--------------- QuickDiag | g3n-h@ckm@n | V8.028.22.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 27/03/2022 13:45:28 Updated 28/01/2022 | 10:00 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [chlod (Administrator)] - [LAPTOP-RTJTVGR9] (S-1-5-21-2842346516-3525720642-4283951694-1001) PC : ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X411QA_X411QA x64-based PC System: Microsoft Windows 10 Famille - X64 - (10.0.19044) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (21H2) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk1\Partition3 Boot : Normal boot PC: VivoBook_ASUSLaptop X411QA_X411QA - ASUSTeK COMPUTER INC. - IdNumber: K6N0GR05Y00324C - UUID: 87A7B2EA-0912-4746-AC0B-C69B394F1D90 Processor : AMD A12-9720P RADEON R7, 12 COMPUTE CORES 4C+8G (AuthenticAMD) - Clock Speed : 2700 - Socket : P0 - Stauts : OK BIOS : American Megatrends Inc. X411QA.306 - SN : K6N0GR05Y00324C - Status : OK - Version : _ASUS_ - 1072009 - PrimaryBios : True - CurrentLanguage : en|US|iso8859-1 - OtherTargetOS : CoreTemp : 39 Celsius ----------| Quick ---------- | SoundDevice Synaptics SmartAudio HD - Status: OK - Manufacturer: Synaptics - PNPDeviceID: HDAUDIO\FUNC_01&VEN_14F1&DEV_1F72&SUBSYS_104318E1&REV_1000\4&6705477&0&0001 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1007\4&4FCC0CC&0&0001 ---------- | Video AMD Radeon R7 Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\aticfx64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\amdxc64.dll - PNPDeviceID: PCI\VEN_1002&DEV_9874&SUBSYS_18E11043&REV_C8\3&11583659&1&08 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 536870912 Inegrated Video Chipset DeviceName: AMD Radeon R7 Graphics - DriverVersion: 8.1.1.1634 - SpecificationVersion: 1025 ---------- | Codecs C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 - Manufacturer: Microsoft Corporation - Status: OK C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | Memory Pagefile = Total (MB) : 15679 | Free (MB) : 11502 Virtual = Total (MB) : 4194 | Free (MB) : 3942 Physical Memory (MB) -------------------- Total: 7631 Available: 3980 Cached: 2553 Free: 410 System ------ Handles: 81008 Processes: 191 Threads: 2422 ---------- | Drives C:\ -> [Fixed] | [OS] | Total : 237.37 Go | Free : 120.45 Go -> NTFS (SSD) D:\ -> [Fixed] | [DATA] | Total : 931.51 Go | Free : 931.38 Go -> NTFS [SATA] Drive: 0 Cylinders: 121601 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 1000204886016 bytes Drive: 1 Cylinders: 31130 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 256060514304 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Test 2 : Possible Fixed Windows Test 3 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.19041.1566 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer ---------- | Security AV : Malwarebytes Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 412 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.964) = C:\Windows\System32\smss.exe [14/05/2021 11:22:01] 564 | [Owner : Système | Parent : 496() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [03/03/2021 14:02:15] 696 | [Owner : Système | Parent : 496() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.1566) = C:\Windows\System32\wininit.exe [12/03/2022 11:41:37] 776 | [Owner : Système | Parent : 696(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.928) = C:\Windows\System32\services.exe [16/04/2021 13:29:12] 832 | [Owner : Système | Parent : 696(wininit.exe) | 24.84 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.1586) = C:\Windows\System32\lsass.exe [12/03/2022 11:41:39] 972 | [Owner : Système | Parent : 776(services.exe) | 34.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 996 | [Owner : UMFD-0 | Parent : 696(wininit.exe) | 4.12 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1566) = C:\Windows\System32\fontdrvhost.exe [12/03/2022 11:41:40] 660 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 17.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 484 | [Owner : Système | Parent : 776(services.exe) | 8.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1188 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1216 | [Owner : Système | Parent : 776(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1272 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 12.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1304 | [Owner : Système | Parent : 776(services.exe) | 16.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1348 | [Owner : Système | Parent : 776(services.exe) | 14.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1360 | [Owner : Système | Parent : 776(services.exe) | 9.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1436 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 22.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1552 | [Owner : Système | Parent : 776(services.exe) | 15.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1596 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1692 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1772 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1876 | [Owner : Système | Parent : 776(services.exe) | 22.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1900 | [Owner : Système | Parent : 776(services.exe) | 12.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2000 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 13.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2008 | [Owner : Système | Parent : 776(services.exe) | 6.43 Mo] - (.AMD - AMD External Events Service Module.) - (27.20.11044.13001) = C:\Windows\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\atiesrxx.exe [16/06/2021 21:05:00] 1344 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2092 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2104 | [Owner : Système | Parent : 776(services.exe) | 14.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2112 | [Owner : Système | Parent : 776(services.exe) | 5.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2220 | [Owner : Système | Parent : 776(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2248 | [Owner : Système | Parent : 776(services.exe) | 8.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2256 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 24.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2504 | [Owner : Système | Parent : 776(services.exe) | 22.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2720 | [Owner : Système | Parent : 776(services.exe) | 8.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2888 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 14.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2996 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 8.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3008 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3016 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2672 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3184 | [Owner : Système | Parent : 776(services.exe) | 22.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3236 | [Owner : Système | Parent : 776(services.exe) | 8.93 Mo] - (.ASUSTeK COMPUTER INC. - ASUS Optimization.) - (2.1.35.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOptimization.exe [01/03/2022 21:07:00] 3248 | [Owner : Système | Parent : 776(services.exe) | 14.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3392 | [Owner : Système | Parent : 776(services.exe) | 18.52 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.1566) = C:\Windows\System32\spoolsv.exe [12/03/2022 11:41:02] 3456 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 19.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3492 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3768 | [Owner : Système | Parent : 776(services.exe) | 19.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3816 | [Owner : Système | Parent : 776(services.exe) | 23.52 Mo] - (.ASUSTeK COMPUTER INC. - ASUS App Service.) - (1.0.12.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\AsusAppService\AsusAppService.exe [01/03/2022 21:05:40] 3828 | [Owner : Système | Parent : 776(services.exe) | 12.67 Mo] - (.ASUSTek Computer Inc. - ASUS Link - Near.) - (2.1.2.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkNear\AsusLinkNear.exe [01/03/2022 21:05:44] 3836 | [Owner : Système | Parent : 776(services.exe) | 11.13 Mo] - (.ASUSTeK COMPUTER INC.? - ASUS Link Remote.) - (2.1.1.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkRemote\AsusLinkRemote.exe [01/03/2022 21:05:56] 3852 | [Owner : Système | Parent : 776(services.exe) | 16.1 Mo] - (.ASUSTeK COMPUTER INC. - ASUS Software Manager.) - (1.0.49.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSoftwareManager\AsusSoftwareManager.exe [01/03/2022 21:07:42] 3864 | [Owner : Système | Parent : 776(services.exe) | 9.58 Mo] - (.ASUSTeK COMPUTER INC. - ASUS Switch.) - (1.0.7.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSwitch\AsusSwitch.exe [01/03/2022 21:07:52] 3880 | [Owner : Système | Parent : 776(services.exe) | 8.19 Mo] - (.ASUSTek COMPUTER INC. - ASUS System Diagnosis.) - (2.0.32.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [01/03/2022 21:08:14] 3892 | [Owner : Système | Parent : 776(services.exe) | 13.6 Mo] - (.ASUSTeK COMPUTER INC. - ASUS System Analysis.) - (2.1.17.10) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemAnalysis\AsusSystemAnalysis.exe [01/03/2022 21:08:02] 3912 | [Owner : Système | Parent : 776(services.exe) | 8.19 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe [30/08/2019 03:23:14] 3956 | [Owner : Système | Parent : 776(services.exe) | 48.49 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.14931.20118) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [05/03/2022 18:09:11] 3976 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | 15.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4004 | [Owner : Système | Parent : 776(services.exe) | 24.16 Mo] - (.Conexant Systems LLC. - CxAudioSvc.) - (1.0.49.0) = C:\Windows\CxSvc\CxAudioSvc.exe [15/12/2020 15:37:21] 4044 | [Owner : Système | Parent : 776(services.exe) | 9.16 Mo] - (.Conexant Systems Inc. - Conexant Audio Message Service.) - (1.19.0.0) = C:\Windows\System32\CxAudMsg64.exe [15/12/2020 15:37:21] 4068 | [Owner : Système | Parent : 776(services.exe) | 11.4 Mo] - (.Conexant Systems, Inc. - CxUIUSvc Service.) - (1.0.0.50) = C:\Windows\System32\CxUIUSvc32.exe [15/12/2020 15:37:21] 4076 | [Owner : Système | Parent : 776(services.exe) | 5.49 Mo] - (.Conexant Systems, Inc. - Utility Service.) - (2.23.0.0) = C:\Windows\CxSvc\CxUtilSvc.exe [29/07/2020 11:02:33] 4088 | [Owner : Système | Parent : 776(services.exe) | 9.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3156 | [Owner : Système | Parent : 776(services.exe) | 33.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3100 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 24.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2912 | [Owner : Système | Parent : 776(services.exe) | 11.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3428 | [Owner : Système | Parent : 776(services.exe) | 6.86 Mo] - (.ICEpower A/S - ICEpower ICEsound APO service.) - (2.0.0.9) = C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_a5d3270da26fb113\ICEsoundService64.exe [05/05/2020 06:01:32] 3528 | [Owner : Système | Parent : 776(services.exe) | 9.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4172 | [Owner : Système | Parent : 776(services.exe) | 5.74 Mo] - (.-.) - (2.3.22.0) = C:\Program Files (x86)\Logitech\LogiSyncStub\LogiSyncStub.exe [28/01/2021 14:55:34] 4196 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 12.84 Mo] - (.-.) - (2.4.328.0) = C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncProxy.exe [26/01/2022 06:30:32] 4240 | [Owner : Système | Parent : 776(services.exe) | 5.72 Mo] - (.Qualcomm Technologies Inc. - Qualcomm Atheros Universal WLAN Driver Service.) - (1.0.0.1) = C:\Windows\System32\drivers\QcomWlanSrvx64.exe [30/08/2019 03:50:08] 4276 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 15.72 Mo] - (.-.) - (2.4.406.0) = C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe [14/02/2022 19:34:16] 4292 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 6.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4304 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 13.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4356 | [Owner : Système | Parent : 776(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4364 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2202.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [26/03/2022 14:01:31] 4388 | [Owner : Système | Parent : 776(services.exe) | 22.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4424 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.2.0.1039) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [12/03/2022 22:20:02] 4524 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4924 | [Owner : Système | Parent : 776(services.exe) | 13.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 2920 | [Owner : Système | Parent : 972(svchost.exe) | 10.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [03/03/2021 14:01:30] 4848 | [Owner : SERVICE LOCAL | Parent : 4088(svchost.exe) | 10.36 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 11:08:37] 5572 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 5656 | [Owner : SERVICE LOCAL | Parent : 4276(LogiSyncMiddleware.exe) | 11.25 Mo] - (.Logitech Europe S.A. - Logitech RightSight Service.) - (7.0.4251.0) = C:\Program Files (x86)\Logitech\LogiSync\sync-agent\rightsight\RightSightService.exe [03/12/2020 20:17:02] 5688 | [Owner : SERVICE LOCAL | Parent : 5656(RightSightService.exe) | 11.13 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.1566) = C:\Windows\System32\conhost.exe [12/03/2022 11:41:35] 5904 | [Owner : SERVICE LOCAL | Parent : 5656(RightSightService.exe) | 4.43 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Logitech\LogiSync\sync-agent\rightsight\crashpad_handler.exe [03/12/2020 20:16:52] 6456 | [Owner : Système | Parent : 776(services.exe) | 16.63 Mo] - (.-.) - (2.4.345.0) = C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncHandler.exe [10/02/2022 03:28:10] 6740 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 7100 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 21.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 3716 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 7340 | [Owner : Système | Parent : 776(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 7416 | [Owner : Système | Parent : 776(services.exe) | 23.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 7800 | [Owner : Système | Parent : 776(services.exe) | 58.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 7996 | [Owner : Système | Parent : 972(svchost.exe) | 11.21 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.19041.546) = C:\Windows\System32\dllhost.exe [03/03/2021 14:02:12] 7956 | [Owner : Système | Parent : 776(services.exe) | 29.51 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.1566) = C:\Windows\System32\SearchIndexer.exe [12/03/2022 11:41:14] 8448 | [Owner : SERVICE RÉSEAU | Parent : 4088(svchost.exe) | 4.66 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1) = C:\Windows\System32\dasHost.exe [07/12/2019 11:08:37] 9440 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 13.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 9028 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe [12/03/2022 11:41:35] 9800 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 9220 | [Owner : Système | Parent : 776(services.exe) | 12.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 6720 | [Owner : Système | Parent : 776(services.exe) | 11.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 8952 | [Owner : Système | Parent : 776(services.exe) | 6.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 8244 | [Owner : Système | Parent : 972(svchost.exe) | 8.01 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.19041.1320) = C:\Windows\System32\wbem\unsecapp.exe [13/11/2021 15:52:59] 2808 | [Owner : SERVICE RÉSEAU | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 6644 | [Owner : Système | Parent : 776(services.exe) | 11.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 5144 | [Owner : Système | Parent : 6544() | 1.1 Mo] - (.Microsoft Corporation - Microsoft Edge Update.) - (1.3.127.15) = C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [26/08/2020 20:20:07] 11348 | [Owner : Système | Parent : 3764() | 1.11 Mo] - (.Google LLC - Programme d'installation de Google.) - (1.3.36.81) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [23/06/2021 16:48:54] 11420 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe [03/03/2021 14:05:31] 11484 | [Owner : Système | Parent : 11348(GoogleUpdate.exe) | 1.45 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.36.121) = C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe [22/01/2022 16:50:11] 11496 | [Owner : Système | Parent : 11348(GoogleUpdate.exe) | 0.36 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.36.121) = C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe [22/01/2022 16:50:12] 5172 | [Owner : SERVICE LOCAL | Parent : 2888(svchost.exe) | 15.28 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.19041.1503) = C:\Windows\System32\audiodg.exe [12/02/2022 18:55:35] 368 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 10.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4984 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 11792 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 13.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 8772 | [Owner : SERVICE LOCAL | Parent : 776(services.exe) | 9.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 8428 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 6628 | [Owner : Système | Parent : 8320() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [03/03/2021 14:02:15] 10716 | [Owner : Système | Parent : 8320() | 13.17 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.1503) = C:\Windows\System32\winlogon.exe [12/02/2022 18:56:51] 2572 | [Owner : UMFD-2 | Parent : 10716(winlogon.exe) | 13.94 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1566) = C:\Windows\System32\fontdrvhost.exe [12/03/2022 11:41:40] 12552 | [Owner : DWM-2 | Parent : 10716(winlogon.exe) | 72.38 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.746) = C:\Windows\System32\dwm.exe [03/03/2021 14:01:58] 7876 | [Owner : Système | Parent : 776(services.exe) | 7.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 5088 | [Owner : Système | Parent : 2008(atiesrxx.exe) | 11.61 Mo] - (.AMD - AMD External Events Client Module.) - (27.20.11044.13001) = C:\Windows\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\atieclxx.exe [16/06/2021 21:04:58] 8916 | [Owner : SERVICE RÉSEAU | Parent : 972(svchost.exe) | 14.6 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [03/03/2021 14:01:30] 9432 | [Owner : chlod | Parent : 3236(AsusOptimization.exe) | 16 Mo] - (.ASUSTeK COMPUTER INC. - ASUS Optimization Startup Task.) - (2.1.35.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOptimizationStartupTask.exe [01/03/2022 21:07:02] 13272 | [Owner : chlod | Parent : 4424(MBAMService.exe) | 49.52 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (4.0.0.1283) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [12/03/2022 22:20:02] 8548 | [Owner : chlod | Parent : 1552(svchost.exe) | 28.89 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe [03/03/2021 14:00:51] 2144 | [Owner : chlod | Parent : 776(services.exe) | 35.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 10416 | [Owner : chlod | Parent : 776(services.exe) | 41.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 5472 | [Owner : chlod | Parent : 2720(svchost.exe) | 21.05 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 11:09:00] 11864 | [Owner : chlod | Parent : 1304(svchost.exe) | 13.81 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1503) = C:\Windows\System32\taskhostw.exe [12/02/2022 18:56:56] 2088 | [Owner : Système | Parent : 776(services.exe) | 17.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 12992 | [Owner : chlod | Parent : 9452() | 147.36 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.1586) = C:\Windows\explorer.exe [12/03/2022 11:41:03] 11904 | [Owner : chlod | Parent : 776(services.exe) | 19.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 4884 | [Owner : Système | Parent : 776(services.exe) | 8.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1992 | [Owner : chlod | Parent : 972(svchost.exe) | 75.52 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [12/02/2022 18:56:28] 5412 | [Owner : chlod | Parent : 972(svchost.exe) | 26.65 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 4672 | [Owner : chlod | Parent : 972(svchost.exe) | 143 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.1566) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [12/03/2022 11:42:55] 9764 | [Owner : chlod | Parent : 972(svchost.exe) | 27.3 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 6160 | [Owner : chlod | Parent : 972(svchost.exe) | 22.05 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.1320) = C:\Windows\System32\SettingSyncHost.exe [13/11/2021 15:53:42] 8180 | [Owner : chlod | Parent : 972(svchost.exe) | 48.98 Mo] - (.Microsoft Corporation - LockApp.exe.) - (10.0.19041.1503) = C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe [12/02/2022 18:56:52] 1340 | [Owner : chlod | Parent : 972(svchost.exe) | 13.9 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 8104 | [Owner : chlod | Parent : 972(svchost.exe) | 30.76 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 7380 | [Owner : chlod | Parent : 972(svchost.exe) | 17.17 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 13256 | [Owner : chlod | Parent : 972(svchost.exe) | 29.32 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.1566) = C:\Windows\System32\smartscreen.exe [12/03/2022 11:41:06] 11920 | [Owner : chlod | Parent : 12992(explorer.exe) | 13.55 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe [07/12/2019 11:08:41] 5424 | [Owner : chlod | Parent : 2356() | 32.54 Mo] - (.Piriform Software Ltd - CCleaner.) - (5.91.0.9537) = C:\Program Files\CCleaner\CCleaner64.exe [10/03/2022 17:51:02] 7732 | [Owner : chlod | Parent : 12992(explorer.exe) | 14.32 Mo] - (.Cisco Webex LLC - Cisco Webex Meetings.) - (10042.3.2022.310) = C:\Users\chlod\AppData\Local\WebEx\WebexHost.exe [21/03/2022 12:00:56] 12348 | [Owner : chlod | Parent : 10356() | 93.74 Mo] - (.Slack Technologies Inc. - Slack.) - (4.24.0.0) = C:\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [14/03/2022 23:49:25] 10988 | [Owner : chlod | Parent : 12992(explorer.exe) | 2.33 Mo] - (.Microsoft Corporation - Send to OneNote Tool.) - (16.0.14931.20132) = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE [12/03/2022 12:04:28] 10760 | [Owner : chlod | Parent : 12348(slack.exe) | 29.16 Mo] - (.Slack Technologies Inc. - Slack.) - (4.24.0.0) = C:\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [14/03/2022 23:49:25] 5824 | [Owner : chlod | Parent : 12348(slack.exe) | 74.75 Mo] - (.Slack Technologies Inc. - Slack.) - (4.24.0.0) = C:\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [14/03/2022 23:49:25] 5584 | [Owner : chlod | Parent : 12348(slack.exe) | 41.49 Mo] - (.Slack Technologies Inc. - Slack.) - (4.24.0.0) = C:\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [14/03/2022 23:49:25] 13308 | [Owner : chlod | Parent : 776(services.exe) | 9.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 11952 | [Owner : chlod | Parent : 972(svchost.exe) | 80.61 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19041.1320) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [13/11/2021 15:54:17] 6076 | [Owner : chlod | Parent : 12348(slack.exe) | 156.04 Mo] - (.Slack Technologies Inc. - Slack.) - (4.24.0.0) = C:\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [14/03/2022 23:49:25] 12640 | [Owner : chlod | Parent : 972(svchost.exe) | 26.76 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 8912 | [Owner : chlod | Parent : 972(svchost.exe) | 34.43 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.19041.746) = C:\Windows\System32\SystemSettingsBroker.exe [03/03/2021 13:59:13] 5728 | [Owner : chlod | Parent : 13036() | 15.14 Mo] - (.ASUSTeK COMPUTER INC. - ASUS On-Screen Display.) - (2.1.34.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOSD.exe [01/03/2022 21:07:06] 9808 | [Owner : chlod | Parent : 972(svchost.exe) | 55.46 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe [03/03/2021 14:01:29] 3936 | [Owner : chlod | Parent : 972(svchost.exe) | 94.65 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.14326.20544) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe [31/10/2021 14:36:02] 2736 | [Owner : chlod | Parent : 972(svchost.exe) | 28.96 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 1848 | [Owner : chlod | Parent : 972(svchost.exe) | 37.86 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.14326.20544) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe [31/10/2021 14:36:02] 12868 | [Owner : chlod | Parent : 776(services.exe) | 33.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 9516 | [Owner : chlod | Parent : 972(svchost.exe) | 27.56 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.19041.1566) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [12/03/2022 11:42:55] 13156 | [Owner : chlod | Parent : 972(svchost.exe) | 26.4 Mo] - (.Microsoft Corporation - Microsoft Outlook Calendar.) - (16.0.14326.20544) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe [31/10/2021 14:36:02] 9952 | [Owner : chlod | Parent : 3852(AsusSoftwareManager.exe) | 34.2 Mo] - (.ASUSTeK COMPUTER INC.? - ASUS Software Manager Agent.) - (3.2.38.0) = C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe [01/03/2022 21:07:42] 10928 | [Owner : chlod | Parent : 972(svchost.exe) | 45.72 Mo] - (.Microsoft Corporation -.) - (121.9202.4105.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe [12/02/2022 18:58:31] 552 | [Owner : chlod | Parent : 9528() | 232.31 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 12140 | [Owner : chlod | Parent : 552(firefox.exe) | 96.2 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 1324 | [Owner : chlod | Parent : 552(firefox.exe) | 128.25 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 6496 | [Owner : chlod | Parent : 552(firefox.exe) | 53.55 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 10088 | [Owner : chlod | Parent : 552(firefox.exe) | 62.08 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 3464 | [Owner : chlod | Parent : 552(firefox.exe) | 43.98 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 5896 | [Owner : chlod | Parent : 552(firefox.exe) | 32.34 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 7816 | [Owner : chlod | Parent : 552(firefox.exe) | 32.4 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 7536 | [Owner : chlod | Parent : 552(firefox.exe) | 32.26 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [14/03/2022 14:38:02] 9732 | [Owner : chlod | Parent : 972(svchost.exe) | 68.8 Mo] - (.Microsoft Corporation -.) - (1.22022.147.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe\YourPhone.exe [20/03/2022 21:25:21] 1204 | [Owner : Système | Parent : 972(svchost.exe) | 24.73 Mo] - (.Microsoft Corporation - MoUSO Core Worker Process.) - (10.0.19041.1503) = C:\Windows\System32\MoUsoCoreWorker.exe [12/02/2022 18:56:24] 7852 | [Owner : Système | Parent : 776(services.exe) | 29.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 10060 | [Owner : Système | Parent : 776(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1824 | [Owner : chlod | Parent : 972(svchost.exe) | 14.34 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [03/03/2021 14:00:06] 12112 | [Owner : chlod | Parent : 972(svchost.exe) | 70.92 Mo] - (.Microsoft Corporation - Windows Defender application.) - (10.0.19041.1566) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe [12/03/2022 11:41:24] 4140 | [Owner : chlod | Parent : 972(svchost.exe) | 10.02 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [12/02/2022 18:56:47] 2700 | [Owner : Système | Parent : 776(services.exe) | 12.