--------------- QuickDiag | g3n-h@ckm@n | V8.028.22.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 05/04/2022 07:30:41 Updated 28/01/2022 | 10:00 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [Utilisateur (Administrator)] - [DESKTOP-ERNFAQ6] (S-1-5-21-689131383-3917851706-2055228383-1001) PC : Acer Aspire A315-56 x64-based PC System: Microsoft Windows 10 Famille - X64 - (10.0.19044) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (21H2) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Famille|C:\Windows|\Device\Harddisk0\Partition3 Boot : Normal boot PC: Aspire A315-56 - Acer - IdNumber: NXHT8EF003033139D93400 - UUID: B639D0B7-4BD1-EA11-80D7-089798B22E46 Processor : Intel(R) Core(TM) i3-1005G1 CPU @ 1.20GHz (GenuineIntel) - Clock Speed : 1190 - Socket : UC1 - Stauts : OK BIOS : Insyde Corp. V1.13 - SN : NXHT8EF003033139D93400 - Status : OK - Version : ACRSYS - 2 - PrimaryBios : True - CurrentLanguage : - OtherTargetOS : CoreTemp : 27.8 Celsius ----------| Quick ---------- | SoundDevice Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_8086&DEV_280F&SUBSYS_80860101&REV_1000\5&26FDE0A8&0&0201 Realtek Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: INTELAUDIO\FUNC_01&VEN_10EC&DEV_0255&SUBSYS_10251423&REV_1000\5&26FDE0A8&0&0001 ---------- | Video Intel(R) UHD Graphics - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igdumdim64.dll,C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igd10iumd64.dll,C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igd10iumd64.dll,C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_8A56&SUBSYS_14221025&REV_07\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 Inegrated Video Chipset DeviceName: Intel(R) UHD Graphics - DriverVersion: 27.20.100.8280 - SpecificationVersion: 1025 ---------- | Codecs C:\Windows\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39936 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37440 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42904 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34600 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25824 - Manufacturer: Microsoft Corporation - Status: OK C:\Windows\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 93184 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | Memory Pagefile = Total (MB) : 18 | Free (MB) : 6999 Virtual = Total (MB) : 4194 | Free (MB) : 3934 Physical Memory (MB) -------------------- Total: 7981 Available: 4981 Cached: 1646 Free: 306 System ------ Handles: 52469 Processes: 136 Threads: 1611 ---------- | Drives C:\ -> [Fixed] | [] | Total : 237.86 Go | Free : 202.89 Go -> NTFS (SSD) [RAID] Drive: 0 Cylinders: 31130 Tracks per Cylinder: 255 Sectors per Track: 63 Bytes per Sector: 512 Total Space: 256060514304 bytes ---------- | Windows updates - Activation - License W.A.T : :) Test 1 : Windows Is Activated Volume License ---------- | Browsers IE : 11.0.19041.1566 (© Microsoft Corporation. Tous droits réservés.) Default : "C:\Program Files\Internet Explorer\iexplore.exe" ---------- | FlashPlayer ---------- | Security AV : Windows Defender Enabled AS : FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 416 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.19041.964) = C:\Windows\System32\smss.exe [12/05/2021 08:54:41] 624 | [Owner : Système | Parent : 520() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [09/10/2020 22:47:43] 712 | [Owner : Système | Parent : 520() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.19041.1566) = C:\Windows\System32\wininit.exe [09/03/2022 18:34:03] 848 | [Owner : Système | Parent : 712(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.19041.928) = C:\Windows\System32\services.exe [20/04/2021 17:40:09] 872 | [Owner : Système | Parent : 712(wininit.exe) | 20.15 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.19041.1586) = C:\Windows\System32\lsass.exe [09/03/2022 18:34:04] 1000 | [Owner : Système | Parent : 848(services.exe) | 32.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 364 | [Owner : UMFD-0 | Parent : 712(wininit.exe) | 3.34 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1566) = C:\Windows\System32\fontdrvhost.exe [09/03/2022 18:34:05] 1020 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | 14.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1056 | [Owner : Système | Parent : 848(services.exe) | 8.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1280 | [Owner : Système | Parent : 848(services.exe) | 10.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1312 | [Owner : Système | Parent : 848(services.exe) | 15.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1360 | [Owner : Système | Parent : 848(services.exe) | 9.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1372 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 6.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1376 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 12.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1464 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 7.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1476 | [Owner : Système | Parent : 848(services.exe) | 13.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1612 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 20.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1660 | [Owner : Système | Parent : 848(services.exe) | 9.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1672 | [Owner : Système | Parent : 848(services.exe) | 20.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1780 | [Owner : Système | Parent : 848(services.exe) | 9.45 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.100.8280) = C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIServiceN.exe [28/10/2020 18:19:13] 1840 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 8.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1932 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1952 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1964 | [Owner : Système | Parent : 848(services.exe) | 14.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1984 | [Owner : Système | Parent : 848(services.exe) | 5.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1304 | [Owner : Système | Parent : 848(services.exe) | 18.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1808 | [Owner : Système | Parent : 848(services.exe) | 8.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2064 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2092 | [Owner : Système | Parent : 848(services.exe) | 17.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2184 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | 12.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2316 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 9.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2444 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 11.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2480 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 13.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2572 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | 8.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2580 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 6.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2588 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 10.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2744 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 7.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2856 | [Owner : Système | Parent : 848(services.exe) | 18.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2928 | [Owner : Système | Parent : 848(services.exe) | 13.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2984 | [Owner : Système | Parent : 848(services.exe) | 15.87 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.1566) = C:\Windows\System32\spoolsv.exe [09/03/2022 18:33:54] 3040 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 18.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3060 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | 8.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3176 | [Owner : Système | Parent : 848(services.exe) | 7.07 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe [28/12/2019 02:21:40] 3204 | [Owner : Système | Parent : 848(services.exe) | 5.48 Mo] - (.Intel Corporation - Intel HD Graphics Drivers for Windows(R).) - (25.20.100.8280) = C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHDCPSvc.exe [28/10/2020 18:19:13] 3216 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | 14.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3240 | [Owner : Système | Parent : 848(services.exe) | 32.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3260 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3392 | [Owner : Système | Parent : 848(services.exe) | 30.97 Mo] - (.Intel Corporation - Intel® Graphics Command Center Service.) - (1.0.0.0) = C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe [28/10/2020 18:19:13] 3436 | [Owner : Système | Parent : 848(services.exe) | 19.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3508 | [Owner : Système | Parent : 848(services.exe) | 5.58 Mo] - (.Qualcomm Technologies Inc. - Qualcomm Atheros Universal WLAN Driver Service.) - (1.0.0.1) = C:\Windows\System32\drivers\QcomWlanSrvx64.exe [30/08/2019 04:50:08] 3524 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 6.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3552 | [Owner : Système | Parent : 848(services.exe) | 11.81 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3560 | [Owner : Système | Parent : 848(services.exe) | 11.25 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.303.1) = C:\Windows\System32\RtkAudUService64.exe [28/10/2020 18:22:11] 3568 | [Owner : Système | Parent : 848(services.exe) | 5.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3588 | [Owner : Système | Parent : 848(services.exe) | 7.57 Mo] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [08/10/2014 19:18:56] 3596 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2202.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [15/03/2022 08:13:50] 3620 | [Owner : Système | Parent : 848(services.exe) | 22.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3704 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 5.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3920 | [Owner : Système | Parent : 848(services.exe) | 10.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 3976 | [Owner : Système | Parent : 848(services.exe) | 5.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4100 | [Owner : Système | Parent : 848(services.exe) | 12.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4116 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 8.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4408 | [Owner : Système | Parent : 848(services.exe) | 18.94 Mo] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [08/10/2014 19:18:50] 4956 | [Owner : Système | Parent : 848(services.exe) | 21.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4572 | [Owner : Système | Parent : 848(services.exe) | 8.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 5260 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 21.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 6084 | [Owner : Système | Parent : 848(services.exe) | 14.86 Mo] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.7147.5000) = C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [18/03/2015 20:51:28] 1444 | [Owner : Système | Parent : 848(services.exe) | 9.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 6320 | [Owner : Système | Parent : 848(services.exe) | 57.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 6448 | [Owner : Système | Parent : 848(services.exe) | 28.94 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.1566) = C:\Windows\System32\SearchIndexer.exe [09/03/2022 18:33:57] 7520 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.2202.4) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [15/03/2022 08:13:50] 8032 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe [09/03/2022 18:34:03] 1172 | [Owner : Système | Parent : 848(services.exe) | 11.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2016 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 10.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2248 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe [09/10/2020 22:48:13] 7056 | [Owner : Système | Parent : 848(services.exe) | 11.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 9204 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1980 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 8148 | [Owner : Système | Parent : 848(services.exe) | 6.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 2788 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 8648 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 8284 | [Owner : Système | Parent : 1312(svchost.exe) | 1.6 Mo] - (.Microsoft Corporation - Microsoft Edge Update.) - (1.3.133.5) = C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [27/09/2020 09:53:36] 7072 | [Owner : Système | Parent : 848(services.exe) | 23.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 7764 | [Owner : Système | Parent : 1240() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.19041.546) = C:\Windows\System32\csrss.exe [09/10/2020 22:47:43] 8376 | [Owner : Système | Parent : 1240() | 10.52 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.19041.1503) = C:\Windows\System32\winlogon.exe [08/02/2022 21:42:55] 7176 | [Owner : UMFD-6 | Parent : 8376(winlogon.exe) | 5.75 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.19041.1566) = C:\Windows\System32\fontdrvhost.exe [09/03/2022 18:34:05] 5236 | [Owner : DWM-6 | Parent : 8376(winlogon.exe) | 84.95 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.19041.746) = C:\Windows\System32\dwm.exe [13/01/2021 09:17:50] 7236 | [Owner : Utilisateur | Parent : 1672(svchost.exe) | 26.81 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe [13/01/2021 09:17:41] 6668 | [Owner : Utilisateur | Parent : 848(services.exe) | 25.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 8640 | [Owner : Utilisateur | Parent : 848(services.exe) | 31.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 636 | [Owner : Utilisateur | Parent : 1312(svchost.exe) | 14.44 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1503) = C:\Windows\System32\taskhostw.exe [08/02/2022 21:42:56] 3488 | [Owner : Utilisateur | Parent : 8984() | 124.9 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.1586) = C:\Windows\explorer.exe [09/03/2022 18:33:55] 3124 | [Owner : Utilisateur | Parent : 848(services.exe) | 17.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 1972 | [Owner : Utilisateur | Parent : 4572(svchost.exe) | 15.81 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe [07/12/2019 11:09:00] 3324 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 76.7 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [08/02/2022 21:42:50] 6648 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 23.42 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [13/01/2021 09:17:37] 2000 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 157.74 Mo] - (.Microsoft Corporation - Search application.) - (10.0.19041.1566) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe [09/03/2022 18:34:27] 5868 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 27.06 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [13/01/2021 09:17:37] 4916 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 37.37 Mo] - (.Microsoft Corporation -.) - (1.22022.180.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.180.0_x64__8wekyb3d8bbwe\YourPhone.exe [31/03/2022 19:16:02] 2136 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 54.11 Mo] - (.Microsoft Corporation -.) - (121.9202.4105.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe [08/02/2022 21:43:15] 1072 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 14.62 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [13/01/2021 09:17:37] 8388 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 20.46 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe [13/01/2021 09:17:37] 644 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 5.87 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 6256 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 10.78 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19041.1320) = C:\Windows\System32\SettingSyncHost.exe [10/11/2021 00:14:49] 1224 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 26.72 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.1566) = C:\Windows\System32\smartscreen.exe [09/03/2022 18:33:56] 8196 | [Owner : Utilisateur | Parent : 3488(explorer.exe) | 9.44 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe [07/12/2019 11:08:41] 5388 | [Owner : Utilisateur | Parent : 3488(explorer.exe) | 13.55 Mo] - (.Realtek Semiconductor - Realtek HD Audio Universal Service.) - (1.0.303.1) = C:\Windows\System32\RtkAudUService64.exe [28/10/2020 18:22:11] 6824 | [Owner : SERVICE RÉSEAU | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4764 | [Owner : Utilisateur | Parent : 3608() | 247.42 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 2872 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 261.99 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 2476 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 247.01 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 4128 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 165.59 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 3732 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 110.14 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 7636 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 72.84 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 1388 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 32.56 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 1508 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 42.75 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.19041.1566) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe [09/03/2022 18:34:27] 2436 | [Owner : Utilisateur | Parent : 1000(svchost.exe) | 28.57 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe [13/01/2021 09:17:47] 5416 | [Owner : Système | Parent : 848(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4624 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 32.72 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 6608 | [Owner : Utilisateur | Parent : 4764(firefox.exe) | 32.77 Mo] - (.Mozilla Corporation - Firefox.) - (98.0.2.8116) = C:\Program Files\Mozilla Firefox\firefox.exe [23/03/2022 17:32:33] 124 | [Owner : Utilisateur | Parent : 848(services.exe) | 21.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 4684 | [Owner : Système | Parent : 6448(SearchIndexer.exe) | 14.24 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.19041.1566) = C:\Windows\System32\SearchProtocolHost.exe [09/03/2022 18:33:57] 2412 | [Owner : Système | Parent : 6448(SearchIndexer.exe) | 7.45 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.19041.1566) = C:\Windows\System32\SearchFilterHost.exe [09/03/2022 18:33:57] 6028 | [Owner : Système | Parent : 1000(svchost.exe) | 9.62 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [09/10/2020 22:47:36] 3400 | [Owner : SERVICE RÉSEAU | Parent : 1000(svchost.exe) | 13.24 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\System32\wbem\WmiPrvSE.exe [09/10/2020 22:47:36] 8908 | [Owner : Utilisateur | Parent : 3488(explorer.exe) | 53.33 Mo] - (.SosVirus - QuickDiag.) - (8.28.22.1) = C:\Users\Utilisateur\Desktop\QuickDiag.exe [05/04/2022 07:30:02] 2716 | [Owner : Système | Parent : 848(services.exe) | 6.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1566) = C:\Windows\System32\svchost.exe [09/03/2022 18:34:03] 6076 | [Owner : SERVICE RÉSEAU | Parent : 1000(svchost.exe) | 10.86 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.19041.546) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [09/10/2020 22:47:58] ---------- | Locked Applications ---------- | Policy Restrictions ---------- | Explorer.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\SYSTEM32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\SYSTEM32\TextShaping.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (27.20.100.8280) -- C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igd10iumd64.dll (.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (27.20.100.8280) -- C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igdgmm64.dll (.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (27.20.100.8280) -- C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igc64.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll (..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll ---------- | Winlogon.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\Windows\System32\UMPDC.dll ---------- | svchost.exe Modules (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- c:\windows\system32\UMPDC.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\WindowManagementAPI.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.29.0.0) -- c:\windows\system32\winsqlite3.dll (..