancement dll 64-bit Edition.) - [104 Ko] - (20.0.0.4) - C:\WINDOWS\System32\CNC_B9I.dll [MD5.6FEC047D14B5F512AE61A39C7E59D68A] - |A| - [06/10/2020 19:51:30] - (.Copyright CANON INC. 2012 All Rights Reserved - LLD.) - [355 Ko] - (1.0.0.0) - C:\WINDOWS\System32\CNC_B9L.dll [MD5.493574E218AA18161D14EECFD572A0E8] - |A| - [06/10/2020 19:51:30] - (.Copyright CANON INC. 2007-2008 All Rights Reserved - Canon Device Dependent Informations for Scanner Library.) - [17.5 Ko] - (1.4.1.1) - C:\WINDOWS\System32\CNHMCA6.dll [MD5.FA132E1DAB518B28F4B20DB154A647FC] - |A| - [15/09/2020 09:13:30] - (.Copyright CANON INC. 2000-2012 All Rights Reserved - IJ Language Monitor.) - [380 Ko] - (0.3.0.1) - C:\WINDOWS\System32\CNMLMB9.DLL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [25.49 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [377.5 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:03:44] - [281340.94 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.C113EC3ABF481A1B41F99BD721B513C3] - |A| - [18/04/2021 13:25:37] - (.-.) - [225.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0.34 Ko] - C:\WINDOWS\System32\ContainerSettingsProviders [MD5.A41C1754A956E37B5E7D06D5167548E7] - |A| - [15/06/2021 20:52:37] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CoreMas.dll [MD5.69838176800F675B0993BA2A125B8154] - |A| - [18/05/2020 12:49:03] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cpa_64.vp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [318 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.05DE2EB0889D77D447BCA7BD597819CF] - |A| - [13/01/2022 14:19:48] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [511.5 Ko] - (7.79.1.0) - C:\WINDOWS\System32\curl.exe [MD5.39FDD9E1BE3F2D4904E824ADF0D4782B] - |A| - [18/05/2020 12:49:03] - (.-.) - [1344 Ko] - (0.0.0.0) - C:\WINDOWS\System32\c_64.cpa [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [321.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.2476074BEE004F1F505A772A677AD2B3] - |A| - [17/12/2021 16:53:22] - (.-.) - [159 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [272.44 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [358.5 Ko] - C:\WINDOWS\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 10:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [20/03/2021 16:12:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 10:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 10:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 10:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 10:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 10:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 10:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.B29815C0754CE84D899145A6EE79BD76] - |A| - [18/05/2020 12:49:03] - (.-.) - [55.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dev_64.vp [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [886 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 10:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [9896.77 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.D1DDD8C39F19CC99AD730FDC6274625C] - |A| - [13/01/2022 14:19:46] - (.-.) - [11.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuthTxt.wim [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.64E652DC979CB9EF1AEE91DBD4F8C624] - |A| - [20/03/2021 16:12:41] - (.-.) - [2201.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 10:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 10:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 10:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [361.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:55] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [244 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1587.53 Ko] - C:\WINDOWS\System32\en-US [MD5.1D0A840D731A2C1F2E1FB5B8596B4C34] - |A| - [20/03/2021 16:12:38] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [343.5 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [271 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [238 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [16718.64 Ko] - C:\WINDOWS\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 10:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [20/03/2021 16:12:43] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [326 Ko] - C:\WINDOWS\System32\fi-FI [MD5.A9B24DD1F6B897374999DB808CA51856] - |A| - [20/03/2021 16:25:51] - (.-.) - [465.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:55] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [279 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [47078.09 Ko] - C:\WINDOWS\System32\fr-FR [MD5.EB37DB663DC19E7C4D7F23A12DA07E99] - |A| - [21/09/2021 08:22:12] - (.-.) - [657 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:51:10] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 10:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/03/2021 00:56:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.FB7D3561203A981DA610B8239A2A4EE9] - |A| - [18/05/2020 12:49:03] - (.-.) - [13.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\h265e_64.vp [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [256.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.6D2BA2902199292D57806E3C53C587BF] - |A| - [20/03/2021 16:12:25] - (.-.) - [299.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.EEB1305FE4CADC3E3EBD07BBE1661610] - |A| - [18/05/2020 12:49:03] - (.-.) - [13.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\he_64.vp [MD5.CC38BB2EC89140C11AD9F6FCB5B9BB91] - |A| - [17/05/2021 09:01:20] - (.-.) - [14.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hnsproxy.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [250 Ko] - C:\WINDOWS\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [324.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.871CA2345825E86D1D2D2A2E9E475D4F] - |A| - [20/03/2021 16:13:38] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:53:03] - [149.55 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.947D07FA32ABB13DB520016769EB901B] - |A| - [15/06/2021 20:52:52] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icu.dll [MD5.A7B574704574F326B92DCEA872F1E9E1] - |A| - [20/03/2021 16:12:28] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4A85A9DEA3D47D95CEF5525586756EA6] - |A| - [20/03/2021 16:12:28] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.388BE35F952EC7F057CDD79E8EDF9A18] - |A| - [20/03/2021 16:12:02] - (.-.) - [193 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [26857.92 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [6943 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2021 09:50:25] - [134130.77 Ko] - C:\WINDOWS\System32\Intel [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [10192.95 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [235 Ko] - C:\WINDOWS\System32\ko-KR [MD5.E0B917D749684A3AF2F93509036E8244] - |A| - [19/04/2021 19:55:41] - (.Copyright(C) 2010-2012 KONICA MINOLTA, INC. -.) - [24.9 Ko] - (1.0.0.3) - C:\WINDOWS\System32\KOAXGJ_L.dll [MD5.B9DEF9D8855A6B00DBD84FF692C70461] - |A| - [19/04/2021 21:06:08] - (.Copyright (C) 2009 KONICA MINOLTA, INC. - Printer Driver API Common Interface.) - [109.4 Ko] - (3.6.0.0) - C:\WINDOWS\System32\KOBDrvAPIIF.DLL [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 10:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 10:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.14BE6A1C21780D85AD3F1D09283C56DA] - |A| - [17/05/2021 09:01:32] - (.-.) - [1647.5 Ko] - (3.0.2.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.4BFD587C99FE34EEA0E74622C798B3BE] - |A| - [21/09/2021 08:21:56] - (.-.) - [1137 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 10:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 10:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.D61B5A528AD39F77BA779FBD8BE85302] - |A| - [18/05/2020 12:49:16] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mj_64.vp [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 10:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [19/03/2021 03:51:36] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [21.37 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 10:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [314.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [384 Ko] - C:\WINDOWS\System32\NDF [MD5.5E98219F758C6094542B012E5F16E5E6] - |A| - [19/03/2021 00:55:26] - (.-.) - [91.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 10:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.0E2D5DA1C7A1A97E46172AC33AD354EC] - |A| - [07/12/2019 10:09:48] - (.-.) - [70.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [338.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.F5C374DE696A7DFD94DB3F9E9976BAFF] - |A| - [14/11/2021 10:47:37] - (.-.) - [147.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nmscrub.exe [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [07/12/2019 15:53:03] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [40483.04 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:51:03] - [3625 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 10:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1724.83 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.0545DE2D62D75217B2C3858944090810] - |A| - [07/12/2019 10:17:25] - (.-.) - [130.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.B1863A3887AE1637FBEE4EA66408E9EF] - |A| - [07/12/2019 15:49:57] - (.-.) - [147.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 10:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [07/12/2019 15:49:57] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.53708FEF52E85E28608BCBB9936AA327] - |A| - [07/12/2019 10:17:25] - (.-.) - [686.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.19CF4202B808C83A6A91173514878E88] - |A| - [07/12/2019 15:49:57] - (.-.) - [775.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.34151DC6987263BD338FF5B6A2C6D9DE] - |A| - [20/03/2021 16:33:15] - (.-.) - [1729.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 10:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [338.5 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [456 Ko] - C:\WINDOWS\System32\PointOfService [MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 10:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 10:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [332 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [335 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.7852D37790807E55BD71A65183E0F1ED] - |A| - [12/07/2021 08:20:30] - (.-.) - [2315.5 Ko] - (1.0.2104.14003) - C:\WINDOWS\System32\rdpnano.dll [MD5.42577ED1BA5199ADD53E1186EC4E28A4] - |A| - [20/03/2021 16:12:04] - (.-.) - [72.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [2.13 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.D6002483551469542B16249E0B958BBB] - |A| - [07/12/2019 10:09:55] - (.-.) - [0.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removerootporterr.mof [MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 10:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 10:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 10:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 10:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 10:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 10:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 10:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [262 Ko] - C:\WINDOWS\System32\ro-RO [MD5.4AEA7894A07048B019F6AE7889D8E23F] - |A| - [07/12/2019 10:09:55] - (.-.) - [3.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rootporterr.mof [MD5.8BB7F1C55F4DF7CEFF9291FDB77F780B] - |A| - [14/11/2021 10:47:12] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 10:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [4.85 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 10:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [78.59 Ko] - C:\WINDOWS\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1839 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [254.5 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [251.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [20/03/2021 16:25:51] - [20703.26 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 10:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:03:44] - [15425.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 10:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 10:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 10:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [7625.3 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [12473.18 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [226215.24 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [11058.09 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [23.6 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [253.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 10:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 10:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 10:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [35288 Ko] - C:\WINDOWS\System32\sru [MD5.862E9C75593E9BB1A90961975276F7FE] - |A| - [20/03/2021 16:12:04] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [320 Ko] - C:\WINDOWS\System32\sv-SE [MD5.26D2D82E2DD08761EAACF5BB5099D65B] - |A| - [21/09/2021 08:21:41] - (.-.) - [1265.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SvBannerBackground.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1418.56 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [938.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [8.16 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.3596DC15B6F6CBBB6EC8B143CBD57F24] - |A| - [13/01/2022 14:19:48] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [53.5 Ko] - (3.5.1.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [675.22 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [19/03/2021 09:41:47] - [594.56 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 10:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.A6563B8909ED33D2F70B3C9103862268] - |A| - [21/09/2021 08:21:38] - (.-.) - [2208 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.4C528AE5D512E3901BACAA5D75240381] - |A| - [17/10/2021 19:52:36] - (.-.) - [689.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [240 Ko] - C:\WINDOWS\System32\th-TH [MD5.CF7677327BE3C6395B9F3333CC0F1C15] - |A| - [20/03/2021 16:12:43] - (.-.) - [1.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ThirdPartyNoticesBySHS.txt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.18304425F7AFD566D129BC3FD2DCBDAD] - |A| - [17/12/2021 16:53:21] - (.-.) - [266 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [308 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 10:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 10:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [249 Ko] - C:\WINDOWS\System32\uk-UA [MD5.8CDD866E0707A71952FBA8BE899B7512] - |A| - [20/03/2021 16:12:04] - (.-.) - [63.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [2204.14 Ko] - C:\WINDOWS\System32\UNP [MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 10:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 10:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 10:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VhfUm.dll [MD5.A10725A4632FFFEAE250E09ADA553F94] - |A| - [20/03/2021 16:13:55] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.880C3EFC33A02DB9EE8660F150173303] - |A| - [07/12/2019 10:09:55] - (.-.) - [6.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VmChipset Third-Party Notices.txt [MD5.E653AB955E2E241F528096F4B2FA53CC] - |A| - [18/05/2020 12:49:19] - (.-.) - [13.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vp9e_64.vp [MD5.926FE64EBE8A062392EEE08CC2679537] - |A| - [21/09/2021 08:22:19] - (.-.) - [365.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vp9fs.dll [MD5.41807FC06C5783ED87BA9C8DBBB01D54] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1033.13 Ko] - (1.2.135.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.41807FC06C5783ED87BA9C8DBBB01D54] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1033.13 Ko] - (1.2.135.0) - C:\WINDOWS\System32\vulkan-1.dll [MD5.8005118FC533AA1DFC863C7F863075D9] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1713.29 Ko] - (1.2.135.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.8005118FC533AA1DFC863C7F863075D9] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1713.29 Ko] - (1.2.135.0) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [169911.96 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [105473.68 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 10:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.1D64ACF3675288CC086E6361EAC748C4] - |A| - [07/12/2019 10:08:52] - (.-.) - [144.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [53500.9 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.3F376202BE6A0EC0C866D97ED2E0F16D] - |A| - [15/06/2021 20:52:52] - (.-.) - [642.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowManagementAPI.dll [MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 10:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [10709.67 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 10:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [232092 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [6281.34 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [107.56 Ko] - C:\WINDOWS\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 10:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 10:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 10:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 10:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 10:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.1CFEC7254D9E36B2F138F9AD82C84771] - |A| - [28/09/2020 08:54:20] - (.-.) - [427.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ze_loader.dll [MD5.6537EF6D95C7DD42C810C5B7BA9FA7B7] - |A| - [28/09/2020 08:54:20] - (.-.) - [139.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ze_validation_layer.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [234.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [204.