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 1932 | [Owner : chlod | Parent : 972(svchost.exe) | 8.23 Mo] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe [12/02/2022 18:56:47] 9224 | [Owner : Système | Parent : 7956(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [12/03/2022 11:41:35] 9680 | [Owner : chlod | Parent : 12992(explorer.exe) | 54.29 Mo] - (.SosVirus - QuickDiag.) - (8.28.22.1) = C:\Users\chlod\Downloads\QuickDiag.exe [27/03/2022 13:44:47] 10744 | [Owner : SERVICE RÉSEAU | Parent : 972(svchost.exe) | 11.62 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [03/03/2021 14:03:58] ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\TextShaping.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (27.20.11044.13001) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (27.20.11044.13001) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (27.20.11044.13001) -- C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\atidxx64.dll (.Advanced Micro Devices, Inc..-.Radeon Settings: Host Service.) - (2.0.0.1788) -- C:\WINDOWS\SYSTEM32\amdihk64.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll (.The ICU Project.-.ICU Combined Library.) - (64.2.0.0) -- C:\Windows\System32\icu.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (..-..) - (0.0.0.0) -- c:\windows\system32\TextShaping.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL ---------- | Windows Installer Installations (Cisco Systems, Inc) Webex - Install. : 21/03/2022 - Package : C:\WINDOWS\Installer\26446df.msi (Microsoft Corporation) Office 16 Click-to-Run Extensibility Component - Install. : 06/03/2022 - Package : c:\WINDOWS\Installer\262bb1.msi (Microsoft Corporation) Office 16 Click-to-Run Localization Component - Install. : 06/03/2022 - Package : c:\WINDOWS\Installer\262bd5.msi (Microsoft Corporation) Office 16 Click-to-Run Licensing Component - Install. : 06/03/2022 - Package : c:\WINDOWS\Installer\262bf4.msi (ICEpower a/s) AudioWizard - Install. : 15/06/2019 - Package : C:\Windows\Installer\79397.msi (Microsoft Corporation) Contrôle d’intégrité du PC Windows - Install. : 09/11/2021 - Package : C:\WINDOWS\Installer\4af1c014.msi (Microsoft Corporation) Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 - Install. : 02/09/2021 - Package : C:\WINDOWS\Installer\472d8ee8.msi () - Install. : // - Package : (Microsoft Corporation) Teams Machine-Wide Installer - Install. : 17/07/2020 - Package : C:\Windows\Installer\2473d8.msi (Microsoft Corporation) Microsoft Update Health Tools - Install. : 11/03/2022 - Package : C:\WINDOWS\Installer\13a1f.msi (Microsoft Corporation) Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 - Install. : 02/09/2021 - Package : C:\WINDOWS\Installer\472d8ee3.msi ---------- | Windows Updates KB5010472 - Installed On : 02/25/2022 - [Update] KB4562830 - Installed On : 03/03/2021 - [Update] KB4577586 - Installed On : 03/13/2021 - [Update] KB4580325 - Installed On : 03/04/2021 - [Security Update] KB4589212 - Installed On : 03/16/2021 - [Update] KB4598481 - Installed On : 03/03/2021 - [Security Update] KB5003791 - Installed On : 02/09/2022 - [Update] KB5011487 - Installed On : 03/12/2022 - [Security Update] KB5006753 - Installed On : 11/12/2021 - [Update] KB5007273 - Installed On : 12/18/2021 - [Update] KB5011352 - Installed On : 02/12/2022 - [Security Update] KB5005699 - Installed On : 09/16/2021 - [Security Update] ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup C:\Users\chlod\AppAdata\Roaming\Microsoft\Start Menu\Programs\Startup\Envoyer à OneNote.lnk|Envoyer à OneNote : Envoyer à OneNote.lnk [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CCleaner Smart Cleaning] : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[com.squirrel.Teams.Teams] : C:\Users\chlod\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CiscoMeetingDaemon] : "C:\Users\chlod\AppData\Local\WebEx\WebexHost.exe" /daemon /runFrom=autorun [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[CiscoSpark] : C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk /minimized /autostartedWithWindows=true [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[com.squirrel.slack.slack] : "C:\Users\chlod\AppData\Local\slack\slack.exe" --process-start-args --startup [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SecurityHealth] : %windir%\system32\SecurityHealthSystray.exe [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR "com.squirrel.Teams.Teams"=C:\Users\chlod\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" "CiscoMeetingDaemon"="C:\Users\chlod\AppData\Local\WebEx\WebexHost.exe" /daemon /runFrom=autorun "CiscoSpark"=C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk /minimized /autostartedWithWindows=true "com.squirrel.slack.slack"="C:\Users\chlod\AppData\Local\slack\slack.exe" --process-start-args --startup [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP DeskJet 3630 series [A54034],winspool,Ne06: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x040000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D835F553FF10E1 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List ASUS Optimization 36D18D69AFC3 ASUS Update Checker 2.0 AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 CCleaner Update CCleanerSkipUAC - chlod GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA MicrosoftEdgeUpdateTaskMachineCore MicrosoftEdgeUpdateTaskMachineCore1d7104977154efe MicrosoftEdgeUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-2842346516-3525720642-4283951694-500 ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=54 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [15/06/2019 17:38:27] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "LsaPid"=832 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SamConnectedAccountsExist"=1 "SecureBoot"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "AutoChkSkipSystemPartition"=0 "PendingFileRenameOperations"=\??\C:\Windows\Temp\ebab2da4-ec1e-4afa-9d4d-925104ec1b44.tmp [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=1982665c-a592-49cd-ad67-eeab06e "GlassSessionId"=2 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "WallPaper"=C:\Users\chlod\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img_20190629_204009.jpg [05/03/2022 16:16:45] "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100FDFA010020090000D806000052CF05A59B30D80143003A005C00550073006500720073005C00630068006C006F0064005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C0052006F0061006D00650064005400680065006D006500460069006C00650073005C004400650073006B0074006F0070004200610063006B00670072006F0075006E0064005C0069006D0067005F00320030003100390030003600320039005F003200300034003000300039002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "EdgeDesktopShortcutCreated"=1 "ExcludedFromStableAnaheimDownloadPromotionSL"=1 "ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DFF070000BD0E0C47735D584D9CEDE91E22E23282280900000114020000000000C000000000000046310A00005D54A9A2C2A0B4429708A0B2BADD77C838160000FB9A790967ADD111ABCD00C04FC30936D3090000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=5 "GlobalAssocChangedCounter"=311 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=2 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xFAF83A6200000000 "ReindexedProfile"=1 "ShowCortanaButton"=0 "ShowTaskViewButton"=0 [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0x06000000050000000400000003000000020000000100000000000000FFFFFFFF "0"=0x7200E900740072000000 "1"=0x7200E900740072006F000000 "2"=0x7200E900740072006F00730070006500630074006900760065000000 "3"=0x6D006F0074000000 "4"=0x700072006F00660069006C002000630061006E00640069006400610074000000 "5"=0x43003A005C00550073006500720073005C00630068006C006F0064005C0041007000700044006100740061005C004C006F00630061006C005C0047006F006F0067006C0065005C004300680072006F006D0065005C005500730065007200200044006100740061005C00440065006600610075006C0074005C0045007800740065006E00730069006F006E0073005C00630061006C006A0067006B006C00620062006600620063006A006A0061006E00610069006A006C006100630067006E006300610066007000650067006C006C000000 "6"=0x43003A005C00550073006500720073005C00630068006C006F0064005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004F007000650072006100200053006F006600740077006100720065005C004F007000650072006100200053007400610062006C0065005C0045007800740065006E00730069006F006E0073005C00640061006C0065006C006E006E006F0066006100660061006C0063006D006B006D006E006800640062006900670062006A006A006B006C006F00610062006F000000 [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=10 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=30 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19044 "FirstLogon"=0 "PUUActive"=0x23E86B5701002E0058017705CF332D00BECF3800BECF3800D200000002008A00E849320D0CAC9C0172A55300B5C7160098AF0D00D943050000000000000000002021120082923C006B4B0100F31C0000B4536D7A4E41D801CF332D000000000001000000CF332D00624A00004A0800003428210000000000 "DP"=0xD200E80041022E005F01000023E86B5700000000000000009E43CC49CF41D8019E43CC49CF41D801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100DD06008044C8400C46D8491C942200800A4610608A6E1874457B0040262A0E0536EA0E05229F008008801026198650264A2300C02488605BB788605B04D900C00304115403241154964B00000A49314A0A49314AFCE000800128270A0328270AE2D100806300602A6F80E03A891301004192A0237392B063D71D00809005610090056B10 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "LastLogOffEndTimePerfCounter"=21090265484 "ShutdownFlags"=2147483687 "DisableCad"=1 "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-2842346516-3525720642-4283951694-1001 "LastUsedUsername"=chlod [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Raccourci Internet [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/03/2022 11:42:54] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [12/03/2022 11:42:54] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_1e9dfd653788b823\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8CD01008352020001000000000000000000000A7122000067077CBAC54CD40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000567D4000000000000100000001000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\18.143.0717.0002\FileSyncConfig.exe"=0x534143500100000000000000070000002800000038050400D61B040001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x53414350010000000000000007000000280000006839230226BC230201000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078AD0500288B060001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\avira_fr_sptl1_1987588197-1594913851__pavwws (1).exe"=0x5341435001000000000000000700000028000000504B42004F30430001000000000000000000000A0021000067077CBAC54CD4010000000000000000020000002800000000000000000000400000000000000000000000000000000060A34600000000000100000001000000 "C:\Users\chlod\AppData\Local\Programs\Opera\69.0.3686.77\opera.exe"=0x534143500100000000000000070000002800000018CA0F008C0E100001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_1.4.1.0_x64__wafk5atnkzcwy\McAfeeSecurityFT.exe"=0x5341435001000000000000000700000028000000F0310F00E2E60F0001000000000000000000000A7122000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000065040000000000000100000001000000 "C:\Program Files\mcafee\msc\mcuihost.exe"=0x5341435001000000000000000700000028000000989217000432180003000000000000000000000A0021000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000072A40900000000000100000001000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_87033250b5ee4e4b\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B0C901001456020001000000000000000000000A71220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000033DFDD06000000000A0000000A000000 "C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_1.4.1.0_x64__wafk5atnkzcwy\McAfeeSecurityStartup.exe"=0x534143500100000000000000070000002800000060E10E0014690F0001000000000000000000000A7122000067077CBAC54CD401000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000100000001000000 "C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.2.22.0_x64__qmba6cd70vzyy\TrayIcons\SysTray.exe"=0x5341435001000000000000000700000028000000009E00000000000001000000000000000000000A7522000067077CBAC54CD4010000000000000000 "C:\Users\chlod\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Firefox Installer (1).exe"=0x534143500100000000000000070000002800000040190500CB0A060001000000000000000000000A0021000067077CBAC54CD40100000000000000000200000028000000000000000000000000000000000000000000000000000000769A0100000000000100000001000000 "C:\Users\chlod\Downloads\Setup.Def.fr-fr_O365ProPlusRetail_0a08073a-b188-45c2-9250-232117f68eb4_TX_DB_Platform_def_b_32_.exe"=0x534143500100000000000000070000002800000018495400671D550001000000000000000000000A0021000067077CBAC54CD401000000000000000002000000280000000000000000000000000000000000000000000000000000001F8A1700000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x534143500100000000000000070000002800000088536B01FE8C6B0101000000000000000000000A0021000067077CBAC54CD401000000000000000002000000280000000000000000000000000000000000000000000000000000008B014E00000000000200000002000000 "C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2005.1191.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x5341435001000000000000000700000028000000788B02008B16030001000000000000000000000A7322000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000054150500000000000B0000000B000000 "C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"=0x5341435001000000000000000700000028000000388906001BA7060001000000000000000000000A0021000067077CBAC54CD4010000009100000000 "C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE"=0x534143500100000000000000070000002800000040E9D400C75BD50001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe"=0x534143500100000000000000070000002800000000F20800A4F3080001000000000000000000000A0021000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000023020000000000000100000001000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000784718009FA4180001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\20.084.0426.0007\OneDriveSetup.exe"=0x53414350010000000000000007000000280000006839230226BC230203000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\Downloads\Setup.Def.fr-fr_O365ProPlusRetail_0a08073a-b188-45c2-9250-232117f68eb4_TX_DB_Platform_def_b_32_(2).exe"=0x534143500100000000000000070000002800000018495400671D550001000000000000000000000A0021000067077CBAC54CD40100000000000000000200000028000000000000000000000000000000000000000000000000000000D4A30600000000000100000001000000 "C:\Program Files\Microsoft Office\root\Client\AppVLP.exe"=0x5341435001000000000000000700000028000000F8A20700856A080001000000000000000000000A7322000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000065330000000000000100000001000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\OneDriveSetup.exe"=0x534143500100000000000000070000002800000030A7A901A1CAA90103000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Users\chlod\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060F20300FE84040001000000000000000000000A0021000067077CBAC54CD4010000000100000000 "C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.2.24.0_x64__qmba6cd70vzyy\TrayIcons\SysTray.exe"=0x534143500100000000000000070000002800000000C000000000000001000000000000000000000A7522000067077CBAC54CD4010000000000000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe"=0x534143500100000000000000070000002800000000E60C000000000001000000000000000000000A7320000067077CBAC54CD4010000000000000000020000002800000000000000000000100000000000000000000000000000000006FBF705000000000400000004000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_b12b0d488bd75133\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C90100ACEC010001000000000000000000000A71220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F42A1B0B000000001000000010000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x53414350010000000000000007000000280000006841770536F2770501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000C23C9900000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000785BA1003FB2A10001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000163F5A00000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.63.76.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000068417705C67B770501000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000004968840A000000000800000008000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_22267681cfd21a01\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B0C90100ABD1010001000000000000000000000A71220000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000041587A00000000000400000004000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4adc4e10849b3775\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B0C90100BA03020001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000EBB1AF01000000000900000009000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_97ceb891018f1ecb\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C9010047DB010001000000000000000000000A71220000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006054B700000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_38716246a7897090\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C90100CD25020001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000009A0FDA05000000000D0000000D000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_cbcfcc6f16a7a444\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C90100B207020001000000000000000000000A71220000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009941C61C000000000D0000000D000000 "C:\Users\chlod\Downloads\Zoom_cm_fo42anktZ9vvrZo4_m5x1uALo30fApRUZGHqZd5-7XJUI+a9VYddcy@sH53M3fTRx9kAwvM_k28a2fdd39d30ba23_.exe"=0x5341435001000000000000000700000028000000584501008830020001000000000000000000000A71200000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000073B03500000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000068CF6B05B3BF6C0501000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000001000000000000000000000000000000000FCA52900000000000100000001000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000078D36B05E1CE6C0501000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000010000000000000000000000000000000003CA9C61C000000000600000006000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B0C90100E2D0010001000000000000000000000A71220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D2B65B11000000000900000009000000 "C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.74.0_x86__kzf8qxf38zg5c\Skype\Skype.exe"=0x534143500100000000000000070000002800000078D36B05CA846C0501000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_34ba03d292044348\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C901007C1D020001000000000000000000000A71220000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004D68B211000000001100000011000000 "C:\Users\chlod\AppData\Local\Programs\Opera\assistant\assistant_installer.exe"=0x5341435001000000000000000700000028000000184A1B0023111C0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Users\chlod\Downloads\adwcleaner_8.0.8.exe"=0x5341435001000000000000000700000028000000B0E480009F05810001000000000000000000000A00210000631F6E6F0EDED4010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000023380100000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_691a21c543c43f9c\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B0C90100E81D020001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000007E2FA202000000000400000004000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_fd308420000a4872\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C90100D7DD010001000000000000000000000A71220000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008B055E2A000000001000000010000000 "C:\Users\chlod\Downloads\ccsetup575.exe"=0x534143500100000000000000070000002800000030F4D101C568D20101000000000000000000000A00210000631F6E6F0EDED4010000000000000000 "C:\Program Files\Windows Photo Viewer\ImagingDevices.exe"=0x5341435001000000000000000700000028000000987E010099FF010001000000010000000000000A63220000631F6E6F0EDED4010000000000000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_206cee59ee512fde\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C90100C918020001000000000000000000000A71220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E4ED7E0B000000000A0000000A000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_51f81f063870aea7\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C901008757020001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A7E0D00B000000001000000010000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_2346917970a59cb8\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000C8C90100C603020001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000000F84E507000000001B0000001B000000 "C:\Users\chlod\AppData\Local\Temp\{_av_312d9252-c71c-4c84-b171-f4ad46e22098}\ccleaner_browser_setup-mini.exe"=0x5341435001000000000000000700000028000000588210000559110001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000020480100000000000100000001000000 "C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe"=0x5341435001000000000000000700000028000000A8A22200ACCF220001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000022180C00000000000200000002000000 "C:\Program Files (x86)\CCleaner Browser\CCleanerBrowserUninstall.exe"=0x5341435001000000000000000700000028000000F041340027C0340003000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000CEC80000000000000100000001000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_614f48546dc6ba1a\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C90100B7ED010001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000090B17E1F000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_2820868d17e87ae3\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000C0C90100AB28020001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005E1DCE10000000001400000014000000 "C:\Users\chlod\AppData\Local\Programs\Opera\launcher.exe"=0x5341435001000000000000000700000028000000985C18002914190003000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000008000000000000000000000000000000000000000B64F0000000000000100000001000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_e72ab2c70c461382\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C90100B2C9020001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000052BBEA07000000001100000011000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_01fd3efad471825c\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000C0C90100C07C020001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008AE5C809000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_ac0d3009ceef8adb\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000C0C90100F188020001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CC110800000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_28e1c6a7bb6d6b9e\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000A8C9010074F6010001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FDC41109000000000600000006000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_33c21db80f95a337\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C901008264020001000000000000000000000A7122000050BB64EDDDACD5010000000000000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0ec822756ef2f7a9\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8C90100FD8E020001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006EB2D806000000001200000012000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_31188efe6ea572b9\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000080CE0100B67D020001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000065DC1B0C000000001700000017000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000090CE01001720020001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CAB67E12000000001400000014000000 "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"=0x534143500100000000000000070000002800000068692800CBE9280001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000ECF16B12000000005402000054020000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_0bc4d1cbbe22f0db\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000080CE010042B1020001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000743D780D000000001300000013000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_d385bdc0d33d66f9\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000090CE01008D53020001000000000000000000000A7122000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BF5D122A000000000D0000000D000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_91393079eeadb8f1\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000080CE010041DB010001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007EBDC70C000000000600000006000000 "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"=0x5341435001000000000000000700000028000000A0330F00E8A10F0003000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000492D0000000000000200000002000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_85e069e041269e42\ASUSOptimization\AsusOSD.exe"=0x534143500100000000000000070000002800000080CE010020B9020001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000012C11E13000000001E0000001E000000 "C:\Users\chlod\AppData\Local\Microsoft\Teams\current\Teams.exe"=0x5341435001000000000000000700000028000000300D4006A58C400601000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D70B0000000000000200000002000000 "C:\Users\chlod\Downloads\SlackSetup.exe"=0x534143500100000000000000070000002800000040ABBA053600BB050100000000000000000003060001000050BB64EDDDACD5010000000000000000 "C:\Users\chlod\AppData\Local\slack\app-4.23.0\slack.exe"=0x534143500100000000000000070000002800000040455208701C530801000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000071020000000000000100000001000000 "C:\Users\chlod\AppData\Local\slack\slack.exe"=0x534143500100000000000000070000002800000040B90400B1CB040001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000320F0000000000000400000004000000 "C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"=0x5341435001000000000000000700000028000000D0DF0C0083E70C0001000000000000000000000A7522000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000096AC000F000000000300000003000000 "C:\Users\chlod\AppData\Roaming\Zoom\bin\Zoom.exe"=0x5341435001000000000000000700000028000000284F040035A1040001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000007040000000000000400000004000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_8c13dfd9a3013c06\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8CE010012BC020001000000000000000000000A7122000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005B96D902000000000C0000000C000000 "C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000080EA1F02D4B0200201000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000E8030000000000000100000001000000 "C:\Users\chlod\Downloads\Teams_windows_x64.exe"=0x534143500100000000000000070000002800000048A37A07A5BD7A070100000000000000000003060001000050BB64EDDDACD5010000000000000000 "C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOSD.exe"=0x5341435001000000000000000700000028000000B8CE010055D2010001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000065EFD00E000000001900000019000000 "C:\Users\chlod\AppData\Local\Microsoft\Teams\Update.exe"=0x53414350010000000000000007000000280000001007260017C4260001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F8100000000000000100000001000000 "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"=0x53414350010000000000000007000000280000006805E503BBA3E50301000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000780519002C22190001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Bootstrapper.exe"=0x5341435001000000000000000700000028000000F8A954004AC2540001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000003F30500000000000100000001000000 "C:\Users\chlod\Downloads\avira_registry_cleaner_en.exe"=0x5341435001000000000000000700000028000000888D3000B1A0300001000000000000000000000A7122000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400400000000000000000000000000000081260700000000000600000006000000 "C:\Users\chlod\Downloads\adwcleaner_8.3.1.exe"=0x5341435001000000000000000700000028000000B8508200C9CB820001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FC6E0200000000000100000001000000 "C:\Users\chlod\OneDrive\Bureau\adwcleaner_8.3.1.exe"=0x5341435001000000000000000700000028000000B8508200C9CB820001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B1080200000000000200000002000000 "C:\Users\chlod\Downloads\MBSetup.exe"=0x5341435001000000000000000700000028000000B8482500E8C3250001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000059E0000000000000200000002000000 "C:\Users\chlod\Downloads\MBSetup(1).exe"=0x5341435001000000000000000700000028000000B8482500E8C3250001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000B8F80C013EF70D0101000000000000000000000A7322000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C51F3300000000000200000002000000 "C:\Program Files\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000580928007480280001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000D1F21600000000000300000003000000 "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x534143500100000000000000070000002800000040978D02175E8E0201000000000000000000000A0021000050BB64EDDDACD5010000009100000000 "C:\Users\chlod\OneDrive\Bureau\FRST64.exe"=0x5341435001000000000000000700000028000000001624007BA6240001000000000000000000000A0021000050BB64EDDDACD501000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006F640500000000000100000001000000 "C:\Users\chlod\OneDrive\Bureau\kprm_2.9.3.exe"=0x5341435001000000000000000700000028000000E8E42A00F1312B0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FC400100000000000100000001000000 "C:\Users\chlod\Downloads\mendeley-reference-manager-2.67.0.exe"=0x534143500100000000000000070000002800000068ED5D03B3E65E0301000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000BD680000000000000100000001000000 "C:\Users\chlod\AppData\Local\Programs\Mendeley Reference Manager\Mendeley Reference Manager.exe"=0x534143500100000000000000070000002800000020143706D4B2370601000000000000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe"=0x534143500100000000000000070000002800000088C7BF005E9BC00001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000040000000000000000000000000000001D1D0000000000000100000001000000 "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000489B1C003EE71C0001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\chlod\Downloads\webex.exe"=0x5341435001000000000000000700000028000000E07D0600CB33070001000000000000000000000A7122000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000ADDF0100000000000100000001000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000B83D09005DF7090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000B8381600D0E8160001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000009A100000000000000500000005000000 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x5341435001000000000000000700000028000000B8B135001CFE350001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000B7060000000000000400000004000000 "C:\Users\chlod\Downloads\Clean_Dns.exe"=0x5341435001000000000000000700000028000000F0DA3100D8C8320001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000FBA40000000000000100000001000000 "C:\Users\chlod\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000F0444500FEBC450001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 ---------- | IFEO ---------- | Mountpoints2 [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{e6b880c5-81dc-11ec-8f3d-a42cc72ed704}] : "E:\HiSuiteDownLoader.exe" (AutoRun) ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132592623996100268 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "DisableAntiSpyware"=0 "TrustedImageIdentifier"={X411QA00-0000-0000-0000-000000000000} "ProductType"=2 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\ "ProductStatus"=0 "InstallTime"=0x775CF1449223D501 "OOBEInstallTime"=0x0E25259F865BD601 "ManagedDefenderProductType"=0 "LastEnabledTime"=0x9CD5D83F3341D801 "DisableAntiVirus"=0 "HybridModeEnabled"=0 "VerifiedAndReputableTrustModeEnabled"=0 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2201.10-0 "IsServiceRunning"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 localhost ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.214.78] avec 32 octets de donn?es?: R?ponse de 216.58.214.78?: octets=32 temps=56 ms TTL=115 R?ponse de 216.58.214.78?: octets=32 temps=20 ms TTL=115 R?ponse de 216.58.214.78?: octets=32 temps=67 ms TTL=115 R?ponse de 216.58.214.78?: octets=32 temps=56 ms TTL=115 Statistiques Ping pour 216.58.214.78: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 20ms, Maximum = 67ms, Moyenne = 49ms ---------- | @ [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://asus17win10.msn.com/?pc=ASTE "Default_Page_URL"=http://asus17win10.msn.com/?pc=ASTE "DisableFirstRunCustomize"=3 "ImageStoreRandomFolder"=qv5sjrt "AllowWindowReuse"=0 [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0xAA5141E51136D801 "WarnonZoneCrossing"=0 "LockDatabase"=132927049514775575 "EnableHttp1_1"=1 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [03/03/2021 14:02:42] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.52\BHO\ie_to_edge_bho.dll [26/03/2022 14:01:23] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [05/03/2022 18:37:56] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.52\BHO\ie_to_edge_bho.dll [26/03/2022 14:01:23] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [05/03/2022 18:37:56] ---------- | Chrome C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\chlod\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail - Google & co - [*://mail.google.com/mail] - https://clients2.google.com/service/update2/crx ---------- | Opera C:\Users\chlod\AppData\Roaming\Opera Software\Opera Stable\extensions\dalelnnofafalcmkmnhdbigbjjkloabo = : __MSG_extDescription__ - __MSG_extName__ - https://extension-updates.opera.com/api/omaha/update/ C:\Users\chlod\AppData\Roaming\Opera Software\Opera Stable\extensions\enegjkbbakeegngfapepobipndnebkdk = - Rich Hints Agent - https://extension-updates.opera.com/api/omaha/update/ C:\Users\chlod\AppData\Roaming\Opera Software\Opera Stable\extensions\pcgkmkjdikhiodinhloioejnpjgmfigd = : __MSG_extDescription__ - __MSG_extName__ - permissions:[\u003Call_urls>tabsproxystoragewebRequestwebRequestBlocking] - https://extension-updates.opera.com/api/omaha/update/ ---------- | Firefox [HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL C:\Users\chlod\AppData\Roaming\Mozilla\Firefox\Profiles\9c7zlayj.default-release-1641823638433\Prefs.js user_pref("browser.startup.homepage_override.buildID", "20220322144853"); user_pref("browser.startup.homepage_override.mstone", "98.0.2"); user_pref("extensions.activeThemeID", "default-theme@mozilla.org"); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.databaseSchema", 35); user_pref("extensions.getAddons.cache.lastUpdate", 1648297625); user_pref("extensions.getAddons.databaseSchema", 6); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20220322144853"); user_pref("extensions.lastAppVersion", "98.0.2"); user_pref("extensions.lastPlatformVersion", "98.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.ui.sitepermission.hidden", true); user_pref("extensions.webcompat.enable_shims", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"17865b43-6704-43d7-a87c-fe230d965d1f\",\"formautofill@mozilla.org\":\"af0f01f3-2ebd-45a1-a9dd-4fd1eee77aac\",\"pictureinpicture@mozilla.org\":\"365592a8-6245-4fe2-88e0-18ebe552fec3\",\"proxy-failover@mozilla.com\":\"f001b2d4-b562-4396-bb47-91c276a425a8\",\"screenshots@mozilla.org\":\"b36866ee-c85e-4401-8b1c-67bc9f832da3\",\"webcompat-reporter@mozilla.org\":\"7f96d521-a4c3-498e-ab64-6586a8d1daf2\",\"webcompat@mozilla.org\":\"8d470513-3fd7-4422-8327-53ce90f487c1\",\"default-theme@mozilla.org\":\"da16a7be-bfc3-4e4c-9f27-d835c76dafbc\",\"addons-search-detection@mozilla.com\":\"1ebd3bc8-7db3-48c8-8693-41edeec536bb\",\"google@search.mozilla.org\":\"ec84a8a2-8259-4828-b8ad-d6bea8102478\",\"wikipedia@search.mozilla.org\":\"c16b0d5a-c754-49eb-97d7-2afe1d4d612f\",\"bing@search.mozilla.org\":\"8831f08f-1dcb-4a26-a067-e217d7fb8573\",\"ddg@search.mozilla.org\":\"f9850ce6-cc65-4dda-a51e-3622873d11b7\",\"ebay@search.mozilla.org\":\"b6fa77c4-655b-48bf-a1ba-c4e69f9382be\",\"qwant@search.mozilla.org\":\"328e43dc-c990-4f09-b621-fb34d589d8fb\",\"amazon@search.mozilla.org\":\"0a19d438-d4b0-496e-b381-efeab182b3c1\"}"); [Profile0] - Name=default-release -> Profiles/9c7zlayj.default-release-1641823638433 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{43fc73df-39e0-4a5d-9186-79aa1479ddb0}] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{c956a842-a4f1-41d7-a420-f06478cd5cc8}] "DhcpNameServer"=192.168.155.65 192.168.155.66 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{de7b3665-bf3c-49f9-a148-607963853d0b}] "DhcpNameServer"=89.2.0.1 89.2.0.2 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{43fc73df-39e0-4a5d-9186-79aa1479ddb0}] "DhcpNameServer"=192.168.43.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c956a842-a4f1-41d7-a420-f06478cd5cc8}] "DhcpNameServer"=192.168.155.65 192.168.155.66 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{de7b3665-bf3c-49f9-a148-607963853d0b}] "DhcpNameServer"=89.2.0.1 89.2.0.2 ---------- | Applications [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc ConsentUxUserSvc DevicePickerUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "AarSvcGroup"=AarSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\AMD] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\AppDataLow] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\ATI] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\AvastAdSDK] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Avira] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\b4b58389-01e4-5dfd-9842-aad36733657a] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Chromium] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Cisco] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Cisco Spark Native] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Cisco Systems, Inc.] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Clients] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Google] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\IM Providers] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Intel] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Macromedia] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Malwarebytes] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Mozilla] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Netscape] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\ODBC] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Opera Software] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Piriform] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Policies] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\QtProject] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\RegisteredApplications] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\SyncEngines] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\WebEx] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Wow6432Node] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\ZoomUMX] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\AppV] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Connection Manager] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\DeviceDirectory] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Edge] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\EdgeUpdate] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\EdgeWebView] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Exchange] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\FamilyStore] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Ieak] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\IMEMIP] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Installer] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Internet Mail and News] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Messaging] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\MicrosoftEdge] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\MPEG2Demultiplexer] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\MS Design Tools] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Office] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Payment] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\PlayToReceiver] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Print] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Shared] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Shared Tools] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\StorageLibrary] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\VBA] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows Defender Security Center] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows Media] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\Wlansvc] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\RestartManager] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\ASUS] [HKLM\Software\Atheros] [HKLM\Software\Clients] [HKLM\Software\Conexant] [HKLM\Software\CVSM] [HKLM\Software\CxUIUSvc] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\ICEpower] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\Lenovo] [HKLM\Software\Logitech] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\SyncIntegrationClients] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppModel] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\AppV] [HKLM\SOFTWARE\Microsoft\AppVISV] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\CloudManagedUpdate] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Edge] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\Hub] [HKLM\SOFTWARE\Microsoft\Hvsi] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\Office] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\PCHC] [HKLM\SOFTWARE\Microsoft\PCHealthCheck] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\Pim] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RAS AutoDial] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Schema Library] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Shared] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\StrongName] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Uev] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\SOFTWARE\Microsoft\XboxLive] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\ASUS] [HKLM\Software\WOW6432Node\Avira] [HKLM\Software\WOW6432Node\Conexant] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Piriform] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\Edge] [HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\InputPersonalization] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\Personalization] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Schema Library] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\SoftGrid] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\VisualStudio] [HKLM\Software\WOW6432Node\Microsoft\VSTA Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\VSTO Runtime Setup] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives D: ---------- | C: [15/09/2018 09:33:50] - |SHD| - [4118724081] - C:\$Recycle.Bin [11/03/2022 23:01:29] - |HD| - [0] - C:\$WinREAgent [26/03/2022 19:05:50] - |D| - [267452] - C:\Clean_Dns [MD5.404E936BDD05E625C49B9BD08D6D8580] - [15/06/2019 17:20:48] - |AH| - (.-.) - [12654] - (0.0.0.0) - C:\devlist.txt [15/06/2019 17:21:40] - |SHD| - [0] - C:\Documents and Settings [02/04/2021 12:05:52] - |D| - [68621003] - C:\DRIVERS [MD5.87F04859ED45036608D958CA87EA35D3] - [03/03/2021 18:17:48] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/03/2021 18:17:48] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [07/12/2018 09:04:28] - |D| - [786557143] - C:\eSupport [MD5.01224851F19C9423A1D7E06F44DBFB6A] - [15/06/2019 17:20:48] - |AH| - (.-.) - [9] - (0.0.0.0) - C:\Finish.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/06/2019 16:56:56] - |ASH| - (.-.) - [3200786432] - (0.0.0.0) - C:\hiberfil.sys [13/03/2022 22:30:21] - |D| - [1531] - C:\KPRM [07/05/2021 15:23:05] - |D| - [64] - C:\Microsoft [16/07/2020 17:37:34] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/06/2019 17:51:33] - |ASH| - (.-.) - [8053063680] - (0.0.0.0) - C:\pagefile.sys [07/12/2019 11:14:52] - |D| - [0] - C:\PerfLogs [07/12/2019 11:14:52] - |RD| - [10994023467] - C:\Program Files [07/12/2019 11:14:52] - |RD| - [1682035278] - C:\Program Files (x86) [07/12/2019 11:14:52] - |HD| - [1549206717] - C:\ProgramData [27/03/2022 13:45:22] - |D| - [33] - C:\QuickDiag [MD5.915FACED32144FEAB096165F9508F3D9] - [27/03/2022 13:45:28] - |A| - (.-.) - [195355] - (0.0.0.0) - C:\QuickDiag.txt [15/06/2019 17:50:37] - |HD| - [1130438154] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/06/2019 17:51:33] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [15/06/2019 17:42:58] - |SHD| - [0] - C:\System Volume Information [07/12/2019 11:03:44] - |RD| - [65578365775] - C:\Users [07/12/2019 11:03:44] - |D| - [27613980774] - C:\Windows ---------- | C:\WINDOWS [07/12/2019 16:51:10] - |D| - [802] - C:\WINDOWS\addins [07/12/2019 11:14:52] - |D| - [14664077] - C:\WINDOWS\appcompat [07/12/2019 11:14:52] - |D| - [9914974] - C:\WINDOWS\apppatch [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\AppReadiness [MD5.13E0030B9CB1C4D4569726175E1CE08E] - [12/02/2019 04:27:36] - |A| - (.-.) - [27] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt [MD5.6070200584D5005EF5FB5D3649D87979] - [09/03/2018 08:38:35] - |A| - (.-.) - [73] - (0.0.0.0) - C:\WINDOWS\AsEDNVer.txt [MD5.74119F9EA062F8A7C6AF13F866E2FF72] - [07/12/2018 09:04:28] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt [MD5.B6EFE363EC0194113022B1617F7D2814] - [15/06/2019 17:50:34] - |A| - (.-.) - [57] - (0.0.0.0) - C:\WINDOWS\AsKitVer.txt [MD5.67A0F21F87E7FC661293701AEA4C6E1E] - [01/10/2018 08:00:53] - |A| - (.-.) - [79] - (0.0.0.0) - C:\WINDOWS\AsOFSVer.txt [MD5.8FC84839FE333AF0AE7E71EF79B9B1A7] - [15/06/2019 17:50:58] - |A| - (.-.) - [96] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt [MD5.C51FD42B81FE57FB3222760DC8435CAF] - [15/06/2019 17:50:32] - |A| - (.-.) - [63] - (0.0.0.0) - C:\WINDOWS\AsProcKitVer.txt [07/12/2019 11:14:52] - |RD| - [1137528693] - C:\WINDOWS\assembly [MD5.449E136C19D56BE5D6B92243ED2940C7] - [15/06/2019 17:50:58] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt [07/12/2018 09:04:28] - |AD| - [15702641] - C:\WINDOWS\ASUS [07/12/2019 11:14:52] - |D| - [785153] - C:\WINDOWS\bcastdvr [MD5.820B97429E4153A743708B376807EE69] - [16/09/2021 22:24:05] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [81408] - (10.0.19041.1237) - C:\WINDOWS\bfsvc.exe [07/12/2019 11:14:52] - |D| - [40891632] - C:\WINDOWS\Boot [MD5.65429DFFA6CB8AA120198ABB3557A13A] - [03/03/2021 14:29:02] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [07/12/2019 11:14:52] - |D| - [2450432] - C:\WINDOWS\Branding [07/12/2019 11:03:44] - |D| - [0] - C:\WINDOWS\CbsTemp [07/12/2019 11:14:52] - |D| - [36685122] - C:\WINDOWS\Containers [MD5.C6C52AF48A75DCC59644DC894D2F524E] - [07/12/2019 16:53:23] - |A| - (.-.) - [29857] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.1F334AC7713E228137147CBFBB7BC9AA] - [30/10/2018 00:53:11] - |A| - (.-.) - [33951] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.D7D0F26E1BAE96C44DA83442F67A4114] - [07/12/2018 09:44:08] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt [07/12/2019 11:14:52] - |D| - [11501377] - C:\WINDOWS\Cursors [29/07/2020 11:02:33] - |D| - [372548] - C:\WINDOWS\CxSvc [07/12/2019 11:14:52] - |D| - [21028099] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [03/03/2021 18:25:08] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [07/12/2019 11:14:52] - |D| - [4307035] - C:\WINDOWS\diagnostics [07/12/2019 11:14:52] - |D| - [1702804] - C:\WINDOWS\DiagTrack [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [03/03/2021 18:25:08] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [07/12/2019 16:49:55] - |D| - [0] - C:\WINDOWS\DigitalLocker [07/12/2019 11:14:52] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [07/12/2019 11:14:52] - |HD| - [66600] - C:\WINDOWS\ELAMBKUP [07/12/2019 16:49:55] - |D| - [0] - C:\WINDOWS\en-US [MD5.25C8B9AE873248CD98AB17539F5B1F15] - [12/03/2022 11:41:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4967688] - (10.0.19041.1586) - C:\WINDOWS\explorer.exe [27/07/2020 13:22:01] - |D| - [8390656] - C:\WINDOWS\Firmware [07/12/2019 11:14:52] - |RSD| - [378849048] - C:\WINDOWS\Fonts [07/12/2019 16:49:55] - |D| - [111616] - C:\WINDOWS\fr-FR [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [07/12/2019 11:14:52] - |D| - [57013276] - C:\WINDOWS\Globalization [07/12/2019 11:14:52] - |D| - [1315831] - C:\WINDOWS\Help [MD5.7E8FAEC2E175C8B45B6D380A6A4C9503] - [13/08/2021 10:27:46] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1075712] - (10.0.19041.1151) - C:\WINDOWS\HelpPane.exe [MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.19041.1) - C:\WINDOWS\hh.exe [07/12/2019 11:14:52] - |D| - [30327] - C:\WINDOWS\IdentityCRL [07/12/2019 11:14:52] - |D| - [28822470] - C:\WINDOWS\IME [07/12/2019 11:14:52] - |RD| - [8206913] - C:\WINDOWS\ImmersiveControlPanel [07/12/2019 11:13:02] - |D| - [72768155] - C:\WINDOWS\INF [07/12/2019 11:14:52] - |D| - [38193580] - C:\WINDOWS\InputMethod [07/12/2019 11:14:52] - |SHD| - [448463840] - C:\WINDOWS\Installer [07/12/2019 11:14:52] - |D| - [109650] - C:\WINDOWS\L2Schemas [07/12/2019 11:14:52] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\LiveKernelReports [07/12/2018 09:04:28] - |D| - [63961782] - C:\WINDOWS\Log [07/12/2019 11:14:52] - |D| - [38175216] - C:\WINDOWS\Logs [07/12/2019 11:14:52] - |RSD| - [20063519] - C:\WINDOWS\Media [MD5.51C3F724AAFA9AF44F6EAC59F8AE5CED] - [04/03/2022 12:33:13] - |A| - (.-.) - [569323772] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 11:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [07/12/2019 11:14:52] - |RD| - [627800755] - C:\WINDOWS\Microsoft.NET [07/12/2019 11:14:52] - |D| - [3323] - C:\WINDOWS\Migration [12/07/2021 19:42:30] - |D| - [6996709] - C:\WINDOWS\Minidump [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.BBE80313CF12098D3FC4D8A42E9DBB33] - [12/03/2022 11:42:54] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [201728] - (10.0.19041.1566) - C:\WINDOWS\notepad.exe [07/12/2019 16:51:57] - |D| - [199472] - C:\WINDOWS\OCR [15/06/2019 17:11:54] - |D| - [580] - C:\WINDOWS\OEM [07/12/2019 11:14:52] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [02/03/2021 19:47:19] - |DC| - [199808676] - C:\WINDOWS\Panther [07/12/2019 11:14:52] - |D| - [386240] - C:\WINDOWS\Performance [MD5.D11685455424F4D27901CCFAA67AB730] - [15/06/2019 17:51:33] - |A| - (.-.) - [676050] - (0.0.0.0) - C:\WINDOWS\PFRO.log [07/12/2019 11:14:52] - |D| - [1136442] - C:\WINDOWS\PLA [07/12/2019 11:14:52] - |D| - [2936959] - C:\WINDOWS\PolicyDefinitions [03/03/2021 18:17:50] - |D| - [5156697] - C:\WINDOWS\Prefetch [07/12/2019 11:14:52] - |RD| - [2234380] - C:\WINDOWS\PrintDialog [07/12/2019 11:14:52] - |D| - [6083225] - C:\WINDOWS\Provisioning [MD5.FCD6BCB56C1689FCEF28B57C22475BAD] - [15/06/2019 16:59:37] - |A| - (.-.) - [65536] - (0.0.0.0) - C:\WINDOWS\psp_storage.bin [MD5.999A30979F6195BF562068639FFC4426] - [03/03/2021 14:06:14] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [370176] - (10.0.19041.746) - C:\WINDOWS\regedit.exe [07/12/2019 11:14:52] - |D| - [1094932] - C:\WINDOWS\Registration [07/12/2019 11:14:52] - |D| - [24578232] - C:\WINDOWS\rescache [07/12/2019 11:14:52] - |D| - [4192639] - C:\WINDOWS\Resources [29/07/2020 11:04:00] - |D| - [3005211] - C:\WINDOWS\SACmd [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\SchCache [07/12/2019 11:14:52] - |D| - [126782] - C:\WINDOWS\schemas [07/12/2019 11:14:52] - |D| - [1098178] - C:\WINDOWS\security [03/03/2021 14:25:39] - |D| - [1364086408] - C:\WINDOWS\ServiceProfiles [07/12/2019 11:14:52] - |D| - [4096] - C:\WINDOWS\ServiceState [07/12/2019 11:03:44] - |D| - [3662130783] - C:\WINDOWS\servicing [07/12/2019 11:18:25] - |D| - [96062] - C:\WINDOWS\Setup [MD5.E28669733F6CF0832F4ABC9F24E50C21] - [06/03/2022 18:04:38] - |A| - (.-.) - [617] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/03/2022 18:04:38] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [07/12/2019 11:14:52] - |D| - [5526016] - C:\WINDOWS\ShellComponents [07/12/2019 11:14:52] - |D| - [19103744] - C:\WINDOWS\ShellExperiences [07/12/2019 11:14:52] - |D| - [3070736] - C:\WINDOWS\SKB [15/06/2019 17:07:35] - |D| - [863421128] - C:\WINDOWS\SoftwareDistribution [07/12/2019 11:14:52] - |D| - [86037697] - C:\WINDOWS\Speech [07/12/2019 11:14:52] - |D| - [64508236] - C:\WINDOWS\Speech_OneCore [MD5.74EEC977273BEB6F80B3BB3887B78A33] - [18/12/2021 21:56:29] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [136192] - (10.0.19041.1415) - C:\WINDOWS\splwow64.exe [07/12/2019 11:14:52] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [15/09/2018 09:31:35] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [07/12/2019 11:03:44] - |D| - [5588814504] - C:\WINDOWS\System32 [07/12/2019 11:14:52] - |D| - [146936820] - C:\WINDOWS\SystemApps [07/12/2019 11:14:52] - |D| - [167693465] - C:\WINDOWS\SystemResources [18/12/2021 23:49:55] - |D| - [0] - C:\WINDOWS\SystemTemp [07/12/2019 11:14:52] - |D| - [1109347334] - C:\WINDOWS\SysWOW64 [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\TAPI [15/09/2018 09:33:51] - |D| - [6] - C:\WINDOWS\Tasks [07/12/2019 11:14:52] - |D| - [25861448] - C:\WINDOWS\Temp [19/03/2019 06:52:46] - |D| - [13788672] - C:\WINDOWS\TextInput [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\tracing [07/12/2019 11:14:52] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 11:10:00] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [07/12/2019 11:14:52] - |D| - [12420] - C:\WINDOWS\Vss [07/12/2019 11:14:52] - |D| - [33198] - C:\WINDOWS\WaaS [07/12/2019 11:14:52] - |D| - [16568315] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [15/09/2018 09:31:35] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 11:09:09] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [04/03/2022 00:35:05] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 11:10:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\WINDOWS\winhlp32.exe [07/12/2019 11:03:44] - |D| - [10550470006] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 11:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 16:52:21] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\WINDOWS\write.exe ---------- | C:\WINDOWS\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [15/06/2019 17:10:32] - C:\WINDOWS\Installer\79397.msi : (AudioWizard - ICEpower a/s) [Header ok : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [07/12/2019 11:09:39] - [3329] - C:\WINDOWS\System32\ieuinit.inf [29/07/2020 11:03:54] - [11138] - C:\WINDOWS\System32\InstallUtil.InstallLog [03/03/2021 18:21:11] - [1681370] - C:\WINDOWS\System32\PerfStringBackup.INI [07/12/2019 11:09:05] - [60124] - C:\WINDOWS\System32\tcpmon.ini [07/12/2019 11:08:46] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini [07/12/2019 11:10:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf [07/12/2019 11:09:22] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.C4071E1C16117F053DB507D069458412] - |A| - [15/03/2022 22:37:31] - (.-.) - [48.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log [MD5.00000000000000000000000000000000] - |D| - [15/03/2022 22:37:31] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad [MD5.00000000000000000000000000000000] - |D| - [26/03/2022 13:55:44] - [0 Ko] - C:\WINDOWS\Temp\EAA19DB4-6EA1-4CF8-8519-EB4D786796DC-Sigs [MD5.00000000000000000000000000000000] - |D| - [13/03/2022 17:17:21] - [5.38 Ko] - C:\WINDOWS\Temp\HP [MD5.1F85F5B0956A5F64AB579F956CC9803F] - |A| - [13/03/2022 17:17:20] - (.-.) - [392.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220313-1617.log [MD5.63828A22FE8A446860FCDB2973616D40] - |A| - [13/03/2022 22:50:15] - (.-.) - [50.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220313-2150.log [MD5.36265B461A2B1A93FBCD1B06CFCC03C5] - |A| - [13/03/2022 22:55:08] - (.-.) - [51.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220313-2155.log [MD5.4954B27F0D12D946FC13B3EEB9941CC0] - |A| - [14/03/2022 00:04:58] - (.-.) - [48.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220313-2304.log [MD5.386EC89CF2CD96A34DF468162E113AED] - |A| - [14/03/2022 00:42:43] - (.-.) - [51.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220313-2342.log [MD5.36ED7326A464E2B4BE13CA8ED2EAC448] - |A| - [14/03/2022 14:28:57] - (.-.) - [48.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-1328.log [MD5.DEDE9A68CA4A6FE75819073504C9EE59] - |A| - [14/03/2022 14:31:47] - (.-.) - [47.