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll ---------- | Windows Installer Installations (Microsoft Corporation) Microsoft Office « Démarrer en un clic » 2010 - Install. : 28/10/2020 - Package : C:\Windows\Installer\37f92.msi (Microsoft Corporation) Contrôle d’intégrité du PC Windows - Install. : 22/10/2021 - Package : C:\Windows\Installer\276184d9.msi (Microsoft Corporation) Microsoft Update Health Tools - Install. : 09/03/2022 - Package : C:\Windows\Installer\488b68d.msi ---------- | Windows Updates KB5010472 - Installed On : 02/19/2022 - [Update] KB4562830 - Installed On : 12/09/2020 - [Update] KB4570334 - Installed On : 09/27/2020 - [Security Update] KB4577266 - Installed On : 10/09/2020 - [Security Update] KB4577586 - Installed On : 02/18/2021 - [Update] KB4580325 - Installed On : 10/09/2020 - [Security Update] KB4586864 - Installed On : 11/10/2020 - [Security Update] KB4589212 - Installed On : 03/11/2021 - [Update] KB4593175 - Installed On : 12/09/2020 - [Security Update] KB4598481 - Installed On : 01/13/2021 - [Security Update] KB5000736 - Installed On : 05/26/2021 - [Update] KB5003791 - Installed On : 11/19/2021 - [Update] KB5011487 - Installed On : 03/09/2022 - [Security Update] KB5006753 - Installed On : 11/09/2021 - [Update] KB5007273 - Installed On : 12/15/2021 - [Update] KB5011352 - Installed On : 02/08/2022 - [Security Update] KB5005699 - Installed On : 09/15/2021 - [Security Update] ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up [HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[OneDriveSetup] : C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[SecurityHealth] : %windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[RtkAudUService] : "C:\Windows\System32\RtkAudUService64.exe" -background [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=Microsoft Print to PDF,winspool,Ne01: "IsMRUEstablished"=0 "LegacyDefaultPrinterMode"=0 "MenuDropAlignment"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe "RtkAudUService"="C:\Windows\System32\RtkAudUService64.exe" -background [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "SecurityHealth"=0x060000000000000000000000 "RtkAudUService"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D833D37A9B0219 [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Tasks List CCleanerSkipUAC - Utilisateur MicrosoftEdgeUpdateTaskMachineCore MicrosoftEdgeUpdateTaskMachineUA OneDrive Standalone Update Task-S-1-5-21-689131383-3917851706-2055228383-500 ---------- | Startings up registry ¦ Folder ---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=DeviceInstall UsoSvc gpsvc trustedinstaller "SvcHostSplitThresholdInKB"=3670016 "WaitToKillServiceTimeout"=2000 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=9 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [29/10/2020 01:16:05] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "LsaPid"=872 "SecureBoot"=1 "ProductType"=3 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "GlobalFlag2"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=150 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "AutoChkSkipSystemPartition"=0 "SetupExecute"= [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=800e324d-9d9e-4152-80e3-081667c "GlassSessionId"=6 ---------- | .LNK with Arguments ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretTimeout"=5000 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "ScreenSaveActive"=1 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper [29/10/2020 01:16:36] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=0 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1920 "MaxMonitorDimension"=1920 "TranscodedImageCount"=1 "LastUpdated"=0 "TranscodedImageCache"=0x7AC3010055120C0058020000C201000017F7BE788FB2D60143003A005C00550073006500720073005C005500740069006C0069007300610074006500750072005C004D0075007300690063005C0073006300720061007400630068002E0070006E00670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "LockScreenAutoLockActive"=0 "TranscodedImageCache_000"=0x7AC3010055120C0058020000C201000017F7BE788FB2D60143003A005C00550073006500720073005C005500740069006C0069007300610074006500750072005C004D0075007300690063005C0073006300720061007400630068002E0070006E0067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005C005C003F005C0044004900530050004C0041005900230042004F004500300037004300420023003400260032006100390036003700360036003200260030002600550049004400380033003800380036003800380023007B00650036006600300037006200350066002D0065006500390037002D0034006100390030002D0062003000370036002D003300330066003500370062006600340065006100610037007D000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "WaitToKillAppTimeout"=2000 "HungAppTimeout"=2000 [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003F28000000000000000000000000000001000000130000000000000062000000 "UserSignedIn"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309DAC0D00000114020000000000C000000000000046130200005D54A9A2C2A0B4429708A0B2BADD77C8C5010000FB9A790967ADD111ABCD00C04FC3093696010000BD0E0C47735D584D9CEDE91E22E2328265040000 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=6 "GlobalAssocChangedCounter"=1985 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "PostAppInstallTasksCompleted"=1 "link"=0x1E000000 "ExcludedFromStableAnaheimDownloadPromotionSL"=1 [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "StoreAppsOnTaskbar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "ShowCortanaButton"=0 "StartMigratedBrowserPin"=1 "ReindexedProfile"=1 "StartMenuInit"=13 "TaskbarStateLastRun"=0xF3204B6200000000 "LaunchTo"=1 "TaskbarSizeMove"=1 "Start_TrackProgs"=0 "DontUsePowerShellOnWinX"=0 "TaskbarBadges"=1 "ShowTaskViewButton"=0 [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery] "MRUListEx"=0xFFFFFFFF [HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=15 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers] "authenticodeenabled"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableFullTrustStartupTasks"=2 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableUwpStartupTasks"=2 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "SupportFullTrustStartupTasks"=1 "SupportUwpStartupTasks"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "GlobalAssocChangedCounter"=23 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=19044 "FirstLogon"=0 "ParseAutoexec"=1 "PUUActive"=0x23E86B5701002C00C715961E582A71009490750094907500D20000000400B800C91041E73A31F901ED5BD500E09B4900723F36000D1908000000000000000000C15E4300C757C500E3B00300FA5C00009DD727725B48D801582A71000000000001000000582A7100624A0000050600009D426E0000000000 "DP"=0xD200E800A1042C00C215000023E86B570000000000000000813D13D8AD48D801813D13D8AD48D801000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F8051010081D60080C0275304C23F5304DC6D0000596000515D600255392E00C06E82B0406E86F060A40501400254805082558250081E0000240128042581283C493501003E8020013E8822011795008040200000406800104E0B00800000044D0002054DE74501C0E145021CE165021E09F400800A1002542A100254CE6C00805006944370C69443 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "scremoveoption"=0 "DisableCAD"=1 "LastLogOffEndTimePerfCounter"=71691393621 "ShutdownFlags"=2147483687 "AutoAdminLogon"=0 "DefaultUserName"=Utilisateur "DisableLockWorkstation"=0 "EnableFirstLogonAnimation"=1 "AutoLogonSID"=S-1-5-21-689131383-3917851706-2055228383-1001 "LastUsedUsername"=Utilisateur [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "AppUserModelID"=Microsoft.Windows.Explorer "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [09/03/2022 18:34:27] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command] ""="C:\Program Files\Mozilla Firefox\firefox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo] "ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [09/03/2022 18:34:27] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\Shell\open\Command] ""="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Microsoft Edge\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --make-default-browser ---------- | AppcompatFlags [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060AE040085EF040001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x534143500100000000000000070000002800000078E54202868A430201000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078970600F363070001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "SIGN.MEDIA=25EB1C5D _INSTALL\ChromeSetup.exe"=0x534143500100000000000000070000002800000030561100230B120001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\AppData\Local\Temp\GUM934D.tmp\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000030561100230B120001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000DD600000000000000100000001000000 "SIGN.MEDIA=25EB1C5D _INSTALL\Ninite Flash Flash IE NET Reader VLC Installer.exe"=0x5341435001000000000000000700000028000000C8E00300D23C04000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000006BA10100000000000200000002000000 "C:\Windows\SysWOW64\Macromed\Temp\{34C54141-72F0-4AD8-BB9B-BC4B88FFCE57}\InstallFlashPlayer.exe"=0x53414350010000000000000007000000280000003878A300F2BBA30001000000000000000000000A0021000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000080020000002800000000000000000000800000000000000000000000000000000040050000000000000100000001000000 "SIGN.MEDIA=6739C48 _INSTALL\Office starter WIN 8-1\microsoft-office-starter-2010_microsoft_office_starter_2010_francais_403434.exe"=0x5341435001000000000000000700000028000000B8E91800E0F318000100000000000000000001067102000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000007D630000000000000100000001000000 "SIGN.MEDIA=6739C48 _INSTALL\Office starter WIN 8-1\click2run2010-kb2598285-fullfile-x86-glb.exe"=0x534143500100000000000000070000002800000080829001BC6491010100000000000000000001067102000050BB64EDDDACD5010000000000000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000030BE2B0012B02C0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000001000000000000000000000000000000000C57E0000000000000100000001000000 "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE"=0x5341435001000000000000000700000028000000E0F2300097E931000100000000000000000001060001000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000200000002000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0811E00A03A1F0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000500000000000000000000040000000000000000000000000000000005E00000000000000040000000100000000000000000000000000000000000000000000000000000029010000000000000D00000000000000 "C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\setup.exe"=0x5341435001000000000000000700000028000000F07F240064DF240001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000DB0D0000000000000100000001000000 "C:\Users\Utilisateur\AppData\Local\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D07A08004E76090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe"=0x534143500100000000000000070000002800000038EC1600DBE6170001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000BA1D0000000000000100000001000000 "C:\Program Files\VideoLAN\VLC\uninstall.exe"=0x5341435001000000000000000700000028000000F6AB0300F3577E0201000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000039350000000000000100000001000000 "C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.51\Installer\setup.exe"=0x534143500100000000000000070000002800000090A936003B13370001000000000000000000000A0021000050BB64EDDDACD501000000C100000000 "C:\Users\Utilisateur\Desktop\Firefox Installer.exe"=0x5341435001000000000000000700000028000000681905006BA7050001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000074BD0000000000000100000001000000 "C:\Users\Utilisateur\AppData\Local\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000048D10E008A1D0F0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000058350000000000000100000001000000 "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D07A08004E76090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\Desktop\Thunderbird Setup 78.4.0.exe"=0x5341435001000000000000000700000028000000C874000321F2000301000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000B0650000000000000100000001000000 "C:\Users\Utilisateur\Documents\PhotoFiltre7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A6120000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000004DD40C00000000003D0100003D010000 "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=0x5341435001000000000000000700000028000000B0D30E003BF10E0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000EF2E0000000000000100000001000000 "C:\Users\Utilisateur\Desktop\Firefox Setup 82.0.2.exe"=0x5341435001000000000000000700000028000000B0A27503C0B6750301000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000E1890000000000000200000002000000 "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"=0x534143500100000000000000070000002800000048D10E008A1D0F0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000005D220000000000000300000003000000 "C:\Users\Utilisateur\Downloads\Firefox Installer.exe"=0x5341435001000000000000000700000028000000681905006BA7050001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000012870000000000000100000001000000 "C:\Users\Utilisateur\Downloads\Firefox Setup 82.0.2.exe"=0x5341435001000000000000000700000028000000B0A27503C0B6750301000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000005000000000000000000000400000000000000000000000000000000056520000000000000100000001000000000000000000000000000000000000000000000000000000F43D0000000000000100000000000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2010.7621.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x534143500100000000000000070000002800000000F405000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000F2040000000000002200000022000000 "C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\20.169.0823.0008\OneDriveSetup.exe"=0x534143500100000000000000070000002800000078E54202868A430201000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\Desktop\adwcleaner_8.0.8.exe"=0x5341435001000000000000000700000028000000B0E480009F05810001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000007DED0000000000000600000006000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2010.22653.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x534143500100000000000000070000002800000000F405000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000DC050000000000005F0100005F010000 "C:\Users\Utilisateur\Documents\SumatraPDF-3.2-64.exe"=0x5341435001000000000000000700000028000000A8A0EA00A92DEB0001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000007ABF0600000000003A0000003A000000 "C:\Program Files\Windows NT\Accessories\wordpad.exe"=0x534143500100000000000000070000002800000000B02E00D46C2F0001000000010000000000000A6322000050BB64EDDDACD5010000000000000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2011.11613.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x534143500100000000000000070000002800000000F405000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000073070000000000009D0200009D020000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2012.16655.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x5341435001000000000000000700000028000000000A06000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000047090000000000005200000052000000 "C:\Users\Utilisateur\Desktop\adwcleaner_8.0.9.exe"=0x5341435001000000000000000700000028000000700F81002D2A810001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5EE0000000000000200000002000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2101.15643.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x5341435001000000000000000700000028000000001406000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000016040000000000005100000051000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C07F0C005C480D0001000000010000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2102.8653.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x5341435001000000000000000700000028000000008006000000000001000000000000000000000A7322000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000C1070000000000001A0100001A010000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2103.17603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x5341435001000000000000000700000028000000008206000000000001000000000000000000000A7322000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000056090000000000007702000077020000 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C8730C00FB620D0001000000010000000000000A0021000050BB64EDDDACD5010000000000000000 "C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe"=0x5341435001000000000000000700000028000000008406000000000001000000000000000000000A7322000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000000070000000000000F1000000F1000000 "C:\Users\Utilisateur\Desktop\ZHPCleaner.exe"=0x534143500100000000000000070000002800000098B631008300320001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000066D10400000000000100000001000000 "C:\Users\Utilisateur\Documents\SumatraPDF-3.3.3-64.exe"=0x53414350010000000000000007000000280000001806CD000B86CD0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000AD5B0000000000000500000005000000 "C:\Users\Utilisateur\Documents\Sumatra\SumatraPDF-3.3.3-64.exe"=0x53414350010000000000000007000000280000001806CD000B86CD0001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000002E70400000000003200000032000000 "C:\Users\Utilisateur\Desktop\ZHPSuite.exe"=0x53414350010000000000000007000000280000009806350052E9350001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000A61B0000000000000100000001000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000B8830500DA5C060001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000005000000000000000000000000000000000000000000000000000000021A6BC00000000004E030000F50100000000000000000040000000000000000000000000000000008A590000000000000100000000000000 "C:\Users\Utilisateur\Documents\ccleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000809C2302EBF1230201000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000900000009000000 "C:\Program Files\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000B83D09005DF7090001000000000000000000000A0021000050BB64EDDDACD5010000000100000000 "C:\Users\Utilisateur\ZHPSuite.exe"=0x5341435001000000000000000700000028000000981C3500A97B350001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000047600200000000001100000011000000 "C:\Users\Utilisateur\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000098443200BC23330001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000A6DD0500000000000300000003000000 "C:\Users\Utilisateur\AppData\Roaming\ZHP\ZHPSuite.exe"=0x5341435001000000000000000700000028000000981E350045E4350001000000000000000000000A0021000050BB64EDDDACD50100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F5A00300000000000500000005000000 "C:\Users\Utilisateur\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000001624007BA6240001000000000000000000000A0021000050BB64EDDDACD501000000000000000002000000280000000000000000000040000000000000000000000000000000005A250000000000000100000001000000 "C:\Users\Utilisateur\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000C84A32006A2E330001000000000000000000000A0021000050BB64EDDDACD5010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000094630500000000000200000002000000 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"=0x5341435001000000000000000700000028000000A80536007966360001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000100000000000000000000000000000000003020000000000000500000005000000 "C:\Users\Utilisateur\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000F0444500FEBC450001000000000000000000000A0021000050BB64EDDDACD5010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=132456670264698910 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=windowsdefender:// "ProductType"=2 "InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\ "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0xDB4CEEEC7FADD601 "OOBEInstallTime"=0xA6B99C8A80ADD601 "DisableAntiSpyware"=0 "DisableAntiVirus"=0 "PUAProtection"=1 "BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0 "HybridModeEnabled"=0 "VerifiedAndReputableTrustModeEnabled"=0 "IsServiceRunning"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsQuic] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcCtnrSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NgcSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 localhost ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:805::200e] avec 32 octets de donn?es?: R?ponse de 2a00:1450:4007:805::200e?: temps=15 ms R?ponse de 2a00:1450:4007:805::200e?: temps=15 ms R?ponse de 2a00:1450:4007:805::200e?: temps=15 ms R?ponse de 2a00:1450:4007:805::200e?: temps=16 ms Statistiques Ping pour 2a00:1450:4007:805::200e: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 15ms, Maximum = 16ms, Moyenne = 15ms ---------- | @ [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "ImageStoreRandomFolder"=gxrx23w "OperationalData"=12 "CompatibilityFlags"=0 "SearchBandMigrationVersion"=1 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2A0000002A000000DA040000CD020000 "Start Page_TIMESTAMP"=0x803E1C9B9EFBD601 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0xDD196B9E9EFBD601 "IE10TourShown"=1 "IE10TourShownTime"=0xF7591A0B80ADD601 [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "CertificateRevocation"=1 "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x3A6E91EFD133D801 "EnableNegotiate"=1 "ProxyEnable"=0 "MigrateProxy"=1 "WarnonZoneCrossing"=0 "LockDatabase"=132792146874243946 [HKLM\Software\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] "CallLegacyWCMPolicies"=0 ---------- | Proxy ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [13/01/2021 09:17:53] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "KnownProvidersUpgradeTime"=0xF7591A0B80ADD601 "Version"=5 "UpgradeTime"=0xF7591A0B80ADD601 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\BHO\ie_to_edge_bho.dll [04/04/2022 18:49:28] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}] -> (IEToEdge BHO) : C:\Program Files (x86)\Microsoft\Edge\Application\100.0.1185.29\BHO\ie_to_edge_bho.dll [04/04/2022 18:49:28] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\p0rz4upp.willy\Prefs.js