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 10:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 10:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 10:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 10:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 10:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1864.83 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.E556115BD4E751178310F842E457CA22] - |A| - [20/03/2021 16:13:00] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [97.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.DD0F04B43362A7C7660C1DF405D416F0] - |A| - [13/01/2022 14:19:53] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [563 Ko] - (3.5.1.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [58.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [316.5 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1478.88 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.6545DE4EF5217AA2FFC7FFD27725A971] - |A| - [20/03/2021 16:13:00] - (.-.) - [235 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CoreMas.dll [MD5.82C79A32AE3C3ADA5FE2D6B1B5B5FCB7] - |A| - [18/05/2020 12:49:03] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cpa_32.vp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [118.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.A2F18DAD6F7BE95ED9FC7A37B7D94FF7] - |A| - [13/01/2022 14:19:53] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [453.5 Ko] - (7.79.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.95A2BEBFB66825B7163702AC2DDCEDF9] - |A| - [18/05/2020 12:49:03] - (.-.) - [1329.26 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\c_32.cpa [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [119.5 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [131 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 10:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.E05A6E619EB48EAB0089C89287EA2000] - |A| - [18/05/2020 12:49:03] - (.-.) - [55.8 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\dev_32.vp [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [188 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [7604.55 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 15:50:56] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.04A30B162B08550874417A430C2E8D75] - |A| - [18/05/2020 12:49:03] - (.-.) - [70.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\h265e_32.vp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [93 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.DF0C9C776F8367E213210FB256AC30EC] - |A| - [20/03/2021 16:13:09] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.7AFB7B071EFA8CF731C472504CD41279] - |A| - [18/05/2020 12:49:03] - (.-.) - [69.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\he_32.vp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [55.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.8226A1A91F01432A0CB10CAABF1B9C6D] - |A| - [15/06/2021 20:53:25] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 10:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 10:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [21637.64 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [215 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.0BA97665D803B87D1AC0CC469BC11F7F] - |A| - [19/04/2021 21:06:08] - (.Copyright (C) 2009 KONICA MINOLTA, INC. - Printer Driver API Common Interface.) - [101.89 Ko] - (3.6.0.0) - C:\WINDOWS\SysWOW64\KOBDrvAPIIF.DLL [MD5.757D069010E4CEDEF947A1A2C2BA5EF6] - |A| - [18/05/2020 12:49:14] - (.-.) - [133.55 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll [MD5.150CCDC46D43CC09038EB8900BFFE017] - |A| - [18/05/2020 12:49:14] - (.-.) - [138.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll [MD5.0F2F6C5FC9CCCBFF05FB5947F73A4A6A] - |A| - [18/05/2020 12:49:14] - (.-.) - [164.84 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 10:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.69D75FD7D352975193A268B6DAF8F053] - |A| - [18/05/2020 12:49:16] - (.-.) - [64.26 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mj_32.vp [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 10:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [21.37 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [116 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [122 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 10:14:52] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 10:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [764.83 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [79.5 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.B3E5ECCAC592ECEF9DEEB4B5D81231A6] - |A| - [19/03/2021 03:25:58] - (.-.) - [1762.94 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [124 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [122 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [57.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [121.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [4039.3 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [8702.66 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [1316.18 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [23.6 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [56.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 10:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 10:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.BDC53957962AFBEBE6A25EF941C261B3] - |A| - [20/03/2021 16:13:00] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [117 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.D7128869A4759CCBDC5D4BC55A40D4CC] - |A| - [13/01/2022 14:19:53] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [43.5 Ko] - (3.5.1.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.1D2D564BC91E46A54533B8ABBEF460DD] - |A| - [21/09/2021 08:21:58] - (.-.) - [1302.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.4C58C812BB19C065CB0ED7FC8FBBAC12] - |A| - [17/10/2021 19:52:56] - (.-.) - [597.62 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [50.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.1CA2E8BC68011E59C51E34C5D1C41A7B] - |A| - [17/12/2021 16:54:04] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [115 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [20/03/2021 16:13:12] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.C680950CA0FA4BB0820A94E52E9A403C] - |A| - [18/05/2020 12:49:19] - (.-.) - [70.27 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vp9e_32.vp [MD5.9E7E80411B6B2D2F4FBDB7715060DCFA] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [899.63 Ko] - (1.2.135.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.9E7E80411B6B2D2F4FBDB7715060DCFA] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [899.63 Ko] - (1.2.135.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.9BF70A82C1D9915E033664EC18CACC47] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1328.27 Ko] - (1.2.135.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.9BF70A82C1D9915E033664EC18CACC47] - |A| - [28/09/2020 08:54:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1328.27 Ko] - (1.2.135.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [15723.06 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.A22B636328327A4EA6F6AB3F48A5B5B1] - |A| - [15/06/2021 20:53:25] - (.-.) - [457.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 10:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [9338.44 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [6281.07 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 15:49:56] - [107.56 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 10:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [20/03/2021 16:00:25] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 10:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [nicol] [05/01/2022 22:08:29] - |D| - [2442] - C:\Users\nicol\.android [30/09/2020 20:39:14] - |D| - [156] - C:\Users\nicol\.dbus-keyrings [17/12/2020 09:50:14] - |D| - [0] - C:\Users\nicol\.dnx [25/01/2022 19:15:24] - |D| - [72] - C:\Users\nicol\.docker [14/09/2020 20:29:42] - |RD| - [298] - C:\Users\nicol\3D Objects [20/03/2021 16:27:04] - |HD| - [4043261578] - C:\Users\nicol\AppData [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Application Data [14/09/2020 20:29:42] - |RD| - [412] - C:\Users\nicol\Contacts [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Cookies [14/09/2020 20:07:39] - |RD| - [27887901561] - C:\Users\nicol\Desktop [25/01/2022 19:15:30] - |D| - [41] - C:\Users\nicol\DevKinsta [14/09/2020 20:07:39] - |RD| - [448604206] - C:\Users\nicol\Documents [14/09/2020 20:07:39] - |RD| - [6965162826] - C:\Users\nicol\Downloads [09/01/2021 18:35:20] - |D| - [284212495] - C:\Users\nicol\dwhelper [14/09/2020 20:07:39] - |RD| - [747] - C:\Users\nicol\Favorites [14/09/2020 20:29:38] - |SHD| - [25308] - C:\Users\nicol\IntelGraphicsProfiles [14/09/2020 20:07:39] - |RD| - [1961] - C:\Users\nicol\Links [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Local Settings [05/04/2021 18:39:47] - |D| - [532228087] - C:\Users\nicol\Local Sites [23/09/2021 15:17:11] - |D| - [9343] - C:\Users\nicol\Luniistore [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Menu Démarrer [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Mes documents [14/09/2020 20:30:11] - |HD| - [4859979] - C:\Users\nicol\MicrosoftEdgeBackups [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Modèles [14/09/2020 20:07:39] - |RD| - [53962] - C:\Users\nicol\Music [06/01/2021 10:28:17] - |A| - [240217325] - C:\Users\nicol\NL formation.rar [20/03/2021 16:27:04] - |AH| - [6029312] - C:\Users\nicol\NTUSER.DAT [20/03/2021 16:27:04] - |ASH| - [1761280] - C:\Users\nicol\ntuser.dat.LOG1 [20/03/2021 16:27:04] - |ASH| - [1048576] - C:\Users\nicol\ntuser.dat.LOG2 [20/03/2021 16:27:04] - |ASH| - [65536] - C:\Users\nicol\NTUSER.DAT{8a645227-8990-11eb-a0ad-d543ec7f8370}.TM.blf [20/03/2021 16:27:04] - |ASH| - [524288] - C:\Users\nicol\NTUSER.DAT{8a645227-8990-11eb-a0ad-d543ec7f8370}.TMContainer00000000000000000001.regtrans-ms [20/03/2021 16:27:04] - |ASH| - [524288] - C:\Users\nicol\NTUSER.DAT{8a645227-8990-11eb-a0ad-d543ec7f8370}.TMContainer00000000000000000002.regtrans-ms [20/03/2021 16:34:39] - |SH| - [20] - C:\Users\nicol\ntuser.ini [14/09/2020 20:33:55] - |RAD| - [191872953] - C:\Users\nicol\OneDrive [14/09/2020 20:07:39] - |D| - [520] - C:\Users\nicol\Pictures [29/10/2020 16:13:54] - |A| - [39415620] - C:\Users\nicol\rachel services.rar [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Recent [14/09/2020 20:07:39] - |RD| - [282] - C:\Users\nicol\Saved Games [19/03/2021 01:18:08] - |RD| - [1879] - C:\Users\nicol\Searches [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\SendTo [17/12/2020 01:07:23] - |D| - [0] - C:\Users\nicol\source [14/09/2020 20:07:39] - |RD| - [4607874] - C:\Users\nicol\Videos [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Voisinage d'impression [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\Voisinage réseau [27/09/2021 14:09:04] - |A| - [3614] - C:\Users\nicol\wp-config.php [20/03/2021 16:27:04] - |D| - [2698237391] - C:\Users\nicol\AppData\Local [14/09/2020 20:07:40] - |D| - [103742675] - C:\Users\nicol\AppData\LocalLow [20/03/2021 16:27:04] - |D| - [1241281512] - C:\Users\nicol\AppData\Roaming [15/12/2021 21:05:46] - |D| - [798] - C:\Users\nicol\AppData\Local\Adaware [19/03/2021 04:28:37] - |D| - [4475166] - C:\Users\nicol\AppData\Local\Adobe [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\AppData\Local\Application Data [16/12/2021 07:19:07] - |D| - [0] - C:\Users\nicol\AppData\Local\audacity [13/09/2021 07:54:10] - |D| - [383820] - C:\Users\nicol\AppData\Local\Barco [15/12/2021 21:07:15] - |D| - [117317] - C:\Users\nicol\AppData\Local\BitTorrentHelper [30/03/2021 13:56:37] - |D| - [0] - C:\Users\nicol\AppData\Local\CEF [19/03/2021 01:23:05] - |D| - [26435732] - C:\Users\nicol\AppData\Local\Comms [19/03/2021 01:18:00] - |D| - [3402240] - C:\Users\nicol\AppData\Local\ConnectedDevicesPlatform [04/07/2021 20:35:09] - |D| - [384458209] - C:\Users\nicol\AppData\Local\CrashDumps [08/09/2021 15:26:18] - |D| - [268560] - C:\Users\nicol\AppData\Local\D3DSCache [06/08/2021 15:53:45] - |A| - [3584] - C:\Users\nicol\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [25/01/2022 18:47:47] - |D| - [74151984] - C:\Users\nicol\AppData\Local\dev-kinsta-updater [02/04/2021 19:30:20] - |D| - [603503] - C:\Users\nicol\AppData\Local\Disruptive Innovations SARL [25/01/2022 18:50:14] - |D| - [506756] - C:\Users\nicol\AppData\Local\Docker [19/04/2021 21:21:37] - |D| - [0] - C:\Users\nicol\AppData\Local\ElevatedDiagnostics [03/06/2021 14:39:36] - |D| - [26598] - C:\Users\nicol\AppData\Local\FileZilla [22/03/2021 08:39:25] - |D| - [249389035] - C:\Users\nicol\AppData\Local\Google [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\AppData\Local\Historique [20/03/2021 23:17:23] - |AH| - [128735] - C:\Users\nicol\AppData\Local\IconCache.db [05/01/2022 22:08:12] - |D| - [471] - C:\Users\nicol\AppData\Local\iMobie_Inc [19/03/2021 01:18:04] - |D| - [1343175] - C:\Users\nicol\AppData\Local\Intel [15/12/2021 21:08:04] - |D| - [15605] - C:\Users\nicol\AppData\Local\Lavasoft [05/04/2021 18:21:48] - |D| - [631208368] - C:\Users\nicol\AppData\Local\local-updater [02/02/2022 00:35:38] - |D| - [2970072] - C:\Users\nicol\AppData\Local\mbam [20/03/2021 16:27:04] - |D| - [597024278] - C:\Users\nicol\AppData\Local\Microsoft [19/03/2021 03:52:37] - |D| - [218584] - C:\Users\nicol\AppData\Local\Microsoft Help [02/04/2021 19:38:41] - |D| - [85842251] - C:\Users\nicol\AppData\Local\mobirise-updater [02/04/2021 19:38:58] - |D| - [1492824] - C:\Users\nicol\AppData\Local\Mobirise.com [19/03/2021 01:24:21] - |D| - [105698273] - C:\Users\nicol\AppData\Local\Mozilla [05/08/2021 20:28:50] - |D| - [56044] - C:\Users\nicol\AppData\Local\OneDrive [03/05/2021 20:38:15] - |A| - [615] - C:\Users\nicol\AppData\Local\oobelibMkey.log [02/02/2022 14:03:23] - |D| - [8064119] - C:\Users\nicol\AppData\Local\Opera Software [19/03/2021 01:18:06] - |D| - [206200895] - C:\Users\nicol\AppData\Local\Packages [19/03/2021 01:27:29] - |D| - [22466] - C:\Users\nicol\AppData\Local\PlaceholderTileLogoFolder [20/03/2021 15:15:41] - |D| - [260411542] - C:\Users\nicol\AppData\Local\Programs [19/03/2021 01:18:39] - |D| - [2541390] - C:\Users\nicol\AppData\Local\Publishers [19/03/2021 03:30:30] - |D| - [225280] - C:\Users\nicol\AppData\Local\SoftGrid Client [31/08/2021 13:13:01] - |D| - [1199996] - C:\Users\nicol\AppData\Local\SolidDocuments [02/04/2021 18:20:53] - |D| - [4954359] - C:\Users\nicol\AppData\Local\Sublime Text 3 [20/03/2021 16:27:04] - |D| - [44394665] - C:\Users\nicol\AppData\Local\Temp [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\AppData\Local\Temporary Internet Files [19/03/2021 02:41:04] - |D| - [0] - C:\Users\nicol\AppData\Local\TwelfthBaldachinedfSetup [19/03/2021 01:18:06] - |D| - [0] - C:\Users\nicol\AppData\Local\VirtualStore [29/09/2021 08:29:56] - |D| - [82] - C:\Users\nicol\AppData\Local\Wondershare [16/09/2020 09:47:53] - |D| - [97546223] - C:\Users\nicol\AppData\LocalLow\Adobe [28/09/2020 09:28:11] - |D| - [5009446] - C:\Users\nicol\AppData\LocalLow\Intel [14/09/2020 20:18:04] - |SD| - [1187006] - C:\Users\nicol\AppData\LocalLow\Microsoft [14/09/2020 21:05:26] - |D| - [0] - C:\Users\nicol\AppData\LocalLow\Mozilla [19/12/2020 20:33:37] - |D| - [0] - C:\Users\nicol\AppData\LocalLow\Temp [19/03/2021 01:18:07] - |D| - [7561966] - C:\Users\nicol\AppData\Roaming\Adobe [16/12/2021 07:19:07] - |D| - [50919] - C:\Users\nicol\AppData\Roaming\audacity [05/08/2021 19:38:34] - |D| - [0] - C:\Users\nicol\AppData\Roaming\Blueberry [24/09/2021 08:05:23] - |D| - [36968] - C:\Users\nicol\AppData\Roaming\com.lunii.luniistore.loader.MainApp [25/01/2022 18:47:50] - |D| - [578284] - C:\Users\nicol\AppData\Roaming\DevKinsta [02/04/2021 19:30:20] - |D| - [17556761] - C:\Users\nicol\AppData\Roaming\Disruptive Innovations SARL [25/01/2022 18:50:17] - |D| - [321227] - C:\Users\nicol\AppData\Roaming\Docker [25/01/2022 19:16:00] - |D| - [1137896] - C:\Users\nicol\AppData\Roaming\Docker Desktop [05/08/2021 19:32:10] - |D| - [608] - C:\Users\nicol\AppData\Roaming\DVDVideoSoft [03/06/2021 14:39:36] - |D| - [341142] - C:\Users\nicol\AppData\Roaming\FileZilla [19/03/2021 05:45:21] - |D| - [126] - C:\Users\nicol\AppData\Roaming\FileZilla Server [05/01/2022 22:08:10] - |D| - [33145] - C:\Users\nicol\AppData\Roaming\iMobie [15/12/2021 21:07:53] - |D| - [143030] - C:\Users\nicol\AppData\Roaming\Lavasoft [05/04/2021 18:22:16] - |D| - [836934214] - C:\Users\nicol\AppData\Roaming\Local [23/09/2021 15:16:46] - |D| - [70722280] - C:\Users\nicol\AppData\Roaming\Luniitheque [20/03/2021 16:27:04] - |SD| - [73123239] - C:\Users\nicol\AppData\Roaming\Microsoft [02/04/2021 19:38:46] - |D| - [26987897] - C:\Users\nicol\AppData\Roaming\Mobirise [23/03/2021 19:08:47] - |D| - [550] - C:\Users\nicol\AppData\Roaming\Monect [19/03/2021 01:24:21] - |D| - [115013129] - C:\Users\nicol\AppData\Roaming\Mozilla [27/09/2021 12:55:36] - |D| - [87146] - C:\Users\nicol\AppData\Roaming\MySQL [05/04/2021 18:01:39] - |D| - [1598195] - C:\Users\nicol\AppData\Roaming\Nvu [02/02/2022 14:02:24] - |D| - [7694853] - C:\Users\nicol\AppData\Roaming\Opera Software [27/09/2021 12:55:33] - |D| - [3476] - C:\Users\nicol\AppData\Roaming\Oracle [19/03/2021 02:20:01] - |D| - [77] - C:\Users\nicol\AppData\Roaming\Skype [19/03/2021 03:30:29] - |D| - [744332] - C:\Users\nicol\AppData\Roaming\SoftGrid Client [02/04/2021 18:20:53] - |D| - [481926] - C:\Users\nicol\AppData\Roaming\Sublime Text 3 [19/03/2021 03:24:38] - |D| - [0] - C:\Users\nicol\AppData\Roaming\TP [19/03/2021 02:40:51] - |D| - [0] - C:\Users\nicol\AppData\Roaming\TwelfthBaldachin [23/03/2021 19:22:50] - |D| - [0] - C:\Users\nicol\AppData\Roaming\Unified Remote [19/03/2021 01:50:49] - |D| - [12] - C:\Users\nicol\AppData\Roaming\WinRAR [29/09/2021 08:29:42] - |D| - [1731864] - C:\Users\nicol\AppData\Roaming\Wondershare [22/03/2021 13:49:12] - |D| - [78396250] - C:\Users\nicol\AppData\Roaming\Zoom [14/09/2020 20:29:42] - |SH| - [174] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [20/03/2021 16:27:04] - |SHD| - [0] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [14/09/2020 20:07:39] - |RD| - [35835] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [20/03/2021 16:27:04] - |RD| - [3888] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [20/03/2021 16:27:04] - |RD| - [1682] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [14/09/2020 20:29:42] - |RD| - [174] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [15/12/2021 21:06:49] - |A| - [1887] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk [20/03/2021 16:27:04] - |SH| - [264] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [14/09/2020 21:10:57] - |D| - [2369] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft [20/03/2021 16:27:04] - |D| - [170] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2022 14:03:10] - |A| - [1407] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk [20/03/2021 16:27:04] - |A| - [2425] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [14/09/2020 20:29:42] - |RD| - [174] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [20/03/2021 16:27:04] - |RD| - [4913] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [20/03/2021 16:27:04] - |D| - [7844] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [15/09/2020 08:50:43] - |D| - [4593] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [11/11/2020 13:28:04] - |D| - [4045] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom [14/09/2020 20:29:42] - |SH| - [174] - C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [28/06/2020 18:04:29] - |RHD| - [182844] - C:\Users\Public\AccountPictures [19/03/2019 05:52:44] - |HD| - [10212] - C:\Users\Public\Desktop [07/12/2019 10:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini [19/03/2019 05:52:44] - |RD| - [321081929] - C:\Users\Public\Documents [19/03/2019 05:52:44] - |RD| - [174] - C:\Users\Public\Downloads [07/12/2019 10:14:52] - |RHD| - [1135] - C:\Users\Public\Libraries [19/03/2019 05:52:44] - |RD| - [380] - C:\Users\Public\Music [19/03/2019 05:52:44] - |RD| - [380] - C:\Users\Public\Pictures [05/01/2022 22:07:20] - |D| - [30779] - C:\Users\Public\Thunder Network [19/03/2019 05:52:44] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [19/03/2021 05:07:40] - |D| - [723876] - C:\ProgramData\Adobe [30/03/2021 13:50:43] - |D| - [4862464] - C:\ProgramData\Apple [20/03/2021 16:34:24] - |SHD| - [0] - C:\ProgramData\Application Data [15/12/2021 21:08:33] - |D| - [2082550] - C:\ProgramData\Avast Software [13/09/2021 08:02:05] - |D| - [2897690] - C:\ProgramData\Barco [05/08/2021 19:38:51] - |D| - [64] - C:\ProgramData\Blueberry [19/03/2021 01:09:05] - |SHD| - [0] - C:\ProgramData\Bureau [20/03/2021 21:26:19] - |HD| - [35603388] - C:\ProgramData\CanonBJ [19/03/2021 01:54:16] - |D| - [114613144] - C:\ProgramData\Ciel [05/08/2021 19:32:58] - |D| - [0] - C:\ProgramData\DigitalWave.ApplicationUpdater_files [25/01/2022 18:54:33] - |D| - [0] - C:\ProgramData\DockerDesktop [20/03/2021 16:34:24] - |SHD| - [0] - C:\ProgramData\Documents [28/06/2020 18:35:31] - |D| - [55128] - C:\ProgramData\Intel [19/04/2021 20:07:46] - |D| - [192850564] - C:\ProgramData\KONICA MINOLTA [15/12/2021 21:06:53] - |D| - [3722851] - C:\ProgramData\Lavasoft [22/07/2021 22:54:14] - |D| - [6341] - C:\ProgramData\LogbookFactory [05/08/2021 19:38:34] - |D| - [4377] - C:\ProgramData\LogSys [02/02/2022 00:33:10] - |D| - [198143189] - C:\ProgramData\Malwarebytes [19/03/2021 01:09:05] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [07/12/2019 10:14:52] - |SD| - [1545016700] - C:\ProgramData\Microsoft [19/03/2021 03:52:34] - |D| - [16632] - C:\ProgramData\Microsoft Help [20/03/2021 16:36:52] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [19/03/2021 01:09:05] - |SHD| - [0] - C:\ProgramData\Modèles [19/03/2021 01:24:19] - |D| - [7680165] - C:\ProgramData\Mozilla [27/09/2021 12:53:47] - |D| - [126632582] - C:\ProgramData\MySQL [23/09/2021 15:16:45] - |D| - [52] - C:\ProgramData\Oracle [23/03/2021 19:08:08] - |D| - [43925670] - C:\ProgramData\Package Cache [19/03/2021 01:18:30] - |D| - [94208] - C:\ProgramData\Packages [03/05/2021 20:38:53] - |D| - [1698] - C:\ProgramData\regid.1986-12.com.adobe [07/12/2019 10:14:52] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [07/12/2019 10:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution [20/03/2021 16:18:31] - |D| - [0] - C:\ProgramData\ssh [05/01/2022 22:07:20] - |D| - [189] - C:\ProgramData\Thunder Network [23/03/2021 19:22:50] - |D| - [7558080] - C:\ProgramData\Unified Remote [07/12/2019 10:14:52] - |D| - [12058624] - C:\ProgramData\USOPrivate [07/12/2019 10:14:52] - |D| - [14974976] - C:\ProgramData\USOShared [07/12/2019 15:53:03] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [28/06/2020 19:06:29] - |D| - [1206] - C:\ProgramData\Microsoft\Windows\Start Menu\Acer [07/12/2019 10:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [23/09/2021 15:14:22] - |A| - [887] - C:\ProgramData\Microsoft\Windows\Start Menu\Luniistore.lnk [15/09/2020 01:59:56] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [07/12/2019 10:14:52] - |RD| - [135857] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [07/12/2019 10:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [07/12/2019 10:14:52] - |RD| - [14467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [28/06/2020 18:53:49] - |D| - [2364] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [07/12/2019 10:14:52] - |RD| - [22956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [21/07/2021 11:19:34] - |A| - [2118] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk [21/07/2021 11:19:34] - |A| - [2107] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk [11/03/2021 14:55:49] - |A| - [735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk [16/12/2021 07:19:01] - |A| - [869] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [28/06/2020 19:06:22] - |A| - [190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.url [02/02/2022 00:33:36] - |D| - [967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [14/09/2020 20:36:43] - |D| - [2123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ciel [07/12/2019 10:14:54] - |SH| - [522] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [12/10/2020 18:19:38] - |D| - [2021] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [19/03/2021 01:24:19] - |A| - [1009] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [22/03/2021 08:40:12] - |A| - [2249] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [07/12/2019 10:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [05/01/2022 22:08:08] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie [20/04/2021 20:33:17] - |D| - [4039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONICA MINOLTA [17/11/2020 08:57:08] - |D| - [3174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters [15/12/2021 21:08:08] - |D| - [2491] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [03/01/2022 09:16:39] - |A| - [2107] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Local.lnk [07/12/2019 10:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [02/02/2022 00:34:48] - |A| - [2037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk [19/03/2021 00:59:47] - |A| - [2446] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [15/09/2020 08:56:25] - |D| - [41592] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [17/12/2020 09:23:01] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [27/10/2021 08:44:27] - |A| - [1150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk [19/03/2021 03:56:27] - |D| - [2832] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [07/12/2019 10:14:52] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [02/04/2021 20:55:33] - |A| - [931] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk [07/12/2019 10:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [23/03/2021 19:22:58] - |D| - [2512] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3 [15/09/2020 17:07:20] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [17/12/2020 00:57:57] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019 [07/12/2019 15:52:28] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [15/09/2020 08:50:43] - |D| - [4521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [13/03/2021 22:50:15] - |D| - [2763] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/12/2019 10:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [19/03/2021 05:08:10] - |D| - [1849762325] - C:\Program Files (x86)\Adobe [30/03/2021 13:50:43] - |D| - [617225] - C:\Program Files (x86)\Bonjour [19/03/2021 02:18:57] - |D| - [119477266] - C:\Program Files (x86)\Ciel [07/12/2019 10:14:52] - |D| - [734858793] - C:\Program Files (x86)\Common Files [07/12/2019 10:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [05/08/2021 19:32:28] - |D| - [20641460] - C:\Program Files (x86)\FreeCodecPack [22/03/2021 08:39:31] - |D| - [16706872] - C:\Program Files (x86)\Google [05/01/2022 22:07:18] - |D| - [0] - C:\Program Files (x86)\iMobie [07/12/2019 10:14:52] - |D| - [2002779] - C:\Program Files (x86)\Internet Explorer [15/12/2021 21:07:05] - |D| - [69694952] - C:\Program Files (x86)\Lavasoft [25/01/2022 18:28:46] - |D| - [2094568290] - C:\Program Files (x86)\Local [19/03/2021 00:59:31] - |D| - [915017631] - C:\Program Files (x86)\Microsoft [19/03/2021 03:52:44] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services [19/03/2021 03:52:36] - |D| - [29628276] - C:\Program Files (x86)\Microsoft Office [19/03/2021 03:53:18] - |D| - [1378033] - C:\Program Files (x86)\Microsoft Visual Studio 8 [07/12/2019 10:14:52] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [19/03/2021 01:24:19] - |D| - [379271] - C:\Program Files (x86)\Mozilla Maintenance Service [20/03/2021 16:00:24] - |D| - [26521] - C:\Program Files (x86)\MSBuild [15/04/2021 12:43:00] - |D| - [3462285] - C:\Program Files (x86)\MSECache [05/04/2021 18:01:34] - |D| - [17618575] - C:\Program Files (x86)\Nvu [20/03/2021 16:00:24] - |D| - [38479105] - C:\Program Files (x86)\Reference Assemblies [23/03/2021 19:22:50] - |D| - [12647184] - C:\Program Files (x86)\Unified Remote 3 [07/12/2019 10:14:52] - |D| - [1823008] - C:\Program Files (x86)\Windows Defender [07/12/2019 10:14:52] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [07/12/2019 15:53:03] - |D| - [3237741] - C:\Program Files (x86)\Windows Media Player [07/12/2019 15:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform [07/12/2019 10:14:52] - |D| - [6058840] - C:\Program Files (x86)\Windows NT [07/12/2019 15:53:03] - |D| - [5261760] - C:\Program Files (x86)\Windows Photo Viewer [07/12/2019 15:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices [07/12/2019 10:14:52] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [07/12/2019 10:14:52] - |D| - [2250695] - C:\Program Files (x86)\WindowsPowerShell [29/09/2021 08:29:40] - |D| - [7614578] - C:\Program Files (x86)\Wondershare ---------- | C:\Program Files [16/12/2021 07:18:48] - |D| - [92375607] - C:\Program Files\Audacity [30/03/2021 13:50:43] - |D| - [196001] - C:\Program Files\Bonjour [02/02/2022 00:33:32] - |D| - [82053592] - C:\Program Files\CCleaner [07/12/2019 10:14:52] - |D| - [268037279] - C:\Program Files\Common Files [07/12/2019 10:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini [23/09/2021 15:14:32] - |D| - [1040384] - C:\Program Files\DIFX [25/01/2022 18:50:46] - |D| - [86891672] - C:\Program Files\Docker [19/03/2021 01:09:05] - |SHD| - [0] - C:\Program Files\Fichiers communs [19/03/2021 05:46:31] - |D| - [42548277] - C:\Program Files\FileZilla FTP Client [22/03/2021 08:40:03] - |D| - [543841831] - C:\Program Files\Google [07/12/2019 10:14:52] - |D| - [2684798] - C:\Program Files\Internet Explorer [20/04/2021 20:33:17] - |D| - [3475313] - C:\Program Files\KONICA MINOLTA [23/09/2021 15:14:12] - |D| - [213063938] - C:\Program Files\Luniistore [02/02/2022 00:33:04] - |D| - [249000365] - C:\Program Files\Malwarebytes [19/03/2021 03:52:44] - |D| - [66182091] - C:\Program Files\Microsoft Analysis Services [28/06/2020 18:59:33] - |D| - [1145439943] - C:\Program Files\Microsoft Office [19/03/2021 03:55:20] - |D| - [2966976] - C:\Program Files\Microsoft SQL Server Compact Edition [19/03/2021 03:55:20] - |D| - [1014647] - C:\Program Files\Microsoft Sync Framework [19/03/2021 03:55:40] - |D| - [326800] - C:\Program Files\Microsoft Synchronization Services [19/03/2021 03:52:48] - |D| - [1961616] - C:\Program Files\Microsoft Update Health Tools [07/12/2019 10:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [30/01/2022 18:55:35] - |D| - [223014571] - C:\Program Files\Mozilla Firefox [20/03/2021 16:00:24] - |D| - [25757] - C:\Program Files\MSBuild [27/09/2021 12:54:32] - |D| - [0] - C:\Program Files\MySQL [20/03/2021 15:15:47] - |D| - [99421808] - C:\Program Files\net.downloadhelper.coapp [27/10/2021 08:44:26] - |D| - [11781242] - C:\Program Files\PCHealthCheck [20/03/2021 16:00:24] - |D| - [36883625] - C:\Program Files\Reference Assemblies [02/04/2021 17:51:32] - |D| - [36229938] - C:\Program Files\Sublime Text 3 [19/03/2021 00:57:14] - |HD| - [0] - C:\Program Files\Uninstall Information [19/03/2021 03:37:54] - |D| - [1966080] - C:\Program Files\UNP [07/12/2019 10:14:52] - |D| - [13853406] - C:\Program Files\Windows Defender [07/12/2019 10:14:52] - |D| - [639488] - C:\Program Files\Windows Mail [07/12/2019 15:53:03] - |D| - [4601233] - C:\Program Files\Windows Media Player [07/12/2019 15:53:03] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform [07/12/2019 10:14:52] - |D| - [6403928] - C:\Program Files\Windows NT [07/12/2019 15:53:03] - |D| - [6179784] - C:\Program Files\Windows Photo Viewer [07/12/2019 15:53:03] - |D| - [48528] - C:\Program Files\Windows Portable Devices [07/12/2019 10:14:52] - |D| - [112213] - C:\Program Files\Windows Security [07/12/2019 10:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 10:14:52] - |HD| - [4450822003] - C:\Program Files\WindowsApps [07/12/2019 10:14:52] - |D| - [2545983] - C:\Program Files\WindowsPowerShell [19/03/2021 01:50:25] - |D| - [8203740] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [19/03/2021 05:07:41] - |D| - [587495107] - C:\Program Files (x86)\Common Files\Adobe [05/08/2021 19:38:31] - |D| - [589824] - C:\Program Files (x86)\Common Files\Blueberry Software [19/03/2021 13:40:12] - |D| - [27096] - C:\Program Files (x86)\Common Files\Ciel [07/12/2019 10:14:52] - |D| - [129847108] - C:\Program Files (x86)\Common Files\Microsoft Shared [19/03/2021 13:40:12] - |D| - [651776] - C:\Program Files (x86)\Common Files\MSSoap [07/12/2019 10:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/12/2019 10:14:52] - |D| - [9866171] - C:\Program Files (x86)\Common Files\System [29/09/2021 08:29:54] - |D| - [6379009] - C:\Program Files (x86)\Common Files\Wondershare ---------- | C:\Program Files\Common files [22/03/2021 12:45:14] - |D| - [99992] - C:\Program Files\Common files\DESIGNER [07/12/2019 10:14:52] - |D| - [256804542] - C:\Program Files\Common files\microsoft shared [07/12/2019 10:14:52] - |D| - [2702] - C:\Program Files\Common files\Services [07/12/2019 10:14:52] - |D| - [11130043] - C:\Program Files\Common files\System ---------- | Links to files C:\oem\Amundsen2\AJ3\Acer Jumpstart.lnk -> C:\OEM\Amundsen2\AJ3\wall.exe - Status : OK C:\oem\Preload\Weblinks\Booking.com.lnk -> C:\Windows\explorer.exe - Status : OK C:\Program Files\Bonjour\À propos de Bonjour.lnk -> C:\Program Files (x86)\Bonjour\Bonjour.Resources\fr.lproj\About Bonjour.rtf - Status : OK C:\Program Files (x86)\Bonjour\À propos de Bonjour.lnk -> C:\Program Files (x86)\Bonjour\Bonjour.Resources\fr.lproj\About Bonjour.rtf - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Acer\Acer Jumpstart.lnk -> C:\OEM\Amundsen2\AJ3\wall.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Luniistore.lnk -> C:\Program Files\Luniistore\Luniistore.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\system32\SnippingTool.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\WINDOWS\system32\psr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer documents.lnk -> C:\OEM\Preload\Autorun\GUI\Acer User's Manual\00 - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\comexp.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\WINDOWS\system32\dfrgui.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\system32\iscsicpl.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\system32\MdSched.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\syswow64\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\system32\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\WINDOWS\system32\perfmon.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\WINDOWS\system32\RecoveryDrive.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\WINDOWS\regedit.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\WINDOWS\system32\perfmon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\system32\services.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\system32\msconfig.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\WINDOWS\system32\msinfo32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\system32\taskschd.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\system32\WF.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrodist.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files\Audacity\Audacity.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ciel\Auto-entrepreneur Premium\Ciel Auto-entrepreneur Premium.lnk -> C:\Program Files (x86)\Ciel\Professionnel indépendant\WPI.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files\FileZilla FTP Client\filezilla.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files\FileZilla FTP Client\uninstall.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\WINDOWS\System32\Control.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONICA MINOLTA\C750i_C650i_C360i_C287i_C286i_C4050i_C4000i_C3320iSeries\Désinstaller Driver Imprimante.lnk -> C:\Program Files\KONICA MINOLTA\PrinterDrivers\BHC750i_BHC650i_BHC360i_BHC287i_BHC286i_BHC4050i_BHC4000i_BHC3320i\Setup64.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KONICA MINOLTA\C750i_C650i_C360i_C287i_C286i_C4050i_C4000i_C3320iSeries\Lisez-moi.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Audio Configuration.lnk -> C:\Windows\system32\rundll32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Splitter Configuration.lnk -> C:\Windows\system32\rundll32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters\LAV Video Configuration.lnk -> C:\Windows\system32\rundll32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Local.lnk -> C:\Program Files (x86)\Local\Local.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\accicons.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\inficon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\joticon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outils Microsoft Office 2010\Bibliothèque multimédia Microsoft.