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-1331.log [MD5.9C61DFD47CAA82783D002F042757D422] - |A| - [14/03/2022 14:31:50] - (.-.) - [59.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-1331a.log [MD5.32BC0E5E34F0F375FF9373FEA38D691C] - |A| - [14/03/2022 17:41:50] - (.-.) - [49.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-1641.log [MD5.F0C07F9BFA3EEE39D98614CA27D0F54A] - |A| - [14/03/2022 20:16:11] - (.-.) - [50.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-1916.log [MD5.411EAE14ED74E4D35FBB241AE1CB6188] - |A| - [14/03/2022 21:31:52] - (.-.) - [49.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-2031.log [MD5.EDB3CB9698B72A2DEEB07603BD3BDC0A] - |A| - [14/03/2022 21:45:32] - (.-.) - [50.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-2045.log [MD5.FF073138036CE545B0B2086C589453F1] - |A| - [14/03/2022 23:17:14] - (.-.) - [54.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220314-2217.log [MD5.D190EB41412610BD2494EE1CE6A6A5F1] - |A| - [15/03/2022 10:31:51] - (.-.) - [42.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-0931.log [MD5.1DF8D6E33D42C0ED9538FB1C5848703C] - |A| - [15/03/2022 10:31:51] - (.-.) - [51.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-0931a.log [MD5.20AB4CBD35EC2D8891445143B8D2D8CF] - |A| - [15/03/2022 10:33:54] - (.-.) - [51.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-0933.log [MD5.9B9CBE278C266CD7098BE35212C76579] - |A| - [15/03/2022 10:41:43] - (.-.) - [49.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-0941.log [MD5.26BC63C62112E46F5E8C8654D9FD6C80] - |A| - [15/03/2022 10:53:19] - (.-.) - [50.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-0953.log [MD5.54B52BDCD29EFB8F86914A76898229F0] - |A| - [15/03/2022 12:25:43] - (.-.) - [51.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1125.log [MD5.98624A52DB3B5E5D190F169256068820] - |A| - [15/03/2022 14:31:46] - (.-.) - [48.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1331.log [MD5.9CC1E64FCCB5B3C2E619D4559538408D] - |A| - [15/03/2022 16:06:40] - (.-.) - [56.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1506.log [MD5.DCA39A10E8AC15A1A7ABD1DE4C764B47] - |A| - [15/03/2022 17:09:43] - (.-.) - [50.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1609.log [MD5.AE733A52E2A55F8D3090A1F7FAD2584A] - |A| - [15/03/2022 17:24:16] - (.-.) - [50.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1624.log [MD5.4C89A0947F0D7CCDF7832619BCF0B047] - |A| - [15/03/2022 17:34:49] - (.-.) - [48.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1634.log [MD5.D63B400AAD721D4DF19D12CE19B17EDE] - |A| - [15/03/2022 17:51:52] - (.-.) - [52.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1651.log [MD5.A4D7B58D1981108873426C1A9E00110C] - |A| - [15/03/2022 18:13:44] - (.-.) - [50.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-1713.log [MD5.6CA541F0536568106BC1031E936ED2DE] - |A| - [15/03/2022 22:36:28] - (.-.) - [51.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-2136.log [MD5.9B60F8A367290EBF881BD01DB92A3F30] - |A| - [16/03/2022 00:03:04] - (.-.) - [742.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-2303.log [MD5.8B7748385A00ED35CDC1223B96FBEC93] - |A| - [16/03/2022 00:07:56] - (.-.) - [50.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-2307.log [MD5.8EAE2FB311608C48051750910D586E44] - |A| - [16/03/2022 00:13:17] - (.-.) - [49.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-2313.log [MD5.015D3FF6CB8CDEA4165427FE582B3DF3] - |A| - [16/03/2022 00:28:46] - (.-.) - [51.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220315-2328.log [MD5.750EFEAF577ECBAD208F367F95061177] - |A| - [16/03/2022 10:52:44] - (.-.) - [47.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-0952.log [MD5.CD118E70275E85CA4448F1C0CA3A7442] - |A| - [16/03/2022 10:55:43] - (.-.) - [50.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-0955.log [MD5.F2F78E5432310744B35B3A6A755D3C68] - |A| - [16/03/2022 10:57:47] - (.-.) - [58.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-0957.log [MD5.C328EB5DCC08AB5464EA0950E2D3C35B] - |A| - [16/03/2022 15:24:27] - (.-.) - [49.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1424.log [MD5.21C61DE701B5B27035EB494DA17D9B86] - |A| - [16/03/2022 15:35:30] - (.-.) - [50.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1435.log [MD5.5319A640CF1F7C4E0806063EFA8882B5] - |A| - [16/03/2022 16:14:24] - (.-.) - [53.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1514.log [MD5.BF0180A4DC0CEF928AC150D16B54BDAB] - |A| - [16/03/2022 16:24:45] - (.-.) - [49.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1524.log [MD5.BBA1774F72EB82643F4EF7AC545B7953] - |A| - [16/03/2022 16:39:33] - (.-.) - [51.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1539.log [MD5.4D226A471F4FAF088BC69B278AC7F2C7] - |A| - [16/03/2022 17:34:15] - (.-.) - [50.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1634.log [MD5.7059CF72318A3DA86894AF414DF43D8E] - |A| - [16/03/2022 18:52:43] - (.-.) - [54.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1752.log [MD5.5457416FA3B56EC96C66A648B98B1732] - |A| - [16/03/2022 19:20:07] - (.-.) - [49.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-1820.log [MD5.F6F1DA255F31AB901C87CA9B0C12C263] - |A| - [16/03/2022 22:54:08] - (.-.) - [51.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-2154.log [MD5.AF16D0C7041E67CD3B0DA231777F9CC6] - |A| - [16/03/2022 22:59:03] - (.-.) - [51.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220316-2159.log [MD5.540B6FAF6C8EE8CE0E065332AFFF1677] - |A| - [17/03/2022 21:35:14] - (.-.) - [53.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220317-2035.log [MD5.9CA147AD4E7B7F989C928D7D14D4511D] - |A| - [17/03/2022 21:38:04] - (.-.) - [44.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220317-2038.log [MD5.C3A59D2C43BFCA85A6727FDDB282F88D] - |A| - [17/03/2022 21:38:06] - (.-.) - [65.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220317-2038a.log [MD5.6CFCC63A4DBF5AD4FA8C749EA9CD5F0E] - |A| - [17/03/2022 21:40:08] - (.-.) - [57.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220317-2040.log [MD5.D998BA1CC2B58A910DA434329FF209B1] - |A| - [20/03/2022 15:07:53] - (.-.) - [53.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-1407.log [MD5.B75313CDE476832B7B3DCD9F94E7345D] - |A| - [20/03/2022 15:07:56] - (.-.) - [62.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-1407a.log [MD5.C20E1F49CE33A975C3A26D92C9A4681E] - |A| - [20/03/2022 18:46:11] - (.-.) - [50.87 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-1746.log [MD5.F5B3EBB57B7FED2B448E01B31B4E9493] - |A| - [20/03/2022 21:04:44] - (.-.) - [51.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-2004.log [MD5.7C0BFBD22939216C39ED62AB3DFBDF2F] - |A| - [20/03/2022 21:14:50] - (.-.) - [49.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-2014.log [MD5.4D58F4889B40B8FFA68112D6D46BB40A] - |A| - [20/03/2022 23:21:32] - (.-.) - [50.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-2221.log [MD5.48E85A8B960CB491918532C1487D74A2] - |A| - [20/03/2022 23:47:39] - (.-.) - [53.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220320-2247.log [MD5.B954096FAED6E31387724137EB075D7F] - |A| - [21/03/2022 01:01:37] - (.-.) - [357.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-0001.log [MD5.9FFC973055523F239CA6D40160B423AE] - |A| - [21/03/2022 10:09:32] - (.-.) - [45.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-0909.log [MD5.87EA87B4A6F142A829C8247C392DE150] - |A| - [21/03/2022 10:09:33] - (.-.) - [53.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-0909a.log [MD5.60ACFB3C1572219B1D36E80FB4DC053D] - |A| - [21/03/2022 10:14:38] - (.-.) - [55.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-0914.log [MD5.E03AADFD3C858B2E14BE952D542BD533] - |A| - [21/03/2022 11:32:02] - (.-.) - [48.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1032.log [MD5.48EAC41FD55A148EAE7BD8109D691C44] - |A| - [21/03/2022 11:41:59] - (.-.) - [50.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1041.log [MD5.78901E515E8A02FA990DDB4723DAED01] - |A| - [21/03/2022 11:51:47] - (.-.) - [53.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1051.log [MD5.792F0ED087AD894A69E43F3F90597C32] - |A| - [21/03/2022 12:39:46] - (.-.) - [50.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1139.log [MD5.B941D13397E788F9ABA64053B98402BA] - |A| - [21/03/2022 12:49:40] - (.-.) - [51.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1149.log [MD5.CB8DD68A72857D71839CE951745520F1] - |A| - [21/03/2022 13:28:52] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220321-1228.log [MD5.DC4E8B798897D5D51A4B741E3B9D4224] - |A| - [22/03/2022 10:48:54] - (.-.) - [51.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220322-0948.log [MD5.65F334BA26A26B88DB7446412179592F] - |A| - [22/03/2022 10:48:58] - (.-.) - [61.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220322-0948a.log [MD5.C87B0472C98D9C781C405E89D059AFB8] - |A| - [22/03/2022 10:53:19] - (.-.) - [51.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220322-0953.log [MD5.A7C184D534F4F52EF55ED62B2FCB11C3] - |A| - [22/03/2022 13:03:14] - (.-.) - [49.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220322-1203.log [MD5.BE7702FF2A3541D24B6BEAD211A55A78] - |A| - [23/03/2022 12:38:36] - (.-.) - [53.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1138.log [MD5.0F51FCECA5B5DD9A8A411F6D71870E8B] - |A| - [23/03/2022 12:41:34] - (.-.) - [46.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1141.log [MD5.A292942B1A0CF87A1255C13DA8127C1C] - |A| - [23/03/2022 12:41:37] - (.-.) - [61.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1141a.log [MD5.417374179808847FF4C7AED3D3E63585] - |A| - [23/03/2022 12:44:04] - (.-.) - [49.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1144.log [MD5.4AB21C791EE4878D8C6B4B9108B3678E] - |A| - [23/03/2022 13:40:17] - (.-.) - [50.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1240.log [MD5.DE946E784FE96729CF41D8AD3611F88D] - |A| - [23/03/2022 14:41:28] - (.-.) - [112.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1341.log [MD5.D5EE373CCAB44E3B378FB4881D091E7E] - |A| - [23/03/2022 17:41:54] - (.-.) - [111.02 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1641.log [MD5.EA49571E61EB959B25271716CF92A8F6] - |A| - [23/03/2022 17:44:53] - (.-.) - [210.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220323-1644.log [MD5.6F2473F975CE20A7A9E651264D7D0515] - |A| - [24/03/2022 14:30:31] - (.-.) - [51.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1330.log [MD5.D745E898D235F7D6A73CA7C5D06C45FB] - |A| - [24/03/2022 14:30:34] - (.-.) - [64.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1330a.log [MD5.BB6C292EB4CDB26F820B8E85F85E6FEE] - |A| - [24/03/2022 14:35:27] - (.-.) - [50.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1335.log [MD5.268D4CFFF47D5950A13888433BCD1B2D] - |A| - [24/03/2022 15:11:40] - (.-.) - [248.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1411.log [MD5.2D9F6349673088B756F931418BAD28FE] - |A| - [24/03/2022 15:16:29] - (.-.) - [48.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1416.log [MD5.29218BD798C453DB7C830D4F56D789F8] - |A| - [24/03/2022 19:52:41] - (.-.) - [50.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-1852.log [MD5.69056E68DDB66C3A6133DEA1AE6F426F] - |A| - [24/03/2022 21:06:26] - (.-.) - [53.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220324-2006.log [MD5.647A099417993B526C776E3D8D427A73] - |A| - [25/03/2022 14:06:36] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1306.log [MD5.85A1CA818C7945CDF71943B6D04995B7] - |A| - [25/03/2022 14:09:43] - (.-.) - [47.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1309.log [MD5.41B59E22169FAA58398098BAFE4CC94C] - |A| - [25/03/2022 14:09:45] - (.-.) - [58.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1309a.log [MD5.722FB4D005889CA7C2896EE81DBFC8B9] - |A| - [25/03/2022 15:22:28] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1422.log [MD5.542A119842B3634D1775D0E7ED05473D] - |A| - [25/03/2022 15:48:01] - (.-.) - [51.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1448.log [MD5.AF3ACBC77BC998C6CA9F6D2E2929746B] - |A| - [25/03/2022 15:53:25] - (.-.) - [48.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1453.log [MD5.8E3BC8DBFA6A6AEF4DB92B712CAEA7E7] - |A| - [25/03/2022 16:46:22] - (.-.) - [49.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1546.log [MD5.BD3DB601510CC74FE6F468C1455AE5CB] - |A| - [25/03/2022 17:08:07] - (.-.) - [54.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1608.log [MD5.89EB9EF6399BA895506846063761E6A1] - |A| - [25/03/2022 17:39:40] - (.-.) - [54.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1639.log [MD5.A4C94D4EE9B3E8FD20DAF3716082528A] - |A| - [25/03/2022 17:58:47] - (.-.) - [50.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1658.log [MD5.431A3AF1B2B2697468AA2EDD89C2988E] - |A| - [25/03/2022 20:13:33] - (.-.) - [88.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1913.log [MD5.F1A1AFFD75BB44F6469265EAD2AD48FE] - |A| - [25/03/2022 20:18:26] - (.-.) - [50.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1918.log [MD5.A8BC648A0CE8699FEB5BD23FCE0A3A34] - |A| - [25/03/2022 20:23:55] - (.-.) - [51.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1923.log [MD5.07524CB832F93CFE896BC1091DC9DCA0] - |A| - [25/03/2022 20:44:42] - (.-.) - [101.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220325-1944.log [MD5.F7401E981AA0856FD26CA4FFAD1E5876] - |A| - [26/03/2022 14:00:19] - (.-.) - [54.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1300.log [MD5.74D003A3BCBF4A3EF06A680D4B2F3E69] - |A| - [26/03/2022 14:00:20] - (.-.) - [55.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1300a.log [MD5.BB951849D163CFC3ED95E7864C6CA0BE] - |A| - [26/03/2022 14:04:22] - (.-.) - [51.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1304.log [MD5.7D1EA74ADD3844BEA9C7CD803FC8C939] - |A| - [26/03/2022 14:05:16] - (.-.) - [48.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1305.log [MD5.178A031346C80A193473EC356A2F0D6D] - |A| - [26/03/2022 14:08:53] - (.-.) - [51.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1308.log [MD5.DCE21C70F92360F417936E4BDC0FC2ED] - |A| - [26/03/2022 14:20:36] - (.-.) - [48.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1320.log [MD5.D2FF0D972DADE96940A521614733C703] - |A| - [26/03/2022 14:50:50] - (.-.) - [223.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1350.log [MD5.BB8F9ABFED9DE0015F5D2CF596351755] - |A| - [26/03/2022 14:57:12] - (.-.) - [50.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1357.log [MD5.61D3678E70143FD0EB14CF996D32F556] - |A| - [26/03/2022 15:42:59] - (.-.) - [53.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1442.log [MD5.077980234531B2DA2E2E010F428FA5E8] - |A| - [26/03/2022 16:16:55] - (.-.) - [53.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1516.log [MD5.52A80D8497F43F406B150BC9C2414DD7] - |A| - [26/03/2022 16:35:32] - (.-.) - [50.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1535.log [MD5.030FD753EAEFF277A1514F0B5C39D78B] - |A| - [26/03/2022 16:41:16] - (.-.) - [54.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1541.log [MD5.EDFADC1EF34C72755B4C48F44775D8DB] - |A| - [26/03/2022 16:53:49] - (.-.) - [46.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1553.log [MD5.CC22664EC31C1FAEC2A3C4A2590B80C3] - |A| - [26/03/2022 17:01:57] - (.-.) - [50.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1601.log [MD5.E11407AB06AEA0CD6FB67A43A3696116] - |A| - [26/03/2022 19:15:11] - (.-.) - [50.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-1815.log [MD5.2168FF3E6B800FF0BBD4A6CB3AB295C5] - |A| - [26/03/2022 21:42:31] - (.-.) - [93.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-2042.log [MD5.01326D7B0D985778931B99DC82E203A5] - |A| - [26/03/2022 22:09:16] - (.-.) - [47.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220326-2109.log [MD5.61718E9204C021B5AC4A5AFA7DD64A8E] - |A| - [27/03/2022 13:43:30] - (.-.) - [44.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220327-1343.log [MD5.D11BE3CA7944D31EA361B8B1E3943571] - |A| - [27/03/2022 13:43:32] - (.-.) - [55.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220327-1343a.log [MD5.3453DC6F273CC24F065BFAB93FB52C78] - |A| - [27/03/2022 13:48:23] - (.-.) - [48.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\LAPTOP-RTJTVGR9-20220327-1348.log [MD5.00000000000000000000000000000000] - |D| - [13/03/2022 17:19:31] - [0.08 Ko] - C:\WINDOWS\Temp\LogiSync [MD5.ED2B43EE6856CEC9EB1277E3C9987736] - |A| - [13/03/2022 17:16:39] - (.-.) - [47.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.362B23AB90B795903D8BCE7250BDEC08] - |A| - [26/03/2022 13:55:44] - (.-.) - [84.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log [MD5.051687E8DAA6C383A4C76433F8D97A6D] - |A| - [20/03/2022 15:10:01] - (.-.) - [134.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\msedge_installer.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/03/2022 01:01:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20220321000133E58).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/03/2022 20:13:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20220325191329FFC).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/03/2022 20:44:37] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20220325194437E00).log [MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [26/03/2022 21:42:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20220326204226F74).log [MD5.00000000000000000000000000000000] - |D| - [14/03/2022 14:29:00] - [13616 Ko] - C:\WINDOWS\Temp\_9AD9AD1F-01A7-43B3-A477-30EA1EABE786 [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 11:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 11:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 11:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 11:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 11:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 11:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 11:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WLOGO_48x48.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 11:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2786.8 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.A49C26AA0CADD994DE158F51CB7EEFBC] - |A| - [14/05/2021 11:21:35] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [15/06/2019 16:59:35] - [124.19 Ko] - C:\WINDOWS\System32\AMD [MD5.91F8C7462C8A81C9EA59A9A3CCF44520] - |A| - [16/06/2021 21:02:34] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [141.95 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\amdave64.dll [MD5.CFCB5E0D3BE180556AE2CACF4BA1E0AC] - |A| - [16/06/2021 21:03:06] - (.-.) - [485.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.D5BA5D9B5DC1A609A43A1BD04F597642] - |A| - [16/06/2021 21:03:08] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [69373.22 Ko] - (10.0.3075.13) - C:\WINDOWS\System32\amdhip64.dll [MD5.A418079A760234E8D3380C18BAE4CCD8] - |A| - [28/07/2020 06:09:46] - (.Copyright (C) 2020 Advanced Micro Devices, Inc. - Radeon Settings: Host Service.) - [201.3 Ko] - (2.0.0.1788) - C:\WINDOWS\System32\amdihk64.dll [MD5.3C8A86F6E676949CD5023E50EC5D673B] - |A| - [28/07/2020 05:50:08] - (.-.) - [68.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AMDKernelEvents.man [MD5.557B5EF2FC03A3B4E50B3A206288C59F] - |A| - [16/06/2021 21:03:30] - (.-.) - [463.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdlogum.exe [MD5.E8172CF29454B178DC6B8896ABE85149] - |A| - [16/06/2021 21:03:34] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [926.77 Ko] - (1.0.16.0) - C:\WINDOWS\System32\amdlvr64.dll [MD5.90FEB9680FECC3A8646D87379C38A9B5] - |A| - [16/06/2021 21:03:40] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [548.24 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmcl64.dll [MD5.C3CDD8D488652925E44196780B9C3EE5] - |A| - [16/06/2021 21:02:42] - (.-.) - [546.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.7FC117790A1867777A02FC1881D5C00B] - |A| - [16/06/2021 21:02:48] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [136.35 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\amdpcom64.dll [MD5.8BC9480F5DB981CB4D58A65A43BCDB6D] - |A| - [16/06/2021 21:04:22] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub64.dll.) - [127.27 Ko] - (8.18.10.357) - C:\WINDOWS\System32\amdxc64.dll [MD5.3198DD0597C28B7C577BB84E26D41808] - |A| - [16/06/2021 21:04:36] - (.-.) - [63297.76 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amd_comgr.dll [MD5.53629D2538EDB9137E20D28AC1F04D1B] - |A| - [16/06/2021 21:03:10] - (.Copyright (C) 2016 - AMD MJPEG MFT Component.) - [1668.5 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\amf-mft-mjpeg-decoder64.dll [MD5.3EF7DB66A1366DB48EA3E894EEC45535] - |A| - [16/06/2021 21:04:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [4529.76 Ko] - (1.4.17.0) - C:\WINDOWS\System32\amfrt64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2894.22 Ko] - C:\WINDOWS\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279.5 Ko] - C:\WINDOWS\System32\ar-SA [MD5.7605725C6464C7272BF3115901DF5776] - |A| - [14/01/2022 13:19:08] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [665.5 Ko] - (3.5.1.0) - C:\WINDOWS\System32\archiveint.dll [MD5.E9F9FE581DC1A2C945ECDDD72878BAA2] - |A| - [15/12/2020 15:37:21] - (.(c) Conexant Systems, Inc. - Conexant Speaker Property Page Extensions.) - [448.26 Ko] - (1.1.0.0) - C:\WINDOWS\System32\ASpkExt64.dll [MD5.06A829CAA5E4E52DA0DEB7BDD3B8A8C9] - |A| - [16/06/2021 21:04:44] - (.© 2004 Advanced Micro Devices, Inc. - eRecord Message Resource File.) - [76.23 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\ati2erec.dll [MD5.2C91F81E63A701A13C5536C633D944F9] - |A| - [16/06/2021 21:04:48] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1740.24 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atiadlxx.dll [MD5.D1B2FB11A2126AB0AE302B8F088E48F6] - |A| - [16/06/2021 20:38:30] - (.-.) - [531.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.0657AC4C792F296E4809F5DEE4BB3103] - |A| - [16/06/2021 21:04:50] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub64.dll.) - [185.74 Ko] - (8.17.10.1684) - C:\WINDOWS\System32\aticfx64.dll [MD5.F595C30074BDED742C90298B2E58FB7A] - |A| - [16/06/2021 21:04:52] - (.2002-2012 - Graphics DEM.) - [465.24 Ko] - (4.5.7815.41154) - C:\WINDOWS\System32\atidemgy.dll [MD5.A8F29F6CC36459B522FA8F9D893A85B8] - |A| - [16/06/2021 21:04:54] - (.-.) - [130.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atidxx64.dll [MD5.0EC85D63CEDFE8C6389D9F6B9AE82E81] - |A| - [16/06/2021 21:04:56] - (.-.) - [453.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.5F2C5B308393BB21D971170E9248B08A] - |A| - [16/06/2021 21:04:58] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [750.23 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atieclxx.exe [MD5.F6C1B1DD8D32F59B88F50E53E3AB8381] - |A| - [16/06/2021 21:05:06] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [247.22 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atig6txx.dll [MD5.400366312A942A518A32BE804F5B3739] - |A| - [16/06/2021 21:03:20] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [136.36 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atimpc64.dll [MD5.EDACEA4D906DE87F514CF9FF4285A299] - |A| - [16/06/2021 21:05:10] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [140.22 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atimuixx.dll [MD5.ABB5F14F3B19F8270C9B181A0074C0CC] - |A| - [16/06/2021 21:05:20] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [170.74 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\atisamu64.dll [MD5.3ED3C5CF69D9D6AD0A8A578E4444845C] - |A| - [16/06/2021 20:38:30] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [28/07/2020 05:50:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [28/07/2020 05:50:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.9BDEA05BCA728244C44C81DAD21330C5] - |A| - [05/05/2020 06:01:32] - (.ASUSTeK COMPUTER INC. - ASUS WMI Interface for Gaming DT/NB.) - [161.78 Ko] - (3.0.0.1) - C:\WINDOWS\System32\ATKWMI.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 11:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [258.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5947.72 Ko] - C:\WINDOWS\System32\Boot [MD5.3149A16CF39B9A49BD9A1EF98A1C527B] - |A| - [03/03/2021 14:01:56] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [186.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [72097.89 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [59688.99 Ko] - C:\WINDOWS\System32\catroot2 [MD5.5E85AC6E4CF02E2535417DCE5ACB4BBB] - |A| - [16/06/2021 21:05:26] - (.-.) - [339.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.A1194A16B995DD15279A5C94AD8FC836] - |A| - [15/12/2020 15:37:21] - (.(c) Synaptics Incorporated. - Synaptics Microphone Property Page Extensions.) - [408.34 Ko] - (1.0.0.0) - C:\WINDOWS\System32\CMicExt64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [25.49 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [377.5 Ko] - C:\WINDOWS\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [294960.13 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\WINDOWS\System32\Configuration [MD5.C113EC3ABF481A1B41F99BD721B513C3] - |A| - [16/04/2021 13:28:56] - (.-.) - [225.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.34 Ko] - C:\WINDOWS\System32\ContainerSettingsProviders [MD5.A41C1754A956E37B5E7D06D5167548E7] - |A| - [11/06/2021 09:38:16] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [318 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.05DE2EB0889D77D447BCA7BD597819CF] - |A| - [14/01/2022 13:19:08] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [511.5 Ko] - (7.79.1.0) - C:\WINDOWS\System32\curl.exe [MD5.DF6FA3EE8CBDA208A54CFF73667741E5] - |A| - [15/12/2020 15:37:21] - (.©Synaptics Incorporated. - Synaptics APO.) - [1583.5 Ko] - (1.114.0.0) - C:\WINDOWS\System32\CX64APO.dll [MD5.7786EF2E17D58B72649A1F1672D08D41] - |A| - [15/12/2020 15:37:21] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [689.68 Ko] - (2.96.9.0) - C:\WINDOWS\System32\CX64APO2.dll [MD5.C85A64D33B062230E26E291BA299D91D] - |A| - [15/12/2020 15:37:21] - (.©Conexant Systems Inc. - Conexant APO for Stereo Mix.) - [1541.61 Ko] - (1.10.0.0) - C:\WINDOWS\System32\CX64APOMIX.dll [MD5.CC5843832BC7B60164C28E01EE2E930E] - |A| - [15/12/2020 15:37:21] - (.Conexant Systems Inc. - Conexant Audio Processing Objects.) - [1061.83 Ko] - (4.82.7.0) - C:\WINDOWS\System32\CX64BPAPO.dll [MD5.BE43CBEDCB4A0D0DC597EC155E37B726] - |A| - [15/12/2020 15:37:21] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1492.91 Ko] - (1.4.0.0) - C:\WINDOWS\System32\CX64Proxy.dll [MD5.8B8BAED6B66192CED1B81C7125F2DB5C] - |A| - [15/12/2020 15:37:21] - (.© Conexant Systems Inc. - Conexant Audio Message Service.) - [228.77 Ko] - (1.19.0.0) - C:\WINDOWS\System32\CxAudMsg64.exe [MD5.406B2834464973F60278AB61C9BA4193] - |A| - [15/12/2020 15:37:21] - (.Conexant Systems Inc. - Conexant PageMaster.) - [59.61 Ko] - (1.1.0.0) - C:\WINDOWS\System32\CxPageMaster64.dll [MD5.A4B87440B6A7B14211B97D9B6F3D8355] - |A| - [15/12/2020 15:37:21] - (.© 2018 Conexant Systems, Inc. - CxUIUSvc Service.) - [112.27 Ko] - (1.0.0.50) - C:\WINDOWS\System32\CxUIUSvc32.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [321.5 Ko] - C:\WINDOWS\System32\da-DK [MD5.908694591B882879050057989F01E946] - |A| - [12/02/2022 18:55:39] - (.-.) - [159 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [272.44 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [358.5 Ko] - C:\WINDOWS\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [03/03/2021 13:58:56] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 11:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 11:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 11:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 11:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 11:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 11:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml [MD5.29A07E5DBE43CC3BF8BAA6690EDD7B2A] - |A| - [16/06/2021 21:05:38] - (.-.) - [489.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dgtrayicon.exe [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [886 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 11:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9898.77 Ko] - C:\WINDOWS\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png [MD5.C82AC2461534ACC47F6403A4BF8FB853] - |A| - [12/03/2022 11:42:10] - (.-.) - [11.