user_pref("app.normandy.startupRolloutPrefs.extensions.fxmonitor.enabled", true); user_pref("browser.startup.homepage", "https://www.google.fr/"); user_pref("browser.startup.homepage_override.buildID", "20220322144853"); user_pref("browser.startup.homepage_override.mstone", "98.0.2"); user_pref("browser.urlbar.resultBuckets", "{\"children\":[{\"maxResultCount\":1,\"children\":[{\"group\":\"heuristicTest\"},{\"group\":\"heuristicExtension\"},{\"group\":\"heuristicSearchTip\"},{\"group\":\"heuristicOmnibox\"},{\"group\":\"heuristicUnifiedComplete\"},{\"group\":\"heuristicAutofill\"},{\"group\":\"heuristicTokenAliasEngine\"},{\"group\":\"heuristicFallback\"}]},{\"group\":\"extension\",\"maxResultCount\":5},{\"flexChildren\":true,\"children\":[{\"group\":\"general\",\"flex\":2},{\"flexChildren\":true,\"children\":[{\"flex\":2,\"group\":\"formHistory\"},{\"flex\":4,\"group\":\"remoteSuggestion\"},{\"flex\":0,\"group\":\"tailSuggestion\"}],\"flex\":1}]}]}"); user_pref("browser.urlbar.resultGroups", "{\"children\":[{\"maxResultCount\":1,\"children\":[{\"group\":\"heuristicTest\"},{\"group\":\"heuristicExtension\"},{\"group\":\"heuristicSearchTip\"},{\"group\":\"heuristicOmnibox\"},{\"group\":\"heuristicEngineAlias\"},{\"group\":\"heuristicBookmarkKeyword\"},{\"group\":\"heuristicAutofill\"},{\"group\":\"heuristicPreloaded\"},{\"group\":\"heuristicTokenAliasEngine\"},{\"group\":\"heuristicFallback\"}]},{\"group\":\"extension\",\"availableSpan\":5},{\"flexChildren\":true,\"children\":[{\"group\":\"generalParent\",\"children\":[{\"availableSpan\":3,\"group\":\"inputHistory\"},{\"flexChildren\":true,\"children\":[{\"flex\":1,\"group\":\"remoteTab\"},{\"flex\":2,\"group\":\"general\"},{\"flex\":2,\"group\":\"aboutPages\"},{\"flex\":1,\"group\":\"preloaded\"}]},{\"group\":\"inputHistory\"}],\"flex\":2},{\"children\":[{\"flexChildren\":true,\"children\":[{\"flex\":2,\"group\":\"formHistory\"},{\"flex\":4,\"group\":\"remoteSuggestion\"}]},{\"group\":\"tailSuggestion\"}],\"flex\":1}]}]}"); user_pref("devtools.webextensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.enabled", true); user_pref("e10s.rollout.cohort", "webextensions-multiBucket4"); user_pref("extensions.activeThemeID", "firefox-compact-light@mozilla.org"); user_pref("extensions.adblockplus.currentVersion", "2.9.1"); user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1510046355072,\"softExpiration\":1510110400301,\"hardExpiration\":1510209834691,\"data\":{\"notifications\":[],\"version\":\"201711070642-3/0\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":143}"); user_pref("extensions.adblockplus.notifications_ignoredcategories", "[\"*\"]"); user_pref("extensions.adblockplus.notifications_showui", true); user_pref("extensions.blocklist.lastModified", "Sat, 25 Jan 2020 21:24:01 GMT"); user_pref("extensions.blocklist.pingCountTotal", 849); user_pref("extensions.blocklist.pingCountVersion", -1); user_pref("extensions.databaseSchema", 35); user_pref("extensions.e10s.rollout.blocklist", ""); user_pref("extensions.e10s.rollout.hasAddon", true); user_pref("extensions.e10s.rollout.policy", "50allmpc"); user_pref("extensions.e10sBlockedByAddons", false); user_pref("extensions.e10sMultiBlockedByAddons", false); user_pref("extensions.fxmonitor.firstAlertShown", true); user_pref("extensions.getAddons.cache.lastUpdate", 1649093521); user_pref("extensions.getAddons.databaseSchema", 6); user_pref("extensions.incognito.migrated", true); user_pref("extensions.lastAppBuildId", "20220322144853"); user_pref("extensions.lastAppVersion", "98.0.2"); user_pref("extensions.lastPlatformVersion", "98.0.2"); user_pref("extensions.pendingOperations", false); user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); user_pref("extensions.pocket.enabled", false); user_pref("extensions.pocket.settings.test.panelSignUp", "v1"); user_pref("extensions.reset_default_search.runonce.1", true); user_pref("extensions.reset_default_search.runonce.3", true); user_pref("extensions.reset_default_search.runonce.reason", "previousRun"); user_pref("extensions.signer.hotfixed", true); user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}"); user_pref("extensions.ui.dictionary.hidden", true); user_pref("extensions.ui.experiment.hidden", true); user_pref("extensions.ui.extension.hidden", false); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("extensions.ui.locale.hidden", true); user_pref("extensions.ui.sitepermission.hidden", true); user_pref("extensions.webcompat.enable_picture_in_picture_overrides", true); user_pref("extensions.webcompat.enable_shims", true); user_pref("extensions.webcompat.perform_injections", true); user_pref("extensions.webcompat.perform_ua_overrides", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-KKzOGWgsW3Ao4Q@jetpack", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true); user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}", true); user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"deb69ab9-e2de-44b7-9e77-172487735829\",\"webcompat@mozilla.org\":\"d5535876-a229-45b1-8a35-594d0790fc8d\",\"formautofill@mozilla.org\":\"af982000-b6cd-4891-9180-2affcb872dcc\",\"webcompat-reporter@mozilla.org\":\"4b22aa8f-4341-4911-b5a5-2697097dac68\",\"baidu-code-update@mozillaonline.com\":\"a55e89f1-3b58-41f6-b200-1f68e3ab6a76\",\"jid1-NIfFY2CA8fy1tg@jetpack\":\"3a975639-3f98-4acd-ac56-6d31fa5c0672\",\"fxmonitor@mozilla.org\":\"e04d9e9e-60eb-4314-911b-a2ff6caf0261\",\"default-theme@mozilla.org\":\"e2c9cc9a-103f-40fd-8077-3119f276b576\",\"google@search.mozilla.org\":\"f0913df8-216f-498d-8220-86d04f958b00\",\"bing@search.mozilla.org\":\"ddca024f-42ce-4124-a7d8-3e8d93214f43\",\"amazon@search.mozilla.org\":\"7ec38b59-3845-4a93-85b8-374d4c592c3b\",\"ddg@search.mozilla.org\":\"b1d12556-cd66-41e5-b6dd-d9702f244cfb\",\"ebay@search.mozilla.org\":\"285ee88f-dd23-4428-ac22-4a2b4d53b7f5\",\"qwant@search.mozilla.org\":\"90245b37-baba-4645-ba3e-b072724d6efb\",\"wikipedia@search.mozilla.org\":\"7c92d42e-f98a-4833-a11f-5b6502c409ac\",\"firefox-compact-dark@mozilla.org\":\"0b0d0fcd-f7ad-434e-b95c-7d799db25ec9\",\"doh-rollout@mozilla.org\":\"85cfe066-d714-43c1-989f-67b89ce0eb34\",\"jid1-KKzOGWgsW3Ao4Q@jetpack\":\"f0b847e1-6a60-4070-aa3f-e47bc9d81c62\",\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"a41fc09a-db3f-4e15-8da8-b0519cecb147\",\"pictureinpicture@mozilla.org\":\"af9295b3-8b18-4db9-a656-21fdf1ea11fc\",\"firefox-compact-light@mozilla.org\":\"9abf729d-183a-4a8e-867f-38087c6dfe71\",\"addons-search-detection@mozilla.com\":\"ac7e5730-62c5-4f40-ade5-9fe45eb81e48\",\"proxy-failover@mozilla.com\":\"5a577da5-bcb4-464e-9b4c-9c9a9d7a3797\"}"); C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\p0rz4upp.willy [Profile0] - Name=willy -> Profiles/p0rz4upp.willy ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{d84795e3-2c35-4292-ab48-b3d48a8d8b7c}] "DhcpNameServer"=192.168.1.254 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{d84795e3-2c35-4292-ab48-b3d48a8d8b7c}] "DhcpNameServer"=192.168.1.254 ---------- | Applications [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Classes\Applications\SumatraPDF-3.2-64.exe] : "C:\Users\Utilisateur\Documents\SumatraPDF-3.2-64.exe" "%1" [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Classes\Applications\SumatraPDF-3.3.3-64.exe] : "C:\Users\Utilisateur\Documents\Sumatra\SumatraPDF-3.3.3-64.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DcomLaunch SystemEventsBroker DeviceInstall "rdxgroup"=RetailDemo "Camera"=FrameS "LocalServiceNoNetworkFirewall"=BFE mpssvc "diagnostics"=DiagSvc "AarSvcGroup"=AarSvc "PrintWorkflow"=PrintWorkflowUserSvc "wusvcs"=WaaSMedicSvc "BcastDVRUserService"=BcastDVRUserService "GraphicsPerfSvcGroup"=GraphicsPerfSvc "autoTimeSvc"=autoTimeSvc "ClipboardSvcGroup"=cbdhsvc "BthAppGroup"=BluetoothUserService "smbsvcs"=lanmanserver "UdkSvcGroup"=UdkUserSvc "DevicesFlow"=DeviceAssociationBrokerSvc DevicesFlowUserSvc ConsentUxUserSvc DevicePickerUserSvc [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "DcomLaunch"=DcomLaunch DeviceInstall "PrintWorkflow"=PrintWorkflowUserSvc "AarSvcGroup"=AarSvc "DevicesFlow"=DeviceAssociationBrokerSvc "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelist) ---------- | Software [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Adobe] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\AppDataLow] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Clients] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Google] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Mozilla] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Netscape] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Piriform] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Policies] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Realtek] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\RegisteredApplications] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\SyncEngines] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Thunderbird] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Wow6432Node] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\ZHP] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Accessibility] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Active Setup] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\ActiveMovie] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\ActiveSync] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Assistance] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\AuthCookies] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Avalon.Graphics] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Clipboard] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\CommsAPHost] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\CTF] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Edge] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\EdgeUpdate] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\EventSystem] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\F12] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\FamilyStore] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Fax] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Feeds] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\FTP] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\GameBar] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\GameBarApi] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\IdentityCRL] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\IME] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Input] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\InputMethod] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\InputPersonalization] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Connection Wizard] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Internet Explorer] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Keyboard] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\LanguageOverlay] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\MediaPlayer] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Microsoft Management Console] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\MSF] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Multimedia] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\MVA] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Narrator] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\NGC] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Notepad] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Office] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\OneDrive] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Osk] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\PeerNet] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Personalization] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Phone] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Pim] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\PlayToReceiver] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Poom] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\RAS AutoDial] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Remote Assistance] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\ScreenMagnifier] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Sensors] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\SoftGrid] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Speech] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Speech Virtual] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Speech_OneCore] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Spelling] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\SQMClient] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\StorageLibrary] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\SystemCertificates] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\TabletTip] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\TPG] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Unified Store] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Unistore] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\UserData] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\WAB] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\WcmSvc] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\wfs] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows NT] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows Script] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows Script Host] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows Search] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Windows Security Health] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\Wisp] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\SOFTWARE\Microsoft\XboxLive] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\AssignedAccessConfiguration] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows\Winlogon] [HKU\S-1-5-21-689131383-3917851706-2055228383-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\Atheros] [HKLM\Software\Clients] [HKLM\Software\CVSM] [HKLM\Software\DefaultUserEnvironment] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\Malwarebytes] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\mozilla.org] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OpenSSH] [HKLM\Software\Partner] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\Realtek] [HKLM\Software\RegisteredApplications] [HKLM\Software\Windows] [HKLM\Software\WOW6432Node] [HKLM\SOFTWARE\Microsoft\.NETFramework] [HKLM\SOFTWARE\Microsoft\AccountsControl] [HKLM\SOFTWARE\Microsoft\Active Setup] [HKLM\SOFTWARE\Microsoft\ActiveSync] [HKLM\SOFTWARE\Microsoft\ADs] [HKLM\SOFTWARE\Microsoft\Advanced INF Setup] [HKLM\SOFTWARE\Microsoft\ALG] [HKLM\SOFTWARE\Microsoft\AllUserInstallAgent] [HKLM\SOFTWARE\Microsoft\AMSI] [HKLM\SOFTWARE\Microsoft\Analog] [HKLM\SOFTWARE\Microsoft\AppServiceProtocols] [HKLM\SOFTWARE\Microsoft\Assistance] [HKLM\SOFTWARE\Microsoft\AuthHost] [HKLM\SOFTWARE\Microsoft\BidInterface] [HKLM\SOFTWARE\Microsoft\BitLockerCsp] [HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement] [HKLM\SOFTWARE\Microsoft\Cellular] [HKLM\SOFTWARE\Microsoft\Chkdsk] [HKLM\SOFTWARE\Microsoft\Clipboard] [HKLM\SOFTWARE\Microsoft\ClipboardServer] [HKLM\SOFTWARE\Microsoft\CloudManagedUpdate] [HKLM\SOFTWARE\Microsoft\COM3] [HKLM\SOFTWARE\Microsoft\Command Processor] [HKLM\SOFTWARE\Microsoft\CommsAPHost] [HKLM\SOFTWARE\Microsoft\CoreShell] [HKLM\SOFTWARE\Microsoft\Cryptography] [HKLM\SOFTWARE\Microsoft\CTF] [HKLM\SOFTWARE\Microsoft\DataAccess] [HKLM\SOFTWARE\Microsoft\DataCollection] [HKLM\SOFTWARE\Microsoft\DataSharing] [HKLM\SOFTWARE\Microsoft\DDDS] [HKLM\SOFTWARE\Microsoft\Device Association Framework] [HKLM\SOFTWARE\Microsoft\DeviceReg] [HKLM\SOFTWARE\Microsoft\Dfrg] [HKLM\SOFTWARE\Microsoft\DFS] [HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP] [HKLM\SOFTWARE\Microsoft\DirectDraw] [HKLM\SOFTWARE\Microsoft\DirectInput] [HKLM\SOFTWARE\Microsoft\DirectMusic] [HKLM\SOFTWARE\Microsoft\DirectPlay8] [HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp] [HKLM\SOFTWARE\Microsoft\DirectShow] [HKLM\SOFTWARE\Microsoft\DirectX] [HKLM\SOFTWARE\Microsoft\Driver Signing] [HKLM\SOFTWARE\Microsoft\DRM] [HKLM\SOFTWARE\Microsoft\DusmSvc] [HKLM\SOFTWARE\Microsoft\DVDNavigator] [HKLM\SOFTWARE\Microsoft\DVR] [HKLM\SOFTWARE\Microsoft\DXP] [HKLM\SOFTWARE\Microsoft\EAPSIMMethods] [HKLM\SOFTWARE\Microsoft\Edge] [HKLM\SOFTWARE\Microsoft\Enrollment] [HKLM\SOFTWARE\Microsoft\Enrollments] [HKLM\SOFTWARE\Microsoft\EnterpriseCertificates] [HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection] [HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager] [HKLM\SOFTWARE\Microsoft\EventSounds] [HKLM\SOFTWARE\Microsoft\EventSystem] [HKLM\SOFTWARE\Microsoft\F12] [HKLM\SOFTWARE\Microsoft\FamilyStore] [HKLM\SOFTWARE\Microsoft\Fax] [HKLM\SOFTWARE\Microsoft\FaxServer] [HKLM\SOFTWARE\Microsoft\Feeds] [HKLM\SOFTWARE\Microsoft\FilePicker] [HKLM\SOFTWARE\Microsoft\FilterDS] [HKLM\SOFTWARE\Microsoft\FingerKB] [HKLM\SOFTWARE\Microsoft\FTH] [HKLM\SOFTWARE\Microsoft\Function Discovery] [HKLM\SOFTWARE\Microsoft\Fusion] [HKLM\SOFTWARE\Microsoft\FuzzyDS] [HKLM\SOFTWARE\Microsoft\GameOverlay] [HKLM\SOFTWARE\Microsoft\HTMLHelp] [HKLM\SOFTWARE\Microsoft\IdentityCRL] [HKLM\SOFTWARE\Microsoft\IdentityStore] [HKLM\SOFTWARE\Microsoft\IHDS] [HKLM\SOFTWARE\Microsoft\ImageTimeSettings] [HKLM\SOFTWARE\Microsoft\IMAPI] [HKLM\SOFTWARE\Microsoft\IME] [HKLM\SOFTWARE\Microsoft\IMEJP] [HKLM\SOFTWARE\Microsoft\IMEKR] [HKLM\SOFTWARE\Microsoft\IMETC] [HKLM\SOFTWARE\Microsoft\InProcLogger] [HKLM\SOFTWARE\Microsoft\Input] [HKLM\SOFTWARE\Microsoft\InputMethod] [HKLM\SOFTWARE\Microsoft\InputPersonalization] [HKLM\SOFTWARE\Microsoft\Internet Account Manager] [HKLM\SOFTWARE\Microsoft\Internet Domains] [HKLM\SOFTWARE\Microsoft\Internet Explorer] [HKLM\SOFTWARE\Microsoft\IsoBurn] [HKLM\SOFTWARE\Microsoft\KGL] [HKLM\SOFTWARE\Microsoft\LanguageOverlay] [HKLM\SOFTWARE\Microsoft\LexiconUpdate] [HKLM\SOFTWARE\Microsoft\Managed Desktop] [HKLM\SOFTWARE\Microsoft\MdmCommon] [HKLM\SOFTWARE\Microsoft\MdmDiagnostics] [HKLM\SOFTWARE\Microsoft\MediaEngine] [HKLM\SOFTWARE\Microsoft\MediaPlayer] [HKLM\SOFTWARE\Microsoft\MemoryDiagnostic] [HKLM\SOFTWARE\Microsoft\Messaging] [HKLM\SOFTWARE\Microsoft\MessengerService] [HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack] [HKLM\SOFTWARE\Microsoft\MiracastReceiver] [HKLM\SOFTWARE\Microsoft\MMC] [HKLM\SOFTWARE\Microsoft\Mobile] [HKLM\SOFTWARE\Microsoft\MpSigStub] [HKLM\SOFTWARE\Microsoft\MSBuild] [HKLM\SOFTWARE\Microsoft\MSDE] [HKLM\SOFTWARE\Microsoft\MSDRM] [HKLM\SOFTWARE\Microsoft\MSDTC] [HKLM\SOFTWARE\Microsoft\MSF] [HKLM\SOFTWARE\Microsoft\MSIME] [HKLM\SOFTWARE\Microsoft\MSLicensing] [HKLM\SOFTWARE\Microsoft\MSMQ] [HKLM\SOFTWARE\Microsoft\MSN Apps] [HKLM\SOFTWARE\Microsoft\MTF] [HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors] [HKLM\SOFTWARE\Microsoft\MTFInputType] [HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings] [HKLM\SOFTWARE\Microsoft\Multimedia] [HKLM\SOFTWARE\Microsoft\Multivariant] [HKLM\SOFTWARE\Microsoft\NET Framework Setup] [HKLM\SOFTWARE\Microsoft\NetSh] [HKLM\SOFTWARE\Microsoft\Network] [HKLM\SOFTWARE\Microsoft\Non-Driver Signing] [HKLM\SOFTWARE\Microsoft\Notepad] [HKLM\SOFTWARE\Microsoft\ODBC] [HKLM\SOFTWARE\Microsoft\OEM] [HKLM\SOFTWARE\Microsoft\OfficeCSP] [HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\SOFTWARE\Microsoft\Ole] [HKLM\SOFTWARE\Microsoft\OnlineProviders] [HKLM\SOFTWARE\Microsoft\Outlook Express] [HKLM\SOFTWARE\Microsoft\Palm] [HKLM\SOFTWARE\Microsoft\PCHC] [HKLM\SOFTWARE\Microsoft\PCHealthCheck] [HKLM\SOFTWARE\Microsoft\Personalization] [HKLM\SOFTWARE\Microsoft\Phone] [HKLM\SOFTWARE\Microsoft\Photos] [HKLM\SOFTWARE\Microsoft\Pim] [HKLM\SOFTWARE\Microsoft\PLA] [HKLM\SOFTWARE\Microsoft\PlayToReceiver] [HKLM\SOFTWARE\Microsoft\PointOfService] [HKLM\SOFTWARE\Microsoft\Policies] [HKLM\SOFTWARE\Microsoft\PolicyManager] [HKLM\SOFTWARE\Microsoft\Poom] [HKLM\SOFTWARE\Microsoft\PowerShell] [HKLM\SOFTWARE\Microsoft\Print] [HKLM\SOFTWARE\Microsoft\Provisioning] [HKLM\SOFTWARE\Microsoft\PushRouter] [HKLM\SOFTWARE\Microsoft\RADAR] [HKLM\SOFTWARE\Microsoft\Ras] [HKLM\SOFTWARE\Microsoft\RcsPresence] [HKLM\SOFTWARE\Microsoft\Reliability Analysis] [HKLM\SOFTWARE\Microsoft\Remediation] [HKLM\SOFTWARE\Microsoft\RemovalTools] [HKLM\SOFTWARE\Microsoft\RendezvousApps] [HKLM\SOFTWARE\Microsoft\Router] [HKLM\SOFTWARE\Microsoft\Rpc] [HKLM\SOFTWARE\Microsoft\SchedulingAgent] [HKLM\SOFTWARE\Microsoft\Security Center] [HKLM\SOFTWARE\Microsoft\SecurityManager] [HKLM\SOFTWARE\Microsoft\SEMgr] [HKLM\SOFTWARE\Microsoft\Sensors] [HKLM\SOFTWARE\Microsoft\Shared Tools] [HKLM\SOFTWARE\Microsoft\Shared Tools Location] [HKLM\SOFTWARE\Microsoft\Shell] [HKLM\SOFTWARE\Microsoft\SIH] [HKLM\SOFTWARE\Microsoft\Siuf] [HKLM\SOFTWARE\Microsoft\Software] [HKLM\SOFTWARE\Microsoft\Speech] [HKLM\SOFTWARE\Microsoft\Speech_OneCore] [HKLM\SOFTWARE\Microsoft\SQMClient] [HKLM\SOFTWARE\Microsoft\Sync Framework] [HKLM\SOFTWARE\Microsoft\Sysprep] [HKLM\SOFTWARE\Microsoft\SystemCertificates] [HKLM\SOFTWARE\Microsoft\SystemSettings] [HKLM\SOFTWARE\Microsoft\TableTextService] [HKLM\SOFTWARE\Microsoft\TabletTip] [HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine] [HKLM\SOFTWARE\Microsoft\Tcpip] [HKLM\SOFTWARE\Microsoft\TelemetryClient] [HKLM\SOFTWARE\Microsoft\Terminal Server Client] [HKLM\SOFTWARE\Microsoft\TermServLicensing] [HKLM\SOFTWARE\Microsoft\TouchPrediction] [HKLM\SOFTWARE\Microsoft\TPG] [HKLM\SOFTWARE\Microsoft\Tpm] [HKLM\SOFTWARE\Microsoft\Tracing] [HKLM\SOFTWARE\Microsoft\Transaction Server] [HKLM\SOFTWARE\Microsoft\TV System Services] [HKLM\SOFTWARE\Microsoft\uDRM] [HKLM\SOFTWARE\Microsoft\Unified Store] [HKLM\SOFTWARE\Microsoft\UNP] [HKLM\SOFTWARE\Microsoft\UPnP Control Point] [HKLM\SOFTWARE\Microsoft\UPnP Device Host] [HKLM\SOFTWARE\Microsoft\UserData] [HKLM\SOFTWARE\Microsoft\UserManager] [HKLM\SOFTWARE\Microsoft\Virtual Machine] [HKLM\SOFTWARE\Microsoft\WAB] [HKLM\SOFTWARE\Microsoft\Wallet] [HKLM\SOFTWARE\Microsoft\Wbem] [HKLM\SOFTWARE\Microsoft\WcmSvc] [HKLM\SOFTWARE\Microsoft\WIMMount] [HKLM\SOFTWARE\Microsoft\Windows] [HKLM\SOFTWARE\Microsoft\Windows Defender] [HKLM\SOFTWARE\Microsoft\Windows Defender Security Center] [HKLM\SOFTWARE\Microsoft\Windows Desktop Search] [HKLM\SOFTWARE\Microsoft\Windows Mail] [HKLM\SOFTWARE\Microsoft\Windows Media Device Manager] [HKLM\SOFTWARE\Microsoft\Windows Media Foundation] [HKLM\SOFTWARE\Microsoft\Windows Media Player