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\cagicon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outils Microsoft Office 2010\Certificat numérique pour les projets VBA.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outils Microsoft Office 2010\Microsoft Office 2010 Centre de téléchargement.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\msouc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outils Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Outils Microsoft Office 2010\Préférences de langue de Microsoft Office 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\misc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\grvicons.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk -> C:\Program Files\Sublime Text 3\sublime_text.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Uninstall Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\unins000.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Aide de WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuel de la console RAR.lnk -> C:\Program Files\WinRAR\Rar.txt - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Quelles sont les nouveautés de la dernière version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\PDFPasswordRemover\Désinstaller PDF Password Remover.lnk -> C:\Program Files (x86)\Wondershare\PDFPasswordRemover\unins000.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare\PDFPasswordRemover\PDF Password Remover.lnk -> C:\Program Files (x86)\Wondershare\PDFPasswordRemover\PDFPasswordRemover.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Users\nicol\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Navigateur Opera.lnk -> C:\Users\nicol\AppData\Local\Programs\Opera\launcher.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\0001.LNK -> C:\Users\nicol\Desktop\0001.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\0003333.LNK -> C:\Users\nicol\Desktop\0003333.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\A5-flyer-recto-auxilome.LNK -> C:\Users\nicol\Desktop\A5-flyer-recto-auxilome.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\archives 2021.LNK -> C:\Users\nicol\Desktop\NL formation\entreprise\archives 2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\Bureau.LNK -> C:\Users\nicol\Desktop - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\cas_concret_1_saignement_cuisse-1.LNK -> C:\Users\nicol\Desktop\NL formation\formation\cas concret\cas_concret_1_saignement_cuisse-1.doc - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\Composition2.LNK -> D:\Composition2.pub - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\Courrier d_inte´gration re´seau STOPORISK + Annexes.LNK -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\STOPORISK\Courrier d_inte´gration re´seau STOPORISK + Annexes.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\cours H0B0 n.LNK -> C:\Users\nicol\Desktop\NL formation\formation\cours H0B0 n.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\cours MAC SST.LNK -> C:\Users\nicol\Desktop\NL formation\formation\cours MAC SST.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\partage de compte nico.LNK -> C:\Users\nicol\Desktop\NL formation\entreprise\partage de compte nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Office\Recent\tableau de bord nico.LNK -> C:\Users\nicol\Desktop\NL formation\entreprise\tableau de bord nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\(3) Facebook.lnk -> C:\Users\nicol\Desktop\(3) Facebook.htm - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\.htaccess.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public\.htaccess - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\0001.lnk -> C:\Users\nicol\Desktop\0001.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\0003333.lnk -> C:\Users\nicol\Desktop\0003333.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\12-DECEMBRE.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\E2mb Formation\12-DECEMBRE - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\144856881_117761090239550_7710731212029873157_n.lnk -> C:\Users\nicol\Desktop\144856881_117761090239550_7710731212029873157_n.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\144994055_257116119105609_3952892119991602736_n.lnk -> C:\Users\nicol\Desktop\144994055_257116119105609_3952892119991602736_n.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\1613213769150.lnk -> C:\Users\nicol\Desktop\1613213769150.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\163d63490eb03c04701c7091b62c775b.lnk -> C:\Users\nicol\Desktop\163d63490eb03c04701c7091b62c775b.gif - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\17242851_178336832672635_1913253719567237120_n.lnk -> C:\Users\nicol\Desktop\17242851_178336832672635_1913253719567237120_n.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\1er trimestre 2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\Déclaration CA + attestation vigilance\1er trimestre 2021.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\2022.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\20220125_085c852eb72c0dd04649_20220125125658_archive.lnk -> C:\Users\nicol\Desktop\20220125_085c852eb72c0dd04649_20220125125658_archive.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\23°) Avengers Endgame.lnk -> C:\Users\nicol\Desktop\perso\Marvel\23°) Avengers Endgame.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\514-5147697_printable-harry-potter-9-3-4-hd-png.lnk -> C:\Users\nicol\Desktop\514-5147697_printable-harry-potter-9-3-4-hd-png.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\554.lnk -> C:\Users\nicol\Desktop\554.gif - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\A.I.P.R. Réf. 29152.lnk -> C:\Users\nicol\Desktop\A.I.P.R. Réf. 29152.htm - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\A5-flyer-recto-auxilome.lnk -> C:\Users\nicol\Desktop\A5-flyer-recto-auxilome.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\admin.lnk -> C:\Users\nicol\Desktop\site auxilome\wp-admin\admin.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\AIPR.lnk -> C:\Users\nicol\Desktop\AIPR.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Applications supprimées.lnk -> C:\Users\nicol\Desktop\Applications supprimées.html - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\archives 2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\archives 2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Archives.lnk -> C:\Users\nicol\Desktop\Rachel Services\Archives.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\archives2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\archives2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\autorisation (2).lnk -> C:\Users\nicol\Desktop\autorisation.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxil1806401.json.lnk -> C:\Users\nicol\Desktop\auxil1806401.json - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxil1806401.lnk -> C:\Users\nicol\Desktop\auxil1806401.xml - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxil1806401.sql (2).lnk -> C:\Users\nicol\Downloads\auxil1806401.sql.gz - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxil1806401.sql.lnk -> C:\Users\nicol\Desktop\auxil1806401.sql - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxil1806401.xmr.lnk -> C:\Users\nicol\Desktop\auxil1806401.xmr.xml - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxilome.lnk -> C:\Users\nicol\Desktop\auxilome - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\auxilomefr_177152af766b23175521_20220124102620_archive.lnk -> C:\Users\nicol\Desktop\auxilomefr_177152af766b23175521_20220124102620_archive.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Bureau.lnk -> C:\Users\nicol\Desktop - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\carte formateur.lnk -> C:\Users\nicol\Downloads\carte formateur.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\cass.lnk -> D:\cass.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Centre Réseau et partage.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\CGV (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Gafpsi\CGV.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\CGV.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\SAVPRO FORMATION\CGV - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Chants de fin d'année.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Clean_DNS_02_02_2022_14.13.32.lnk -> C:\Users\nicol\Desktop\Clean_DNS_02_02_2022_14.13.32.txt - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Clean_DNS_02_02_2022_14.34.44.lnk -> C:\Users\nicol\Desktop\Clean_DNS_02_02_2022_14.34.44.txt - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\clients.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Conditions Générales de Ventes SAVPRO FORMATION.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\SAVPRO FORMATION\CGV\Conditions Générales de Ventes SAVPRO FORMATION.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\contrat + charte.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\SAVPRO FORMATION\contrat + charte - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance H0B0 12-03-21 16h30.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\MARS 2021\Contrat de sous traitance H0B0 12-03-21 16h30.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance H0B0 12-03-21 9h.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\MARS 2021\Contrat de sous traitance H0B0 12-03-21 9h.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance H0B0 18-03-21.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\MARS 2021\Contrat de sous traitance H0B0 18-03-21.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance H0B0- [formateur] (1)(1).lnk -> C:\Users\nicol\Downloads\Contrat de sous traitance H0B0- [formateur] (1)(1).pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat de sous traitance.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat_de_sous_traitance_H0B0-.lnk -> C:\Users\nicol\Downloads\Contrat_de_sous_traitance_H0B0-.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Contrat_de_sous_traitance_H0B0-1803_à_9h.lnk -> C:\Users\nicol\Downloads\Contrat_de_sous_traitance_H0B0-1803_à_9h.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\cours H0B0 n (2).lnk -> C:\Users\nicol\Desktop\NL formation\formation\cours H0B0 n.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\cours H0B0 n.lnk -> C:\Users\nicol\Desktop\NL formation\formation\cours H0B0 n.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\cours MAC SST.lnk -> C:\Users\nicol\Desktop\NL formation\formation\cours MAC SST.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\D.lnk -> D:\ - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\devis.lnk -> C:\Users\nicol\Desktop\image site\devis.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\devis1 (2).lnk -> C:\Users\nicol\Desktop\image site\devis1.svg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\devis1.lnk -> C:\Users\nicol\Desktop\image site\devis1.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\directories.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public\wp-content\plugins\elementor\core\app\modules\import-export\directories - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Doc1.lnk -> C:\Users\nicol\Desktop\Doc1.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\dwhelper (3).lnk -> C:\Users\nicol\dwhelper - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\dwhelper.lnk -> C:\Users\nicol\dwhelper - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Déclaration CA + attestation vigilance (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\Déclaration CA + attestation vigilance - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Déclaration CA + attestation vigilance (3).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\Déclaration CA + attestation vigilance - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Déclaration CA + attestation vigilance.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\Déclaration CA + attestation vigilance - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\déclaration de CA_T4_2021.lnk -> C:\Users\nicol\Downloads\déclaration de CA_T4_2021.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Ecome.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Ecome - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\entreprise (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\entreprise (3).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\entreprise (4).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\entreprise (5).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\entreprise.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\explications logo SAP.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture 2- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture 2- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Le Bouillonnec - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Le Bouillonnec - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Le Bouillonnec - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Le Bouillonnec - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture MAC SST Colombes 28-01-2022 - CL0010 Ecome.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Ecome\Facture MAC SST Colombes 28-01-2022 - CL0010 Ecome.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Gomes Fernandes Mme Petrez Mr Toupet Mr Chaduiron- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mme Gomes Fernandes Mme Petrez Mr Toupet Mr Chaduiron- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Gomes Fernandes Mme Petrez Mr Toupet Mr Chaduiron- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mme Gomes Fernandes Mme Petrez Mr Toupet Mr Chaduiron- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Guillot Mme Coloma Mr Tordo Mr Garcia - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2021\Facture Mme Guillot Mme Coloma Mr Tordo Mr Garcia - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Guillot Mme Coloma Mr Tordo Mr Garcia- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2021\Facture Mme Guillot Mme Coloma Mr Tordo Mr Garcia- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Touré Mr Toussaint- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mme Touré Mr Toussaint- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Touré Mr Toussaint- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mme Touré Mr Toussaint- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Vega Alvarez - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2022\Facture Mme Vega Alvarez - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mme Vega Alvarez - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2022\Facture Mme Vega Alvarez - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Coulibaly Mr Lantonnet Mr Konaré Mr Grosseuvre- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Coulibaly Mr Lantonnet Mr Konaré Mr Grosseuvre- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Coulibaly Mr Lantonnet Mr Konaré- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Coulibaly Mr Lantonnet Mr Konaré- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Defer Jeremy, Mr Defer Christopher, Mr Leclercq - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Defer Jeremy, Mr Defer Christopher, Mr Leclercq - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Diarra et Mr Kirchhoff - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Diarra et Mr Kirchhoff - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Diarra et Mr Kirchhoff - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Diarra et Mr Kirchhoff - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Djeaid et Mr Bouri- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Djeaid et Mr Bouri- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Djeaid et Mr Bouri- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Djeaid et Mr Bouri- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ebanda Mr Diallo - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Ebanda Mr Diallo - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Gosset Mr Boudjema Mr Duplan Mr Teychenne - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Gosset Mr Boudjema Mr Duplan Mr Teychenne - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Hauser Mr Fall- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Hauser Mr Fall- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Hauser Mr Fall- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Hauser Mr Fall- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Henny Mr Scionico - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Henny Mr Scionico - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Joron et Mr Belkhiri - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2021\Facture Mr Joron et Mr Belkhiri - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Joron et Mr Belkhiri - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2021\Facture Mr Joron et Mr Belkhiri - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Kelkoul et Mr Orlandi- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Kelkoul et Mr Orlandi- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Kelkoul et Mr Orlandi- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Kelkoul et Mr Orlandi- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr khalbous et Mr Tabor - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr khalbous et Mr Tabor - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ledain et Mr Afonso- CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Ledain et Mr Afonso- CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ledain et Mr Afonso- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Ledain et Mr Afonso- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Macron Mr Braban Mr Nzaiem - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Macron Mr Braban Mr Nzaiem - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Macron Mr Braban Mr Nzaiem - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Macron Mr Braban Mr Nzaiem - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Marchese - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Marchese - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Martin Mr Queralt Mr Ehanno - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Martin Mr Queralt Mr Ehanno - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Martin Mr Queralt Mr Ehanno- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Martin Mr Queralt Mr Ehanno- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ndiaye et Mr Boudjema - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Ndiaye et Mr Boudjema - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Perrinaud Mr Mulcey- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Perrinaud Mr Mulcey- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ragogna et Mr Abd El Hay- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2021\Facture Mr Ragogna et Mr Abd El Hay- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ragé - CL0004 Marmelade S.A (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Ragé - CL0004 Marmelade S.A.