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuthTxt.wim [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [161.5 Ko] - C:\WINDOWS\System32\dsc [MD5.9F3FA96F301CBE828AA9E98F13506F4A] - |A| - [12/03/2022 11:41:34] - (.-.) - [2201.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 11:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 11:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 11:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin [MD5.08C33E4AB904EC0960B0781ED26AE039] - |A| - [15/09/2018 09:28:20] - (.-.) - [2.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin [MD5.2BAF9EEF346B7D0290C3DDE3DB0BD170] - |A| - [16/06/2021 21:05:40] - (.-.) - [430.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EEURestart.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [361.5 Ko] - C:\WINDOWS\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [244 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1598.53 Ko] - C:\WINDOWS\System32\en-US [MD5.1D0A840D731A2C1F2E1FB5B8596B4C34] - |A| - [03/03/2021 14:01:42] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [343 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [238 Ko] - C:\WINDOWS\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [16718.64 Ko] - C:\WINDOWS\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 11:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [03/03/2021 14:02:10] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [326 Ko] - C:\WINDOWS\System32\fi-FI [MD5.9214AEFB7FE012D386046C938B80F616] - |A| - [15/12/2020 15:37:21] - (.(c)Conexant Systems Inc. - Microphone Effects Property Page.) - [111.09 Ko] - (1.14.0.0) - C:\WINDOWS\System32\FMPropPageExt64.dll [MD5.71F40D0BF26822F93E1C7BFE834DECC2] - |A| - [03/03/2021 18:17:52] - (.-.) - [430.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [3403.5 Ko] - C:\WINDOWS\System32\fr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [46648.96 Ko] - C:\WINDOWS\System32\fr-FR [MD5.EB37DB663DC19E7C4D7F23A12DA07E99] - |A| - [16/09/2021 22:25:46] - (.-.) - [657 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:10] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.84E6B8BD6E11D78C2B427BBA7E14F4D8] - |A| - [16/06/2021 21:05:48] - (.-.) - [492.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameManager64.dll [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 11:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [15/09/2018 09:33:50] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [15/09/2018 09:33:50] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [256.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png [MD5.6D2BA2902199292D57806E3C53C587BF] - |A| - [03/03/2021 14:00:39] - (.-.) - [299.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll [MD5.5B722D95ED483AA91C17A3BB660166AB] - |A| - [15/03/2019 01:24:36] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [319.8 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkcoiCC11.dll [MD5.F641A48F8B5C9C725192BA7996A9CA50] - |A| - [13/01/2022 21:13:46] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [320.01 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkcoiE311.dll [MD5.D83447D2A01BDBB5A9F985D0D1C55646] - |A| - [15/03/2019 01:24:36] - (.© 2015 HPDC LP - hpinkins.exe.) - [2882.8 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkinsCC11.exe [MD5.EF26BFC03D5875529494A34EF4FB39F3] - |A| - [13/01/2022 21:13:46] - (.© 2015 HPDC LP - hpinkins.exe.) - [2883.01 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkinsE311.exe [MD5.FE1ED06330DD3481DEDC12BC0D7614A1] - |A| - [15/03/2019 01:24:38] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [382.8 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkstsCC11LM.dll [MD5.850A1A4B404659710645911FF42747A5] - |A| - [13/01/2022 21:13:46] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [383.01 Ko] - (40.13.1167.1948) - C:\WINDOWS\System32\hpinkstsE311LM.dll [MD5.871CA2345825E86D1D2D2A2E9E475D4F] - |A| - [03/03/2021 14:06:27] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:53:03] - [149.55 Ko] - C:\WINDOWS\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.21D427654B7D1594471B69E83307E5B2] - |A| - [05/05/2020 06:01:32] - (.Copyright (c) 2019, ICEpower A/S - ICEpower ICEsound APO.) - [626.57 Ko] - (2.0.0.9) - C:\WINDOWS\System32\ICEsoundAPO64.dll [MD5.12FA430637505F959F21B321B5D19C35] - |A| - [05/05/2020 06:01:36] - (.Copyright (c) 2019, ICEpower A/S - ICEpower ICEsound APO.) - [681.99 Ko] - (2.0.0.9) - C:\WINDOWS\System32\ICEsoundAPO64c.dll [MD5.9E15ABC6D0A7AB2DE3CE75FA7009A456] - |A| - [05/05/2020 05:53:38] - (.-.) - [262.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ICEsoundService.bin [MD5.466E4A99F705C7CCA6597DBBA033D5AB] - |A| - [05/05/2020 06:01:32] - (.Copyright (c) 2019, ICEpower A/S - ICEpower ICEsound APO service.) - [795.29 Ko] - (2.0.0.9) - C:\WINDOWS\System32\ICEsoundService64.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.947D07FA32ABB13DB520016769EB901B] - |A| - [11/06/2021 09:38:37] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icu.dll [MD5.A7B574704574F326B92DCEA872F1E9E1] - |A| - [03/03/2021 14:00:55] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuin.dll [MD5.4A85A9DEA3D47D95CEF5525586756EA6] - |A| - [03/03/2021 14:00:55] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\WINDOWS\System32\icuuc.dll [MD5.388BE35F952EC7F057CDD79E8EDF9A18] - |A| - [03/03/2021 13:58:44] - (.-.) - [193 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26851.41 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6943 Ko] - C:\WINDOWS\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png [MD5.556F3B0FA84790D665DA66154FEB01B1] - |A| - [29/07/2020 11:03:54] - (.-.) - [10.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InstallUtil.InstallLog [MD5.1ABE72FCC6D923949EFFE03D4C934E8C] - |A| - [28/07/2020 05:50:22] - (.-.) - [122.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin [MD5.13167FBECA48836D4D3B2C9F70FB3A29] - |A| - [28/07/2020 05:50:22] - (.-.) - [118.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\WINDOWS\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [235 Ko] - C:\WINDOWS\System32\ko-KR [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 11:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 11:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.14BE6A1C21780D85AD3F1D09283C56DA] - |A| - [14/05/2021 11:22:47] - (.-.) - [1647.5 Ko] - (3.0.2.0) - C:\WINDOWS\System32\libcrypto.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [454.91 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [37130.46 Ko] - C:\WINDOWS\System32\LogFiles [MD5.00000000000000000000000000000000] - |D| - [20/07/2020 16:05:30] - [1664 Ko] - C:\WINDOWS\System32\Logs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [246.5 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [247.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:05] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.4BFD587C99FE34EEA0E74622C798B3BE] - |A| - [16/09/2021 22:25:08] - (.-.) - [1137 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE [MD5.BD12E3D45526ECED082BC3CB26E03F0D] - |A| - [16/06/2021 21:05:58] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [96.24 Ko] - (27.20.11044.13001) - C:\WINDOWS\System32\mcl64.dll [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 11:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [03/03/2021 14:25:39] - [1114.1 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5639.88 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45392.46 Ko] - C:\WINDOWS\System32\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [20/07/2020 16:01:47] - [12.14 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [15/09/2018 09:33:50] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.64 Ko] - C:\WINDOWS\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 11:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [314.5 Ko] - C:\WINDOWS\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\NDF [MD5.F77E82AA2B818435C482F69E19D78DDE] - |A| - [27/07/2020 13:21:09] - (.-.) - [101.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 11:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.0E2D5DA1C7A1A97E46172AC33AD354EC] - |A| - [07/12/2019 11:09:48] - (.-.) - [70.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [338.5 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\System32\Nui [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [07/12/2019 16:53:03] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [60614.73 Ko] - C:\WINDOWS\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:03] - [3625 Ko] - C:\WINDOWS\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 11:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1724.83 Ko] - C:\WINDOWS\System32\PerceptionSimulation [MD5.F51819FD3E83C5E98BCDBCDBE2F84E47] - |A| - [07/12/2019 11:17:25] - (.-.) - [122.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.0D3DCE18C361BE590F7F0AB66C10D55A] - |A| - [07/12/2019 16:49:57] - (.-.) - [138.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 11:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [07/12/2019 16:49:57] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat [MD5.9921BBEF972AAC67AC371F92177ADFF9] - |A| - [07/12/2019 11:17:25] - (.-.) - [650.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.764A5F4ADC62130E979EC3F43B146CF5] - |A| - [07/12/2019 16:49:57] - (.-.) - [738.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat [MD5.B8845AC4D52526B56395F7ABD74A61BF] - |A| - [03/03/2021 18:21:11] - (.-.) - [1641.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 11:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [339 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [456 Ko] - C:\WINDOWS\System32\PointOfService [MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 11:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 11:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [332 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [335 Ko] - C:\WINDOWS\System32\pt-PT [MD5.69B0A8BF66190B0770160134495E8809] - |A| - [16/06/2021 21:06:10] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [727.24 Ko] - (2.1.0.20) - C:\WINDOWS\System32\Rapidfire64.dll [MD5.1085EAD2E3ED1CD2820FC5824A154A82] - |A| - [16/06/2021 21:06:16] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [53.23 Ko] - (1.2.0.15) - C:\WINDOWS\System32\RapidFireServer64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.B35018DDD429B4C8C25BE07ECDC90FFF] - |A| - [02/08/2021 16:29:50] - (.Copyright © 2017 Razer Inc. All rights reserved - RazerS3Coinstaller.) - [77.96 Ko] - (0.0.0.3) - C:\WINDOWS\System32\RazerS3Coinstaller.dll [MD5.7852D37790807E55BD71A65183E0F1ED] - |A| - [12/07/2021 10:20:51] - (.-.) - [2315.5 Ko] - (1.0.2104.14003) - C:\WINDOWS\System32\rdpnano.dll [MD5.42577ED1BA5199ADD53E1186EC4E28A4] - |A| - [03/03/2021 13:58:56] - (.-.) - [72.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2.17 Ko] - C:\WINDOWS\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png [MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 11:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll [MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 11:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost [MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [262 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [329.5 Ko] - C:\WINDOWS\System32\ru-RU [MD5.8BB7F1C55F4DF7CEFF9291FDB77F780B] - |A| - [13/11/2021 15:53:32] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe [MD5.56B23318DE09559AE0A7EA51F068AC3B] - |A| - [28/07/2020 05:50:22] - (.-.) - [150.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [28/07/2020 05:50:22] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 11:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4.85 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 11:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78.59 Ko] - C:\WINDOWS\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1839 Ko] - C:\WINDOWS\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.7 Ko] - C:\WINDOWS\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [254.5 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [251.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [03/03/2021 18:17:52] - [48356.04 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\WINDOWS\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 11:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [13385.02 Ko] - C:\WINDOWS\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png [MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 11:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7625.3 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [12465.68 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116989.96 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15627.98 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\WINDOWS\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [253.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 11:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [70696 Ko] - C:\WINDOWS\System32\sru [MD5.862E9C75593E9BB1A90961975276F7FE] - |A| - [03/03/2021 13:58:55] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll [MD5.649B3FBBD584AA71AAE7794DB043B4B1] - |A| - [15/12/2020 15:37:21] - (.(c)Conexant Systems Inc. - SSP Microphone Effects Property Page.) - [108.03 Ko] - (1.0.0.0) - C:\WINDOWS\System32\SSPPropPageExt64.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [320 Ko] - C:\WINDOWS\System32\sv-SE [MD5.26D2D82E2DD08761EAACF5BB5099D65B] - |A| - [16/09/2021 22:24:29] - (.-.) - [1265.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SvBannerBackground.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1418.56 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [938.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.91A578E2822436E185117C0A8CEEFE46] - |A| - [24/03/2020 22:41:22] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [423.52 Ko] - (4.13.0.0) - C:\WINDOWS\System32\t-base_client_api.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8.16 Ko] - C:\WINDOWS\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk [MD5.3596DC15B6F6CBBB6EC8B143CBD57F24] - |A| - [14/01/2022 13:19:08] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [53.5 Ko] - (3.5.1.0) - C:\WINDOWS\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [700.45 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [19/03/2019 06:52:45] - [646.35 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.A0140826A682DBE4CF3CDAA8EBD2729A] - |A| - [24/03/2020 22:41:22] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [471.02 Ko] - (4.6.1.1) - C:\WINDOWS\System32\tbaseregistry64.dll [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 11:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.518F44081E6F4B3236CBF4FB17E41F9B] - |A| - [12/03/2022 11:41:15] - (.-.) - [2208 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll [MD5.4C528AE5D512E3901BACAA5D75240381] - |A| - [15/10/2021 10:06:09] - (.-.) - [689.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [240 Ko] - C:\WINDOWS\System32\th-TH [MD5.CF7677327BE3C6395B9F3333CC0F1C15] - |A| - [03/03/2021 14:02:10] - (.-.) - [1.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ThirdPartyNoticesBySHS.txt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\WINDOWS\System32\ti-et [MD5.25551715B57E10FAFFAAA72B07641075] - |A| - [12/03/2022 11:41:03] - (.-.) - [266.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [308 Ko] - C:\WINDOWS\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 11:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 11:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [249 Ko] - C:\WINDOWS\System32\uk-UA [MD5.8CDD866E0707A71952FBA8BE899B7512] - |A| - [03/03/2021 13:58:58] - (.-.) - [63.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [2204.14 Ko] - C:\WINDOWS\System32\UNP [MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 11:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll [MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 11:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll [MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 11:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VhfUm.dll [MD5.A10725A4632FFFEAE250E09ADA553F94] - |A| - [03/03/2021 14:07:29] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll [MD5.4FBC5DC82AD84169159C6B157658D4FA] - |A| - [16/06/2021 21:06:18] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1067.88 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll [MD5.4FBC5DC82AD84169159C6B157658D4FA] - |A| - [16/06/2021 21:06:18] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1067.88 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkan-1.dll [MD5.A72F37E1A2C0A4F5FEB02034FC77D942] - |A| - [16/06/2021 21:06:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1749.73 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe [MD5.A72F37E1A2C0A4F5FEB02034FC77D942] - |A| - [16/06/2021 21:06:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1749.73 Ko] - (1.2.131.2) - C:\WINDOWS\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [200007.84 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [91164.88 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 11:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.1D64ACF3675288CC086E6361EAC748C4] - |A| - [07/12/2019 11:08:52] - (.-.) - [144.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [53493.83 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.3F376202BE6A0EC0C866D97ED2E0F16D] - |A| - [11/06/2021 09:38:36] - (.-.) - [642.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowManagementAPI.dll [MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 11:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10841.89 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 11:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [295992 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6281.34 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\WINDOWS\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 11:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 11:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 11:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 11:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [234.99 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [204.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1864.83 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.E556115BD4E751178310F842E457CA22] - |A| - [03/03/2021 14:03:35] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe [MD5.2F34023458B56EF612512DB541E95D5F] - |A| - [16/06/2021 21:02:34] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [126.48 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\amdave32.dll [MD5.66C0436AF492C2EABF75A6670A167035] - |A| - [16/06/2021 21:03:04] - (.-.) - [378.73 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.3C40C22B26E2B1D35DB5B9C720668B38] - |A| - [16/06/2021 21:03:12] - (.Copyright (C) 2020 Advanced Micro Devices, Inc. - Radeon Settings: Host Service.) - [171.09 Ko] - (2.0.0.1788) - C:\WINDOWS\SysWOW64\amdihk32.dll [MD5.CAFEF04C0E07770EF238ECF353DD14F4] - |A| - [16/06/2021 21:03:32] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [758.24 Ko] - (1.0.16.0) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.9BDB438DF620F81E53BE98F0BFE5EC31] - |A| - [16/06/2021 21:03:40] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [382.24 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmcl32.dll [MD5.1CDDD94B44C6A21C0515C7836B696955] - |A| - [16/06/2021 21:02:44] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [114.6 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.9DBFDE50D878DF6CF8BE2862CD9C39A5] - |A| - [16/06/2021 21:04:10] - (.Copyright (C) 2014-2017 AMD Inc. - amdxcstub32.dll.) - [112.27 Ko] - (8.18.10.357) - C:\WINDOWS\SysWOW64\amdxc32.dll [MD5.D1F4D42E0FB8E9900C3C59BE594AEA21] - |A| - [16/06/2021 21:04:36] - (.-.) - [52434.26 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amd_comgr32.dll [MD5.D5C6061D6794937AA6CB6DCA2FA9CACD] - |A| - [16/06/2021 21:03:08] - (.Copyright (C) 2016 - AMD MJPEG MFT Component.) - [1352.58 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll [MD5.1D75FF887D60947E8EEF6615142B7E26] - |A| - [16/06/2021 21:04:42] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [4051.77 Ko] - (1.4.17.0) - C:\WINDOWS\SysWOW64\amfrt32.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [97.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.DD0F04B43362A7C7660C1DF405D416F0] - |A| - [14/01/2022 13:19:13] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [563 Ko] - (3.5.1.0) - C:\WINDOWS\SysWOW64\archiveint.dll [MD5.C4C935904EB49BD51C6F9D07582445FE] - |A| - [16/06/2021 21:04:48] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1317.73 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.C4C935904EB49BD51C6F9D07582445FE] - |A| - [16/06/2021 21:04:48] - (.Copyright (C) 2008-2020 Advanced Micro Devices, Inc. - ADL.) - [1317.73 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.D1B2FB11A2126AB0AE302B8F088E48F6] - |A| - [16/06/2021 20:38:30] - (.-.) - [531.51 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.0CFDC5D5C56CFB21E6ED2F9D40B5CB43] - |A| - [16/06/2021 21:04:50] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub32.dll.) - [162.54 Ko] - (8.17.10.1684) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.823AD3BFDA10C8F09FA6F6F394BD7011] - |A| - [16/06/2021 21:04:54] - (.-.) - [112.72 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.287F12413DFC9482FC133E494EAF6CA8] - |A| - [16/06/2021 21:04:56] - (.-.) - [351.24 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.B715D30BC2BF5889FA8764CF685659A1] - |A| - [16/06/2021 21:05:08] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [215.76 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.C42680C454B8AE805A7DD8F00ECCC446] - |A| - [16/06/2021 21:03:18] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [114.61 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.E6C593145AB7884F68D34C6F8A9109BD] - |A| - [16/06/2021 21:05:18] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [145.24 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\atisamu32.dll [MD5.A3530CDF5C1203BE4415490ABE9D78C0] - |A| - [16/06/2021 20:38:34] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [28/07/2020 05:50:18] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [28/07/2020 05:50:18] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [316.5 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2217.05 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.6545DE4EF5217AA2FFC7FFD27725A971] - |A| - [03/03/2021 14:03:35] - (.-.) - [235 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [118.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.A2F18DAD6F7BE95ED9FC7A37B7D94FF7] - |A| - [14/01/2022 13:19:13] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [453.5 Ko] - (7.79.1.0) - C:\WINDOWS\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [119.5 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [131 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [188 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7607.02 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.3C7FAC50F5A07194370356CF9CDA54AD] - |A| - [16/06/2021 21:05:46] - (.-.) - [378.77 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GameManager32.dll [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 16:50:56] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [93 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.DF0C9C776F8367E213210FB256AC30EC] - |A| - [03/03/2021 14:04:18] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [55.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.8226A1A91F01432A0CB10CAABF1B9C6D] - |A| - [11/06/2021 09:39:24] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21634.72 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [125 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [89 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\WINDOWS\SysWOW64\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [91 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [454.91 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:52:05] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.633B4EC89559D9A98A137884D2528188] - |A| - [16/06/2021 21:05:58] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [81.24 Ko] - (27.20.11044.13001) - C:\WINDOWS\SysWOW64\mcl32.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2851.11 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [816.8 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 11:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [764.83 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [79.5 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [124 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.1847D8ACFDFFA5293B759A4F66A09334] - |A| - [16/06/2021 21:06:02] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [614.25 Ko] - (2.1.0.20) - C:\WINDOWS\SysWOW64\Rapidfire.dll [MD5.1ED667E8C5451448142AF677C871D1DB] - |A| - [16/06/2021 21:06:14] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [50.24 Ko] - (1.2.0.15) - C:\WINDOWS\SysWOW64\RapidFireServer.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [121.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4040.33 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8699.16 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1316.18 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.BDC53957962AFBEBE6A25EF941C261B3] - |A| - [03/03/2021 14:03:35] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [18/10/2021 21:18:18] - [8 Ko] - C:\WINDOWS\SysWOW64\statReporter [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [117 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.3044E62934C1CDD27CB085BD1B910A73] - |A| - [24/03/2020 22:41:20] - (.Copyright (c) 2013 - 2020 Advanced Micro Devices, Inc. - amdpsp sys.) - [339.02 Ko] - (4.13.0.0) - C:\WINDOWS\SysWOW64\t-base_client_api.dll [MD5.D7128869A4759CCBDC5D4BC55A40D4CC] - |A| - [14/01/2022 13:19:13] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [43.5 Ko] - (3.5.1.0) - C:\WINDOWS\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.B1D4864D3AAC15E212A50E462A7FDE51] - |A| - [24/03/2020 22:41:22] - (.Copyright (c) 2013 - 2018 Advanced Micro Devices, Inc. - tbaseregistry dll.) - [375.02 Ko] - (4.6.1.1) - C:\WINDOWS\SysWOW64\tbaseregistry32.dll [MD5.1D2D564BC91E46A54533B8ABBEF460DD] - |A| - [16/09/2021 22:25:12] - (.-.) - [1302.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll [MD5.4C58C812BB19C065CB0ED7FC8FBBAC12] - |A| - [15/10/2021 10:06:41] - (.-.) - [597.62 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [50.5 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.CE4E73FA1555E59A16BEE1DFF1EE353A] - |A| - [12/03/2022 11:41:53] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [115 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [03/03/2021 14:04:35] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll [MD5.C678CD47F8D1BD93EDF1D09C27CFACF7] - |A| - [16/06/2021 21:06:16] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [930.04 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.C678CD47F8D1BD93EDF1D09C27CFACF7] - |A| - [16/06/2021 21:06:16] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [930.04 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkan-1.dll [MD5.F12133ED2C3CF1798B947BCCDBB6B55F] - |A| - [16/06/2021 21:06:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1349.74 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.F12133ED2C3CF1798B947BCCDBB6B55F] - |A| - [16/06/2021 21:06:20] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1349.74 Ko] - (1.2.131.2) - C:\WINDOWS\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15748.16 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.A22B636328327A4EA6F6AB3F48A5B5B1] - |A| - [11/06/2021 09:39:24] - (.-.) - [457.