NSS] [HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem] [HKLM\SOFTWARE\Microsoft\Windows NT] [HKLM\SOFTWARE\Microsoft\Windows Photo Viewer] [HKLM\SOFTWARE\Microsoft\Windows Portable Devices] [HKLM\SOFTWARE\Microsoft\Windows Script Host] [HKLM\SOFTWARE\Microsoft\Windows Search] [HKLM\SOFTWARE\Microsoft\Windows Security Health] [HKLM\SOFTWARE\Microsoft\WindowsRuntime] [HKLM\SOFTWARE\Microsoft\WindowsSelfHost] [HKLM\SOFTWARE\Microsoft\WindowsUpdate] [HKLM\SOFTWARE\Microsoft\Wisp] [HKLM\SOFTWARE\Microsoft\WlanSvc] [HKLM\SOFTWARE\Microsoft\Wlpasvc] [HKLM\SOFTWARE\Microsoft\Wow64] [HKLM\SOFTWARE\Microsoft\WSDAPI] [HKLM\SOFTWARE\Microsoft\WwanSvc] [HKLM\SOFTWARE\Microsoft\XAML] [HKLM\Software\Microsoft\Windows\Autopilot] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Dwm] [HKLM\Software\Microsoft\Windows\DynamicManagement] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Heat] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\NcsiUwpApp] [HKLM\Software\Microsoft\Windows\Notepad] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\UpdateApi] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UdkSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Malwarebytes] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\mozilla.org] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Thunderbird] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\.NETFramework] [HKLM\Software\WOW6432Node\Microsoft\Active Setup] [HKLM\Software\WOW6432Node\Microsoft\ADs] [HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup] [HKLM\Software\WOW6432Node\Microsoft\AMSI] [HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols] [HKLM\Software\WOW6432Node\Microsoft\Assistance] [HKLM\Software\WOW6432Node\Microsoft\AuthHost] [HKLM\Software\WOW6432Node\Microsoft\BidInterface] [HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp] [HKLM\Software\WOW6432Node\Microsoft\ClipboardServer] [HKLM\Software\WOW6432Node\Microsoft\Command Processor] [HKLM\Software\WOW6432Node\Microsoft\Cryptography] [HKLM\Software\WOW6432Node\Microsoft\CTF] [HKLM\Software\WOW6432Node\Microsoft\DataAccess] [HKLM\Software\WOW6432Node\Microsoft\DevDiv] [HKLM\Software\WOW6432Node\Microsoft\Device Association Framework] [HKLM\Software\WOW6432Node\Microsoft\Direct3D] [HKLM\Software\WOW6432Node\Microsoft\DirectDraw] [HKLM\Software\WOW6432Node\Microsoft\DirectInput] [HKLM\Software\WOW6432Node\Microsoft\DirectMusic] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay] [HKLM\Software\WOW6432Node\Microsoft\DirectPlay8] [HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp] [HKLM\Software\WOW6432Node\Microsoft\DirectShow] [HKLM\Software\WOW6432Node\Microsoft\DirectX] [HKLM\Software\WOW6432Node\Microsoft\DRM] [HKLM\Software\WOW6432Node\Microsoft\DVDNavigator] [HKLM\Software\WOW6432Node\Microsoft\DVR] [HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods] [HKLM\Software\WOW6432Node\Microsoft\Edge] [HKLM\Software\WOW6432Node\Microsoft\EdgeUpdate] [HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Exchange] [HKLM\Software\WOW6432Node\Microsoft\F12] [HKLM\Software\WOW6432Node\Microsoft\Fax] [HKLM\Software\WOW6432Node\Microsoft\Feeds] [HKLM\Software\WOW6432Node\Microsoft\FilePicker] [HKLM\Software\WOW6432Node\Microsoft\Function Discovery] [HKLM\Software\WOW6432Node\Microsoft\Fusion] [HKLM\Software\WOW6432Node\Microsoft\GameOverlay] [HKLM\Software\WOW6432Node\Microsoft\HTMLHelp] [HKLM\Software\WOW6432Node\Microsoft\IdentityCRL] [HKLM\Software\WOW6432Node\Microsoft\IdentityStore] [HKLM\Software\WOW6432Node\Microsoft\IMAPI] [HKLM\Software\WOW6432Node\Microsoft\IME] [HKLM\Software\WOW6432Node\Microsoft\IMEJP] [HKLM\Software\WOW6432Node\Microsoft\IMEKR] [HKLM\Software\WOW6432Node\Microsoft\IMETC] [HKLM\Software\WOW6432Node\Microsoft\InputMethod] [HKLM\Software\WOW6432Node\Microsoft\InputPersonalization] [HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager] [HKLM\Software\WOW6432Node\Microsoft\Internet Domains] [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer] [HKLM\Software\WOW6432Node\Microsoft\IsoBurn] [HKLM\Software\WOW6432Node\Microsoft\Jet] [HKLM\Software\WOW6432Node\Microsoft\MediaEngine] [HKLM\Software\WOW6432Node\Microsoft\MediaPlayer] [HKLM\Software\WOW6432Node\Microsoft\MessengerService] [HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack] [HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver] [HKLM\Software\WOW6432Node\Microsoft\MMC] [HKLM\Software\WOW6432Node\Microsoft\MSBuild] [HKLM\Software\WOW6432Node\Microsoft\MSDE] [HKLM\Software\WOW6432Node\Microsoft\MSDRM] [HKLM\Software\WOW6432Node\Microsoft\MSDTC] [HKLM\Software\WOW6432Node\Microsoft\MSF] [HKLM\Software\WOW6432Node\Microsoft\MSLicensing] [HKLM\Software\WOW6432Node\Microsoft\MSN Apps] [HKLM\Software\WOW6432Node\Microsoft\Multimedia] [HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup] [HKLM\Software\WOW6432Node\Microsoft\NetSh] [HKLM\Software\WOW6432Node\Microsoft\Network] [HKLM\Software\WOW6432Node\Microsoft\Notepad] [HKLM\Software\WOW6432Node\Microsoft\ODBC] [HKLM\Software\WOW6432Node\Microsoft\OEM] [HKLM\Software\WOW6432Node\Microsoft\Office] [HKLM\Software\WOW6432Node\Microsoft\Office Server] [HKLM\Software\WOW6432Node\Microsoft\OfficeSoftwareProtectionPlatform] [HKLM\Software\WOW6432Node\Microsoft\OnlineProviders] [HKLM\Software\WOW6432Node\Microsoft\Outlook Express] [HKLM\Software\WOW6432Node\Microsoft\Palm] [HKLM\Software\WOW6432Node\Microsoft\PCHealth] [HKLM\Software\WOW6432Node\Microsoft\Personalization] [HKLM\Software\WOW6432Node\Microsoft\Photos] [HKLM\Software\WOW6432Node\Microsoft\PLA] [HKLM\Software\WOW6432Node\Microsoft\Policies] [HKLM\Software\WOW6432Node\Microsoft\PowerShell] [HKLM\Software\WOW6432Node\Microsoft\Print] [HKLM\Software\WOW6432Node\Microsoft\Provisioning] [HKLM\Software\WOW6432Node\Microsoft\RADAR] [HKLM\Software\WOW6432Node\Microsoft\RendezvousApps] [HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent] [HKLM\Software\WOW6432Node\Microsoft\Security Center] [HKLM\Software\WOW6432Node\Microsoft\Sensors] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools] [HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location] [HKLM\Software\WOW6432Node\Microsoft\SoftGrid] [HKLM\Software\WOW6432Node\Microsoft\Software] [HKLM\Software\WOW6432Node\Microsoft\SPEECH] [HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore] [HKLM\Software\WOW6432Node\Microsoft\SQMClient] [HKLM\Software\WOW6432Node\Microsoft\Sync Framework] [HKLM\Software\WOW6432Node\Microsoft\SystemSettings] [HKLM\Software\WOW6432Node\Microsoft\TableTextService] [HKLM\Software\WOW6432Node\Microsoft\TabletTip] [HKLM\Software\WOW6432Node\Microsoft\Tcpip] [HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client] [HKLM\Software\WOW6432Node\Microsoft\TouchPrediction] [HKLM\Software\WOW6432Node\Microsoft\TPG] [HKLM\Software\WOW6432Node\Microsoft\Tpm] [HKLM\Software\WOW6432Node\Microsoft\Tracing] [HKLM\Software\WOW6432Node\Microsoft\TV System Services] [HKLM\Software\WOW6432Node\Microsoft\uDRM] [HKLM\Software\WOW6432Node\Microsoft\Updates] [HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point] [HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host] [HKLM\Software\WOW6432Node\Microsoft\WAB] [HKLM\Software\WOW6432Node\Microsoft\WBEM] [HKLM\Software\WOW6432Node\Microsoft\WIMMount] [HKLM\Software\WOW6432Node\Microsoft\Windows] [HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search] [HKLM\Software\WOW6432Node\Microsoft\Windows Mail] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation] [HKLM\Software\WOW6432Node\Microsoft\Windows Media Player NSS] [HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem] [HKLM\Software\WOW6432Node\Microsoft\Windows NT] [HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer] [HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices] [HKLM\Software\WOW6432Node\Microsoft\Windows Script Host] [HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime] [HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate] [HKLM\Software\WOW6432Node\Microsoft\Wisp] [HKLM\Software\WOW6432Node\Microsoft\WlanSvc] [HKLM\Software\WOW6432Node\Microsoft\WSDAPI] [HKLM\Software\WOW6432Node\Microsoft\Cellular] [HKLM\Software\WOW6432Node\Microsoft\COM3] [HKLM\Software\WOW6432Node\Microsoft\DeviceReg] [HKLM\Software\WOW6432Node\Microsoft\DFS] [HKLM\Software\WOW6432Node\Microsoft\Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates] [HKLM\Software\WOW6432Node\Microsoft\EventSystem] [HKLM\Software\WOW6432Node\Microsoft\FingerKB] [HKLM\Software\WOW6432Node\Microsoft\FuzzyDS] [HKLM\Software\WOW6432Node\Microsoft\Input] [HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay] [HKLM\Software\WOW6432Node\Microsoft\Messaging] [HKLM\Software\WOW6432Node\Microsoft\MSMQ] [HKLM\Software\WOW6432Node\Microsoft\MTF] [HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors] [HKLM\Software\WOW6432Node\Microsoft\MTFInputType] [HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings] [HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing] [HKLM\Software\WOW6432Node\Microsoft\Ole] [HKLM\Software\WOW6432Node\Microsoft\Phone] [HKLM\Software\WOW6432Node\Microsoft\Pim] [HKLM\Software\WOW6432Node\Microsoft\Poom] [HKLM\Software\WOW6432Node\Microsoft\Ras] [HKLM\Software\WOW6432Node\Microsoft\Rpc] [HKLM\Software\WOW6432Node\Microsoft\SecurityManager] [HKLM\Software\WOW6432Node\Microsoft\Semgr] [HKLM\Software\WOW6432Node\Microsoft\Shell] [HKLM\Software\WOW6432Node\Microsoft\SystemCertificates] [HKLM\Software\WOW6432Node\Microsoft\TermServLicensing] [HKLM\Software\WOW6432Node\Microsoft\Transaction Server] [HKLM\Software\WOW6432Node\Microsoft\Unified Store] [HKLM\Software\WOW6432Node\Microsoft\UserData] [HKLM\Software\WOW6432Node\Microsoft\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\XAML] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\Heat] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs] ---------- | Drives ---------- | C: [07/12/2019 11:14:52] - |SHD| - [2244] - C:\$Recycle.Bin [09/03/2022 18:29:36] - |HD| - [0] - C:\$WinREAgent [MD5.25C4C0632E904DD7C943BC3554E8E449] - [27/09/2020 08:19:14] - |RASH| - (.-.) - [413738] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [27/09/2020 08:19:14] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.18CF2D82A41D226D2A69D8A2CBE60E85] - [26/11/2021 08:18:13] - |SH| - (.-.) - [112] - (0.0.0.0) - C:\bootTel.dat [29/10/2020 01:14:54] - |SHD| - [0] - C:\Documents and Settings [MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/09/2020 07:51:23] - |ASH| - (.-.) - [8192] - (0.0.0.0) - C:\DumpStack.log.tmp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/04/2022 18:45:31] - |ASH| - (.-.) - [3347521536] - (0.0.0.0) - C:\hiberfil.sys [28/10/2020 18:20:18] - |D| - [0] - C:\Intel [28/10/2020 18:40:42] - |HD| - [0] - C:\OneDriveTemp [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/04/2022 18:45:33] - |ASH| - (.-.) - [1879048192] - (0.0.0.0) - C:\pagefile.sys [07/12/2019 11:14:52] - |D| - [0] - C:\PerfLogs [07/12/2019 11:14:52] - |RD| - [3132468098] - C:\Program Files [07/12/2019 11:14:52] - |RD| - [1272499365] - C:\Program Files (x86) [07/12/2019 11:14:52] - |HD| - [1694942608] - C:\ProgramData [05/04/2022 07:30:35] - |D| - [33] - C:\QuickDiag [MD5.7964D8EAC3EFFAC8F0A8D4F0C3941243] - [05/04/2022 07:30:41] - |A| - (.-.) - [160292] - (0.0.0.0) - C:\QuickDiag.txt [29/10/2020 01:14:55] - |SHD| - [2567] - C:\Recovery [MD5.D41D8CD98F00B204E9800998ECF8427E] - [29/10/2020 01:13:10] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [29/10/2020 01:13:10] - |SHD| - [0] - C:\System Volume Information [07/12/2019 11:03:44] - |RD| - [3043324180] - C:\Users [07/12/2019 11:03:44] - |D| - [22967870884] - C:\Windows ---------- | C:\Windows [07/12/2019 16:51:10] - |D| - [802] - C:\Windows\addins [07/12/2019 11:14:52] - |D| - [11946784] - C:\Windows\appcompat [07/12/2019 11:14:52] - |D| - [9914974] - C:\Windows\apppatch [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\AppReadiness [07/12/2019 11:14:52] - |RD| - [750412872] - C:\Windows\assembly [07/12/2019 11:14:52] - |D| - [785153] - C:\Windows\bcastdvr [MD5.820B97429E4153A743708B376807EE69] - [15/09/2021 09:18:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [81408] - (10.0.19041.1237) - C:\Windows\bfsvc.exe [07/12/2019 11:14:52] - |D| - [40891632] - C:\Windows\Boot [MD5.049E2249A786EB9AC44A34379458EAFD] - [27/09/2020 09:52:15] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [07/12/2019 11:14:52] - |D| - [2450432] - C:\Windows\Branding [07/12/2019 11:03:44] - |D| - [0] - C:\Windows\CbsTemp [07/12/2019 11:14:52] - |D| - [36685122] - C:\Windows\Containers [MD5.C6C52AF48A75DCC59644DC894D2F524E] - [07/12/2019 16:53:23] - |A| - (.-.) - [29857] - (0.0.0.0) - C:\Windows\Core.xml [07/12/2019 11:14:52] - |D| - [11501377] - C:\Windows\Cursors [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\debug [07/12/2019 11:14:52] - |D| - [4307035] - C:\Windows\diagnostics [07/12/2019 11:14:52] - |D| - [1702804] - C:\Windows\DiagTrack [07/12/2019 16:49:55] - |D| - [0] - C:\Windows\DigitalLocker [07/12/2019 11:14:52] - |SD| - [65] - C:\Windows\Downloaded Program Files [07/12/2019 11:14:52] - |HD| - [46688] - C:\Windows\ELAMBKUP [07/12/2019 16:49:55] - |D| - [0] - C:\Windows\en-US [MD5.25C8B9AE873248CD98AB17539F5B1F15] - [09/03/2022 18:33:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4967688] - (10.0.19041.1586) - C:\Windows\explorer.exe [07/12/2019 11:14:52] - |RSD| - [360819560] - C:\Windows\Fonts [07/12/2019 16:49:55] - |D| - [111616] - C:\Windows\fr-FR [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\GameBarPresenceWriter [07/12/2019 11:14:52] - |D| - [57013276] - C:\Windows\Globalization [07/12/2019 11:14:52] - |D| - [1315831] - C:\Windows\Help [MD5.7E8FAEC2E175C8B45B6D380A6A4C9503] - [11/08/2021 10:13:05] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1075712] - (10.0.19041.1151) - C:\Windows\HelpPane.exe [MD5.2C8FE78D53C8CA27523A71DFD2938241] - [07/12/2019 11:09:39] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.19041.1) - C:\Windows\hh.exe [07/12/2019 11:14:52] - |D| - [30327] - C:\Windows\IdentityCRL [07/12/2019 11:14:52] - |D| - [28822470] - C:\Windows\IME [07/12/2019 11:14:52] - |RD| - [8206917] - C:\Windows\ImmersiveControlPanel [07/12/2019 11:13:02] - |D| - [92267174] - C:\Windows\INF [07/12/2019 11:14:52] - |D| - [38193580] - C:\Windows\InputMethod [07/12/2019 11:14:52] - |SHD| - [150490273] - C:\Windows\Installer [07/12/2019 11:14:52] - |D| - [109650] - C:\Windows\L2Schemas [07/12/2019 11:14:52] - |HD| - [0] - C:\Windows\LanguageOverlayCache [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\LiveKernelReports [07/12/2019 11:14:52] - |D| - [20424239] - C:\Windows\Logs [07/12/2019 11:14:52] - |RSD| - [20063519] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [07/12/2019 11:08:58] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [09/11/2020 11:12:42] - |D| - [259602756] - C:\Windows\Microsoft Antimalware [07/12/2019 11:14:52] - |RD| - [624337374] - C:\Windows\Microsoft.NET [07/12/2019 11:14:52] - |D| - [3323] - C:\Windows\Migration [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\ModemLogs [MD5.BBE80313CF12098D3FC4D8A42E9DBB33] - [09/03/2022 18:34:27] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [201728] - (10.0.19041.1566) - C:\Windows\notepad.exe [07/12/2019 16:51:57] - |D| - [199472] - C:\Windows\OCR [07/12/2019 11:14:52] - |RD| - [65] - C:\Windows\Offline Web Pages [29/10/2020 01:13:00] - |D| - [4735744] - C:\Windows\Panther [28/10/2020 18:30:11] - |D| - [0] - C:\Windows\PCHEALTH [07/12/2019 11:14:52] - |D| - [371502] - C:\Windows\Performance [MD5.11F7F9967BC2395665A4F959BC28A1BA] - [27/09/2020 09:54:51] - |A| - (.-.) - [98140] - (0.0.0.0) - C:\Windows\PFRO.log [07/12/2019 11:14:52] - |D| - [1136442] - C:\Windows\PLA [07/12/2019 11:14:52] - |D| - [2936959] - C:\Windows\PolicyDefinitions [29/10/2020 01:13:10] - |D| - [5935129] - C:\Windows\Prefetch [07/12/2019 11:14:52] - |RD| - [2234380] - C:\Windows\PrintDialog [07/12/2019 11:14:52] - |D| - [6083225] - C:\Windows\Provisioning [MD5.999A30979F6195BF562068639FFC4426] - [13/01/2021 09:18:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [370176] - (10.0.19041.746) - C:\Windows\regedit.exe [07/12/2019 11:14:52] - |D| - [22588] - C:\Windows\registration [07/12/2019 11:14:52] - |D| - [27813664] - C:\Windows\rescache [07/12/2019 11:14:52] - |D| - [3784215] - C:\Windows\Resources [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\SchCache [07/12/2019 11:14:52] - |D| - [126782] - C:\Windows\schemas [07/12/2019 11:14:52] - |D| - [6365184] - C:\Windows\security [27/09/2020 07:51:31] - |D| - [302562879] - C:\Windows\ServiceProfiles [07/12/2019 11:14:52] - |D| - [4096] - C:\Windows\ServiceState [07/12/2019 11:03:44] - |D| - [2471454525] - C:\Windows\servicing [07/12/2019 11:18:25] - |D| - [42] - C:\Windows\Setup [07/12/2019 11:14:52] - |D| - [5526016] - C:\Windows\ShellComponents [07/12/2019 11:14:52] - |D| - [19040768] - C:\Windows\ShellExperiences [07/12/2019 11:14:52] - |D| - [3070736] - C:\Windows\SKB [29/10/2020 01:14:58] - |D| - [67016397] - C:\Windows\SoftwareDistribution [07/12/2019 11:14:52] - |D| - [86037697] - C:\Windows\Speech [07/12/2019 11:14:52] - |D| - [64508236] - C:\Windows\Speech_OneCore [MD5.74EEC977273BEB6F80B3BB3887B78A33] - [15/12/2021 09:02:06] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [136192] - (10.0.19041.1415) - C:\Windows\splwow64.exe [07/12/2019 11:14:52] - |D| - [31039] - C:\Windows\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [07/12/2019 11:14:54] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini [07/12/2019 11:03:44] - |D| - [6672202616] - C:\Windows\System32 [07/12/2019 11:14:52] - |D| - [146936820] - C:\Windows\SystemApps [07/12/2019 11:14:52] - |D| - [167693465] - C:\Windows\SystemResources [15/12/2021 09:04:39] - |D| - [0] - C:\Windows\SystemTemp [07/12/2019 11:14:52] - |D| - [1067272102] - C:\Windows\SysWOW64 [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\TAPI [07/12/2019 11:14:52] - |D| - [6] - C:\Windows\Tasks [07/12/2019 11:14:52] - |D| - [82587] - C:\Windows\Temp [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\tracing [07/12/2019 11:14:52] - |D| - [7680] - C:\Windows\twain_32 [MD5.AFE119DD4E17891B227684F38AA25D4D] - [07/12/2019 11:10:00] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65024] - (1.7.1.3) - C:\Windows\twain_32.dll [07/12/2019 11:14:52] - |D| - [12420] - C:\Windows\Vss [07/12/2019 11:14:52] - |D| - [33198] - C:\Windows\WaaS [07/12/2019 11:14:52] - |D| - [16568315] - C:\Windows\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [07/12/2019 11:14:54] - |A| - (.-.) - [92] - (0.0.0.0) - C:\Windows\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [07/12/2019 11:09:09] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.2CC83D93DD1DDE691158CF5E9882420B] - [04/04/2022 19:37:15] - |A| - (.-.) - [276] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.0629E6D130F226C009EA9AB329F37ACC] - [07/12/2019 11:10:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.19041.1) - C:\Windows\winhlp32.exe [07/12/2019 11:03:44] - |D| - [9276110259] - C:\Windows\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [07/12/2019 11:10:11] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.B947CCA7F485F6C1156F4D02E8C9874F] - [07/12/2019 16:52:21] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.19041.1) - C:\Windows\write.exe ---------- | C:\Windows\System32\GroupPolicy ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [14/02/2013 10:58:46] - [5850624] - (.().-. - ()) - C:\Windows\Installer\38d14.msp [17/04/2014 17:09:20] - [1133568] - (.().-. - ()) - C:\Windows\Installer\38d1b.msp [12/11/2014 01:00:14] - [1543168] - (.().-. - ()) - C:\Windows\Installer\38d22.msp [17/06/2015 16:23:30] - [432128] - (.().-. - ()) - C:\Windows\Installer\38d49.msp [27/06/2018 09:11:14] - [1417216] - (.().-. - ()) - C:\Windows\Installer\38d50.msp [18/06/2019 15:52:28] - [5652480] - (.().-. - ()) - C:\Windows\Installer\38d57.msp ---------- | %System%\*.in* [07/12/2019 11:09:39] - [3329] - C:\Windows\System32\ieuinit.inf [28/10/2020 18:19:32] - [1682950] - C:\Windows\System32\PerfStringBackup.INI [07/12/2019 11:09:05] - [60124] - C:\Windows\System32\tcpmon.ini [07/12/2019 11:08:46] - [2404] - C:\Windows\System32\WimBootCompress.ini [07/12/2019 11:10:00] - [3329] - C:\Windows\Syswow64\ieuinit.inf [28/10/2020 18:30:13] - [1711684] - C:\Windows\Syswow64\PerfStringBackup.INI [07/12/2019 11:09:22] - [2404] - C:\Windows\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.1EDD3B0EB1F6CC875012C163B3B504A9] - |A| - [04/04/2022 18:46:42] - (.-.) - [11.08 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log [MD5.B1EC40EF79CDAA2AEC4FF876A9EA142A] - |A| - [04/04/2022 18:47:16] - (.-.) - [21.89 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log [MD5.4F8765B8423517E075D5BFA4C2F4901D] - |A| - [04/04/2022 18:49:16] - (.-.) - [47.68 Ko] - (0.0.0.0) - C:\Windows\Temp\msedge_installer.log [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\Windows\System32\0409 [MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [07/12/2019 11:09:00] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\Windows\System32\@AdvancedKeySettingsNotification.png [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:08:44] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\System32\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:08:45] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [07/12/2019 11:08:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\Windows\System32\@BackgroundAccessToastIcon.png [MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\Windows\System32\@bitlockertoastimage.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:08:52] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\System32\@EnrollmentToastIcon.png [MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [07/12/2019 11:08:58] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\System32\@language_notification_icon.png [MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [07/12/2019 11:09:45] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\Windows\System32\@optionalfeatures.png [MD5.A3437673F5766635A8378F67645B81C0] - |A| - [07/12/2019 11:09:37] - (.