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Ragé - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022\Facture Mr Ragé - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Sitz, Mr Rollet et Mr Richard - CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Sitz, Mr Rollet et Mr Richard - CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Facture Mr Zetate- CL0004 Marmelade S.A.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\MARS 2021\Facture Mr Zetate- CL0004 Marmelade S.A - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\FACTURE.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\FACTURE - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Factures (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\SAVPRO FORMATION\Factures - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Factures (3).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Factures.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\FAQ.lnk -> D:\site internet\FAQ.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\FEVRIER 2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\FEVRIER 2022.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\FEVRIER 2022 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\FICHIERS LOGO Lisez-moi .lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Film En avant streaming vf complet.lnk -> C:\Users\nicol\Desktop\Film En avant streaming vf complet.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Film Soul streaming vf complet.lnk -> C:\Users\nicol\Desktop\Film Soul streaming vf complet.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\formation (2).lnk -> C:\Users\nicol\Desktop\NL formation\formation - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\formation (3).lnk -> C:\Users\nicol\Desktop\NL formation\formation - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Formation ssiap1.lnk -> C:\Users\nicol\Desktop\Formation ssiap1.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Formation-professionnelle-Rhône-Alpes-Alpes-Contrôles-Formation-AIPR.lnk -> C:\Users\nicol\Desktop\Formation-professionnelle-Rhône-Alpes-Alpes-Contrôles-Formation-AIPR.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\formation.lnk -> C:\Users\nicol\Desktop\NL formation\formation - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\fotolia_210813037_subscription_monthly_m-1024x589.lnk -> C:\Users\nicol\Desktop\image site\fotolia_210813037_subscription_monthly_m-1024x589.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\functions.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public\wp-content\themes\oceanwp\functions.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Février.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Février - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Gafpsi.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Gafpsi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Grille de certification MAC SST.lnk -> C:\Users\nicol\Desktop\NL formation\formation\Grille de certification MAC SST.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\GrosFichiers - Le père.lnk -> C:\Users\nicol\Downloads\GrosFichiers - Le père.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Harry Potter à l'école des sorciers - J K Rowling LIVRE AUDIO.lnk -> C:\Users\nicol\Downloads\Harry Potter à l'école des sorciers - J K Rowling LIVRE AUDIO.mp3 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\hein-hausberater-tipps.lnk -> C:\Users\nicol\Desktop\hein-hausberater-tipps.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\hosts.lnk -> C:\Windows\System32\drivers\etc\hosts - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--go.microsoft.com-fwlink-LinkID=626473.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect (4).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect (5).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect (6).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\http--www.msftconnecttest.com-redirect.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\https--go.microsoft.com-fwlink-linkid=2041153.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\https--go.microsoft.com-fwlink-LinkId=2102381.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\https___www.preventionbtp.fr_Documentation_Explorer-par-produit_Information_Dossiers-prevention_Les-travaux-a-proximite-de-reseaux_Reseaux-definition.lnk -> C:\Users\nicol\Desktop\https___www.preventionbtp.fr_Documentation_Explorer-par-produit_Information_Dossiers-prevention_Les-travaux-a-proximite-de-reseaux_Reseaux-definition.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\image site (2).lnk -> C:\Users\nicol\Desktop\image site - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\image site internet.lnk -> D:\site internet\image site internet.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\image site.lnk -> C:\Users\nicol\Desktop\image site - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Image1.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Image10.lnk -> C:\Users\nicol\Desktop\image site\Image10.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Image11.lnk -> C:\Users\nicol\Desktop\image site\Image11.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\index (2).lnk -> C:\Users\nicol\Desktop\image site\index.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\index.lnk -> C:\Users\nicol\Desktop\site auxilome\index.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Insee (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\numero de la direccte + insee+ Habilitation INRS\Insee.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Insee.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\numero de la direccte + insee\Insee.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\installer.lnk -> C:\Users\nicol\Desktop\installer.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Internet (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Internet (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Internet.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\JANVIER 2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\JANVIER 2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\JANVIER 2022.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Factures\JANVIER 2022 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Janvier.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Janvier - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Je soussigné Frédéric LAISNEY.lnk -> C:\Users\nicol\Desktop\Je soussigné Frédéric LAISNEY.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\job-postings.2.5.10.lnk -> C:\Users\nicol\Desktop\job-postings.2.5.10.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\large.Goku-Ultra-Instinct.gif.6a7f87bddc6740eb149a8380b751626f.lnk -> C:\Users\nicol\Desktop\large.Goku-Ultra-Instinct.gif.6a7f87bddc6740eb149a8380b751626f.gif - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\livret-pedagogique-marmeladeapp-H0B0 correction.lnk -> C:\Users\nicol\Desktop\livret-pedagogique-marmeladeapp-H0B0 correction.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Lohez Nicolas cv.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\tampon signature logo carte cv\Lohez Nicolas cv.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Lohez-chambord.lnk -> C:\Users\nicol\Desktop\Lohez-chambord - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Marmelade APP.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\MARS 2021.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\MARS 2021 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Mars.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\microsoft-edgehttps--www.bing.com-searchq=comment%20trouver%20ma%20cl%C3%A9%20de%20produit%20Windows&form=B00032&ocid=SettingsHAQ-BingIA&mkt=fr-FR.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\microsoft-edgehttps--www.msn.com-fr-fr-feedcvid=d7a7c9178a424dfe9a96c51be67b5c06&ocid=winp1taskbar.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\microsoft-edgelaunchContext1=Microsoft.Windows.Cortana_cw5n1h2txyewy&url=http%3A%2F%2Fwp-content%2Fplugins%2F.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Mon projet.lnk -> C:\Users\nicol\Downloads\Mon projet.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Mon projet.ss3.lnk -> C:\Users\nicol\Downloads\Mon projet.ss3 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-actioncenter---.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-availablenetworks.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--- (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay---.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (4).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (5).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (6).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (7).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (8).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck- (9).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck-.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settings-connectabledevicesdevicediscovery.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingsnetwork-ethernet.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingsnetwork.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingsnotifications.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingsprivacy-feedback-recommendedtroubleshooting.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingsproject.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingstroubleshoot.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (4).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (5).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (6).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate (7).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdate.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ms-settingswindowsupdatewinsettingshome.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NE PAS AFFACER.lnk -> C:\Users\nicol\Desktop\NL formation\formation\NE PAS AFFACER - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL formation (2).lnk -> C:\Users\nicol\Desktop\NL formation - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION (3).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 29-01-2022 18-16-29.sgbck\NL FORMATION.sgind - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 08-03-2021 11-05-11.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 08-03-2021 11-05-11.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 09-03-2021 11-03-56.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 09-03-2021 11-03-56.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 10-01-2022 09-50-32.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 10-01-2022 09-50-32.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 10-03-2021 08-47-08.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 10-03-2021 08-47-08.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 11-03-2021 11-43-31.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 11-03-2021 11-43-31.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 11-03-2021 21-17-25.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 11-03-2021 21-17-25.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 12-03-2021 11-17-27.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 12-03-2021 11-17-27.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 12-03-2021 21-16-44.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 12-03-2021 21-16-44.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 17-01-2022 01-04-46.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 17-01-2022 01-04-46.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 17-01-2022 19-58-53.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 17-01-2022 19-58-53.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 18-01-2022 19-47-18.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 18-01-2022 19-47-18.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 18-03-2021 11-01-49.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 18-03-2021 11-01-49.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 20-01-2022 16-11-00.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 20-01-2022 16-11-00.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 27-01-2022 18-26-11.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 27-01-2022 18-26-11.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 28-01-2022 15-51-18.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 28-01-2022 15-51-18.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION 29-01-2022 18-16-29.sgbck.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2022\NL FORMATION 29-01-2022 18-16-29.sgbck - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NL FORMATION.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\COMPTABILITE.sgbck\2021\Mars\NL FORMATION 18-03-2021 11-01-49.sgbck\NL FORMATION.sgind - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\NLFORMATION (D).lnk -> D:\ - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Nouveau dossier (2).lnk -> C:\Users\nicol\Desktop\Nouveau dossier (2) - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Nouveau dossier.lnk -> C:\Users\nicol\Desktop\Nouveau dossier - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\numero de la direccte + insee+ Habilitation INRS.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\numero de la direccte + insee+ Habilitation INRS - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\numero de la direccte + insee.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\numero de la direccte + insee - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ocean-extra.lnk -> C:\Users\nicol\Downloads\ocean-extra.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\oceanwp.3.1.2.lnk -> C:\Users\nicol\Downloads\oceanwp.3.1.2.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\odopen--kfmWizard-launchSource=22&accounttype=personal.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Pare-feu Windows Defender.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\partage de compte nico (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\partage de compte nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\partage de compte nico.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\partage de compte nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\perso.lnk -> C:\Users\nicol\Desktop\perso - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-alex-green-5699475.lnk -> C:\Users\nicol\Downloads\pexels-alex-green-5699475.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-karolina-grabowska-4239031.lnk -> C:\Users\nicol\Downloads\pexels-karolina-grabowska-4239031.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-karolina-grabowska-4239032.lnk -> C:\Users\nicol\Downloads\pexels-karolina-grabowska-4239032.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-karolina-grabowska-4239033.lnk -> C:\Users\nicol\Downloads\pexels-karolina-grabowska-4239033.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-karolina-grabowska-4239037.lnk -> C:\Users\nicol\Downloads\pexels-karolina-grabowska-4239037.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-karolina-grabowska-4239112.lnk -> C:\Users\nicol\Downloads\pexels-karolina-grabowska-4239112.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-photo-6585598.lnk -> C:\Users\nicol\Desktop\image site\pexels-photo-6585598.jpeg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pexels-shvets-production-7176291.lnk -> C:\Users\nicol\Downloads\pexels-shvets-production-7176291.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\pict3473.lnk -> C:\Users\nicol\Desktop\pict3473.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\prestation.lnk -> D:\site internet\prestation.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Programmes et fonctionnalités (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Programmes et fonctionnalités.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Présentation1.lnk -> C:\Users\nicol\Desktop\Présentation1.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Présentation2.lnk -> C:\Users\nicol\Desktop\Présentation2.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\prévention BTP.lnk -> C:\Users\nicol\Desktop\prévention BTP.pptx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\public.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Périphériques et imprimantes (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Périphériques et imprimantes (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Périphériques et imprimantes.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (11).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (2).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (3).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (4).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (5).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (6).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (7).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (8).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi (9).lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\qualiopi.lnk -> C:\Users\nicol\Desktop\qualiopi - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Question à 300 000 € Qui veut gagner des millions.lnk -> C:\Users\nicol\Desktop\NL formation\formation\NE PAS AFFACER\Question à 300 000 € Qui veut gagner des millions.mp3 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\rachel services.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Réseau et Internet.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre 1 (2).lnk -> C:\Users\nicol\Desktop\Sans titre 1.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre 1.lnk -> C:\Users\nicol\Desktop\Sans titre 1.