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 11:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9338.44 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6281.07 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 11:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [chlod] [16/07/2020 17:33:14] - |RD| - [298] - C:\Users\chlod\3D Objects [03/03/2021 14:29:54] - |HD| - [9312248971] - C:\Users\chlod\AppData [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Application Data [16/07/2020 17:33:14] - |RD| - [412] - C:\Users\chlod\Contacts [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Cookies [15/06/2019 17:38:27] - |D| - [0] - C:\Users\chlod\Documents [15/06/2019 17:38:27] - |RD| - [1358074137] - C:\Users\chlod\Downloads [15/06/2019 17:38:27] - |RD| - [914] - C:\Users\chlod\Favorites [15/06/2019 17:38:27] - |RD| - [1997] - C:\Users\chlod\Links [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Local Settings [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Menu Démarrer [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Mes documents [16/07/2020 17:33:45] - |HD| - [4737593] - C:\Users\chlod\MicrosoftEdgeBackups [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Modèles [15/06/2019 17:38:27] - |RD| - [504] - C:\Users\chlod\Music [03/03/2021 14:29:54] - |AH| - [9961472] - C:\Users\chlod\NTUSER.DAT [03/03/2021 14:29:54] - |ASH| - [2097152] - C:\Users\chlod\ntuser.dat.LOG1 [03/03/2021 14:29:54] - |ASH| - [2432000] - C:\Users\chlod\ntuser.dat.LOG2 [03/03/2021 14:29:54] - |ASH| - [65536] - C:\Users\chlod\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [03/03/2021 14:29:54] - |ASH| - [524288] - C:\Users\chlod\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [03/03/2021 14:29:54] - |ASH| - [524288] - C:\Users\chlod\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [03/03/2021 18:26:51] - |SH| - [20] - C:\Users\chlod\ntuser.ini [16/07/2020 17:36:40] - |RAD| - [53331184646] - C:\Users\chlod\OneDrive [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Recent [15/06/2019 17:38:27] - |RD| - [282] - C:\Users\chlod\Saved Games [16/07/2020 17:33:14] - |RD| - [1879] - C:\Users\chlod\Searches [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\SendTo [15/06/2019 17:38:27] - |RD| - [694] - C:\Users\chlod\Videos [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Voisinage d'impression [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\Voisinage réseau [03/03/2021 14:29:54] - |D| - [7138018514] - C:\Users\chlod\AppData\Local [15/06/2019 17:38:28] - |D| - [34072105] - C:\Users\chlod\AppData\LocalLow [03/03/2021 14:29:54] - |D| - [2140158352] - C:\Users\chlod\AppData\Roaming [14/03/2022 16:42:36] - |D| - [56487272] - C:\Users\chlod\AppData\Local\@mendeley-internaldesktop-reference-manager-updater [16/07/2020 17:33:26] - |D| - [8323408] - C:\Users\chlod\AppData\Local\AMD [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\AppData\Local\Application Data [02/04/2021 12:13:20] - |D| - [0] - C:\Users\chlod\AppData\Local\ASUS [16/07/2020 17:39:50] - |D| - [0] - C:\Users\chlod\AppData\Local\Avira [21/03/2022 12:35:13] - |D| - [163317] - C:\Users\chlod\AppData\Local\CiscoSpark [21/03/2022 12:35:07] - |D| - [13647] - C:\Users\chlod\AppData\Local\CiscoSparkLauncher [16/07/2020 18:05:21] - |D| - [53997899] - C:\Users\chlod\AppData\Local\Comms [16/07/2020 17:33:08] - |D| - [8545408] - C:\Users\chlod\AppData\Local\ConnectedDevicesPlatform [25/09/2021 18:37:32] - |D| - [41409637] - C:\Users\chlod\AppData\Local\CrashDumps [16/07/2020 17:33:26] - |D| - [1875024] - C:\Users\chlod\AppData\Local\D3DSCache [16/07/2020 17:55:39] - |D| - [0] - C:\Users\chlod\AppData\Local\DBG [25/10/2021 21:56:15] - |D| - [2549118] - C:\Users\chlod\AppData\Local\Diagnostics [10/01/2022 17:41:04] - |D| - [523333] - C:\Users\chlod\AppData\Local\ElevatedDiagnostics [24/06/2021 19:48:07] - |D| - [92925715] - C:\Users\chlod\AppData\Local\Google [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\AppData\Local\Historique [13/03/2022 17:16:31] - |AH| - [187895] - C:\Users\chlod\AppData\Local\IconCache.db [12/03/2022 22:20:54] - |D| - [3268776] - C:\Users\chlod\AppData\Local\mbam [03/03/2021 14:29:54] - |D| - [1445562967] - C:\Users\chlod\AppData\Local\Microsoft [16/07/2020 17:33:34] - |D| - [65571] - C:\Users\chlod\AppData\Local\MicrosoftEdge [16/07/2020 19:09:36] - |D| - [1104203017] - C:\Users\chlod\AppData\Local\Mozilla [16/07/2020 23:18:09] - |D| - [0] - C:\Users\chlod\AppData\Local\OneDrive [16/07/2020 17:58:21] - |D| - [0] - C:\Users\chlod\AppData\Local\Opera Software [16/07/2020 17:33:12] - |D| - [1010264423] - C:\Users\chlod\AppData\Local\Packages [27/07/2020 13:31:55] - |D| - [0] - C:\Users\chlod\AppData\Local\PackageStaging [16/07/2020 17:36:39] - |D| - [45298] - C:\Users\chlod\AppData\Local\PlaceholderTileLogoFolder [16/07/2020 17:39:29] - |D| - [878264699] - C:\Users\chlod\AppData\Local\Programs [16/07/2020 17:58:22] - |D| - [24638371] - C:\Users\chlod\AppData\Local\Publishers [28/01/2022 17:03:44] - |D| - [644085031] - C:\Users\chlod\AppData\Local\slack [04/05/2021 19:18:07] - |D| - [2820] - C:\Users\chlod\AppData\Local\speech [17/07/2020 09:51:08] - |D| - [34290] - C:\Users\chlod\AppData\Local\SquirrelTemp [03/03/2021 14:29:54] - |D| - [1200995769] - C:\Users\chlod\AppData\Local\Temp [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\AppData\Local\Temporary Internet Files [16/07/2020 17:33:12] - |D| - [0] - C:\Users\chlod\AppData\Local\VirtualStore [21/03/2022 12:00:37] - |D| - [559585809] - C:\Users\chlod\AppData\Local\WebEx [16/07/2020 17:58:24] - |D| - [0] - C:\Users\chlod\AppData\LocalLow\AMD [16/07/2020 17:33:14] - |SD| - [299200] - C:\Users\chlod\AppData\LocalLow\Microsoft [16/07/2020 19:09:37] - |D| - [0] - C:\Users\chlod\AppData\LocalLow\Mozilla [11/05/2021 15:38:38] - |D| - [0] - C:\Users\chlod\AppData\LocalLow\Temp [21/03/2022 12:00:37] - |D| - [33772905] - C:\Users\chlod\AppData\LocalLow\WebEx [16/07/2020 17:33:13] - |D| - [0] - C:\Users\chlod\AppData\Roaming\Adobe [16/07/2020 17:47:25] - |D| - [0] - C:\Users\chlod\AppData\Roaming\Macromedia [14/03/2022 16:42:50] - |D| - [10248088] - C:\Users\chlod\AppData\Roaming\Mendeley Reference Manager [03/03/2021 14:29:54] - |SD| - [1140316655] - C:\Users\chlod\AppData\Roaming\Microsoft [17/07/2020 09:51:14] - |D| - [0] - C:\Users\chlod\AppData\Roaming\Microsoft Teams [16/07/2020 19:09:37] - |D| - [79258163] - C:\Users\chlod\AppData\Roaming\Mozilla [16/07/2020 17:45:55] - |D| - [31128061] - C:\Users\chlod\AppData\Roaming\Opera Software [02/08/2020 23:04:43] - |D| - [0] - C:\Users\chlod\AppData\Roaming\Skype [28/01/2022 17:03:58] - |D| - [620246392] - C:\Users\chlod\AppData\Roaming\Slack [10/11/2020 14:07:33] - |D| - [0] - C:\Users\chlod\AppData\Roaming\Teams [21/03/2022 12:03:40] - |D| - [488823] - C:\Users\chlod\AppData\Roaming\webex [06/10/2020 18:30:56] - |D| - [258472170] - C:\Users\chlod\AppData\Roaming\Zoom [16/07/2020 17:33:14] - |SH| - [174] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [03/03/2021 14:29:54] - |SHD| - [0] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [15/06/2019 17:38:28] - |RD| - [34247] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [03/03/2021 14:29:54] - |RD| - [3888] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [03/03/2021 14:29:54] - |RD| - [1680] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [16/07/2020 17:33:15] - |RD| - [174] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [03/03/2021 14:29:54] - |SH| - [264] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [03/03/2021 14:29:54] - |D| - [170] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [14/03/2022 16:42:37] - |A| - [2611] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mendeley Reference Manager.lnk [08/03/2022 23:09:40] - |A| - [2370] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk [03/03/2021 14:29:54] - |A| - [1105] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [28/01/2022 17:04:04] - |D| - [2219] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc [16/07/2020 17:33:15] - |RD| - [1494] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [03/03/2021 14:29:54] - |RD| - [4913] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [21/03/2022 12:10:23] - |D| - [1474] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex [03/03/2021 14:29:54] - |D| - [7844] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [08/02/2022 10:41:39] - |D| - [4041] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom [16/07/2020 17:33:15] - |SH| - [174] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini [16/07/2020 20:46:10] - |A| - [1320] - C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk ---------- | [Public] [15/06/2019 16:57:36] - |RHD| - [264622] - C:\Users\Public\AccountPictures [15/09/2018 09:33:50] - |RHD| - [2197] - C:\Users\Public\Desktop [07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini [15/09/2018 09:33:50] - |RD| - [278] - C:\Users\Public\Documents [15/09/2018 09:33:50] - |RD| - [174] - C:\Users\Public\Downloads [07/12/2019 11:14:52] - |RHD| - [1135] - C:\Users\Public\Libraries [15/09/2018 09:33:50] - |RD| - [380] - C:\Users\Public\Music [15/09/2018 09:33:50] - |RD| - [380] - C:\Users\Public\Pictures [16/07/2020 17:46:31] - |D| - [190106] - C:\Users\Public\Security Sessions [15/09/2018 09:33:50] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [03/03/2021 18:26:43] - |SHD| - [0] - C:\ProgramData\Application Data [15/06/2019 17:02:03] - |D| - [9630959] - C:\ProgramData\ASUS [27/07/2020 13:31:26] - |SHD| - [0] - C:\ProgramData\Bureau [29/07/2020 11:04:12] - |D| - [289] - C:\ProgramData\Conexant [03/03/2021 18:26:43] - |SHD| - [0] - C:\ProgramData\Desktop [03/03/2021 18:26:43] - |SHD| - [0] - C:\ProgramData\Documents [07/02/2021 15:53:54] - |D| - [30878] - C:\ProgramData\HP [02/09/2021 09:38:15] - |D| - [293608816] - C:\ProgramData\Logitech [12/03/2022 22:19:37] - |D| - [255560096] - C:\ProgramData\Malwarebytes [27/07/2020 13:31:26] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [07/12/2019 11:14:52] - |SD| - [946741246] - C:\ProgramData\Microsoft [03/03/2021 18:29:08] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [27/07/2020 13:31:26] - |SHD| - [0] - C:\ProgramData\Modèles [16/07/2020 19:09:30] - |D| - [0] - C:\ProgramData\Mozilla [10/02/2022 10:51:11] - |D| - [12397711] - C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 [02/09/2021 09:39:00] - |D| - [7819012] - C:\ProgramData\Package Cache [16/07/2020 17:34:50] - |D| - [237568] - C:\ProgramData\Packages [02/08/2021 16:30:13] - |D| - [312870] - C:\ProgramData\Razer [07/12/2019 11:14:52] - |D| - [3152] - C:\ProgramData\regid.1991-06.com.microsoft [07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution [03/03/2021 14:18:26] - |D| - [0] - C:\ProgramData\ssh [03/03/2021 18:26:43] - |SHD| - [0] - C:\ProgramData\Start Menu [03/03/2021 18:26:43] - |SHD| - [0] - C:\ProgramData\Templates [07/12/2019 11:14:52] - |D| - [11837440] - C:\ProgramData\USOPrivate [07/12/2019 11:14:52] - |D| - [11087872] - C:\ProgramData\USOShared [07/12/2019 16:53:03] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [27/07/2020 13:31:26] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [07/12/2019 11:14:52] - |RD| - [94131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [17/07/2020 10:51:07] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk [07/12/2019 11:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [07/12/2019 11:14:52] - |RD| - [14467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [07/12/2019 11:14:52] - |RD| - [22956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [05/01/2021 11:42:08] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [07/12/2019 11:14:54] - |SH| - [522] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [17/07/2020 10:51:08] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk [10/01/2022 19:37:20] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [23/06/2021 16:49:32] - |A| - [2247] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [15/06/2019 17:10:36] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower [07/12/2019 11:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [07/12/2019 11:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [12/03/2022 22:20:34] - |A| - [2035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk [26/08/2020 20:20:23] - |A| - [2444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [17/07/2020 10:51:08] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk [24/05/2021 10:39:00] - |D| - [15411] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office [17/07/2020 10:51:09] - |A| - [2435] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk [09/11/2021 11:14:02] - |A| - [1148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk [17/07/2020 10:51:09] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk [17/07/2020 10:51:09] - |A| - [2397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk [24/05/2021 10:39:00] - |A| - [2548] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise.lnk [07/12/2019 11:14:52] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [07/12/2019 11:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [07/12/2019 16:52:28] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [17/07/2020 10:51:09] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [16/07/2020 17:39:08] - |D| - [0] - C:\Program Files (x86)\Avira [07/12/2019 11:14:52] - |D| - [25391226] - C:\Program Files (x86)\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [23/06/2021 16:48:52] - |D| - [11464008] - C:\Program Files (x86)\Google [15/06/2019 17:10:33] - |D| - [8725505] - C:\Program Files (x86)\ICEpower [07/12/2019 11:14:52] - |D| - [1996947] - C:\Program Files (x86)\Internet Explorer [02/09/2021 09:38:14] - |D| - [58452699] - C:\Program Files (x86)\Logitech [26/08/2020 20:20:04] - |D| - [1450891270] - C:\Program Files (x86)\Microsoft [07/12/2019 11:14:52] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [10/01/2022 19:37:20] - |D| - [370156] - C:\Program Files (x86)\Mozilla Maintenance Service [02/08/2021 16:29:53] - |D| - [0] - C:\Program Files (x86)\Razer [17/07/2020 10:52:01] - |D| - [97229077] - C:\Program Files (x86)\Teams Installer [27/07/2020 13:24:17] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [07/12/2019 11:14:52] - |D| - [1823008] - C:\Program Files (x86)\Windows Defender [07/12/2019 11:14:52] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [07/12/2019 16:53:03] - |D| - [3237786] - C:\Program Files (x86)\Windows Media Player [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6058840] - C:\Program Files (x86)\Windows NT [07/12/2019 16:53:03] - |D| - [5261760] - C:\Program Files (x86)\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [07/12/2019 11:14:52] - |D| - [2250695] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [15/06/2019 16:59:37] - |D| - [1917221] - C:\Program Files\AMD [05/01/2021 11:42:06] - |D| - [84759064] - C:\Program Files\CCleaner [07/12/2019 11:14:52] - |D| - [172508055] - C:\Program Files\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini [27/07/2020 13:31:26] - |SHD| - [0] - C:\Program Files\Fichiers communs [23/06/2021 16:49:21] - |D| - [558416687] - C:\Program Files\Google [07/12/2019 11:14:52] - |D| - [2677414] - C:\Program Files\Internet Explorer [12/03/2022 22:19:34] - |D| - [361587357] - C:\Program Files\Malwarebytes [16/07/2020 19:16:37] - |D| - [3421976882] - C:\Program Files\Microsoft Office [17/07/2020 10:46:59] - |D| - [9902016] - C:\Program Files\Microsoft Office 15 [20/07/2020 16:05:29] - |D| - [1916128] - C:\Program Files\Microsoft Update Health Tools [07/12/2019 11:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [14/03/2022 14:38:01] - |D| - [220660338] - C:\Program Files\Mozilla Firefox [09/11/2021 11:14:00] - |D| - [11781242] - C:\Program Files\PCHealthCheck [07/12/2018 09:42:35] - |HD| - [0] - C:\Program Files\Uninstall Information [18/07/2020 21:28:01] - |D| - [16580608] - C:\Program Files\UNP [07/12/2019 11:14:52] - |D| - [13853406] - C:\Program Files\Windows Defender [07/12/2019 11:14:52] - |D| - [639488] - C:\Program Files\Windows Mail [07/12/2019 16:53:03] - |D| - [4601278] - C:\Program Files\Windows Media Player [07/12/2019 16:53:03] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6403928] - C:\Program Files\Windows NT [07/12/2019 16:53:03] - |D| - [6179784] - C:\Program Files\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [48528] - C:\Program Files\Windows Portable Devices [07/12/2019 11:14:52] - |D| - [112213] - C:\Program Files\Windows Security [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 11:14:52] - |HD| - [6094907137] - C:\Program Files\WindowsApps [07/12/2019 11:14:52] - |D| - [2545983] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [07/12/2019 11:14:52] - |D| - [15815265] - C:\Program Files (x86)\Common Files\Microsoft Shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/12/2019 11:14:52] - |D| - [9573259] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [17/07/2020 10:48:48] - |D| - [25504] - C:\Program Files\Common files\DESIGNER [07/12/2019 11:14:52] - |D| - [161897950] - C:\Program Files\Common files\microsoft shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files\Common files\Services [07/12/2019 11:14:52] - |D| - [10581899] - C:\Program Files\Common files\System ---------- | Links to files C:\$Recycle.Bin\S-1-5-21-2842346516-3525720642-4283951694-1001\$RB4B1WJ.lnk -> C:\Users\chlod\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe - Status : OK C:\$Recycle.Bin\S-1-5-21-2842346516-3525720642-4283951694-1002\$RGUS95E.lnk -> C:\Users\chlod\AppData\Local\slack\slack.exe - Status : OK C:\$Recycle.Bin\S-1-5-21-2842346516-3525720642-4283951694-1002\$RL6SNFH.lnk -> C:\Users\chlod\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe - Status : OK C:\$Recycle.Bin\S-1-5-21-2842346516-3525720642-4283951694-1002\$RXNB0FI.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\WINDOWS\system32\SnippingTool.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\WINDOWS\system32\psr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\WINDOWS\system32\comexp.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\WINDOWS\system32\dfrgui.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\WINDOWS\system32\iscsicpl.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\WINDOWS\system32\MdSched.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\syswow64\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\system32\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\WINDOWS\system32\perfmon.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\WINDOWS\system32\RecoveryDrive.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\WINDOWS\regedit.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\WINDOWS\system32\perfmon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\WINDOWS\system32\services.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\WINDOWS\system32\msconfig.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\WINDOWS\system32\msinfo32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\WINDOWS\system32\taskschd.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\system32\WF.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower\AudioWizard\AudioWizard.lnk -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\NewShortcut2_CAFC68A201474C958303AEAC0F6DBEDB.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\WINDOWS\System32\Control.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Database Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Gestionnaire d’enregistrements Skype Entreprise.lnk -> C:\Program Files\Microsoft Office\root\Office16\OcPubMgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Journal de télémétrie pour Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msoev.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Préférences linguistiques d’Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Spreadsheet Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office\Tableau de bord de télémétrie pour Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msotd.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Users\chlod\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\5 key takeaways.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Meet the entrepreneur\5 key takeaways.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Bureau.LNK -> C:\Users\chlod\OneDrive\Bureau - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Ethics, Innovation and Entrepreneurship.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Ethics, Innovation and Entrepreneurship - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Ethics.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Ethics, Innovation and Entrepreneurship\Ethics.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Idées.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Idées.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Meet the entrepreneur.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Meet the entrepreneur - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\MSC ENTREPRENEURSHIP AND INNOVATION.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\MSC ENTREPRENEURSHIP AND INNOVATION.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Office\Recent\Stage.LNK -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\275630499_369313158188088_3843816757285715828_n.lnk -> C:\Users\chlod\Downloads\275630499_369313158188088_3843816757285715828_n.jpg - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\5 key takeaways (2).lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Meet the entrepreneur\5 key takeaways.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\5 key takeaways.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Meet the entrepreneur\5 key takeaways.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\A faire 2.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\DDiL\A faire 2.PNG - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\A faire.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\DDiL\A faire.PNG - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Activité DPP.lnk -> C:\Users\chlod\OneDrive\Bureau\Activité DPP.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Assignment - Chloé Dardelle.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Assignment - Chloé Dardelle.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Bonjour Madame Martin.lnk -> C:\Users\chlod\OneDrive\Bureau\Bonjour Madame Martin.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Business Research Method.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Business Research Method.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Candidatures Récupéré.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Candidatures Récupéré.xlsx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Capture d’e´cran 2022-03-21 a` 23.53.57.lnk -> C:\Users\chlod\Downloads\Capture d’e´cran 2022-03-21 a` 23.53.57.png - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Capture d’e´cran 2022-03-22 a` 11.24.31.lnk -> C:\Users\chlod\Downloads\Capture d’e´cran 2022-03-22 a` 11.24.31.png - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Clean_DNS_26_03_2022_18.06.27.lnk -> C:\Users\chlod\OneDrive\Bureau\Clean_DNS_26_03_2022_18.06.27.txt - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\CV Chloé Dardelle.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\CV Chloé Dardelle.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\DDiL (2).lnk -> C:\Users\chlod\Downloads\DDiL.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\DDiL-1.lnk -> C:\Users\chlod\Downloads\DDiL-1.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\DDiL.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\DDiL - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\deloitte_etude-sens-au-travail-2017.lnk -> C:\Users\chlod\Downloads\deloitte_etude-sens-au-travail-2017.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Docs à upload.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Docs à upload.PNG - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Entretien Eldorado.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Entretien Eldorado.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Entretien Urban Odyssey.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Entretien Urban Odyssey.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Ethics, Innovation and Entrepreneurship.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Ethics, Innovation and Entrepreneurship - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Ethics.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Ethics, Innovation and Entrepreneurship\Ethics.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Etonnement.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\DDiL\Etonnement.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Etude de cas - Chloé Dardelle.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Etude de cas\Etude de cas - Chloé Dardelle.pptx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Etude de cas.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Etude de cas - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Excel Litterature Review.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Excel Litterature Review.xlsx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Fixlog_13-03-2022 16.16.31.lnk -> C:\FRST\Logs\Fixlog_13-03-2022 16.16.31.txt - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Furure of Work, a systematic literature review and evolution of themes.lnk -> C:\Users\chlod\OneDrive\Bureau\Furure of Work, a systematic literature review and evolution of themes.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Furure of Work, a systematic literature review and evolution of themes.pdf.zmdownload.lnk -> C:\Users\chlod\OneDrive\Bureau\Furure of Work, a systematic literature review and evolution of themes.pdf.zmdownload - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6737785.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6737819.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6737885.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6738145.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6739675.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\https--forums.cnetfrance.fr-node-6739765.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Idées.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Idées.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Internet.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\kprm-20220313213021.lnk -> C:\KPRM\kprm-20220313213021.txt - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\KPRM.lnk -> C:\KPRM - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Livres&Vous!.lnk -> C:\Users\chlod\OneDrive\Documents\Livres&Vous! - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\LM - Exemple - Copie.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\LM\LM - Exemple - Copie.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\LM.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\LM - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Logs.lnk -> C:\FRST\Logs - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Mail alumni.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 2A\Stage\Mail alumni.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Marie-Michèle.pptx.lnk -> C:\Users\chlod\Downloads\Marie-Michèle.pptx.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Marval_Dissertations ENTFoW _S1.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Marval_Dissertations ENTFoW _S1.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Meet the entrepreneur.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Meet the entrepreneur - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay---.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck-.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\MSC ENTREPRENEURSHIP AND INNOVATION.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\MSC ENTREPRENEURSHIP AND INNOVATION.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Mémoire.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Neoma 4A (2).lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Neoma 4A.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\NEOMA.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Open creative labs.lnk -> C:\Users\chlod\OneDrive\Bureau\Open creative labs.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\outlookcal (2).lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\outlookcal.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Pitch.lnk -> C:\Users\chlod\OneDrive\Bureau\Pitch.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Profil Candidat Chloé Dardelle - Bpifrance.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Profil candidat\Profil Candidat Chloé Dardelle - Bpifrance.