-.) - [0.35 Ko] - (0.0.0.0) - C:\Windows\System32\@StorageSenseToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:07] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@VpnToastIcon.png [MD5.79166EAF65485F1432DD72B72870026B] - |A| - [07/12/2019 11:09:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\Windows\System32\@windows-hello-V4.1.gif [MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsHelloFaceToastIcon.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-black.png [MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.contrast-white.png [MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\@WindowsUpdateToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:08:19] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\@WirelessDisplayToast.png [MD5.147B047B46B79A91CC34499D4F89119E] - |A| - [07/12/2019 11:09:05] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\@WLOGO_48x48.png [MD5.31A16C523B62500F83C82217F056A538] - |A| - [07/12/2019 11:08:39] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\Windows\System32\ActiveHours.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2786.8 Ko] - C:\Windows\System32\AdvancedInstallers [MD5.A49C26AA0CADD994DE158F51CB7EEFBC] - |A| - [12/05/2021 08:54:32] - (.-.) - [13 Ko] - (0.0.0.0) - C:\Windows\System32\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\Windows\System32\am-et [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2894.22 Ko] - C:\Windows\System32\appraiser [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279.5 Ko] - C:\Windows\System32\ar-SA [MD5.7605725C6464C7272BF3115901DF5776] - |A| - [11/01/2022 21:54:05] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [665.5 Ko] - (3.5.1.0) - C:\Windows\System32\archiveint.dll [MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [07/12/2019 11:08:07] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\Windows\System32\AverageRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [258.5 Ko] - C:\Windows\System32\bg-BG [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-black.png [MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-high.png [MD5.705628497C0012302212A46ADD463E6E] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.contrast-white.png [MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [07/12/2019 11:08:05] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothPairingSystemToastIcon.png [MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.contrast-white.png [MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\Windows\System32\BluetoothSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5947.72 Ko] - C:\Windows\System32\Boot [MD5.3149A16CF39B9A49BD9A1EF98A1C527B] - |A| - [13/01/2021 09:17:49] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [186.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\Windows\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [73473.11 Ko] - C:\Windows\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [48443.42 Ko] - C:\Windows\System32\catroot2 [MD5.00000000000000000000000000000000] - |D| - [28/10/2020 18:20:55] - [49985.4 Ko] - C:\Windows\System32\cAVS [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [25.49 Ko] - C:\Windows\System32\CodeIntegrity [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [377.5 Ko] - C:\Windows\System32\Com [MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.contrast-white.png [MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\ComputerToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [1015813 Ko] - C:\Windows\System32\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\Windows\System32\Configuration [MD5.C113EC3ABF481A1B41F99BD721B513C3] - |A| - [20/04/2021 17:40:03] - (.-.) - [225.83 Ko] - (0.0.0.0) - C:\Windows\System32\containerdevicemanagement.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.34 Ko] - C:\Windows\System32\ContainerSettingsProviders [MD5.A41C1754A956E37B5E7D06D5167548E7] - |A| - [26/05/2021 08:58:56] - (.-.) - [280.5 Ko] - (0.0.0.0) - C:\Windows\System32\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [318 Ko] - C:\Windows\System32\cs-CZ [MD5.05DE2EB0889D77D447BCA7BD597819CF] - |A| - [11/01/2022 21:54:05] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [511.5 Ko] - (7.79.1.0) - C:\Windows\System32\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [321.5 Ko] - C:\Windows\System32\da-DK [MD5.908694591B882879050057989F01E946] - |A| - [08/02/2022 21:42:42] - (.-.) - [159 Ko] - (0.0.0.0) - C:\Windows\System32\DataStoreCacheDumpTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [272.44 Ko] - C:\Windows\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [358.5 Ko] - C:\Windows\System32\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:08:21] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultAccountTile.png [MD5.057C75B5735EEF2A75ABF8F6770BCA34] - |A| - [09/10/2020 22:47:06] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [07/12/2019 11:14:56] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\DefaultQuestions.json [MD5.041A7B079E9776721847031A7CF533E1] - |A| - [07/12/2019 11:09:34] - (.-.) - [15.97 Ko] - (0.0.0.0) - C:\Windows\System32\DeliveryOptimizationMIProv.mof [MD5.59D5500F74109D59522F5A9457B8D9A2] - |A| - [07/12/2019 11:09:34] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\DeliveryOptimizationMIProvUninstall.mof [MD5.B924F1A7DE5ED8331B3375A778B3FE38] - |A| - [07/12/2019 11:08:52] - (.-.) - [35.5 Ko] - (0.0.0.0) - C:\Windows\System32\deploymentcsphelper.exe [MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [07/12/2019 11:08:39] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\Windows\System32\DesktopKeepOnToastImg.gif [MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [07/12/2019 11:08:43] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\Windows\System32\DetailedReading-Default.xml [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [886 Ko] - C:\Windows\System32\DiagSvcs [MD5.037DF43BCC9F9A4DF6548FED8F4503AF] - |A| - [07/12/2019 11:08:37] - (.-.) - [82.96 Ko] - (0.0.0.0) - C:\Windows\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9898.77 Ko] - C:\Windows\System32\Dism [MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.contrast-white.png [MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\Windows\System32\DisplaySystemToastIcon.png [MD5.C82AC2461534ACC47F6403A4BF8FB853] - |A| - [09/03/2022 18:34:13] - (.-.) - [11.63 Ko] - (0.0.0.0) - C:\Windows\System32\DrtmAuthTxt.wim [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [161.5 Ko] - C:\Windows\System32\dsc [MD5.9F3FA96F301CBE828AA9E98F13506F4A] - |A| - [09/03/2022 18:34:03] - (.-.) - [2201.5 Ko] - (0.0.0.0) - C:\Windows\System32\dwmscene.dll [MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [07/12/2019 11:08:07] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicLong.bin [MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [07/12/2019 11:08:07] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicMedium.bin [MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [07/12/2019 11:08:07] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\Windows\System32\DynamicShort.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [361.5 Ko] - C:\Windows\System32\el-GR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [0 Ko] - C:\Windows\System32\en [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [244 Ko] - C:\Windows\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1574.53 Ko] - C:\Windows\System32\en-US [MD5.1D0A840D731A2C1F2E1FB5B8596B4C34] - |A| - [13/01/2021 09:17:48] - (.-.) - [148.5 Ko] - (0.0.0.0) - C:\Windows\System32\EoAExperiences.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [343 Ko] - C:\Windows\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [271 Ko] - C:\Windows\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [238 Ko] - C:\Windows\System32\et-EE [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [16718.64 Ko] - C:\Windows\System32\F12 [MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [07/12/2019 11:08:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastBulldogImg.png [MD5.7F65C93283F31EB39E311DDDC00DFBA6] - |A| - [09/10/2020 22:47:41] - (.-.) - [16.54 Ko] - (0.0.0.0) - C:\Windows\System32\FeatureToastDlpImg.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7.11 Ko] - C:\Windows\System32\ff-Adlm-SN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [326 Ko] - C:\Windows\System32\fi-FI [MD5.81EDB3438D16C880E12BF5FA88E71DBA] - |A| - [27/09/2020 07:51:30] - (.-.) - [251.87 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:55] - [3403.5 Ko] - C:\Windows\System32\fr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [279 Ko] - C:\Windows\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [46648.96 Ko] - C:\Windows\System32\fr-FR [MD5.EB37DB663DC19E7C4D7F23A12DA07E99] - |A| - [15/09/2021 09:18:57] - (.-.) - [657 Ko] - (0.0.0.0) - C:\Windows\System32\FsNVSDeviceSource.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:10] - [0 Ko] - C:\Windows\System32\FxsTmp [MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.contrast-white.png [MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\Windows\System32\GameSystemToastIcon.png [MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [07/12/2019 11:09:48] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers [MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.contrast-white.png [MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\Windows\System32\HandwritingSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [256.5 Ko] - C:\Windows\System32\he-IL [MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.contrast-white.png [MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\Windows\System32\HeadphoneSystemToastIcon.png [MD5.202A07E4526B050E22624328E64E0470] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.contrast-white.png [MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\Windows\System32\HeadsetSystemToastIcon.png [MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.contrast-white.png [MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\Windows\System32\HealthSystemToastIcon.png [MD5.6D2BA2902199292D57806E3C53C587BF] - |A| - [13/01/2021 09:17:39] - (.-.) - [299.5 Ko] - (0.0.0.0) - C:\Windows\System32\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [250 Ko] - C:\Windows\System32\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [324.5 Ko] - C:\Windows\System32\hu-HU [MD5.871CA2345825E86D1D2D2A2E9E475D4F] - |A| - [09/10/2020 22:48:24] - (.-.) - [44.8 Ko] - (0.0.0.0) - C:\Windows\System32\HvSocket.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:53:03] - [149.55 Ko] - C:\Windows\System32\Hydrogen [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.36 Ko] - C:\Windows\System32\ias [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\Windows\System32\icsxml [MD5.947D07FA32ABB13DB520016769EB901B] - |A| - [26/05/2021 08:59:01] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2207.5 Ko] - (64.2.0.0) - C:\Windows\System32\icu.dll [MD5.A7B574704574F326B92DCEA872F1E9E1] - |A| - [09/10/2020 22:47:31] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24.5 Ko] - (64.2.0.0) - C:\Windows\System32\icuin.dll [MD5.4A85A9DEA3D47D95CEF5525586756EA6] - |A| - [09/10/2020 22:47:31] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [29 Ko] - (64.2.0.0) - C:\Windows\System32\icuuc.dll [MD5.388BE35F952EC7F057CDD79E8EDF9A18] - |A| - [11/11/2020 00:21:16] - (.-.) - [193 Ko] - (0.0.0.0) - C:\Windows\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [26851.41 Ko] - C:\Windows\System32\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6943 Ko] - C:\Windows\System32\InputMethod [MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.contrast-white.png [MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\InputSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [28/10/2020 18:20:55] - [330242.84 Ko] - C:\Windows\System32\Intel [MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.contrast-white.png [MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10192.95 Ko] - C:\Windows\System32\Keywords [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [235 Ko] - C:\Windows\System32\ko-KR [MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [07/12/2019 11:08:39] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\Windows\System32\LaptopPlugInToastImg.gif [MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [07/12/2019 11:08:07] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\Windows\System32\LargeRoom.bin [MD5.14BE6A1C21780D85AD3F1D09283C56DA] - |A| - [12/05/2021 08:54:58] - (.-.) - [1647.5 Ko] - (3.0.2.0) - C:\Windows\System32\libcrypto.dll [MD5.4BFD587C99FE34EEA0E74622C798B3BE] - |A| - [15/09/2021 09:18:48] - (.-.) - [1137 Ko] - (0.0.0.0) - C:\Windows\System32\MBR2GPT.EXE [MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.contrast-white.png [MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\Windows\System32\MediaSystemToastIcon.png [MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [07/12/2019 11:08:07] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\Windows\System32\MediumRoom.bin [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:11] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\System32\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:14:56] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\System32\mmc.exe.config [MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.contrast-white.png [MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\Windows\System32\MouseSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [28/10/2020 18:21:41] - [0 Ko] - C:\Windows\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\Windows\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\Windows\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\Windows\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.64 Ko] - C:\Windows\System32\my-mm [MD5.74FDEEAC0C0C0F62F4D0D484A36DA23A] - |A| - [07/12/2019 11:08:44] - (.-.) - [30.09 Ko] - (0.0.0.0) - C:\Windows\System32\NarratorControlTemplates.xml [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [314.5 Ko] - C:\Windows\System32\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\NDF [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [07/12/2019 11:09:48] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml [MD5.0E2D5DA1C7A1A97E46172AC33AD354EC] - |A| - [07/12/2019 11:09:48] - (.-.) - [70.5 Ko] - (0.0.0.0) - C:\Windows\System32\nettraceex.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\Windows\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [338.5 Ko] - C:\Windows\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\Windows\System32\Nui [MD5.D55B689DF6269B40E170EAFBCC0C34C4] - |A| - [07/12/2019 16:53:03] - (.-.) - [20.42 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-black.png [MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.contrast-white.png [MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\Windows\System32\OkDone_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15194.54 Ko] - C:\Windows\System32\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:51:03] - [3625 Ko] - C:\Windows\System32\OpenSSH [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [3.81 Ko] - C:\Windows\System32\osa-Osge-001 [MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [07/12/2019 11:08:07] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\Windows\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1724.83 Ko] - C:\Windows\System32\PerceptionSimulation [MD5.913D1CACF955584E7013DF28D643BFAB] - |A| - [07/12/2019 11:17:25] - (.-.) - [122.91 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat [MD5.0BD472F17A12BABA1C2DD6C120A5455D] - |A| - [07/12/2019 16:49:57] - (.-.) - [139.21 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat [MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [07/12/2019 11:17:25] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat [MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [07/12/2019 16:49:57] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat [MD5.75264EB990666355610551C0CAB3EE8E] - |A| - [07/12/2019 11:17:25] - (.-.) - [651.13 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat [MD5.3390F5532FD573AFF75FF27E7E663270] - |A| - [07/12/2019 16:49:57] - (.-.) - [739.3 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat [MD5.9A2A54047A411E8B92F6D5FCFE455939] - |A| - [28/10/2020 18:19:32] - (.-.) - [1643.51 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI [MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [07/12/2019 11:08:05] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.contrast-white.png [MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\Windows\System32\PhoneSystemToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [339 Ko] - C:\Windows\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [456 Ko] - C:\Windows\System32\PointOfService [MD5.7700A1F5ECACFB07A92C5960448AFAB8] - |A| - [07/12/2019 11:08:28] - (.-.) - [43 Ko] - (0.0.0.0) - C:\Windows\System32\pospaymentsworker.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\Windows\System32\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\ProximityToast [MD5.007893E8374C766471239EB291BA8C17] - |A| - [07/12/2019 11:08:19] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [332 Ko] - C:\Windows\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [335 Ko] - C:\Windows\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\Windows\System32\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\System32\RasToast [MD5.7852D37790807E55BD71A65183E0F1ED] - |A| - [07/07/2021 18:52:46] - (.-.) - [2315.5 Ko] - (1.0.2104.14003) - C:\Windows\System32\rdpnano.dll [MD5.42577ED1BA5199ADD53E1186EC4E28A4] - |A| - [13/01/2021 09:17:29] - (.-.) - [72.5 Ko] - (0.0.0.0) - C:\Windows\System32\rdsxvmaudio.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [2.39 Ko] - C:\Windows\System32\Recovery [MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.contrast-white.png [MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\RemoteSystemToastIcon.png [MD5.19B5EEEC29F044451D5E8E89B1BE6F5E] - |A| - [07/12/2019 11:09:33] - (.-.) - [110.5 Ko] - (0.0.0.0) - C:\Windows\System32\ResBParser.dll [MD5.31924C8E78CDBD81DA7905E87B185387] - |A| - [07/12/2019 11:09:54] - (.-.) - [9.35 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageList [MD5.5504F7F27D0AB178346D643D444A612C] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.98 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriHMImageListLowCost [MD5.85CF16AF388AE12AAE3E48A883C17A06] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.77 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageList [MD5.1391FB4E005C208A35E77DF6F3F055E2] - |A| - [07/12/2019 11:09:54] - (.-.) - [8.49 Ko] - (0.0.0.0) - C:\Windows\System32\ResPriImageListLowCost [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-black.png [MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.contrast-white.png [MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\RestartNowPower_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80.png [MD5.AE9FE55FED83149715734CB83339055A] - |A| - [07/12/2019 11:08:39] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-black.png [MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\Windows\System32\RestartTonight_80_contrast-white.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.07 Ko] - C:\Windows\System32\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [262 Ko] - C:\Windows\System32\ro-RO [MD5.8BB7F1C55F4DF7CEFF9291FDB77F780B] - |A| - [10/11/2021 00:14:46] - (.-.) - [59.5 Ko] - (0.0.0.0) - C:\Windows\System32\runexehelper.exe [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [07/12/2019 11:10:32] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-black.png [MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.contrast-white.png [MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\Windows\System32\ScheduleTime_80.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4.85 Ko] - C:\Windows\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [07/12/2019 11:08:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [78.59 Ko] - C:\Windows\System32\Sgrm [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1839 Ko] - C:\Windows\System32\ShellExperiences [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.7 Ko] - C:\Windows\System32\si-lk [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [254.5 Ko] - C:\Windows\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [251.5 Ko] - C:\Windows\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [27/09/2020 07:51:31] - [46241.45 Ko] - C:\Windows\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\Windows\System32\slmgr [MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [07/12/2019 11:08:07] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\Windows\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:03:44] - [13385.02 Ko] - C:\Windows\System32\SMI [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-black.png [MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.contrast-white.png [MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\Windows\System32\Snooze_80.png [MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [07/12/2019 11:08:05] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.contrast-white.png [MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [07/12/2019 11:08:05] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\Windows\System32\SpeakersSystemToastIcon.png [MD5.6DB032025BD266E5A3A52259F57F9247] - |A| - [07/12/2019 11:09:51] - (.-.) - [40 Ko] - (0.0.0.0) - C:\Windows\System32\SpectrumSyncClient.