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre 2 (2).lnk -> C:\Users\nicol\Desktop\Sans titre 2.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre 2.lnk -> C:\Users\nicol\Desktop\Sans titre 2.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\sans titre-1.lnk -> C:\Users\nicol\Desktop\photo noel 2021\sans titre-1.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre.lnk -> C:\Users\nicol\Desktop\Sans titre.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sans titre3.lnk -> C:\Users\nicol\Desktop\Sans titre3.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\SAVPRO FORMATION.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\SAVPRO FORMATION - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Search-Replace-DB-master.lnk -> C:\Users\nicol\Downloads\Search-Replace-DB-master.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\service-personne-impot.lnk -> C:\Users\nicol\Desktop\image site\service-personne-impot.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\site auxilome.lnk -> C:\Users\nicol\Desktop\site auxilome - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\site internet.lnk -> D:\site internet - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\sliders_unzip_to_import.lnk -> C:\Users\nicol\Downloads\sliders_unzip_to_import.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Soprano - Chasseur d'étoiles (Clip officiel - annonce tournée des stades 2022).lnk -> C:\Users\nicol\Desktop\Soprano - Chasseur d'étoiles (Clip officiel - annonce tournée des stades 2022).mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\SUPPORT PEDAGOGIQUE H0B0.lnk -> C:\Users\nicol\Desktop\NL formation\formation\SUPPORT PEDAGOGIQUE H0B0.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\system32.lnk -> C:\WINDOWS\system32 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Système et sécurité.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\tableau dates dispo.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\Marmelade APP\Contrat de sous traitance\tableau dates dispo.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\tableau de bord nico (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\tableau de bord nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\tableau de bord nico.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\tableau de bord nico.xlsx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\tampon signature logo carte cv.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\tampon signature logo carte cv - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\tampon.lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\tampon signature logo carte cv\tampon.png - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\The directives.lnk -> C:\Users\nicol\Desktop\The directives.docx - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Traceur_SAP_buro_rvb_jpg.lnk -> D:\logo-SAP\Traceur_SAP_buro_rvb_jpg\Traceur_SAP_buro_rvb_jpg.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Téléchargements (2).lnk -> C:\Users\nicol\Downloads - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Téléchargements.lnk -> C:\Users\nicol\Downloads - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Télécharger Video Facebook en ligne gratuit et rapidement.lnk -> C:\Users\nicol\Downloads\Télécharger Video Facebook en ligne gratuit et rapidement.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\UFPS (2).lnk -> C:\Users\nicol\Desktop\NL formation\entreprise\clients\UFPS - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\video astrapi.lnk -> C:\Users\nicol\Desktop\video astrapi.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\VID_20220108_150843.lnk -> C:\Users\nicol\Desktop\VID_20220108_150843.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\vidéo défis gr.lnk -> C:\Users\nicol\Desktop\vidéo défis gr.mp4 - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wallpaperbetter(1).lnk -> C:\Users\nicol\Downloads\wallpaperbetter(1).jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wallpaperbetter.lnk -> C:\Users\nicol\Downloads\wallpaperbetter.jpg - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\WaltDisneyScript.lnk -> C:\Users\nicol\Downloads\WaltDisneyScript.zip - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\Windows.lnk -> C:\Users\nicol\Desktop\Windows.iso - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--- (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender---.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--fullhistory-threatId=2147593794.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--network-.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--providers-.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--threat- (2).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--threat- (3).lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--threat-.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wp-admin.lnk -> C:\Users\nicol\Desktop\site auxilome\wp-admin - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wp-config.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public\wp-config.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wp-content (2).lnk -> C:\Users\nicol\Desktop\auxilome\wp-content - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wp-content.lnk -> C:\Users\nicol\Local Sites\auxilome\app\public\wp-content\plugins\elementor\core\app\modules\import-export\directories\wp-content.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\wp-login.lnk -> C:\Users\nicol\Local Sites\demo01\app\public\wp-login.php - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.lnk -> C:\Users\nicol\Desktop\ZHPDiag.txt - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0b0] - LOHEZ - 26.01.2022 à 18h15-v1.lnk -> C:\Users\nicol\Downloads\[H0b0] - LOHEZ - 26.01.2022 à 18h15-v1.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0b0] - LOHEZ - 27.01.2022 à 14h00 -v1.lnk -> C:\Users\nicol\Downloads\[H0b0] - LOHEZ - 27.01.2022 à 14h00 -v1.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0b0] - LOHEZ - 27.01.2022 à 16h15 -v1.lnk -> C:\Users\nicol\Downloads\[H0b0] - LOHEZ - 27.01.2022 à 16h15 -v1.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0B0] - LOHEZ- 03.02.2022 à 9h00 -v1.lnk -> C:\Users\nicol\Downloads\[H0B0] - LOHEZ- 03.02.2022 à 9h00 -v1.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0b0] - LOHEZ- 26.01.2022 à 13h45 -v1.lnk -> C:\Users\nicol\Downloads\[H0b0] - LOHEZ- 26.01.2022 à 13h45 -v1.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Recent\[H0b0]- LOHEZ - 26.01.2022 à 16h00 -v2.lnk -> C:\Users\nicol\Downloads\[H0b0]- LOHEZ - 26.01.2022 à 16h00 -v2.pdf - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\SendTo\Transfert de fichiers Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitTorrent Web.lnk -> C:\Users\nicol\AppData\Roaming\BitTorrent Web\btweb.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Web Companion.lnk -> C:\Users\nicol\AppData\Roaming\Lavasoft\Web Companion\Application\WebCompanion.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navigateur Opera.lnk -> C:\Users\nicol\AppData\Local\Programs\Opera\launcher.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Aide de WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manuel de la console RAR.lnk -> C:\Program Files\WinRAR\Rar.txt - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Quelles sont les nouveautés de la dernière version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\nicol\AppData\Roaming\Zoom\uninstall\Installer.exe - Status : OK C:\Users\nicol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\nicol\AppData\Roaming\Zoom\bin\Zoom.exe - Status : OK C:\Users\nicol\Desktop\Navigateur Opera.lnk -> C:\Users\nicol\AppData\Local\Programs\Opera\launcher.exe - Status : OK C:\Users\nicol\Links\Desktop.lnk -> C:\Users\nicol\Desktop - Status : OK C:\Users\nicol\Links\Downloads.lnk -> C:\Users\nicol\Downloads - Status : OK C:\Users\Public\Desktop\Adobe Acrobat DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe - Status : OK C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files\Audacity\Audacity.exe - Status : OK C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe - Status : OK C:\Users\Public\Desktop\Ciel Auto-entrepreneur Premium.lnk -> C:\Program Files (x86)\Ciel\Professionnel indépendant\WPI.exe - Status : OK C:\Users\Public\Desktop\Local.lnk -> C:\Program Files (x86)\Local\Local.exe - Status : OK C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_aae8e58aa310aa7d\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\Hyper-V Manager.lnk -> C:\WINDOWS\System32\mmc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\Steps Recorder.lnk -> C:\WINDOWS\system32\psr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\Windows Sandbox.lnk -> C:\WINDOWS\system32\WindowsSandbox.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.19041.1_none_88835f4d79d6a242\Component Services.lnk -> C:\WINDOWS\system32\comexp.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.746_none_290f6af7d5263efa\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.19041.1_none_a84acae243b8ad63\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt-shortcut_31bf3856ad364e35_10.0.19041.1_none_efaf63248e6d4479\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..-tools-mmc-adsiedit_31bf3856ad364e35_10.0.19041.1466_none_27d69d4b8f185d67\ADSIEdit.lnk -> C:\WINDOWS\system32\adsiedit.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..-tools-mmc-adsiedit_31bf3856ad364e35_10.0.19041.746_none_911fb46a38a61421\ADSIEdit.lnk -> C:\WINDOWS\system32\adsiedit.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-sitesandservices_31bf3856ad364e35_10.0.19041.746_none_7d35d325c812757b\Active Directory Sites and Services.lnk -> C:\WINDOWS\system32\dssite.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..services-adam-setup_31bf3856ad364e35_10.0.19041.746_none_1a1e8292dcf10728\ADAM Install.lnk -> C:\WINDOWS\ADAM\adaminstall.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\dfrgui.lnk -> C:\WINDOWS\system32\dfrgui.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-e..er-server-shortcuts_31bf3856ad364e35_10.0.19041.1_none_5e85a7ed6f490164\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\06 - SystemAbout.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\4 - Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\computer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\File Explorer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Run.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Shows Desktop.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Window Switcher.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Windows Fax and Scan.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1387_none_8f7af7ce4c3f80e1\Immersive Control Panel.lnk -> C:\WINDOWS\System32\Control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-clientshortcuts_31bf3856ad364e35_10.0.19041.1_none_9f9e4023b60d2433\IIS Client Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_5f45625010b4cd19\IIS6 Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr6.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.19041.906_none_65f82ba919c64b11\IIS Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.19041.1_none_8ddc3834fb6f659f\iSCSI Initiator.lnk -> C:\WINDOWS\system32\iscsicpl.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\system32\odbcad32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\Memory Diagnostics Tool.lnk -> C:\WINDOWS\system32\MdSched.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.19041.1_none_64c27fc7ed12e401\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.19041.1110_none_4f46693352ed3250\System Configuration.lnk -> C:\WINDOWS\system32\msconfig.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1110_none_20a89186aedb6af7\System Information.lnk -> C:\WINDOWS\system32\msinfo32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.789_none_9beee4eb02a5f8c7\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-nfs-adminmmc_31bf3856ad364e35_10.0.19041.1_none_9da8f6be034114e3\Services For Network File System.lnk -> C:\WINDOWS\system32\nfsmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1320_none_e3d2189d253c2e6b\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk -> C:\WINDOWS\system32\perfmon.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk -> C:\WINDOWS\system32\perfmon.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1387_none_72bdb9e123faa487\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1237_none_9d556cf140e198b4\RecoveryDrive.lnk -> C:\WINDOWS\system32\RecoveryDrive.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk -> C:\WINDOWS\regedit.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.19041.1_none_0f506321e073254e\Security Configuration Management.lnk -> C:\WINDOWS\system32\secpol.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.19041.1_none_8554f027e5186b5e\services.lnk -> C:\WINDOWS\system32\services.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.19041.746_none_77bd4cfbe87238a7\Snipping Tool.lnk -> C:\WINDOWS\system32\SnippingTool.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_10.0.19041.746_none_a89acde4afbab635\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1266_none_c2a2211ad648e627\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1202_none_a27aa61d221bdc5c\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.19041.1_none_56138d203a7fc4cf\MultiPoint Log Collector.lnk -> C:\Program Files\Windows MultiPoint Server\LogCollector.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.19041.1_none_d1ffdc3927836528\MultiPoint Manager.lnk -> C:\Program Files\Windows MultiPoint Server\WmsManager.exe - Status : OK C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.19041.1_none_3b48028dac22b3be\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\system32\WF.msc - Status : OK C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.19041.1_none_00dc114da3ba6b01\Task Scheduler.lnk -> C:\WINDOWS\system32\taskschd.msc - Status : OK C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.lnk -> C:\Program Files\Hyper-V\VMCreate.exe - Status : OK C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\MultiPoint Dashboard.lnk -> C:\Program Files\Windows MultiPoint Server\WmsDashboard.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_04959f34117554a3\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\syswow64\odbcad32.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [20/03/2021 16:34:21] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.D4A96B9CC46246DCBB355054F43AE38F] - [21/07/2021 11:20:07] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.1CA8055EDCF9256210C207F4B60BB939] - [18/07/2021 21:08:05] - |A| - [3522] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0 : C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [MD5.CD28748FC737513A2C624A54841AEE98] - [20/03/2021 16:34:21] - |A| - [2026] - C:\WINDOWS\System32\Tasks\App Explorer S : %LOCALAPPDATA%\Microsoft\WindowsApps\AppsExplorer.exe [MD5.7BDFF4D161AAC1BE8C973CED15620971] - [02/02/2022 00:33:38] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.DC529F124509F0662580ABE3EA2EF802] - [02/02/2022 00:33:39] - |A| - [2904] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - nicol : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.4538661B6C4BA3B2DE305B072025BDCD] - [22/03/2021 08:39:41] - |A| - [3466] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.60350950C926602E56ACF18D01E0067C] - [22/03/2021 08:39:41] - |A| - [3590] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [07/12/2019 10:14:52] - |D| - [625916] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.CF0D5C8ACFF41F82BA55FB536801424B] - [08/04/2021 07:45:29] - |A| - [3538] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d71d9e455f9f3 : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.BDBCE506606009795C20439AA184A02E] - [20/03/2021 16:34:21] - |A| - [3634] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.00000000000000000000000000000000] - [20/07/2021 10:43:25] - |D| - [8372] - C:\WINDOWS\System32\Tasks\Mozilla [MD5.00000000000000000000000000000000] - [27/09/2021 12:53:56] - |D| - [0] - C:\WINDOWS\System32\Tasks\MySQL [MD5.00000000000000000000000000000000] - [20/03/2021 16:34:21] - |D| - [3946] - C:\WINDOWS\System32\Tasks\Oem [MD5.00000000000000000000000000000000] - [20/03/2021 16:34:21] - |D| - [3776] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.A386E355D33BD1699AE1AAF846942227] - [12/12/2021 18:03:54] - |A| - [3592] - C:\WINDOWS\System32\Tasks\OneDrive Reporting Task-S-1-5-21-3117338434-2494139373-3240853406-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.2A0F2C6D7EADA5531263FDBF896E8DC7] - [20/03/2021 16:34:21] - |A| - [3380] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3117338434-2494139373-3240853406-1001 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.9981C5901DB28A7AA95159AB346E9C26] - [20/03/2021 16:34:21] - |A| - [2856] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3117338434-2494139373-3240853406-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.ADEC831FFFFB7FE4001D0295E1B96092] - [02/02/2022 14:03:16] - |A| - [4232] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1643806990 : C:\Users\nicol\AppData\Local\Programs\Opera\launcher.exe [MD5.E405B7F885E6E2FE5D62F7CD24764B61] - [29/01/2022 20:35:39] - |A| - [4178] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{683053BD-CF41-4741-8F1E-EEBFA98EF2F5} : C:\WINDOWS\system32\msfeedssync.exe [MD5.00000000000000000000000000000000] - [07/12/2019 10:14:52] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem20.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{63537155-7cbb-4919-9703-8fed2d69bbed}] : (BarcoClickShare_sc) [] -> Barco ClickShare Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eb781aaf-9c70-4523-a5df-642a87eca567}] : (libusb-win32 devices) [] -> libusb-win32 devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [17/10/2021 19:52:39] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\Drivers\CimFS.SYS [16/10/2019 13:38:27] - (12.0.0.835) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\Qcamain10x64.sys [12/05/2020 21:29:48] - (1.0.0.5) - (Acer Incorporated - AcerAirplaneModeController) - C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [16/10/2019 13:34:30] - (10.0.0.835) - (Qualcomm - BT Filter) - C:\WINDOWS\System32\drivers\btfilter.sys [15/12/2021 21:07:25] - (3.1.9.53) - (Bitdefender - BDDCI filter driver) - C:\WINDOWS\system32\DRIVERS\bddci.