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Profil Candidat Chloé Dardelle - Eldorado.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Profil candidat\Profil Candidat Chloé Dardelle - Eldorado.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Profil Candidat Chloé Dardelle - Schoolab.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Profil candidat\Profil Candidat Chloé Dardelle - Schoolab.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Profil candidat.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage\Profil candidat - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Rapport d'étonnement - Bastien & Chloé.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\DDiL\Rapport d'étonnement - Bastien & Chloé.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Rapport-de-stage-Pauline-BALOSSO.lnk -> C:\Users\chlod\Downloads\Rapport-de-stage-Pauline-BALOSSO.docx - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Semaine du 21-03.lnk -> C:\Users\chlod\OneDrive\Documents\Livres&Vous!\Semaine du 21-03.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Slides 1.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Slides 1.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Slides 2.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Slides 2.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Slides 3.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Slides 3.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Slides 4.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Mémoire\Slides 4.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Stage.lnk -> C:\Users\chlod\OneDrive\Documents\NEOMA\Neoma 4A\Stage - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Téléchargements.lnk -> C:\Users\chlod\Downloads - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\Weekly achievments.lnk -> C:\Users\chlod\Downloads\Weekly achievments.pdf - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender---.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--threat-.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\SendTo\Transfert de fichiers Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mendeley Reference Manager.lnk -> C:\Users\chlod\AppData\Local\Programs\Mendeley Reference Manager\Mendeley Reference Manager.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\chlod\AppData\Local\Microsoft\Teams\Update.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc\Slack.lnk -> C:\Users\chlod\AppData\Local\slack\slack.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk -> C:\Users\chlod\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\chlod\AppData\Roaming\Zoom\uninstall\Installer.exe - Status : OK C:\Users\chlod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\chlod\AppData\Roaming\Zoom\bin\Zoom.exe - Status : OK C:\Users\chlod\Links\Desktop.lnk -> C:\Users\chlod\OneDrive\Bureau - Status : OK C:\Users\chlod\Links\Downloads.lnk -> C:\Users\chlod\Downloads - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_aae8e58aa310aa7d\Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\Hyper-V Manager.lnk -> C:\WINDOWS\System32\mmc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\Steps Recorder.lnk -> C:\WINDOWS\system32\psr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\Windows Sandbox.lnk -> C:\WINDOWS\system32\WindowsSandbox.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.19041.1_none_88835f4d79d6a242\Component Services.lnk -> C:\WINDOWS\system32\comexp.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.746_none_290f6af7d5263efa\Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.19041.1_none_a84acae243b8ad63\Character Map.lnk -> C:\WINDOWS\system32\charmap.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\Disk Cleanup.lnk -> C:\WINDOWS\system32\cleanmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt-shortcut_31bf3856ad364e35_10.0.19041.1_none_efaf63248e6d4479\Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..-tools-mmc-adsiedit_31bf3856ad364e35_10.0.19041.1466_none_27d69d4b8f185d67\ADSIEdit.lnk -> C:\WINDOWS\system32\adsiedit.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-sitesandservices_31bf3856ad364e35_10.0.19041.746_none_7d35d325c812757b\Active Directory Sites and Services.lnk -> C:\WINDOWS\system32\dssite.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..services-adam-setup_31bf3856ad364e35_10.0.19041.746_none_1a1e8292dcf10728\ADAM Install.lnk -> C:\WINDOWS\ADAM\adaminstall.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\dfrgui.lnk -> C:\WINDOWS\system32\dfrgui.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-e..er-server-shortcuts_31bf3856ad364e35_10.0.19041.1_none_5e85a7ed6f490164\Administrative Tools.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02 - Command Prompt.lnk -> C:\WINDOWS\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02a - Windows PowerShell.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\03 - Computer Management.lnk -> C:\WINDOWS\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04 - Disk Management.lnk -> C:\WINDOWS\system32\diskmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\05 - Device Manager.lnk -> C:\WINDOWS\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\06 - SystemAbout.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\07 - Event Viewer.lnk -> C:\WINDOWS\system32\eventvwr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\09 - Mobility Center.lnk -> C:\WINDOWS\system32\mblctr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Desktop.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Run.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\2 - Search.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\3 - Windows Explorer.lnk -> C:\WINDOWS\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\4 - Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\5 - Task Manager.lnk -> C:\WINDOWS\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\computer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\File Explorer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Run.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Shows Desktop.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Window Switcher.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Windows Fax and Scan.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1586_none_eda110bcddae418b\Fax Recipient.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1586_none_eda110bcddae418b\Windows Fax and Scan.lnk -> C:\WINDOWS\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1387_none_8f7af7ce4c3f80e1\Immersive Control Panel.lnk -> C:\WINDOWS\System32\Control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1566_none_8f636e2a4c516c74\Immersive Control Panel.lnk -> C:\WINDOWS\System32\Control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-clientshortcuts_31bf3856ad364e35_10.0.19041.1_none_9f9e4023b60d2433\IIS Client Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_5f45625010b4cd19\IIS6 Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr6.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.19041.906_none_65f82ba919c64b11\IIS Manager.lnk -> C:\WINDOWS\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.19041.1_none_8ddc3834fb6f659f\iSCSI Initiator.lnk -> C:\WINDOWS\system32\iscsicpl.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\ODBC Data Sources (64-bit).lnk -> C:\WINDOWS\system32\odbcad32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\Memory Diagnostics Tool.lnk -> C:\WINDOWS\system32\MdSched.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1566_none_e2d33b2e4df989bf\Magnify.lnk -> C:\WINDOWS\system32\magnify.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.19041.1_none_64c27fc7ed12e401\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.19041.1110_none_4f46693352ed3250\System Configuration.lnk -> C:\WINDOWS\system32\msconfig.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1110_none_20a89186aedb6af7\System Information.lnk -> C:\WINDOWS\system32\msinfo32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\Paint.lnk -> C:\WINDOWS\system32\mspaint.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.789_none_9beee4eb02a5f8c7\Narrator.lnk -> C:\WINDOWS\system32\narrator.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-nfs-adminmmc_31bf3856ad364e35_10.0.19041.1_none_9da8f6be034114e3\Services For Network File System.lnk -> C:\WINDOWS\system32\nfsmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1320_none_e3d2189d253c2e6b\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1566_none_e3bff13d2549656f\Notepad.lnk -> C:\WINDOWS\system32\notepad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\On-Screen Keyboard.lnk -> C:\WINDOWS\system32\osk.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk -> C:\WINDOWS\system32\perfmon.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk -> C:\WINDOWS\system32\perfmon.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE (x86).lnk -> C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE.lnk -> C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1387_none_72bdb9e123faa487\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1566_none_72a6303d240c901a\Quick Assist.lnk -> C:\WINDOWS\system32\quickassist.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1237_none_9d556cf140e198b4\RecoveryDrive.lnk -> C:\WINDOWS\system32\RecoveryDrive.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk -> C:\WINDOWS\regedit.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.19041.1_none_0f506321e073254e\Security Configuration Management.lnk -> C:\WINDOWS\system32\secpol.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.19041.1_none_8554f027e5186b5e\services.lnk -> C:\WINDOWS\system32\services.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.19041.746_none_77bd4cfbe87238a7\Snipping Tool.lnk -> C:\WINDOWS\system32\SnippingTool.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\Speech Recognition.lnk -> C:\WINDOWS\Speech\Common\sapisvr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_10.0.19041.746_none_a89acde4afbab635\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1266_none_c2a2211ad648e627\Remote Desktop Connection.lnk -> C:\WINDOWS\system32\mstsc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1202_none_a27aa61d221bdc5c\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1566_none_a25fdcf5222f2ebd\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.19041.1_none_56138d203a7fc4cf\MultiPoint Log Collector.lnk -> C:\Program Files\Windows MultiPoint Server\LogCollector.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.19041.1_none_d1ffdc3927836528\MultiPoint Manager.lnk -> C:\Program Files\Windows MultiPoint Server\WmsManager.exe - Status : OK C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.19041.1_none_3b48028dac22b3be\Windows Defender Firewall with Advanced Security.lnk -> C:\WINDOWS\system32\WF.msc - Status : OK C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.19041.1_none_00dc114da3ba6b01\Task Scheduler.lnk -> C:\WINDOWS\system32\taskschd.msc - Status : OK C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.lnk -> C:\Program Files\Hyper-V\VMCreate.exe - Status : OK C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\MultiPoint Dashboard.lnk -> C:\Program Files\Windows MultiPoint Server\WmsDashboard.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_04959f34117554a3\ODBC Data Sources (32-bit).lnk -> C:\WINDOWS\syswow64\odbcad32.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [03/03/2021 18:26:38] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.FB3AB1AC16DEC08FA3DC5BD54303F965] - [03/03/2021 18:26:38] - |A| - [3756] - C:\WINDOWS\System32\Tasks\ASUS Optimization 36D18D69AFC3 : "C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusHotkey.exe" [MD5.755926E5F7DF8F038D106E22A840D1E6] - [03/03/2021 18:26:38] - |A| - [4122] - C:\WINDOWS\System32\Tasks\ASUS Update Checker 2.0 : "C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSoftwareManager\AsusUpdateChecker.exe" [MD5.D7A10AA7AD9C7099746E7FBB0F48B199] - [03/03/2021 18:26:38] - |A| - [3752] - C:\WINDOWS\System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 : "C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemAnalysis\AsusSystemAnalysis.exe" [MD5.487FACE093A7C015383DDBA647D13397] - [03/03/2021 18:26:38] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update : C:\Program Files\CCleaner\CCUpdate.exe [MD5.1368DB29D5C70B65306B1DBA4ED23F52] - [18/08/2021 18:37:34] - |A| - [2904] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - chlod : "C:\Program Files\CCleaner\CCleaner.exe" [MD5.718DFC1233E577F3A2BEB726EE59597F] - [23/06/2021 16:48:55] - |A| - [3466] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.4285F7E08BE72F20559747B12088D9DB] - [23/06/2021 16:48:55] - |A| - [3590] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [03/03/2021 18:26:38] - |D| - [0] - C:\WINDOWS\System32\Tasks\McAfee [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [669842] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.F7780B5C300958755031922714339B76] - [03/03/2021 18:26:38] - |A| - [3338] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.81D9C6D9562F4B20116AF842FF8A3755] - [04/03/2021 12:14:31] - |A| - [3540] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7104977154efe : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.B528CD0208B88A37AC73F8FF24FF63B7] - [03/03/2021 18:26:38] - |A| - [3634] - C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.00000000000000000000000000000000] - [17/01/2022 16:32:30] - |D| - [8520] - C:\WINDOWS\System32\Tasks\Mozilla [MD5.210A0994E0BA5391B6966E4AA04869BF] - [03/03/2021 18:26:38] - |A| - [2856] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2842346516-3525720642-4283951694-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "{3DED2FC9-7919-4272-8651-9D8A4CDB41D1}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{3800DBDA-9516-4A64-8E50-6962F0DDFEC4}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{A675CC2E-021E-4A34-90FC-E767B31C6960}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Friends|Desc=Candy Crush Friends|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-2434645666-2532177092-3042203602-619713399-428220933-2149260498-1813168567|EmbedCtxt=Candy Crush Friends|Platform=2:6:2|Platform2=GTEQ| "{633F0860-CEC3-45A5-88FB-0A87E9578670}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Candy Crush Friends|Desc=Candy Crush Friends|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-2434645666-2532177092-3042203602-619713399-428220933-2149260498-1813168567|EmbedCtxt=Candy Crush Friends|Platform=2:6:2|Platform2=GTEQ| "{FA265D17-9E99-452B-A2F5-BAD06BA33055}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome| "{B5B3D3BA-47A0-47E1-B545-871810A1EAD2}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ| "{D5EB84D1-C580-4F34-B3D8-AA090ECECE56}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{C9693261-F6B8-4261-87BB-7D1B9582B0F7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ| "{C2C7F4FD-0512-4C17-8134-97C09F55FB83}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{4534D104-3F17-4684-9BE7-8532EC64DCCF}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge| "{AE7F3E8C-691A-4EF9-955B-BA8AA3B85F81}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{96707E64-0EE6-479B-9F25-7EDDCFA833A0}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{ACDA944C-5292-4790-BF7F-0DD939065C78}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Farm Heroes Saga|Desc=Farm Heroes Saga|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-3196930009-3239748496-3451789643-4181117982-558124748-100190824-3493678593|EmbedCtxt=Farm Heroes Saga|Platform=2:6:2|Platform2=GTEQ| "{73DF6292-35E4-4456-9A4C-E768E7D93D9E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Farm Heroes Saga|Desc=Farm Heroes Saga|LUOwn=S-1-5-21-2842346516-3525720642-4283951694-1001|AppPkgId=S-1-15-2-3196930009-3239748496-3451789643-4181117982-558124748-100190824-3493678593|EmbedCtxt=Farm Heroes Saga|Platform=2:6:2|Platform2=GTEQ| "{10597680-A922-4DD4-8306-43F36080218A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|App=C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSwitch\AsusSwitchNet.exe|Name=AsusSwitchNet_56ACDA9B| "{30956867-FEDF-4BA5-B1E9-7A177650CA50}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|App=C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkNear\AsusLinkNear.exe|Name=AsusSync| "{6BA3F33E-B3CB-4856-A794-4485F49D128C}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|App=C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSwitch\AsusSwitchNetMDNS.exe|Name=AsusSwitchNetMDNS_269A2EB3| "{0E590111-E059-48B3-B0A9-B66628847540}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkRemote\AsusLinkRemoteAgent.exe|Name=AsusLinkRemoteAgent|Desc=| "{9483CFDA-4F65-4269-96FB-F0F2BD4A7290}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkRemote\AsusLinkRemoteAgent.exe|Name=AsusLinkRemoteAgent|Desc=| "{86B6EA63-4ED6-4A8B-A86D-BDCAC16A5DFD}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.52\msedgewebview2.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge WebView2 Runtime| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{42cf9535-c69f-410f-9779-d6906dad9400}] : (CropAssistUSBDevice) [] -> USB devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [15/10/2021 10:06:12] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\Drivers\CimFS.SYS [01/03/2022 21:07:18] - (2.1.34.0) - (ASUSTeK COMPUTER INC. - ASUS WMI ACPI Driver) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusWmiAcpi.sys [07/08/2019 19:04:00] - (1.0.0.12) - (ASUS - ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsRadioControl.sys [24/04/2019 06:01:46] - (11.0.0.25) - (ASUSTek COMPUTER INC. - Asus PTP Filter Driver (x64)) - C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [20/09/2020 21:41:24] - (8.66.96.0) - (Conexant Systems Inc. - 64-bit High Definition Audio Function Driver) - C:\WINDOWS\system32\drivers\CHDRT64.sys [30/08/2019 03:23:16] - (10.0.0.919) - (Qualcomm - BT Filter) - C:\WINDOWS\System32\drivers\btfilter.sys [01/03/2022 21:08:00] - (1.0.6.0) - (ASUSTeK COMPUTER INC. - ASUS System Analysis IO) - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemAnalysis\AsusSAIO.sys [30/08/2019 03:50:06] - (12.0.0.919) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\Qcamain10x64.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware (3ware) -> C:\WINDOWS\system32\drivers\3ware.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> C:\WINDOWS\system32\drivers\ACPI.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> C:\WINDOWS\system32\Drivers\acpiex.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ADP80XX (ADP80XX) -> C:\WINDOWS\system32\drivers\ADP80XX.SYS - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - amdpsp (AMD PSP Service) -> C:\WINDOWS\system32\drivers\amdpsp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - amdsata (amdsata) -> C:\WINDOWS\system32\drivers\amdsata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsbs (amdsbs) -> C:\WINDOWS\system32\drivers\amdsbs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdxata (amdxata) -> C:\WINDOWS\system32\drivers\amdxata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - arcsas (Pilote miniport Storport Adaptec SAS/SATA-II RAID) -> C:\WINDOWS\system32\drivers\arcsas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - atapi (Canal IDE) -> C:\WINDOWS\system32\drivers\atapi.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - b06bdrv (Carte réseau QLogic VBD) -> C:\WINDOWS\system32\drivers\bxvbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - bttflt (Filtre Microsoft Hyper-V VHDPMEM BTT) -> C:\WINDOWS\system32\drivers\bttflt.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - cht4iscsi (cht4iscsi) -> C:\WINDOWS\system32\drivers\cht4sx64.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - CLFS (Common Log (CLFS)) -> C:\WINDOWS\system32\drivers\CLFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - CNG (CNG) -> C:\WINDOWS\system32\Drivers\cng.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - disk (Pilote de disque) -> C:\WINDOWS\system32\drivers\disk.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ebdrv (Carte QLogic 10 Gigabit Ethernet VBD) -> C:\WINDOWS\system32\drivers\evbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - EhStorClass (Enhanced Storage Filter Driver) -> C:\WINDOWS\system32\drivers\EhStorClass.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - EhStorTcgDrv (Pilote Microsoft pour dispositif de stockage prenant en charge les protocoles IEEE 1667 et TCG) -> C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [File System Driver] - FileInfo (File Information FS MiniFilter) -> C:\WINDOWS\system32\drivers\fileinfo.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - FltMgr (FltMgr) -> C:\WINDOWS\system32\drivers\fltmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - fvevol (Pilote de filtre de chiffrement de lecteur BitLocker) -> C:\WINDOWS\system32\DRIVERS\fvevol.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - HpSAMD (HpSAMD) -> C:\WINDOWS\system32\drivers\HpSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - hwpolicy (Hardware Policy Driver) -> C:\WINDOWS\system32\drivers\hwpolicy.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorAVC (Contrôleur RAID SATA de circuit microprogrammé Intel) -> C:\WINDOWS\system32\drivers\iaStorAVC.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - iaStorV (Contrôleur RAID Intel Windows 7) -> C:\WINDOWS\system32\drivers\iaStorV.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - intelide (intelide) -> C:\WINDOWS\system32\drivers\intelide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - intelpep (Pilote de plug-in du moteur d’alimentation Intel(R)) -> C:\WINDOWS\system32\drivers\intelpep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - iorate (Pilote du filtre du taux d’E/S du disque) -> C:\WINDOWS\system32\drivers\iorate.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - isapnp (isapnp) -> C:\WINDOWS\system32\drivers\isapnp.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - ItSas35i (ItSas35i) -> C:\WINDOWS\system32\drivers\ItSas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - KSecDD (KSecDD) -> C:\WINDOWS\system32\Drivers\ksecdd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - KSecPkg (KSecPkg) -> C:\WINDOWS\system32\Drivers\ksecpkg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS (LSI_SAS) -> C:\WINDOWS\system32\drivers\lsi_sas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS2i (LSI_SAS2i) -> C:\WINDOWS\system32\drivers\lsi_sas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS3i (LSI_SAS3i) -> C:\WINDOWS\system32\drivers\lsi_sas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SSS (LSI_SSS) -> C:\WINDOWS\system32\drivers\lsi_sss.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - MbamElam (MbamElam) -> C:\WINDOWS\system32\DRIVERS\MbamElam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas (megasas) -> C:\WINDOWS\system32\drivers\megasas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas2i (megasas2i) -> C:\WINDOWS\system32\drivers\MegaSas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas35i (megasas35i) -> C:\WINDOWS\system32\drivers\megasas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasr (megasr) -> C:\WINDOWS\system32\drivers\megasr.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - mountmgr (Gestionnaire des points de montage) -> C:\WINDOWS\system32\drivers\mountmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - msisadrv (msisadrv) -> C:\WINDOWS\system32\drivers\msisadrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Mup (Mup) -> C:\WINDOWS\system32\Drivers\mup.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - mvumis (mvumis) -> C:\WINDOWS\system32\drivers\mvumis.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - NDIS (Pilote système NDIS) -> C:\WINDOWS\system32\drivers\ndis.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - nvdimm (Pilote de périphérique NVDIMM Microsoft) -> C:\WINDOWS\system32\drivers\nvdimm.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvraid (nvraid) -> C:\WINDOWS\system32\drivers\nvraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvstor (nvstor) -> C:\WINDOWS\system32\drivers\nvstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - partmgr (Gestionnaire de partitions) -> C:\WINDOWS\system32\drivers\partmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> C:\WINDOWS\system32\drivers\pci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - pciide (pciide) -> C:\WINDOWS\system32\drivers\pciide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pcmcia (pcmcia) -> C:\WINDOWS\system32\drivers\pcmcia.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> C:\WINDOWS\system32\drivers\pcw.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pdc (CDP) -> C:\WINDOWS\system32\drivers\pdc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - percsas2i (percsas2i) -> C:\WINDOWS\system32\drivers\percsas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - percsas3i (percsas3i) -> C:\WINDOWS\system32\drivers\percsas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pmem (Pilote de disque de mémoire persistante Microsoft) -> C:\WINDOWS\system32\drivers\pmem.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> C:\WINDOWS\system32\DRIVERS\ramdisk.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> C:\WINDOWS\system32\drivers\rdyboost.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - sbp2port (Pilote de bus de transport/protocole SBP-2) -> C:\WINDOWS\system32\drivers\sbp2port.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - scmbus (Pilote de bus de mémoire de classe stockage Microsoft) -> C:\WINDOWS\system32\drivers\scmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - SgrmAgent (System Guard Runtime Monitor Agent) -> C:\WINDOWS\system32\drivers\SgrmAgent.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid2 (SiSRaid2) -> C:\WINDOWS\system32\drivers\SiSRaid2.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid4 (SiSRaid4) -> C:\WINDOWS\system32\drivers\sisraid4.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SmartSAMD (SmartSAMD) -> C:\WINDOWS\system32\drivers\SmartSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - spaceport (Pilote des espaces de stockage) -> C:\WINDOWS\system32\drivers\spaceport.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - stexstor (stexstor) -> C:\WINDOWS\system32\drivers\stexstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - storahci (Lecteur AHCI SATA Microsoft standard) -> C:\WINDOWS\system32\drivers\storahci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - storflt (Accélérateur de stockage Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vmstorfl.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - stornvme (Pilote NVM Express standard de Microsoft) -> C:\WINDOWS\system32\drivers\stornvme.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - storufs (Pilote Universal Flash Storage (UFS) Microsoft) -> C:\WINDOWS\system32\drivers\storufs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storvsc (storvsc) -> C:\WINDOWS\system32\drivers\storvsc.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Tcpip (Pilote pour protocole TCP/IP) -> C:\WINDOWS\system32\drivers\tcpip.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - Telemetry (Service de télémétrie Intel(R)) -> C:\WINDOWS\system32\drivers\IntelTA.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - vdrvroot (Énumérateur de lecteur virtuel Microsoft) -> C:\WINDOWS\system32\drivers\vdrvroot.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vmbus (Bus VMBus) -> C:\WINDOWS\system32\drivers\vmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - volmgr (Pilote du gestionnaire de volumes) -> C:\WINDOWS\system32\drivers\volmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volmgrx (Gestionnaire de volumes dynamiques) -> C:\WINDOWS\system32\drivers\volmgrx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volsnap (Pilote de cliché instantané du volume) -> C:\WINDOWS\system32\drivers\volsnap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volume (Pilote de volume) -> C:\WINDOWS\system32\drivers\volume.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vpci (Bus PCI virtuel Microsoft Hyper-V) -> C:\WINDOWS\system32\drivers\vpci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - vsmraid (vsmraid) -> C:\WINDOWS\system32\drivers\vsmraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - VSTXRAID (Pilote Windows du contrôleur RAID de stockage VIA StorX) -> C:\WINDOWS\system32\drivers\vstxraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - WdBoot (Pilote de démarrage de l’antivirus Microsoft Defender) -> C:\WINDOWS\system32\drivers\wd\WdBoot.