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7625.3 Ko] - C:\Windows\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [12465.68 Ko] - C:\Windows\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52632.34 Ko] - C:\Windows\System32\spool [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7294.68 Ko] - C:\Windows\System32\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\Windows\System32\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [253.5 Ko] - C:\Windows\System32\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:09:54] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:09:54] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\System32\srms-apr.dat [MD5.67894C70461ABD4EF6C116637EBB218A] - |A| - [07/12/2019 11:09:45] - (.-.) - [58.16 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [75416 Ko] - C:\Windows\System32\sru [MD5.862E9C75593E9BB1A90961975276F7FE] - |A| - [13/01/2021 09:17:28] - (.-.) - [444.5 Ko] - (0.0.0.0) - C:\Windows\System32\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [320 Ko] - C:\Windows\System32\sv-SE [MD5.26D2D82E2DD08761EAACF5BB5099D65B] - |A| - [15/09/2021 09:18:39] - (.-.) - [1265.67 Ko] - (0.0.0.0) - C:\Windows\System32\SvBannerBackground.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1418.56 Ko] - C:\Windows\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [938.28 Ko] - C:\Windows\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8.16 Ko] - C:\Windows\System32\ta-in [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10.73 Ko] - C:\Windows\System32\ta-lk [MD5.3596DC15B6F6CBBB6EC8B143CBD57F24] - |A| - [11/01/2022 21:54:05] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [53.5 Ko] - (3.5.1.0) - C:\Windows\System32\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [619.82 Ko] - C:\Windows\System32\Tasks [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [07/12/2019 11:09:05] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini [MD5.518F44081E6F4B3236CBF4FB17E41F9B] - |A| - [09/03/2022 18:33:58] - (.-.) - [2208 Ko] - (0.0.0.0) - C:\Windows\System32\TextInputMethodFormatter.dll [MD5.4C528AE5D512E3901BACAA5D75240381] - |A| - [12/10/2021 19:37:44] - (.-.) - [689.98 Ko] - (0.0.0.0) - C:\Windows\System32\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [240 Ko] - C:\Windows\System32\th-TH [MD5.CF7677327BE3C6395B9F3333CC0F1C15] - |A| - [09/12/2020 19:22:41] - (.-.) - [1.34 Ko] - (0.0.0.0) - C:\Windows\System32\ThirdPartyNoticesBySHS.txt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [5.97 Ko] - C:\Windows\System32\ti-et [MD5.25551715B57E10FAFFAAA72B07641075] - |A| - [09/03/2022 18:33:55] - (.-.) - [266.5 Ko] - (0.0.0.0) - C:\Windows\System32\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [308 Ko] - C:\Windows\System32\tr-TR [MD5.B88B8D017386A00D7724519F475317A0] - |A| - [07/12/2019 11:08:13] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [07/12/2019 11:08:13] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\Windows\System32\TransformPPSToWlanCredentials.xslt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [249 Ko] - C:\Windows\System32\uk-UA [MD5.8CDD866E0707A71952FBA8BE899B7512] - |A| - [09/10/2020 22:47:06] - (.-.) - [63.04 Ko] - (0.0.0.0) - C:\Windows\System32\umpdc.dll [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [2204.14 Ko] - C:\Windows\System32\UNP [MD5.8ADD5935D83D0A425C39E369520C4095] - |A| - [07/12/2019 11:08:37] - (.-.) - [48 Ko] - (0.0.0.0) - C:\Windows\System32\UsbPmApi.dll [MD5.46A6DF60907700A148D42CCF1219522E] - |A| - [07/12/2019 11:08:39] - (.-.) - [38.5 Ko] - (0.0.0.0) - C:\Windows\System32\usocoreps.dll [MD5.1E630731AFDFC63DEC4074301D342E4B] - |A| - [07/12/2019 11:08:09] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\Windows\System32\VhfUm.dll [MD5.A10725A4632FFFEAE250E09ADA553F94] - |A| - [13/01/2021 09:18:34] - (.-.) - [93.5 Ko] - (0.0.0.0) - C:\Windows\System32\VirtualMonitorManager.dll [MD5.642200804826D86CE603EBAA13B41FE3] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1033.11 Ko] - (1.2.135.0) - C:\Windows\System32\vulkan-1-999-0-0-0.dll [MD5.642200804826D86CE603EBAA13B41FE3] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [1033.11 Ko] - (1.2.135.0) - C:\Windows\System32\vulkan-1.dll [MD5.9E87D313C9CE7C62F16829552A6E9584] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1713.25 Ko] - (1.2.135.0) - C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe [MD5.9E87D313C9CE7C62F16829552A6E9584] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1713.25 Ko] - (1.2.135.0) - C:\Windows\System32\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [85774.61 Ko] - C:\Windows\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\Windows\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [261478.74 Ko] - C:\Windows\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [07/12/2019 11:08:46] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml [MD5.1D64ACF3675288CC086E6361EAC748C4] - |A| - [07/12/2019 11:08:52] - (.-.) - [144.51 Ko] - (0.0.0.0) - C:\Windows\System32\Win32AppSettingsProvider.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1.12 Ko] - C:\Windows\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [53493.83 Ko] - C:\Windows\System32\WinBioPlugIns [MD5.3F376202BE6A0EC0C866D97ED2E0F16D] - |A| - [26/05/2021 08:59:01] - (.-.) - [642.05 Ko] - (0.0.0.0) - C:\Windows\System32\WindowManagementAPI.dll [MD5.E9CA21D71E952448B75C45B2467E4DE7] - |A| - [07/12/2019 11:08:27] - (.-.) - [123 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [10720.11 Ko] - C:\Windows\System32\WindowsPowerShell [MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [07/12/2019 11:08:41] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\Windows\System32\WindowsSecurityIcon.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [283864 Ko] - C:\Windows\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6281.34 Ko] - C:\Windows\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\Windows\System32\winrm [MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [07/12/2019 11:08:12] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\Windows\System32\wpcatltoast.png [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [07/12/2019 11:08:12] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\Windows\System32\wpcmon.png [MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [07/12/2019 11:08:49] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\Windows\System32\wpr.config.xml [MD5.C8A7EAA0B83E05DDD11F37A833F754AC] - |A| - [07/12/2019 11:08:21] - (.-.) - [83 Ko] - (0.0.0.0) - C:\Windows\System32\xboxgipsynthetic.dll [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-black.png [MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.contrast-white.png [MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [07/12/2019 11:08:39] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\Windows\System32\X_80.png [MD5.9B8AAAAEB20788248763E3523756290E] - |A| - [28/10/2020 18:19:13] - (.-.) - [427.31 Ko] - (0.0.0.0) - C:\Windows\System32\ze_loader.dll [MD5.C045140508F5E467A5315579CF7F48C0] - |A| - [28/10/2020 18:19:13] - (.-.) - [139.81 Ko] - (0.0.0.0) - C:\Windows\System32\ze_validation_layer.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [234.99 Ko] - C:\Windows\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [204.5 Ko] - C:\Windows\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\Windows\SysWOW64\0409 [MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AppHelpToast.png [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [07/12/2019 11:09:21] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [07/12/2019 11:09:26] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [07/12/2019 11:09:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@VpnToastIcon.png [MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [07/12/2019 11:09:15] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\@WirelessDisplayToast.png [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1864.83 Ko] - C:\Windows\SysWOW64\AdvancedInstallers [MD5.E556115BD4E751178310F842E457CA22] - |A| - [09/12/2020 19:22:45] - (.-.) - [10.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\agentactivationruntimestarter.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [97.5 Ko] - C:\Windows\SysWOW64\ar-SA [MD5.DD0F04B43362A7C7660C1DF405D416F0] - |A| - [11/01/2022 21:54:07] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [563 Ko] - (3.5.1.0) - C:\Windows\SysWOW64\archiveint.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [58.5 Ko] - C:\Windows\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.1 Ko] - C:\Windows\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\catroot [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [316.5 Ko] - C:\Windows\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [194.47 Ko] - C:\Windows\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [53.11 Ko] - C:\Windows\SysWOW64\Configuration [MD5.6545DE4EF5217AA2FFC7FFD27725A971] - |A| - [09/12/2020 19:22:45] - (.-.) - [235 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CoreMas.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [118.5 Ko] - C:\Windows\SysWOW64\cs-CZ [MD5.A2F18DAD6F7BE95ED9FC7A37B7D94FF7] - |A| - [11/01/2022 21:54:07] - (.© 1996 - 2021 Daniel Stenberg, . - The curl executable.) - [453.5 Ko] - (7.79.1.0) - C:\Windows\SysWOW64\curl.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [119.5 Ko] - C:\Windows\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [131 Ko] - C:\Windows\SysWOW64\de-DE [MD5.C1684AACAAD62889ACFCA988AA46562D] - |A| - [07/12/2019 11:09:15] - (.-.) - [28.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\DefaultAccountTile.png [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [188 Ko] - C:\Windows\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [7607.02 Ko] - C:\Windows\SysWOW64\Dism [MD5.B873A5ABCFBC42B1BAC9EBE8741C6162] - |A| - [07/12/2019 16:50:56] - (.Copyright (C) 2019 - Gracenote SDK component.) - [244 Ko] - (3.9.511.0) - C:\Windows\SysWOW64\gnsdk_fp.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [93 Ko] - C:\Windows\SysWOW64\he-IL [MD5.DF0C9C776F8367E213210FB256AC30EC] - |A| - [13/01/2021 09:18:04] - (.-.) - [230 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\HeatCore.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [55.5 Ko] - C:\Windows\SysWOW64\hr-HR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\Windows\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml [MD5.8226A1A91F01432A0CB10CAABF1B9C6D] - |A| - [26/05/2021 08:59:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1820.5 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icu.dll [MD5.FB475B41189AACF1C607C1E9DC0EBB0B] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N Forwarder DLL.) - [24 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icuin.dll [MD5.B17445D0DF2C22C924899B5DF8E84475] - |RA| - [07/12/2019 11:09:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common Forwarder DLL.) - [28.5 Ko] - (64.2.0.0) - C:\Windows\SysWOW64\icuuc.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [21634.72 Ko] - C:\Windows\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [215 Ko] - C:\Windows\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield [MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [07/12/2019 11:10:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\MixedRealityRuntime.json [MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [07/12/2019 11:15:00] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mmc.exe.config [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6 Ko] - C:\Windows\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [116 Ko] - C:\Windows\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [51 Ko] - C:\Windows\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\Windows\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [07/12/2019 11:14:52] - [3781.5 Ko] - C:\Windows\SysWOW64\Nui [MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [07/12/2019 11:10:14] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\OneDrive.ico [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [764.83 Ko] - C:\Windows\SysWOW64\oobe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [79.5 Ko] - C:\Windows\SysWOW64\PerceptionSimulation [MD5.CDA1478917B38E2B82CD579412C9CD09] - |A| - [28/10/2020 18:30:13] - (.-.) - [1671.57 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [124 Ko] - C:\Windows\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [420.74 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [122 Ko] - C:\Windows\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [123 Ko] - C:\Windows\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.75 Ko] - C:\Windows\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0.82 Ko] - C:\Windows\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57.5 Ko] - C:\Windows\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [121.5 Ko] - C:\Windows\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\Windows\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\Windows\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [52.14 Ko] - C:\Windows\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [4040.33 Ko] - C:\Windows\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [8699.16 Ko] - C:\Windows\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [1316.18 Ko] - C:\Windows\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [23.63 Ko] - C:\Windows\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [56.5 Ko] - C:\Windows\SysWOW64\sr-Latn-RS [MD5.BA7D4E5FAE64BD0403C7F7E91CD93F77] - |A| - [07/12/2019 11:10:05] - (.-.) - [11.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr-v.dat [MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [07/12/2019 11:10:05] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\srms-apr.dat [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\sru [MD5.BDC53957962AFBEBE6A25EF941C261B3] - |A| - [13/01/2021 09:17:59] - (.-.) - [323 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ssdm.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [117 Ko] - C:\Windows\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\Windows\SysWOW64\sysprep [MD5.D7128869A4759CCBDC5D4BC55A40D4CC] - |A| - [11/01/2022 21:54:07] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [43.5 Ko] - (3.5.1.0) - C:\Windows\SysWOW64\tar.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [0 Ko] - C:\Windows\SysWOW64\Tasks [MD5.1D2D564BC91E46A54533B8ABBEF460DD] - |A| - [15/09/2021 09:18:49] - (.-.) - [1302.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TextInputMethodFormatter.dll [MD5.4C58C812BB19C065CB0ED7FC8FBBAC12] - |A| - [12/10/2021 19:37:54] - (.-.) - [597.62 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TextShaping.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [50.5 Ko] - C:\Windows\SysWOW64\th-TH [MD5.CE4E73FA1555E59A16BEE1DFF1EE353A] - |A| - [09/03/2022 18:34:08] - (.-.) - [218.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\TpmTool.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [115 Ko] - C:\Windows\SysWOW64\tr-TR [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [57 Ko] - C:\Windows\SysWOW64\uk-UA [MD5.7E0273A51BDD51DFB58F905C8F501061] - |A| - [09/10/2020 22:48:05] - (.-.) - [46.36 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\umpdc.dll [MD5.AFED9618C925D0820F991FAB6109C871] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [899.61 Ko] - (1.2.135.0) - C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll [MD5.AFED9618C925D0820F991FAB6109C871] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Loader.) - [899.61 Ko] - (1.2.135.0) - C:\Windows\SysWOW64\vulkan-1.dll [MD5.6E9BCE6254E98978495A2FDB5BC34198] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1328.25 Ko] - (1.2.135.0) - C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe [MD5.6E9BCE6254E98978495A2FDB5BC34198] - |A| - [28/10/2020 18:19:13] - (.Copyright (C) 2015-2020 - Vulkan Info.) - [1328.25 Ko] - (1.2.135.0) - C:\Windows\SysWOW64\vulkaninfo.exe [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [15748.16 Ko] - C:\Windows\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [0 Ko] - C:\Windows\SysWOW64\WCN [MD5.A22B636328327A4EA6F6AB3F48A5B5B1] - |A| - [26/05/2021 08:59:12] - (.-.) - [457.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowManagementAPI.dll [MD5.BEDEDB102316C696D36F0D4331E1C2AE] - |A| - [07/12/2019 11:09:17] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\WindowsDefaultHeatProcessor.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [9338.44 Ko] - C:\Windows\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [6281.07 Ko] - C:\Windows\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 16:49:56] - [107.56 Ko] - C:\Windows\SysWOW64\winrm [MD5.7A015A6F199516A06C5AFB56FEE7AC51] - |A| - [07/12/2019 11:09:17] - (.-.) - [59 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xboxgipsynthetic.dll [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\Windows\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [07/12/2019 11:14:52] - [82 Ko] - C:\Windows\SysWOW64\zh-TW ---------- | [Public] [27/09/2020 09:55:24] - |RHD| - [196] - C:\Users\Public\AccountPictures [07/12/2019 11:14:52] - |RHD| - [1440] - C:\Users\Public\Desktop [07/12/2019 11:14:54] - |ASH| - [174] - C:\Users\Public\desktop.ini [07/12/2019 11:14:52] - |RD| - [278] - C:\Users\Public\Documents [07/12/2019 11:14:52] - |RD| - [174] - C:\Users\Public\Downloads [07/12/2019 11:14:52] - |RHD| - [1174] - C:\Users\Public\Libraries [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Music [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Pictures [07/12/2019 11:14:52] - |RD| - [380] - C:\Users\Public\Videos ---------- | [Utilisateur] [29/10/2020 01:16:31] - |RD| - [298] - C:\Users\Utilisateur\3D Objects [29/10/2020 01:16:05] - |HD| - [585127940] - C:\Users\Utilisateur\AppData [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Application Data [29/10/2020 01:16:31] - |RD| - [412] - C:\Users\Utilisateur\Contacts [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Cookies [29/10/2020 01:16:05] - |RD| - [6922062] - C:\Users\Utilisateur\Desktop [29/10/2020 01:16:05] - |RD| - [64444480] - C:\Users\Utilisateur\Documents [29/10/2020 01:16:05] - |RD| - [282] - C:\Users\Utilisateur\Downloads [29/10/2020 01:16:05] - |RD| - [690] - C:\Users\Utilisateur\Favorites [29/10/2020 01:16:05] - |RD| - [1997] - C:\Users\Utilisateur\Links [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Local Settings [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Menu Démarrer [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Mes documents [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Modèles [29/10/2020 01:16:05] - |RD| - [4701373] - C:\Users\Utilisateur\Music [29/10/2020 01:16:05] - |AH| - [3932160] - C:\Users\Utilisateur\ntuser.dat [29/10/2020 01:16:05] - |ASH| - [1363968] - C:\Users\Utilisateur\ntuser.dat.log1 [29/10/2020 01:16:05] - |ASH| - [606208] - C:\Users\Utilisateur\ntuser.dat.log2 [25/10/2021 16:44:17] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{031f4ed9-35a2-11ec-99f1-803049de4a27}.TM.blf [25/10/2021 16:44:17] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{031f4ed9-35a2-11ec-99f1-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [25/10/2021 16:44:17] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{031f4ed9-35a2-11ec-99f1-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [15/02/2021 17:04:14] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{0c7e035c-6f9f-11eb-99a0-803049de4a27}.TM.blf [15/02/2021 17:04:14] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0c7e035c-6f9f-11eb-99a0-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [15/02/2021 17:04:14] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0c7e035c-6f9f-11eb-99a0-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [14/10/2021 14:27:19] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{0e44c5d9-2cea-11ec-99ed-803049de4a27}.TM.blf [14/10/2021 14:27:19] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0e44c5d9-2cea-11ec-99ed-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [14/10/2021 14:27:19] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0e44c5d9-2cea-11ec-99ed-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [28/10/2021 08:48:38] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{0fcabf59-37bb-11ec-99f5-803049de4a27}.TM.blf [28/10/2021 08:48:38] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0fcabf59-37bb-11ec-99f5-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [28/10/2021 08:48:38] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{0fcabf59-37bb-11ec-99f5-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [30/07/2021 18:49:29] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{16af4ad4-f156-11eb-99d8-803049de4a27}.TM.blf [30/07/2021 18:49:29] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{16af4ad4-f156-11eb-99d8-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [30/07/2021 18:49:29] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{16af4ad4-f156-11eb-99d8-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [22/08/2021 18:22:22] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{1c6b0b5a-0365-11ec-99dd-803049de4a27}.TM.blf [22/08/2021 18:22:22] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1c6b0b5a-0365-11ec-99dd-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [22/08/2021 18:22:22] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1c6b0b5a-0365-11ec-99dd-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [11/04/2021 14:47:58] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{1ff0dc57-9ac4-11eb-99b1-803049de4a27}.TM.blf [11/04/2021 14:47:58] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1ff0dc57-9ac4-11eb-99b1-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [11/04/2021 14:47:58] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1ff0dc57-9ac4-11eb-99b1-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [10/05/2021 12:11:53] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{1ff2032c-b178-11eb-99b6-803049de4a27}.TM.blf [10/05/2021 12:11:53] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1ff2032c-b178-11eb-99b6-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [10/05/2021 12:11:53] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{1ff2032c-b178-11eb-99b6-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [24/12/2021 