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware (3ware) -> C:\WINDOWS\system32\drivers\3ware.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> C:\WINDOWS\system32\drivers\ACPI.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> C:\WINDOWS\system32\Drivers\acpiex.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ADP80XX (ADP80XX) -> C:\WINDOWS\system32\drivers\ADP80XX.SYS - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsata (amdsata) -> C:\WINDOWS\system32\drivers\amdsata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsbs (amdsbs) -> C:\WINDOWS\system32\drivers\amdsbs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdxata (amdxata) -> C:\WINDOWS\system32\drivers\amdxata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - arcsas (Pilote miniport Storport Adaptec SAS/SATA-II RAID) -> C:\WINDOWS\system32\drivers\arcsas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - atapi (Canal IDE) -> C:\WINDOWS\system32\drivers\atapi.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - b06bdrv (Carte réseau QLogic VBD) -> C:\WINDOWS\system32\drivers\bxvbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - bttflt (Filtre Microsoft Hyper-V VHDPMEM BTT) -> C:\WINDOWS\system32\drivers\bttflt.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - cht4iscsi (cht4iscsi) -> C:\WINDOWS\system32\drivers\cht4sx64.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - CLFS (Common Log (CLFS)) -> C:\WINDOWS\system32\drivers\CLFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - CNG (CNG) -> C:\WINDOWS\system32\Drivers\cng.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - disk (Pilote de disque) -> C:\WINDOWS\system32\drivers\disk.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ebdrv (Carte QLogic 10 Gigabit Ethernet VBD) -> C:\WINDOWS\system32\drivers\evbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - EhStorClass (Enhanced Storage Filter Driver) -> C:\WINDOWS\system32\drivers\EhStorClass.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - EhStorTcgDrv (Pilote Microsoft pour dispositif de stockage prenant en charge les protocoles IEEE 1667 et TCG) -> C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [File System Driver] - FileInfo (File Information FS MiniFilter) -> C:\WINDOWS\system32\drivers\fileinfo.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - FltMgr (FltMgr) -> C:\WINDOWS\system32\drivers\fltmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - fvevol (Pilote de filtre de chiffrement de lecteur BitLocker) -> C:\WINDOWS\system32\DRIVERS\fvevol.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - HpSAMD (HpSAMD) -> C:\WINDOWS\system32\drivers\HpSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - hwpolicy (Hardware Policy Driver) -> C:\WINDOWS\system32\drivers\hwpolicy.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorAVC (Contrôleur RAID SATA de circuit microprogrammé Intel) -> C:\WINDOWS\system32\drivers\iaStorAVC.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorV (Contrôleur RAID Intel Windows 7) -> C:\WINDOWS\system32\drivers\iaStorV.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - intelide (intelide) -> C:\WINDOWS\system32\drivers\intelide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - intelpep (Pilote de plug-in du moteur d’alimentation Intel(R)) -> C:\WINDOWS\system32\drivers\intelpep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - iorate (Pilote du filtre du taux d’E/S du disque) -> C:\WINDOWS\system32\drivers\iorate.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - isapnp (isapnp) -> C:\WINDOWS\system32\drivers\isapnp.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - ItSas35i (ItSas35i) -> C:\WINDOWS\system32\drivers\ItSas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - KSecDD (KSecDD) -> C:\WINDOWS\system32\Drivers\ksecdd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - KSecPkg (KSecPkg) -> C:\WINDOWS\system32\Drivers\ksecpkg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS (LSI_SAS) -> C:\WINDOWS\system32\drivers\lsi_sas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS2i (LSI_SAS2i) -> C:\WINDOWS\system32\drivers\lsi_sas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS3i (LSI_SAS3i) -> C:\WINDOWS\system32\drivers\lsi_sas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SSS (LSI_SSS) -> C:\WINDOWS\system32\drivers\lsi_sss.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - lxss (lxss) -> C:\WINDOWS\system32\drivers\lxss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - MbamElam (MbamElam) -> C:\WINDOWS\system32\DRIVERS\MbamElam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas (megasas) -> C:\WINDOWS\system32\drivers\megasas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas2i (megasas2i) -> C:\WINDOWS\system32\drivers\MegaSas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas35i (megasas35i) -> C:\WINDOWS\system32\drivers\megasas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasr (megasr) -> C:\WINDOWS\system32\drivers\megasr.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - mountmgr (Gestionnaire des points de montage) -> C:\WINDOWS\system32\drivers\mountmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - msisadrv (msisadrv) -> C:\WINDOWS\system32\drivers\msisadrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Mup (Mup) -> C:\WINDOWS\system32\Drivers\mup.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - mvumis (mvumis) -> C:\WINDOWS\system32\drivers\mvumis.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - NDIS (Pilote système NDIS) -> C:\WINDOWS\system32\drivers\ndis.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - nvdimm (Pilote de périphérique NVDIMM Microsoft) -> C:\WINDOWS\system32\drivers\nvdimm.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvraid (nvraid) -> C:\WINDOWS\system32\drivers\nvraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvstor (nvstor) -> C:\WINDOWS\system32\drivers\nvstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - partmgr (Gestionnaire de partitions) -> C:\WINDOWS\system32\drivers\partmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> C:\WINDOWS\system32\drivers\pci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - pciide (pciide) -> C:\WINDOWS\system32\drivers\pciide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pcmcia (pcmcia) -> C:\WINDOWS\system32\drivers\pcmcia.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> C:\WINDOWS\system32\drivers\pcw.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pdc (CDP) -> C:\WINDOWS\system32\drivers\pdc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - percsas2i (percsas2i) -> C:\WINDOWS\system32\drivers\percsas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - percsas3i (percsas3i) -> C:\WINDOWS\system32\drivers\percsas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pmem (Pilote de disque de mémoire persistante Microsoft) -> C:\WINDOWS\system32\drivers\pmem.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> C:\WINDOWS\system32\DRIVERS\ramdisk.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> C:\WINDOWS\system32\drivers\rdyboost.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - sbp2port (Pilote de bus de transport/protocole SBP-2) -> C:\WINDOWS\system32\drivers\sbp2port.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - scmbus (Pilote de bus de mémoire de classe stockage Microsoft) -> C:\WINDOWS\system32\drivers\scmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - SgrmAgent (System Guard Runtime Monitor Agent) -> C:\WINDOWS\system32\drivers\SgrmAgent.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid2 (SiSRaid2) -> C:\WINDOWS\system32\drivers\SiSRaid2.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid4 (SiSRaid4) -> C:\WINDOWS\system32\drivers\sisraid4.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SmartSAMD (SmartSAMD) -> C:\WINDOWS\system32\drivers\SmartSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - spaceport (Pilote des espaces de stockage) -> C:\WINDOWS\system32\drivers\spaceport.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - stexstor (stexstor) -> C:\WINDOWS\system32\drivers\stexstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - storahci (Lecteur AHCI SATA Microsoft standard) -> C:\WINDOWS\system32\drivers\storahci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - storflt (Accélérateur de stockage Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vmstorfl.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - stornvme (Pilote NVM Express standard de Microsoft) -> C:\WINDOWS\system32\drivers\stornvme.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - storufs (Pilote Universal Flash Storage (UFS) Microsoft) -> C:\WINDOWS\system32\drivers\storufs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storvsc (storvsc) -> C:\WINDOWS\system32\drivers\storvsc.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Tcpip (Pilote pour protocole TCP/IP) -> C:\WINDOWS\system32\drivers\tcpip.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - Telemetry (Service de télémétrie Intel(R)) -> C:\WINDOWS\system32\drivers\IntelTA.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - vdrvroot (Énumérateur de lecteur virtuel Microsoft) -> C:\WINDOWS\system32\drivers\vdrvroot.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vmbus (Bus VMBus) -> C:\WINDOWS\system32\drivers\vmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - VMSNPXY (VmSwitch NIC Proxy Driver) -> C:\WINDOWS\system32\drivers\VmsProxyHNic.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - VmsProxy (VmSwitch Proxy Driver) -> C:\WINDOWS\system32\drivers\VmsProxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volmgr (Pilote du gestionnaire de volumes) -> C:\WINDOWS\system32\drivers\volmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volmgrx (Gestionnaire de volumes dynamiques) -> C:\WINDOWS\system32\drivers\volmgrx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volsnap (Pilote de cliché instantané du volume) -> C:\WINDOWS\system32\drivers\volsnap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volume (Pilote de volume) -> C:\WINDOWS\system32\drivers\volume.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vpci (Bus PCI virtuel Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vpci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - vsmraid (vsmraid) -> C:\WINDOWS\system32\drivers\vsmraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - VSTXRAID (Pilote Windows du contrôleur RAID de stockage VIA StorX) -> C:\WINDOWS\system32\drivers\vstxraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - WdBoot (Pilote de démarrage de l’antivirus Microsoft Defender) -> C:\WINDOWS\system32\drivers\wd\WdBoot.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Wdf01000 (Service Infrastructure de pilote en mode noyau) -> C:\WINDOWS\system32\drivers\Wdf01000.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - WdFilter (Pilote du mini-filtre de l’antivirus Microsoft Defender) -> C:\WINDOWS\system32\drivers\wd\WdFilter.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WFPLWFS (Plateforme de filtrage Microsoft Windows) -> C:\WINDOWS\system32\drivers\wfplwfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRTProxy (Service sécurisé d'exécution approuvée Microsoft Windows) -> C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> C:\WINDOWS\system32\drivers\Wof.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - AFD (Pilote de fonction connexe pour Winsock) -> C:\WINDOWS\system32\drivers\afd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - afunix (afunix) -> C:\WINDOWS\system32\drivers\afunix.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ahcache (Application Compatibility Cache) -> C:\WINDOWS\system32\DRIVERS\ahcache.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - bam (Background Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\bam.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicDisplay (BasicDisplay) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicRender (BasicRender) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Beep (Beep) -> C:\WINDOWS\system32\drivers\Beep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> C:\WINDOWS\system32\drivers\cdrom.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - CimFS (CimFS) -> C:\WINDOWS\system32\drivers\CimFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S1 - [Kernel Driver] - dam (Desktop Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\dam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R1 - [File System Driver] - Dfsc (Pilote du client de l’espace de noms DFS) -> C:\WINDOWS\system32\Drivers\dfsc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> C:\WINDOWS\system32\drivers\dxgkrnl.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - FileCrypt (FileCrypt) -> C:\WINDOWS\system32\drivers\filecrypt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - GpuEnergyDrv (GPU Energy Driver) -> C:\WINDOWS\system32\drivers\gpuenergydrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Msfs (Msfs) -> C:\WINDOWS\system32\drivers\Msfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> C:\WINDOWS\system32\drivers\mssmbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NdisCap (Capture NDIS Microsoft) -> C:\WINDOWS\system32\drivers\ndiscap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> C:\WINDOWS\system32\drivers\netbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NetBT (NetBT) -> C:\WINDOWS\system32\DRIVERS\netbt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Npfs (Npfs) -> C:\WINDOWS\system32\drivers\Npfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - npsvctrig (Named pipe service trigger provider) -> C:\WINDOWS\system32\drivers\npsvctrig.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - nsiproxy (NSI Proxy Service Driver) -> C:\WINDOWS\system32\drivers\nsiproxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Null (Null) -> C:\WINDOWS\system32\drivers\Null.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Psched (Planificateur de paquets QoS) -> C:\WINDOWS\system32\drivers\pacer.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - rdbss (Sous-système de mise en mémoire tampon redirigée) -> C:\WINDOWS\system32\DRIVERS\rdbss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - tdx (Pilote de prise en charge TDI héritée NetIO) -> C:\WINDOWS\system32\DRIVERS\tdx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - VfpExt (Microsoft Azure VFP Switch Extension) -> C:\WINDOWS\system32\drivers\vfpext.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Vid (Vid) -> C:\WINDOWS\system32\drivers\Vid.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> C:\WINDOWS\system32\drivers\vwififlt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - BdDci (BdDci Service) -> C:\WINDOWS\system32\DRIVERS\bddci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - bindflt (Windows Bind Filter Driver) -> C:\WINDOWS\system32\drivers\bindflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> C:\WINDOWS\system32\drivers\cldflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AGMService (Adobe Genuine Monitor Service) -> "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AGSService (Adobe Genuine Software Integrity Service) -> "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AtherosSvc (AtherosSvc) -> C:\WINDOWS\System32\drivers\AdminService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - AudioEndpointBuilder (Générateur de points de terminaison du service Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Audiosrv (Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BFE (Moteur de filtrage de base) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Bonjour Service (Service Bonjour) -> "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BrokerInfrastructure (Service d’infrastructure des tâches en arrière-plan) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CDPSvc (Service de plateforme des appareils connectés) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CoreMessagingRegistrar (CoreMessaging) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - cplspcon (Intel(R) Content Protection HDCP Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7b349056b76317ca\IntelCpHDCPSvc.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CryptSvc (Services de chiffrement) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DCIService (DCIService) -> C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DcomLaunch (Lanceur de processus serveur DCOM) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DeviceAssociationService (Service d’association de périphérique) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dhcp (Client DHCP) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - lltdio (Pilote E/S de mappage de découverte de topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\lltdio.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - luafv (Virtualisation de fichier UAC) -> C:\WINDOWS\system32\drivers\luafv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MMCSS (Multimedia Class Scheduler) -> C:\WINDOWS\system32\drivers\mmcss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MsLldp (Protocole LLDP (Link Layer Discovery Protocol) Microsoft) -> C:\WINDOWS\system32\drivers\mslldp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - Ndu (Windows Network Data Usage Monitoring Driver) -> C:\WINDOWS\system32\drivers\Ndu.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> C:\WINDOWS\system32\drivers\peauth.