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Wdf01000 (Service Infrastructure de pilote en mode noyau) -> C:\WINDOWS\system32\drivers\Wdf01000.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - WdFilter (Pilote du mini-filtre de l’antivirus Microsoft Defender) -> C:\WINDOWS\system32\drivers\wd\WdFilter.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WFPLWFS (Plateforme de filtrage Microsoft Windows) -> C:\WINDOWS\system32\drivers\wfplwfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRTProxy (Service sécurisé d'exécution approuvée Microsoft Windows) -> C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> C:\WINDOWS\system32\drivers\Wof.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - AFD (Pilote de fonction connexe pour Winsock) -> C:\WINDOWS\system32\drivers\afd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - afunix (afunix) -> C:\WINDOWS\system32\drivers\afunix.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ahcache (Application Compatibility Cache) -> C:\WINDOWS\system32\DRIVERS\ahcache.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> C:\WINDOWS\system32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusWmiAcpi.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - bam (Background Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\bam.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicDisplay (BasicDisplay) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicRender (BasicRender) -> C:\WINDOWS\system32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Beep (Beep) -> C:\WINDOWS\system32\drivers\Beep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> C:\WINDOWS\system32\drivers\cdrom.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - CimFS (CimFS) -> C:\WINDOWS\system32\drivers\CimFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S1 - [Kernel Driver] - dam (Desktop Activity Moderator Driver) -> C:\WINDOWS\system32\drivers\dam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R1 - [File System Driver] - Dfsc (Pilote du client de l’espace de noms DFS) -> C:\WINDOWS\system32\Drivers\dfsc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> C:\WINDOWS\system32\drivers\dxgkrnl.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - FileCrypt (FileCrypt) -> C:\WINDOWS\system32\drivers\filecrypt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - GpuEnergyDrv (GPU Energy Driver) -> C:\WINDOWS\system32\drivers\gpuenergydrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Msfs (Msfs) -> C:\WINDOWS\system32\drivers\Msfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> C:\WINDOWS\system32\drivers\mssmbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NdisCap (Capture NDIS Microsoft) -> C:\WINDOWS\system32\drivers\ndiscap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> C:\WINDOWS\system32\drivers\netbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NetBT (NetBT) -> C:\WINDOWS\system32\DRIVERS\netbt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Npfs (Npfs) -> C:\WINDOWS\system32\drivers\Npfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - npsvctrig (Named pipe service trigger provider) -> C:\WINDOWS\system32\drivers\npsvctrig.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - nsiproxy (NSI Proxy Service Driver) -> C:\WINDOWS\system32\drivers\nsiproxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Null (Null) -> C:\WINDOWS\system32\drivers\Null.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Psched (Planificateur de paquets QoS) -> C:\WINDOWS\system32\drivers\pacer.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - rdbss (Sous-système de mise en mémoire tampon redirigée) -> C:\WINDOWS\system32\DRIVERS\rdbss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - tdx (Pilote de prise en charge TDI héritée NetIO) -> C:\WINDOWS\system32\DRIVERS\tdx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Vid (Vid) -> C:\WINDOWS\system32\drivers\Vid.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> C:\WINDOWS\system32\drivers\vwififlt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AMD External Events Utility (AMD External Events Utility) -> C:\WINDOWS\System32\DriverStore\FileRepository\u0368645.inf_amd64_e3bcafce55b93e88\B368128\atiesrxx.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AsusAppService (ASUS App Service) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\AsusAppService\AsusAppService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSLinkNear (ASUS Link Near) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkNear\AsusLinkNear.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSLinkRemote (ASUS Link Remote) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSLinkRemote\AsusLinkRemote.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSOptimization (ASUS Optimization) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOptimization.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSSoftwareManager (ASUS Software Manager) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSoftwareManager\AsusSoftwareManager.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSSwitch (ASUS Switch) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSwitch\AsusSwitch.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSSystemAnalysis (ASUS System Analysis) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemAnalysis\AsusSystemAnalysis.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ASUSSystemDiagnosis (ASUS System Diagnosis) -> C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AtherosSvc (AtherosSvc) -> C:\WINDOWS\System32\drivers\AdminService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - AudioEndpointBuilder (Générateur de points de terminaison du service Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Audiosrv (Audio Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BFE (Moteur de filtrage de base) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BrokerInfrastructure (Service d’infrastructure des tâches en arrière-plan) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CDPSvc (Service de plateforme des appareils connectés) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - ClickToRunSvc (Service Microsoft Office « Démarrer en un clic ») -> "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CoreMessagingRegistrar (CoreMessaging) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CryptSvc (Services de chiffrement) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - CxAudioSvc (CxAudioSvc) -> "C:\WINDOWS\CxSvc\CxAudioSvc.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - CxAudMsg (CxAudMsg Service) -> "C:\WINDOWS\System32\CxAudMsg64.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - CxUIUSvc (CxUIUSvc Service) -> "C:\WINDOWS\System32\CxUIUSvc32.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - CxUtilSvc (CxUtilSvc) -> "C:\Windows\CxSvc\CxUtilSvc.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DcomLaunch (Lanceur de processus serveur DCOM) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DeviceAssociationService (Service d’association de périphérique) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dhcp (Client DHCP) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DiagTrack (Expériences des utilisateurs connectés et télémétrie) -> C:\WINDOWS\System32\svchost.exe -k utcsvc -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DispBrokerDesktopSvc (Service de stratégie d'affichage) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dnscache (Client DNS) -> C:\WINDOWS\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DoSvc (Optimisation de livraison) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DPS (Service de stratégie de diagnostic) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DusmSvc (Consommation des données) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - edgeupdate (Service Mise à jour de Microsoft Edge (edgeupdate)) -> "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - EventLog (Journal d’événements Windows) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - EventSystem (Système d’événement COM+) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - FontCache (Service de cache de police Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - gpsvc (Client de stratégie de groupe) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - gupdate (Service Google Update (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - ICEsoundService (ICEsoundService) -> C:\WINDOWS\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_a5d3270da26fb113\ICEsoundService64.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - iphlpsvc (Assistance IP) -> C:\WINDOWS\System32\svchost.exe -k NetSvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanServer (Serveur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanWorkstation (Station de travail) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - LogiSyncHandler (LogiSyncHandler Service) -> "C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncHandler.exe" - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - LogiSyncMiddleware (LogiSyncMiddleware Service) -> "C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - LogiSyncProxy (LogiSyncProxy Service) -> "C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncProxy.exe" - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - LogiSyncStub (LogiSyncStub Service) -> C:\Program Files (x86)\Logitech\LogiSyncStub\LogiSyncStub.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LSM (Gestionnaire de session locale) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Own Process] - MapsBroker (Gestionnaire des cartes téléchargées) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - MBAMService (Malwarebytes Service) -> "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - mpssvc (Pare-feu Windows Defender) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [File System Driver] - bindflt (Windows Bind Filter Driver) -> C:\WINDOWS\system32\drivers\bindflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> C:\WINDOWS\system32\drivers\cldflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - NlaSvc (Connaissance des emplacements réseau) -> C:\WINDOWS\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - nsi (Service Interface du magasin réseau) -> C:\WINDOWS\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Power (Alimentation) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ProfSvc (Service de profil utilisateur) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - QcomWlanSrv (Qualcomm Atheros WLAN Driver Service) -> C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RasMan (Gestionnaire des connexions d’accès à distance) -> C:\WINDOWS\System32\svchost.exe -k netsvcs - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RpcEptMapper (Mappeur de point de terminaison RPC) -> C:\WINDOWS\system32\svchost.exe -k RPCSS -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - RpcSs (Appel de procédure distante (RPC)) -> C:\WINDOWS\system32\svchost.exe -k rpcss -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - SamSs (Gestionnaire de comptes de sécurité) -> C:\WINDOWS\system32\lsass.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - Schedule (Planificateur de tâches) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - lltdio (Pilote E/S de mappage de découverte de topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\lltdio.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - luafv (Virtualisation de fichier UAC) -> C:\WINDOWS\system32\drivers\luafv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> C:\WINDOWS\system32\Drivers\MbamChameleon.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MMCSS (Multimedia Class Scheduler) -> C:\WINDOWS\system32\drivers\mmcss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MsLldp (Protocole LLDP (Link Layer Discovery Protocol) Microsoft) -> C:\WINDOWS\system32\drivers\mslldp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - Ndu (Windows Network Data Usage Monitoring Driver) -> C:\WINDOWS\system32\drivers\Ndu.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> C:\WINDOWS\system32\drivers\peauth.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - rspndr (Répondeur de découverte de la topologie de la couche de liaison) -> C:\WINDOWS\system32\drivers\rspndr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - storqosflt (Pilote de filtre de qualité de service de stockage) -> C:\WINDOWS\system32\drivers\storqosflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> C:\WINDOWS\system32\drivers\tcpipreg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SENS (Service de notification d’événements système) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SgrmBroker (Service Broker du moniteur d'exécution System Guard) -> C:\WINDOWS\system32\SgrmBroker.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ShellHWDetection (Détection matériel noyau) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Spooler (Spouleur d’impression) -> C:\WINDOWS\System32\spoolsv.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : True S2 - [Own Process] - sppsvc (Protection logicielle) -> C:\WINDOWS\system32\sppsvc.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - stisvc (Acquisition d’image Windows (WIA)) -> C:\WINDOWS\system32\svchost.exe -k imgsvc - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - StorSvc (Service de stockage) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SysMain (SysMain) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SystemEventsBroker (Service Broker des événements système) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Themes (Thèmes) -> C:\WINDOWS\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - TrkWks (Client de suivi de lien distribué) -> C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - wcifs (Windows Container Isolation) -> C:\WINDOWS\system32\drivers\wcifs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UserManager (Gestionnaire des utilisateurs) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UsoSvc (Mettre à jour le service Orchestrator) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Wcmsvc (Gestionnaire des connexions Windows) -> C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WinDefend (Service antivirus Microsoft Defender) -> "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Winmgmt (Infrastructure de gestion Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WlanSvc (Service de configuration automatique WLAN) -> C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - WpnService (Service du système de notifications Push Windows) -> C:\WINDOWS\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - wscsvc (Centre de sécurité) -> C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WSearch (Windows Search) -> C:\WINDOWS\system32\SearchIndexer.exe /Embedding - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - CDPUserSvc_53a878 (Service pour utilisateur de plateforme d’appareils connectés_53a878) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - OneSyncSvc_53a878 (Hôte de synchronisation_53a878) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - WpnUserService_53a878 (Service utilisateur de notifications Push Windows_53a878) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ActiveTouchMeetingClient] : (Cisco Webex Meetings.-.Cisco Webex LLC) -> "C:\Users\chlod\AppData\Local\WebEx\atcliun.exe" /x MEETINGS LANGUAGE=FR [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\b4b58389-01e4-5dfd-9842-aad36733657a] : (Mendeley Reference Manager 2.67.0.-.Mendeley) -> "C:\Users\chlod\AppData\Local\Programs\Mendeley Reference Manager\Uninstall Mendeley Reference Manager.exe" /currentuser [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\slack] : (Slack.-.Slack Technologies Inc.) -> "C:\Users\chlod\AppData\Local\slack\Update.exe" --uninstall [HKU\S-1-5-21-2842346516-3525720642-4283951694-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\ZoomUMX] : (Zoom.-.Zoom Video Communications, Inc.) -> "C:\Users\chlod\AppData\Roaming\Zoom\uninstall\Installer.exe" /uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe" ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 98.0.2 (x64 fr)] : (Mozilla Firefox (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{13E7AACC-0865-4F9B-8384-6B0424CBE06E}] : (Webex.-.Cisco Systems, Inc) -> MsiExec.exe /X{13E7AACC-0865-4F9B-8384-6B0424CBE06E} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 4.5.5.175.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe" /Uninstall ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google LLC) -> "C:\Program Files\Google\Chrome\Application\99.0.4844.82\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3} ---------- | Ports ---------- | Installer [HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\3BDB0510DFFA1A74DA8BED6056E83B2B] : Contrôle d’intégrité du PC Windows -> C:\WINDOWS\Installer\{0150BDB3-AFFD-47A1-ADB8-DE06658EB3B2}\ArpIcon.ico [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\AAB6F137689A4A549863C7A3AAAA67B0] : Teams Machine-Wide Installer ---------- | UserSettings [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Getstarted_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|22094SynapticsIncorporate.SmartAudio2_qt57b6kdvhcfw [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.BingWeather_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|AD2F1837.HPPrinterControl_v10z8vjag6ke6 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|45273LiamForsyth.PawsforTrello_7pb5ddty8z1pa [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.AccountsControl_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\WINWORD.EXE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.ZuneMusic_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\sihost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.People_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.XboxApp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\cleanmgr.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\Microsoft\Teams\current\Teams.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOSD.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\PickerHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Roaming\Zoom\bin\Zoom.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Roaming\Zoom\bin\CptHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\SnippingTool.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\updater.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\Downloads\Clean_Dns.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\Downloads\QuickDiag.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Getstarted_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|22094SynapticsIncorporate.SmartAudio2_qt57b6kdvhcfw [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\CCleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.BingWeather_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|AD2F1837.HPPrinterControl_v10z8vjag6ke6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|45273LiamForsyth.PawsforTrello_7pb5ddty8z1pa [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.AccountsControl_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\WINWORD.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.ZuneMusic_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\sihost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Microsoft Office\root\Office16\EXCEL.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.People_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.XboxApp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\cleanmgr.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\Microsoft\Teams\current\Teams.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\slack\app-4.24.0\slack.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_3f7f0a457ebc42ea\ASUSOptimization\AsusOSD.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\PickerHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Roaming\Zoom\bin\Zoom.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\AppData\Roaming\Zoom\bin\CptHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Windows\System32\SnippingTool.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\updater.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\Downloads\Clean_Dns.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-2842346516-3525720642-4283951694-1001]|\Device\HarddiskVolume3\Users\chlod\Downloads\QuickDiag.exe ---------- | ADS ---------- | 20 LastEventLog Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Mar 2022 20:04:19 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 3dc0af59-a470-4b14-aa26-9bf9276e6167 Méthode : GET(610ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Mar 2022 12:51:03 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 1663aaea-af81-4348-ac37-91dcd0666eab Méthode : GET(578ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ Nom de l’application défaillante LogiSyncMiddleware.exe, version : 2.4.406.0, horodatage : 0x620a926d Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.1586, horodatage : 0xe89e47cc Code d’exception : 0x40000015 Décalage d’erreur : 0x0012b922 ID du processus défaillant : 0xf10 Heure de début de l’application défaillante : 0x01d841101bc1ed97 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 2242e608-c745-4c5b-834d-455cf15fb0e1 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Sat, 26 Mar 2022 12:00:19 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 34591a0e-c756-46dd-806c-9a314de2421e Méthode : GET(797ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ Windows ne peut pas accéder au fichier pour une des raisons suivantes : un problème s’est produit avec la connexion réseau, le disque sur lequel le fichier est enregistré, ou les pilotes de stockage installés sur cet ordinateur, ou le disque est manquant. Windows a fermé le programme Webex en raison de cette erreur. Programme : Webex Fichier : La valeur de l’erreur est affichée dans la section Données supplémentaires. Action utilisateur 1. Ouvrez à nouveau le fichier. Cette situation peut résulter d’un problème temporaire qui se corrigera de lui-même à la prochaine exécution du programme. 2. Si le fichier est toujours inaccessible et - Il se trouve sur le réseau : votre administrateur réseau devrait vérifier qu’il n’y a aucun problème avec le réseau et que le serveur peut être contacté. - Il se trouve sur un disque amovible, par exemple une disquette ou un CD-ROM : vérifiez que le disque est inséré correctement dans l’ordinateur. 3. Vérifiez et réparez le système de fichiers en exécutant CHKDSK. Pour exécuter CHKDSK, cliquez sur Démarrer, Exécuter, entrez CMD puis cliquez sur OK. À l’invite de commandes, entrez CHKDSK /F et appuyez sur Entrée. 4. Si le problème persiste, restaurez le fichier à partir d’une copie de sauvegarde. 5. Déterminez si d’autres fichiers du même disque peuvent être ouverts. Si ce n’est pas le cas, le disque est peut-être endommagé. S’il s’agit d’un disque dur, contactez votre administrateur ou le distributeur de votre ordinateur pour obtenir une assistance supplémentaire. Données supplémentaires Valeur de l’erreur : 00000000 Type du disque : 0 ------------ Nom de l’application défaillante CiscoCollabHost.exe, version : 1.0.0.2, horodatage : 0x621e0411 Nom du module défaillant : Qt5Core.dll, version : 5.15.2.0, horodatage : 0x615b93e6 Code d’exception : 0xc000001d Décalage d’erreur : 0x00000000000a0058 ID du processus défaillant : 0x2840 Heure de début de l’application défaillante : 0x01d8407b238354cc Chemin d’accès de l’application défaillante : C:\Users\chlod\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe Chemin d’accès du module défaillant: C:\Users\chlod\AppData\Local\Programs\Cisco Spark\dependencies\Qt5Core.dll ID de rapport : 2d7cee2f-5862-49b7-92cc-86f5cd7361c0 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Nom de l’application défaillante LogiSyncMiddleware.exe, version : 2.4.406.0, horodatage : 0x620a926d Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.1586, horodatage : 0xe89e47cc Code d’exception : 0x40000015 Décalage d’erreur : 0x0012b922 ID du processus défaillant : 0xf3c Heure de début de l’application défaillante : 0x01d84078607bf648 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : 98fe616b-1d4f-4bc1-a043-d14545a1575e Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Fri, 25 Mar 2022 18:14:36 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: c333852e-b0dc-4c35-9031-1f703160b012 Méthode : GET(766ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ Nom de l’application défaillante LogiSyncMiddleware.exe, version : 2.4.406.0, horodatage : 0x620a926d Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.1586, horodatage : 0xe89e47cc Code d’exception : 0x40000015 Décalage d’erreur : 0x0012b922 ID du processus défaillant : 0x10d0 Heure de début de l’application défaillante : 0x01d8407406a03ae7 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : fde4be6b-11e2-419c-a56b-07b87c2d16d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ L’optimiseur de stockage n’a pas pu terminer réoptimisation sur DATA (D:) car : L’opération demandée n’est pas prise en charge par le matériel sous-jacent au volume. (0x8900002A) ------------ taskhostw (2688,U,98) WebCacheLocal: La récupération/restauration de la base de données a échoué en raison d’une erreur inattendue -1907. ------------ taskhostw (2688,U,98) WebCacheLocal: Échec de la récupération de base de données avec l’erreur -1216 en raison de références à la base de données « C:\Users\chlod\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat », qui n’existe plus. La base de données n’a pas été amenée dans un état d’arrêt correct avant d’être supprimée (ou déplacée ou renommée). Le moteur de base de données ne permettra pas à la récupération de se terminer pour cette instance tant que la base de données manquante n’aura pas été réintégrée. Si la base de données n’est vraiment plus disponible ni requise, des procédures pour la récupération de cette erreur sont disponibles dans la Base de connaissances Microsoft ou via le lien « plus d’informations » au bas de ce message. ------------ taskhostw (2688,R,98) WebCacheLocal: Une tentative d’ouverture du fichier « C:\Users\chlod\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat » pour accès en lecture/écriture a échoué en indiquant l’erreur système 32 (0x00000020) : « Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.  ». L’opération d’ouverture de fichier échouera en indiquant l’erreur -1032 (0xfffffbf8). ------------ Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 24 Mar 2022 13:12:27 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 06b857a5-a1c4-4ada-8d4c-e4b9c017aa1e Méthode : GET(453ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ Nom de l’application défaillante LogiSyncMiddleware.exe, version : 2.4.406.0, horodatage : 0x620a926d Nom du module défaillant : KERNELBASE.dll, version : 10.0.19041.1586, horodatage : 0xe89e47cc Code d’exception : 0x40000015 Décalage d’erreur : 0x0012b922 ID du processus défaillant : 0x118c Heure de début de l’application défaillante : 0x01d83f80ae44ce25 Chemin d’accès de l’application défaillante : C:\Program Files (x86)\Logitech\LogiSync\sync-agent\LogiSyncMiddleware.exe Chemin d’accès du module défaillant: C:\WINDOWS\System32\KERNELBASE.dll ID de rapport : f9b1f03b-bc6a-4f8f-8f3e-8ba7af0bf3a2 Nom complet du package défaillant : ID de l’application relative au package défaillant : ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Échec de l’initialisation de l’inscription du certificat SCEP pour WORKGROUP\LAPTOP-RTJTVGR9$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep : GetCACaps GetCACaps: Not Found {"Message":"The authority \"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\" does not exist."} HTTP/1.1 404 Not Found Date: Thu, 24 Mar 2022 12:30:40 GMT Content-Length: 121 Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000;includeSubDomains x-ms-request-id: 1e1cc0f5-00fe-40ff-aa83-10f5bf1799d3 Méthode : GET(421ms) Étape : GetCACaps Non trouvé (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND) ------------ ----------( EOF)---------- - 4958 | 13:56:48