19:59:04] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{29e6fc5b-64e3-11ec-9a0b-803049de4a27}.TM.blf [24/12/2021 19:59:04] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{29e6fc5b-64e3-11ec-9a0b-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [24/12/2021 19:59:04] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{29e6fc5b-64e3-11ec-9a0b-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [20/04/2021 17:29:23] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{2a5d23da-a1ed-11eb-99b3-803049de4a27}.TM.blf [20/04/2021 17:29:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{2a5d23da-a1ed-11eb-99b3-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [20/04/2021 17:29:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{2a5d23da-a1ed-11eb-99b3-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [02/03/2021 09:37:59] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{2f2923dc-7b2a-11eb-99a7-803049de4a27}.TM.blf [02/03/2021 09:37:59] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{2f2923dc-7b2a-11eb-99a7-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [02/03/2021 09:37:59] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{2f2923dc-7b2a-11eb-99a7-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [08/03/2022 15:40:05] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{3e8140d8-9ee5-11ec-9a16-803049de4a27}.TM.blf [08/03/2022 15:40:05] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{3e8140d8-9ee5-11ec-9a16-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [08/03/2022 15:40:05] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{3e8140d8-9ee5-11ec-9a16-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [26/10/2021 14:35:55] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{3f61b629-3659-11ec-99f3-803049de4a27}.TM.blf [26/10/2021 14:35:55] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{3f61b629-3659-11ec-99f3-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [26/10/2021 14:35:55] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{3f61b629-3659-11ec-99f3-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [12/10/2021 17:44:23] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{41187dd9-2b73-11ec-99ea-803049de4a27}.TM.blf [12/10/2021 17:44:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{41187dd9-2b73-11ec-99ea-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [12/10/2021 17:44:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{41187dd9-2b73-11ec-99ea-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [31/12/2021 12:13:22] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{44a8fbad-6a22-11ec-9a0d-803049de4a27}.TM.blf [31/12/2021 12:13:22] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{44a8fbad-6a22-11ec-9a0d-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [31/12/2021 12:13:22] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{44a8fbad-6a22-11ec-9a0d-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [01/06/2021 16:54:38] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{458d79ae-c2e9-11eb-99c2-803049de4a27}.TM.blf [01/06/2021 16:54:38] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{458d79ae-c2e9-11eb-99c2-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [01/06/2021 16:54:39] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{458d79ae-c2e9-11eb-99c2-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [26/01/2021 13:04:42] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{45d9d958-5fc6-11eb-9998-803049de4a27}.TM.blf [26/01/2021 13:04:42] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{45d9d958-5fc6-11eb-9998-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [26/01/2021 13:04:42] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{45d9d958-5fc6-11eb-9998-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [25/11/2021 15:40:48] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{482edeac-4df5-11ec-9a04-803049de4a27}.TM.blf [25/11/2021 15:40:48] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{482edeac-4df5-11ec-9a04-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [25/11/2021 15:40:48] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{482edeac-4df5-11ec-9a04-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [01/12/2021 18:11:15] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{4b2c4229-52c1-11ec-9a07-803049de4a27}.TM.blf [01/12/2021 18:11:15] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{4b2c4229-52c1-11ec-9a07-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [01/12/2021 18:11:15] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{4b2c4229-52c1-11ec-9a07-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [29/10/2020 01:16:05] - |ASH| - [65536] - C:\Users\Utilisateur\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf [29/10/2020 01:16:05] - |ASH| - [524288] - C:\Users\Utilisateur\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms [29/10/2020 01:16:05] - |ASH| - [524288] - C:\Users\Utilisateur\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms [29/10/2021 10:58:56] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{6e18a055-3896-11ec-99f9-803049de4a27}.TM.blf [29/10/2021 10:58:56] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{6e18a055-3896-11ec-99f9-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [29/10/2021 10:58:56] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{6e18a055-3896-11ec-99f9-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [31/12/2020 13:58:15] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{72353ddb-4b5f-11eb-9994-803049de4a27}.TM.blf [31/12/2020 13:58:15] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{72353ddb-4b5f-11eb-9994-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [31/12/2020 13:58:15] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{72353ddb-4b5f-11eb-9994-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [05/11/2021 00:28:00] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{730db058-3dbe-11ec-99fb-803049de4a27}.TM.blf [05/11/2021 00:28:00] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{730db058-3dbe-11ec-99fb-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [05/11/2021 00:28:00] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{730db058-3dbe-11ec-99fb-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [08/07/2021 14:53:23] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{76995258-dfeb-11eb-99d1-803049de4a27}.TM.blf [08/07/2021 14:53:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{76995258-dfeb-11eb-99d1-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [08/07/2021 14:53:23] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{76995258-dfeb-11eb-99d1-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [23/10/2021 14:41:02] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{7720f1cd-33fe-11ec-99ef-803049de4a27}.TM.blf [23/10/2021 14:41:02] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{7720f1cd-33fe-11ec-99ef-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [23/10/2021 14:41:03] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{7720f1cd-33fe-11ec-99ef-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [10/06/2021 08:02:58] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{7ccaed56-c9b1-11eb-99c5-803049de4a27}.TM.blf [10/06/2021 08:02:58] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{7ccaed56-c9b1-11eb-99c5-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [10/06/2021 08:02:58] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{7ccaed56-c9b1-11eb-99c5-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [28/09/2021 14:28:12] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{87d884bc-2057-11ec-99e3-803049de4a27}.TM.blf [28/09/2021 14:28:12] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{87d884bc-2057-11ec-99e3-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [28/09/2021 14:28:12] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{87d884bc-2057-11ec-99e3-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [16/02/2021 20:41:25] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{8e95272b-7086-11eb-99a3-803049de4a27}.TM.blf [16/02/2021 20:41:25] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{8e95272b-7086-11eb-99a3-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [16/02/2021 20:41:25] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{8e95272b-7086-11eb-99a3-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [13/06/2021 08:57:14] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{915aefd5-cc14-11eb-99c7-803049de4a27}.TM.blf [13/06/2021 08:57:14] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{915aefd5-cc14-11eb-99c7-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [13/06/2021 08:57:14] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{915aefd5-cc14-11eb-99c7-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [22/07/2021 19:31:06] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{944dd7b5-eb12-11eb-99d6-803049de4a27}.TM.blf [22/07/2021 19:31:06] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{944dd7b5-eb12-11eb-99d6-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [22/07/2021 19:31:06] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{944dd7b5-eb12-11eb-99d6-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [19/05/2021 23:24:35] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{97e19a2d-b8e8-11eb-99b9-803049de4a27}.TM.blf [19/05/2021 23:24:35] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{97e19a2d-b8e8-11eb-99b9-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [19/05/2021 23:24:35] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{97e19a2d-b8e8-11eb-99b9-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [04/04/2022 18:45:35] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{a2405052-b436-11ec-9a1a-803049de4a27}.TM.blf [04/04/2022 18:45:36] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{a2405052-b436-11ec-9a1a-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [04/04/2022 18:45:36] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{a2405052-b436-11ec-9a1a-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [02/02/2021 16:34:09] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{b1dab531-6563-11eb-999b-803049de4a27}.TM.blf [02/02/2021 16:34:09] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{b1dab531-6563-11eb-999b-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [02/02/2021 16:34:09] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{b1dab531-6563-11eb-999b-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [13/09/2021 18:22:00] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{b4649c5b-14ae-11ec-99e0-803049de4a27}.TM.blf [13/09/2021 18:22:00] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{b4649c5b-14ae-11ec-99e0-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [13/09/2021 18:22:00] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{b4649c5b-14ae-11ec-99e0-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [01/10/2021 15:02:42] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{d8e6b3d8-22b7-11ec-99e5-803049de4a27}.TM.blf [01/10/2021 15:02:42] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{d8e6b3d8-22b7-11ec-99e5-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [01/10/2021 15:02:42] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{d8e6b3d8-22b7-11ec-99e5-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [07/07/2021 18:32:11] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{dc7ccfd9-df40-11eb-99ce-803049de4a27}.TM.blf [07/07/2021 18:32:11] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{dc7ccfd9-df40-11eb-99ce-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [07/07/2021 18:32:11] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{dc7ccfd9-df40-11eb-99ce-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [06/11/2021 11:28:31] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{e3fab84a-3ee3-11ec-99fd-803049de4a27}.TM.blf [06/11/2021 11:28:32] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{e3fab84a-3ee3-11ec-99fd-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [06/11/2021 11:28:32] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{e3fab84a-3ee3-11ec-99fd-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [05/02/2021 01:01:27] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{e5246c2c-673c-11eb-999c-803049de4a27}.TM.blf [05/02/2021 01:01:27] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{e5246c2c-673c-11eb-999c-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [05/02/2021 01:01:27] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{e5246c2c-673c-11eb-999c-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [16/06/2021 19:33:19] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{ec1c71d7-cec8-11eb-99cb-803049de4a27}.TM.blf [16/06/2021 19:33:19] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{ec1c71d7-cec8-11eb-99cb-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [16/06/2021 19:33:19] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{ec1c71d7-cec8-11eb-99cb-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [30/01/2022 10:16:44] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{f152d659-81a4-11ec-9a13-803049de4a27}.TM.blf [30/01/2022 10:16:44] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f152d659-81a4-11ec-9a13-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [30/01/2022 10:16:44] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f152d659-81a4-11ec-9a13-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [11/01/2022 13:02:26] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{f15e655a-72cd-11ec-9a0f-803049de4a27}.TM.blf [11/01/2022 13:02:26] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f15e655a-72cd-11ec-9a0f-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [11/01/2022 13:02:26] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f15e655a-72cd-11ec-9a0f-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [30/03/2021 17:52:45] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{f3f1332f-916f-11eb-99af-803049de4a27}.TM.blf [30/03/2021 17:52:45] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f3f1332f-916f-11eb-99af-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [30/03/2021 17:52:45] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f3f1332f-916f-11eb-99af-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [23/11/2021 12:13:16] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{f4ca5e56-4c45-11ec-9a02-803049de4a27}.TM.blf [23/11/2021 12:13:16] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f4ca5e56-4c45-11ec-9a02-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [23/11/2021 12:13:16] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{f4ca5e56-4c45-11ec-9a02-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [30/10/2020 20:09:06] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{faec1cab-1ad7-11eb-9976-803049de4a28}.TM.blf [30/10/2020 20:09:06] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{faec1cab-1ad7-11eb-9976-803049de4a28}.TMContainer00000000000000000001.regtrans-ms [30/10/2020 20:09:06] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{faec1cab-1ad7-11eb-9976-803049de4a28}.TMContainer00000000000000000002.regtrans-ms [16/06/2021 12:38:39] - |ASH| - [65536] - C:\Users\Utilisateur\ntuser.dat{fe79b9d3-ce8e-11eb-99c9-803049de4a27}.TM.blf [16/06/2021 12:38:39] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{fe79b9d3-ce8e-11eb-99c9-803049de4a27}.TMContainer00000000000000000001.regtrans-ms [16/06/2021 12:38:39] - |ASH| - [524288] - C:\Users\Utilisateur\ntuser.dat{fe79b9d3-ce8e-11eb-99c9-803049de4a27}.TMContainer00000000000000000002.regtrans-ms [29/10/2020 01:16:05] - |SH| - [20] - C:\Users\Utilisateur\ntuser.ini [28/10/2020 18:16:53] - |RAD| - [10392] - C:\Users\Utilisateur\OneDrive [29/10/2020 01:16:05] - |RD| - [17866162] - C:\Users\Utilisateur\Pictures [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Recent [29/10/2020 01:16:05] - |RD| - [282] - C:\Users\Utilisateur\Saved Games [29/10/2020 01:16:31] - |RD| - [1875] - C:\Users\Utilisateur\Searches [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\SendTo [29/10/2020 01:16:05] - |RD| - [605238812] - C:\Users\Utilisateur\Videos [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Voisinage d'impression [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\Voisinage réseau [12/07/2021 19:46:47] - |A| - [3295944] - C:\Users\Utilisateur\ZHPCleaner.exe [18/08/2021 10:30:32] - |A| - [3480728] - C:\Users\Utilisateur\ZHPSuite.exe [29/10/2020 01:16:05] - |D| - [322762395] - C:\Users\Utilisateur\AppData\Local [29/10/2020 01:16:05] - |D| - [15172893] - C:\Users\Utilisateur\AppData\LocalLow [29/10/2020 01:16:05] - |D| - [247192652] - C:\Users\Utilisateur\AppData\Roaming [28/10/2020 18:41:28] - |D| - [443250] - C:\Users\Utilisateur\AppData\Local\Adobe [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\AppData\Local\Application Data [28/10/2020 18:21:03] - |D| - [21716996] - C:\Users\Utilisateur\AppData\Local\Comms [29/10/2020 01:16:30] - |D| - [4317316] - C:\Users\Utilisateur\AppData\Local\ConnectedDevicesPlatform [31/10/2020 18:12:24] - |D| - [268336] - C:\Users\Utilisateur\AppData\Local\D3DSCache [30/10/2020 22:18:08] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\ElevatedDiagnostics [28/10/2020 18:28:05] - |D| - [7678845] - C:\Users\Utilisateur\AppData\Local\Google [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\AppData\Local\Historique [28/10/2021 11:35:02] - |AH| - [88777] - C:\Users\Utilisateur\AppData\Local\IconCache.db [29/10/2020 01:16:05] - |D| - [187431284] - C:\Users\Utilisateur\AppData\Local\Microsoft [30/10/2020 21:53:47] - |D| - [30853230] - C:\Users\Utilisateur\AppData\Local\Mozilla [30/10/2020 16:12:46] - |D| - [80192] - C:\Users\Utilisateur\AppData\Local\OneDrive [29/10/2020 01:16:31] - |D| - [62161479] - C:\Users\Utilisateur\AppData\Local\Packages [28/10/2020 18:26:47] - |D| - [34223] - C:\Users\Utilisateur\AppData\Local\PlaceholderTileLogoFolder [29/10/2020 01:16:38] - |D| - [837855] - C:\Users\Utilisateur\AppData\Local\Publishers [28/10/2020 18:40:49] - |D| - [499712] - C:\Users\Utilisateur\AppData\Local\SoftGrid Client [05/05/2021 13:03:48] - |D| - [940] - C:\Users\Utilisateur\AppData\Local\speech [29/10/2020 01:16:05] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\Temp [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\AppData\Local\Temporary Internet Files [31/10/2020 10:09:20] - |D| - [6059535] - C:\Users\Utilisateur\AppData\Local\Thunderbird [29/10/2020 01:16:31] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\VirtualStore [30/10/2020 10:28:25] - |D| - [290425] - C:\Users\Utilisateur\AppData\Local\ZHP [28/10/2020 18:41:28] - |D| - [6353556] - C:\Users\Utilisateur\AppData\LocalLow\Adobe [28/10/2020 18:20:19] - |D| - [7831399] - C:\Users\Utilisateur\AppData\LocalLow\Intel [28/10/2020 18:16:50] - |SD| - [987938] - C:\Users\Utilisateur\AppData\LocalLow\Microsoft [30/10/2020 21:53:47] - |D| - [0] - C:\Users\Utilisateur\AppData\LocalLow\Mozilla [29/10/2020 01:16:31] - |D| - [50220] - C:\Users\Utilisateur\AppData\Roaming\Adobe [28/10/2020 18:28:24] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\Macromedia [29/10/2020 01:16:05] - |SD| - [5730844] - C:\Users\Utilisateur\AppData\Roaming\Microsoft [01/11/2020 12:17:14] - |D| - [128356774] - C:\Users\Utilisateur\AppData\Roaming\Mozilla [13/11/2020 19:54:10] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\Skype [28/10/2020 18:40:48] - |D| - [885529] - C:\Users\Utilisateur\AppData\Roaming\SoftGrid Client [31/10/2020 10:08:13] - |D| - [105202467] - C:\Users\Utilisateur\AppData\Roaming\Thunderbird [28/10/2020 18:30:05] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\TP [01/11/2020 16:09:56] - |D| - [6966818] - C:\Users\Utilisateur\AppData\Roaming\ZHP [29/10/2020 01:16:31] - |SH| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [29/10/2020 01:16:05] - |SHD| - [0] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes [29/10/2020 01:16:05] - |RD| - [16335] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [29/10/2020 01:16:05] - |RD| - [3888] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [29/10/2020 01:16:05] - |RD| - [1674] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [29/10/2020 01:16:31] - |RD| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [29/10/2020 01:16:05] - |SH| - [264] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [29/10/2020 01:16:05] - |D| - [170] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [29/10/2020 01:16:31] - |RD| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [29/10/2020 01:16:05] - |RD| - [4913] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [29/10/2020 01:16:05] - |D| - [5078] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [29/10/2020 01:16:31] - |SH| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\ProgramData [28/10/2020 18:28:40] - |D| - [0] - C:\ProgramData\Adobe [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Application Data [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Bureau [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Documents [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Menu Démarrer [07/12/2019 11:14:52] - |SD| - [1663501779] - C:\ProgramData\Microsoft [27/09/2020 09:56:30] - |D| - [25] - C:\ProgramData\Microsoft OneDrive [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Modèles [29/10/2020 21:41:32] - |D| - [24918] - C:\ProgramData\Mozilla [08/02/2022 16:33:23] - |D| - [19045] - C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 [27/09/2020 09:55:25] - |D| - [73728] - C:\ProgramData\Packages [07/12/2019 11:14:52] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [07/12/2019 11:14:52] - |D| - [0] - C:\ProgramData\SoftwareDistribution [09/10/2020 22:52:30] - |D| - [0] - C:\ProgramData\ssh [23/10/2021 09:33:17] - |A| - [0] - C:\ProgramData\UpdateLock-8216C80C92C4E828 [07/12/2019 11:14:52] - |D| - [10682368] - C:\ProgramData\USOPrivate [07/12/2019 11:14:52] - |D| - [20639744] - C:\ProgramData\USOShared [30/10/2020 