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - rspndr (Répondeur de découverte de la topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\rspndr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - storqosflt (Pilote de filtre de qualité de service de stockage) -> C:\WINDOWS\system32\drivers\storqosflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> C:\WINDOWS\system32\drivers\tcpipreg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DiagTrack (Expériences des utilisateurs connectés et télémétrie) -> C:\WINDOWS\System32\svchost.exe -k utcsvc -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DispBrokerDesktopSvc (Service de stratégie d'affichage) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dnscache (Client DNS) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Share Process] - DoSvc (Optimisation de livraison) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DPS (Service de stratégie de diagnostic) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DusmSvc (Consommation des données) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - edgeupdate (Service Mise à jour de Microsoft Edge (edgeupdate)) -> "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - esifsvc (Intel(R) Dynamic Tuning service) -> "C:\WINDOWS\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_4a3ae74cfa6c37d6\esif_uf.exe" - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - EventLog (Journal d’événements Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - EventSystem (Système d’événement COM+) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - FontCache (Service de cache de police Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - gpsvc (Client de stratégie de groupe) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - igccservice (Intel(R) Graphics Command Center Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - igfxCUIService2.0.0.0 (Intel(R) HD Graphics Control Panel Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - VMSP (VmSwitch Protocol Driver) -> C:\WINDOWS\system32\drivers\vmswitch.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - wanarp (Pilote ARP IP d’accès à distance) -> C:\WINDOWS\system32\DRIVERS\wanarp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - wcifs (Windows Container Isolation) -> C:\WINDOWS\system32\drivers\wcifs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - IKEEXT (Modules de génération de clés IKE et AuthIP) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - IntelAudioService (Intel(R) Audio Service) -> C:\WINDOWS\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - iphlpsvc (Assistance IP) -> C:\WINDOWS\System32\svchost.exe -k NetSvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanServer (Serveur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanWorkstation (Station de travail) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LSM (Gestionnaire de session locale) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Own Process] - MapsBroker (Gestionnaire des cartes téléchargées) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Own Process] - MBAMService (Malwarebytes Service) -> "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - mpssvc (Pare-feu Windows Defender) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Own Process] - MySQL57 (MySQL57) -> "C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.7\my.ini" MySQL57 - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - NlaSvc (Connaissance des emplacements réseau) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - nsi (Service Interface du magasin réseau) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - osppsvc (Office Software Protection Platform) -> "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Power (Alimentation) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ProfSvc (Service de profil utilisateur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - QcomWlanSrv (Qualcomm Atheros WLAN Driver Service) -> C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RasMan (Gestionnaire des connexions d’accès à distance) -> C:\WINDOWS\System32\svchost.exe -k netsvcs - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RpcEptMapper (Mappeur de point de terminaison RPC) -> C:\WINDOWS\system32\svchost.exe -k RPCSS -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - RpcSs (Appel de procédure distante (RPC)) -> C:\WINDOWS\system32\svchost.exe -k rpcss -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - RtkAudioUniversalService (Realtek Audio Universal Service) -> "C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SamSs (Gestionnaire de comptes de sécurité) -> C:\WINDOWS\system32\lsass.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - Schedule (Planificateur de tâches) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SENS (Service de notification d’événements système) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SgrmBroker (Service Broker du moniteur d'exécution System Guard) -> C:\WINDOWS\system32\SgrmBroker.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ShellHWDetection (Détection matériel noyau) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Spooler (Spouleur d’impression) -> C:\WINDOWS\System32\spoolsv.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : True S2 - [Own Process] - sppsvc (Protection logicielle) -> C:\WINDOWS\system32\sppsvc.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - stisvc (Acquisition d’image Windows (WIA)) -> C:\WINDOWS\system32\svchost.exe -k imgsvc - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - StorSvc (Service de stockage) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SysMain (SysMain) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SystemEventsBroker (Service Broker des événements système) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Themes (Thèmes) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - TrkWks (Client de suivi de lien distribué) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UserManager (Gestionnaire des utilisateurs) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UsoSvc (Mettre à jour le service Orchestrator) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WCAssistantService (WC Assistant) -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Wcmsvc (Gestionnaire des connexions Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WinDefend (Service antivirus Microsoft Defender) -> "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Winmgmt (Infrastructure de gestion Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WlanSvc (Service de configuration automatique WLAN) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - WpnService (Service du système de notifications Push Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - wscsvc (Centre de sécurité) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WSearch (Windows Search) -> C:\WINDOWS\system32\SearchIndexer.exe /Embedding - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - CDPUserSvc_695ca (CDPUserSvc_695ca) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - OneSyncSvc_695ca (OneSyncSvc_695ca) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - WpnUserService_695ca (WpnUserService_695ca) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Opera 83.0.4254.27] : (Opera Stable 83.0.4254.27.-.Opera Software) -> "C:\Users\nicol\AppData\Local\Programs\Opera\Launcher.exe" /uninstall [HKU\S-1-5-21-3117338434-2494139373-3240853406-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ZoomUMX] : (Zoom.-.Zoom Video Communications, Inc.) -> "C:\Users\nicol\AppData\Roaming\Zoom\uninstall\Installer.exe" /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Audacity_is1] : (Audacity 3.1.2.-.Audacity Team) -> "C:\Program Files\Audacity\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\B518D2EFAF7F6DE1F1774C288497A9BF00160B74] : (Package de pilotes Windows - Lunii (libusb0) libusb-win32 devices (08/02/2012 1.2.6.0).-.Lunii) -> C:\PROGRA~1\DIFX\D29FE547208FE130\dpinst64.exe /u C:\WINDOWS\System32\DriverStore\FileRepository\usb2.0_dsp.inf_amd64_f4a3ff5fec070ecd\usb2.0_dsp.inf [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\KONICA MINOLTA C750i_C650i_C360i_C287i_C286i_C4050i_C4000i_C3320iSeries Installer] : (KONICA MINOLTA C750i_C650i_C360i_C287i_C286i_C4050i_C4000i_C3320iSeries.-.KONICA MINOLTA) -> C:\PROGRA~1\KONICA~1\PRINTE~1\BHC750~1\Setup64.exe /UinsOnly:10 C:\PROGRA~1\KONICA~1\PRINTE~1\BHC750~1\Setup64.exe Setup.ini /UnInst /LANG:000c [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 96.0.3 (x64 fr)] : (Mozilla Firefox (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Sublime Text 3_is1] : (Sublime Text 3.-.Sublime HQ Pty Ltd) -> "C:\Program Files\Sublime Text 3\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\weh-iss-net.downloadhelper.coapp_is1] : (VdhCoApp 1.6.1.-.DownloadHelper) -> "C:\Program Files\net.downloadhelper.coapp\unins000.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 6.00 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 4.5.2.157.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe" /Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF7261AA-B1DE-4D00-81E3-D36C7BFB15B1}_is1] : (Luniistore.-.Lunii) -> "C:\Program Files\Luniistore\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AdobeGenuineService] : (Adobe Genuine Service.-.Adobe Inc.) -> C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeCleanUpUtility.exe ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\db9b6d64-7ad2-556e-893c-24e21cb471e1] : (Local 6.2.0.-.WPEngine, Inc.) -> "C:\Program Files (x86)\Local\Uninstall Local.exe" /allusers [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileZilla Client] : (FileZilla Client 3.57.0.-.Tim Kosse) -> "C:\Program Files\FileZilla FTP Client\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google LLC) -> "C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1694bbe8-c635-409b-8683-4d75cbd930e9}] : (Web Companion.-.Lavasoft) -> C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1] : (Wondershare PDF Password Remover (Build 1.5.3).-.Wondershare Software) -> "C:\Program Files (x86)\Wondershare\PDFPasswordRemover\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1FB9BE7A-77BB-4F26-9886-01259BF87088}] : (Ciel Auto-entrepreneur Premium 6.1.-.Ciel) -> MsiExec.exe /I{1FB9BE7A-77BB-4F26-9886-01259BF87088} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1] : (Unified Remote.-.Unified Intents AB) -> "C:\Program Files (x86)\Unified Remote 3\unins000.exe" ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824458876}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824458876} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-0C0F074E4100}] : (Adobe Acrobat DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-1033-FFFF-7760-0C0F074E4100} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\3BDB0510DFFA1A74DA8BED6056E83B2B] : Contrôle d’intégrité du PC Windows -> C:\WINDOWS\Installer\{0150BDB3-AFFD-47A1-ADB8-DE06658EB3B2}\ArpIcon.ico [HKCR\Installer\Products\68AB67CA3301FFFF7706C0F070E41400] : Adobe Acrobat DC -> C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-0C0F074E4100}\_SC_Acrobat.ico [HKCR\Installer\Products\68AB67CA408033019195008142548867] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824458876}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A7EB9BF1BB7762F489681052B98F0788] : Ciel Auto-entrepreneur Premium 6.1 -> C:\WINDOWS\Installer\{1FB9BE7A-77BB-4F26-9886-01259BF87088}\ARPPRODUCTICON.exe1 [HKCR\Installer\Products\B1AB9CB83F6FD174783725380F5CB248] : Windows Subsystem for Linux Update [HKCR\Installer\Products\BF01119B4B33B864092CD4E5A83EAF1E] : Bonjour -> C:\WINDOWS\Installer\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}\Bonjour.ico ---------- | UserSettings [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a7b57d57-2a97-483f-9c67-dcd16a6f0a7f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a7b57d57-2a97-483f-9c67-dcd16a6f0a7f]~[FriendlyName] : Acer [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|AcerIncorporated.AcerRegistration_48frkmn4z8aw4 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\POWERPNT.EXE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|RealtekSemiconductorCorp.RealtekAudioControl_dt26b99r8h8gj [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.SkypeApp_kzf8qxf38zg5c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.XboxApp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_s63fsn2sety0r [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.ZuneMusic_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\dllhost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\taskhostw.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.YourPhone_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|26720RandomSaladGamesLLC.SimpleSolitaire_kx24dqmazqk8j [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\cmd.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\EXCEL.EXE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\splwow64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\conhost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\sihost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\WinRAR\WinRAR.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Local\Local.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Ciel\Professionnel indépendant\WPI.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\oobe\UserOOBEBroker.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\notepad.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\FileZilla FTP Client\filezilla.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\DevKinsta.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\OpenWith.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\mspaint.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\fsquirt.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\mmc.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\wlrmdr.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\netsh.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\MBSetup.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\ccsetup589.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\OperaSetup.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\AppData\Local\Programs\Opera\opera.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\Clean_Dns.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\QuickDiag.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a7b57d57-2a97-483f-9c67-dcd16a6f0a7f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a7b57d57-2a97-483f-9c67-dcd16a6f0a7f]~[FriendlyName] : Acer [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|AcerIncorporated.AcerRegistration_48frkmn4z8aw4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\POWERPNT.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|RealtekSemiconductorCorp.RealtekAudioControl_dt26b99r8h8gj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.SkypeApp_kzf8qxf38zg5c [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.XboxApp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_s63fsn2sety0r [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\AppData\Local\Microsoft\OneDrive\OneDrive.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.ZuneMusic_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\dllhost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\taskhostw.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.YourPhone_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|26720RandomSaladGamesLLC.SimpleSolitaire_kx24dqmazqk8j [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\cmd.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\Office14\EXCEL.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\splwow64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\conhost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\sihost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\WinRAR\WinRAR.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Local\Local.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files (x86)\Ciel\Professionnel indépendant\WPI.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\oobe\UserOOBEBroker.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\notepad.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\FileZilla FTP Client\filezilla.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\DevKinsta.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\OpenWith.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\mspaint.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\fsquirt.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\mmc.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\wlrmdr.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Windows\System32\netsh.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\MBSetup.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\ccsetup589.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\OperaSetup.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\AppData\Local\Programs\Opera\opera.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\Clean_Dns.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3117338434-2494139373-3240853406-1001]|\Device\HarddiskVolume3\Users\nicol\Downloads\QuickDiag.exe ---------- | ADS ---------- | 20 LastEventLog Nom de l’application défaillante SecHealthUI.exe, version : 10.0.19041.844, horodatage : 0x7014f562 Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.1466, horodatage : 0xe01c7650 Code d’exception : 0xc000027b Décalage d’erreur : 0x000000000010b362 ID du processus défaillant : 0xba8 Heure de début de l’application défaillante : 0x01d8183af86307df Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : a5ae9d8c-b2a6-41e9-8c14-ab2e79eb853a Nom complet du package défaillant : Microsoft.Windows.SecHealthUI_10.0.19041.1023_neutral__cw5n1h2txyewy ID de l’application relative au package défaillant : SecHealthUI ------------ Windows ne peut pas décharger votre fichier Registre. La mémoire utilisée par le Registre n’a pas été libérée. Ce problème est souvent causé par des services qui s’exécutent sous un compte d’utilisateur. Essayez de configurer les services pour qu’ils s’exécutent sous le compte LocalService ou NetworkService. DÉTAIL - Accès refusé. ------------ Windows ne peut pas décharger votre fichier Registre. La mémoire utilisée par le Registre n’a pas été libérée. Ce problème est souvent causé par des services qui s’exécutent sous un compte d’utilisateur. Essayez de configurer les services pour qu’ils s’exécutent sous le compte LocalService ou NetworkService. DÉTAIL - Accès refusé. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 10260, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 408, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 10260, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 10260, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 10260, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 10260, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 9064, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\SecurityHealthService.exe, PID : 4664, PID ProfSvc : 1728. ------------ La ruche utilisateur est chargée par un autre processus (verrouillage de Registre) Nom du processus : C:\Windows\System32\svchost.exe, PID : 3960, PID ProfSvc : 1728. ------------ ----------( EOF)---------- - 5532 | 15:00:11