00:47:33] - |D| - [0] - C:\ProgramData\VirtualizedApplications [07/12/2019 16:53:03] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [29/10/2020 01:14:54] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes [07/12/2019 11:14:52] - |RD| - [67741] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [07/12/2019 11:14:52] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [07/12/2019 11:14:52] - |RD| - [14467] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [07/12/2019 11:14:52] - |RD| - [22956] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [07/12/2019 11:14:54] - |SH| - [522] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [01/11/2020 11:44:22] - |A| - [1005] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk [07/12/2019 11:10:31] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [07/12/2019 11:14:52] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [27/09/2020 09:54:05] - |A| - [2442] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk [28/10/2020 18:30:24] - |D| - [15360] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français) [22/10/2021 09:18:05] - |A| - [1146] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk [07/12/2019 11:14:52] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [07/12/2019 11:14:52] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [31/10/2020 10:04:23] - |A| - [1278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk [07/12/2019 16:52:28] - |RD| - [2800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [07/12/2019 11:14:54] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [28/10/2020 18:29:09] - |D| - [0] - C:\Program Files (x86)\Adobe [07/12/2019 11:14:52] - |D| - [41007148] - C:\Program Files (x86)\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [28/10/2020 18:28:06] - |D| - [0] - C:\Program Files (x86)\Google [07/12/2019 11:14:52] - |D| - [1996367] - C:\Program Files (x86)\Internet Explorer [27/09/2020 09:53:31] - |D| - [962672248] - C:\Program Files (x86)\Microsoft [28/10/2020 18:30:11] - |D| - [13142188] - C:\Program Files (x86)\Microsoft Application Virtualization Client [28/10/2020 18:30:12] - |D| - [264439] - C:\Program Files (x86)\Microsoft Office [07/12/2019 11:14:52] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET [30/10/2020 21:52:13] - |D| - [364668] - C:\Program Files (x86)\Mozilla Maintenance Service [11/03/2022 09:45:35] - |D| - [233689981] - C:\Program Files (x86)\Mozilla Thunderbird [07/12/2019 11:14:52] - |D| - [1823008] - C:\Program Files (x86)\Windows Defender [07/12/2019 11:14:52] - |D| - [625664] - C:\Program Files (x86)\Windows Mail [07/12/2019 16:53:03] - |D| - [3237786] - C:\Program Files (x86)\Windows Media Player [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6058840] - C:\Program Files (x86)\Windows NT [07/12/2019 16:53:03] - |D| - [5261760] - C:\Program Files (x86)\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [40232] - C:\Program Files (x86)\Windows Portable Devices [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [07/12/2019 11:14:52] - |D| - [2250695] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [07/12/2019 11:14:52] - |D| - [55253746] - C:\Program Files\Common Files [07/12/2019 11:14:54] - |ASH| - [174] - C:\Program Files\desktop.ini [29/10/2020 01:14:54] - |SHD| - [0] - C:\Program Files\Fichiers communs [07/12/2019 11:14:52] - |D| - [2676834] - C:\Program Files\Internet Explorer [28/10/2020 18:30:11] - |D| - [1611120] - C:\Program Files\Microsoft Office [02/03/2021 09:59:20] - |D| - [1916128] - C:\Program Files\Microsoft Update Health Tools [07/12/2019 11:14:52] - |D| - [0] - C:\Program Files\ModifiableWindowsApps [23/03/2022 17:32:33] - |D| - [220659674] - C:\Program Files\Mozilla Firefox [22/10/2021 09:18:04] - |D| - [11781242] - C:\Program Files\PCHealthCheck [27/09/2020 09:51:58] - |HD| - [0] - C:\Program Files\Uninstall Information [28/10/2020 18:30:25] - |D| - [130641652] - C:\Program Files\VideoLAN [07/12/2019 11:14:52] - |D| - [13853406] - C:\Program Files\Windows Defender [07/12/2019 11:14:52] - |D| - [639488] - C:\Program Files\Windows Mail [07/12/2019 16:53:03] - |D| - [4601278] - C:\Program Files\Windows Media Player [07/12/2019 16:53:03] - |D| - [48536] - C:\Program Files\Windows Multimedia Platform [07/12/2019 11:14:52] - |D| - [6403928] - C:\Program Files\Windows NT [07/12/2019 16:53:03] - |D| - [6179784] - C:\Program Files\Windows Photo Viewer [07/12/2019 16:53:03] - |D| - [48528] - C:\Program Files\Windows Portable Devices [07/12/2019 11:14:52] - |D| - [112213] - C:\Program Files\Windows Security [07/12/2019 11:14:52] - |SHD| - [0] - C:\Program Files\Windows Sidebar [07/12/2019 11:14:52] - |HD| - [2673494384] - C:\Program Files\WindowsApps [07/12/2019 11:14:52] - |D| - [2545983] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [28/10/2020 18:44:09] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER [07/12/2019 11:14:52] - |D| - [31331195] - C:\Program Files (x86)\Common Files\Microsoft Shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [07/12/2019 11:14:52] - |D| - [9573259] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [07/12/2019 11:14:52] - |D| - [44669145] - C:\Program Files\Common files\microsoft shared [07/12/2019 11:14:52] - |D| - [2702] - C:\Program Files\Common files\Services [07/12/2019 11:14:52] - |D| - [10581899] - C:\Program Files\Common files\System ---------- | Links to files C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\system32\notepad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\system32\mspaint.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\system32\quickassist.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\system32\mstsc.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\system32\SnippingTool.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\system32\psr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\system32\charmap.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\system32\comexp.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\system32\dfrgui.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\system32\cleanmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\system32\eventvwr.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\system32\iscsicpl.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\system32\MdSched.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\system32\odbcad32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\system32\perfmon.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\system32\RecoveryDrive.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\system32\perfmon.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\system32\services.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\system32\msconfig.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\system32\msinfo32.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\system32\taskschd.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\system32\WF.msc - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\Control.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Outils Microsoft Office 2010\Bibliothèque multimédia Microsoft.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Outils Microsoft Office 2010\Microsoft Office 2010 Centre de téléchargement.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Outils Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Français)\Outils Microsoft Office 2010\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\system32\diskmgmt.msc - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\system32\eventvwr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\system32\mblctr.exe - Status : OK C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\system32\narrator.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\system32\osk.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Public\Desktop\Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\system32\diskmgmt.msc - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\system32\eventvwr.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\system32\mblctr.exe - Status : OK C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\firefox.exe - Raccourci.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Office\Recent\proposition ETE 2021.docx.LNK -> C:\Users\Utilisateur\Desktop\proposition ETE 2021.docx - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Office\Recent\PROPOSITION ETE 2022.docx.LNK -> C:\Users\Utilisateur\Desktop\PROPOSITION ETE 2022.docx - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK -> C:\Users\Utilisateur\AppData\Roaming\Microsoft\Templates - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\073dd32bf9d7e5057e7650f3ea2826da.png.lnk -> C:\Users\Utilisateur\Desktop\073dd32bf9d7e5057e7650f3ea2826da.png - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\1136_libertemodif.jpg.lnk -> C:\Users\Utilisateur\Desktop\1136_libertemodif.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\19020ac(1).pdf.lnk -> C:\Users\Utilisateur\Desktop\19020ac(1).pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\19020ac.pdf.lnk -> C:\Users\Utilisateur\Desktop\19020ac.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\201210_officiel_voyage_a_la_rencontre_du_temps_perdu.pdf.lnk -> C:\Users\Utilisateur\Desktop\201210_officiel_voyage_a_la_rencontre_du_temps_perdu.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\20171023.jpg.lnk -> C:\Users\Utilisateur\Desktop\20171023.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\20220220_142013.jpg.lnk -> C:\Users\Utilisateur\Desktop\20220220_142013.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\253A17C13F814AF7B2D99AF1FF74877A[24110918].png.lnk -> C:\Users\Utilisateur\Desktop\253A17C13F814AF7B2D99AF1FF74877A[24110918].png - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\31353.pdf.lnk -> C:\Users\Utilisateur\Desktop\31353.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\36907.gif.lnk -> C:\Users\Utilisateur\Desktop\36907.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\3790.jpg.lnk -> C:\Users\Utilisateur\Desktop\3790.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\3793.jpg.lnk -> C:\Users\Utilisateur\Desktop\3793.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\3796.jpg.lnk -> C:\Users\Utilisateur\Desktop\3796.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\4-moon-night-1885-Romantic-Ivan-Aivazovsky-Russian.jpg.lnk -> C:\Users\Utilisateur\Desktop\4-moon-night-1885-Romantic-Ivan-Aivazovsky-Russian.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\4bn43ff41fb5dcz6ho_800C450.jpg.lnk -> C:\Users\Utilisateur\Desktop\4bn43ff41fb5dcz6ho_800C450.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\573040.webp.lnk -> C:\Users\Utilisateur\Desktop\573040.webp - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\5916777.20220323_203606_231.CRAM_P.pdf.lnk -> C:\Users\Utilisateur\Desktop\5916777.20220323_203606_231.CRAM_P.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\7a9de257487478e08c46b74602cd99de.gif.lnk -> C:\Users\Utilisateur\Desktop\7a9de257487478e08c46b74602cd99de.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\A31008-M2501-F101-1-2X19_01-04-2018_fr_CH.pdf.lnk -> C:\Users\Utilisateur\Desktop\A31008-M2501-F101-1-2X19_01-04-2018_fr_CH.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Addition.txt.lnk -> C:\Users\Utilisateur\Desktop\Addition.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\aivazoski-encheres-saint-malo.jpg.lnk -> C:\Users\Utilisateur\Desktop\aivazoski-encheres-saint-malo.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\attends-moi.fran-russe-angl-all.pdf.lnk -> C:\Users\Utilisateur\Desktop\attends-moi.fran-russe-angl-all.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\b76b985b4e678f2971c1c679cf5cc125.gif.lnk -> C:\Users\Utilisateur\Desktop\b76b985b4e678f2971c1c679cf5cc125.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\b882cd7ed356eb6cd1a5b8a404fdb3d7.jpg.lnk -> C:\Users\Utilisateur\Desktop\b882cd7ed356eb6cd1a5b8a404fdb3d7.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\BCDReport.txt.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\BCDReport.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\bgf.txt.lnk -> C:\Users\Utilisateur\Desktop\bgf.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\bienvenue-chez-patrice.jpg.lnk -> C:\Users\Utilisateur\Desktop\bienvenue-chez-patrice.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\bookmarks.html.lnk -> D:\bookmarks.html - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Bureau.lnk -> C:\Users\Utilisateur\Desktop - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture1.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture1.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture10.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture10.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture11.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture11.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture2.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture2.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture3.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture3.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture4.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture4.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture5.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture5.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture6.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture6.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture7.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture7.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture8.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture8.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Capture9.PNG.lnk -> C:\Users\Utilisateur\Desktop\Capture9.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Cature.PNG.lnk -> C:\Users\Utilisateur\Desktop\Cature.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ccsetup587.zip.lnk -> C:\Users\Utilisateur\Desktop\ccsetup587.zip - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ccsetup588.zip.lnk -> C:\Users\Utilisateur\Desktop\ccsetup588.zip - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ccsetup589.zip.lnk -> C:\Users\Utilisateur\Desktop\ccsetup589.zip - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ccsetup590.zip.lnk -> C:\Users\Utilisateur\Desktop\ccsetup590.zip - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ccsetup591.zip.lnk -> C:\Users\Utilisateur\Desktop\ccsetup591.zip - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ciné.txt.lnk -> C:\Users\Utilisateur\Desktop\ciné.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Confirmation.pdf.lnk -> C:\Users\Utilisateur\Desktop\Confirmation.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Cpture.PNG.lnk -> C:\Users\Utilisateur\Desktop\Cpture.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Cre.PNG.lnk -> C:\Users\Utilisateur\Desktop\Cre.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Cture.PNG.lnk -> C:\Users\Utilisateur\Desktop\Cture.PNG - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\dba64e04db0547915f83e5eea337029b.gif.lnk -> C:\Users\Utilisateur\Desktop\dba64e04db0547915f83e5eea337029b.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Dentifrice-Signal-Systeme-Blancheur-Revitalize-tube-1024x434.jpeg.lnk -> C:\Users\Utilisateur\Desktop\Dentifrice-Signal-Systeme-Blancheur-Revitalize-tube-1024x434.jpeg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Documents.lnk -> C:\Users\Utilisateur\Documents - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Dostoievski-crime-1.pdf.lnk -> C:\Users\Utilisateur\Desktop\Dostoievski-crime-1.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\doute.txt.lnk -> C:\Users\Utilisateur\Desktop\doute.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\entresto-epar-product-information_fr(1).pdf.lnk -> C:\Users\Utilisateur\Desktop\entresto-epar-product-information_fr(1).pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\entresto-epar-product-information_fr.pdf.lnk -> C:\Users\Utilisateur\Desktop\entresto-epar-product-information_fr.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\facture_freemobile_20220304.pdf.lnk -> C:\Users\Utilisateur\Desktop\facture_freemobile_20220304.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Facture_Free_202203_2407463_1095649820.pdf.lnk -> C:\Users\Utilisateur\Desktop\Facture_Free_202203_2407463_1095649820.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\fich.html.lnk -> C:\Users\Utilisateur\Desktop\fich.html - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\fleur.jpg.lnk -> C:\Users\Utilisateur\Desktop\fleur.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\fleur.txt.lnk -> C:\Users\Utilisateur\Desktop\fleur.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\FMNc-NUWYAMpCps.jpg.lnk -> C:\Users\Utilisateur\Desktop\FMNc-NUWYAMpCps.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\FMShMJjWQAMOLi5.jpg.lnk -> C:\Users\Utilisateur\Desktop\FMShMJjWQAMOLi5.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\FMSOPagXIAcmuUz.jpg.lnk -> C:\Users\Utilisateur\Desktop\FMSOPagXIAcmuUz.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\fronde 1.png.lnk -> C:\Users\Utilisateur\Desktop\fronde 1.png - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\gastro-digest-fra.pdf.lnk -> C:\Users\Utilisateur\Desktop\gastro-digest-fra.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Gestionnaire de périphériques.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\gif-rire-115.gif.lnk -> C:\Users\Utilisateur\Desktop\gif-rire-115.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\HOSTS.txt.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\HOSTS.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\hqdefault.jpg.lnk -> C:\Users\Utilisateur\Desktop\hqdefault.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\https--go.microsoft.com-fwlink-linkid=142185&name=TrojanWin32-Wacatac.B!ml&threatid=2147735505.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Images.lnk -> C:\Users\Utilisateur\Pictures - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\IMG-20220322-WA0007.jpeg.lnk -> C:\Users\Utilisateur\Desktop\IMG-20220322-WA0007.jpeg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\imgres.htm.lnk -> C:\Users\Utilisateur\Desktop\imgres.htm - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\index.jpg.lnk -> C:\Users\Utilisateur\Desktop\index.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Internet.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\journal.txt.lnk -> C:\Users\Utilisateur\Desktop\journal.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\KINGSTON (D).lnk -> D:\ - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\KLklVHfeCyg_Derriere-le-rideau1.pps.lnk -> C:\Users\Utilisateur\Desktop\KLklVHfeCyg_Derriere-le-rideau1.pps - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\lapix.txt.lnk -> C:\Users\Utilisateur\Desktop\lapix.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\LBwvzEQaczH_Où-m-emmènes--tu-pour-diner--.pps.lnk -> C:\Users\Utilisateur\Desktop\LBwvzEQaczH_Où-m-emmènes--tu-pour-diner--.pps - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\LEurope-de-lAtlantique-a-lOural(1).pdf.lnk -> C:\Users\Utilisateur\Desktop\LEurope-de-lAtlantique-a-lOural(1).pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\LEurope-de-lAtlantique-a-lOural.pdf.lnk -> C:\Users\Utilisateur\Desktop\LEurope-de-lAtlantique-a-lOural.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Licence.txt.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\Licence.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\location-chalet-montagne-1.jpg.lnk -> C:\Users\Utilisateur\Desktop\location-chalet-montagne-1.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\M-MDPIE2-2021-001.pdf.lnk -> C:\Users\Utilisateur\Desktop\M-MDPIE2-2021-001.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\microsoft-edgehttps--www.bing.com-searchq=Quiz+sur+les+destinations+hivernales&setmkt=fr-fr&setlang=fr-fr&form=M4028F&OCID=M4028F.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\microsoft-edgehttps--www.bing.com-searchq=Quiz+sur+les+parcs+nationaux&setmkt=fr-fr&setlang=fr-fr&form=M4028M&OCID=M4028M.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\mimi.avi.lnk -> C:\Users\Utilisateur\Videos\Vidéos\mimi.avi - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\mimie.avi.lnk -> C:\Users\Utilisateur\Videos\Vidéos\mimie.avi - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38.lnk -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay---.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ms-gamingoverlay--kglcheck-.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ms-screenclipsource=QuickActions.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\nb_model_build_attachment_arts_and_entertainment.json.lnk -> C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\p0rz4upp.willy\personality-provider\nb_model_build_attachment_arts_and_entertainment.json - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\nb_model_build_attachment_hobbies_and_leisure.json.lnk -> C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\p0rz4upp.willy\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\noel.noel.lnk -> C:\Users\Utilisateur\Desktop\noel.noel - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\peine.txt.lnk -> C:\Users\Utilisateur\Desktop\peine.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\pensee-philosophique-jour-16-aout-T-ZdzYrX.jpeg.lnk -> C:\Users\Utilisateur\Desktop\pensee-philosophique-jour-16-aout-T-ZdzYrX.jpeg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\personality-provider.lnk -> C:\Users\Utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\p0rz4upp.willy\personality-provider - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\phpozF7Kv.webp.lnk -> C:\Users\Utilisateur\Desktop\phpozF7Kv.webp - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\poisson-d-avril-poisson-avril.gif.lnk -> C:\Users\Utilisateur\Desktop\poisson-d-avril-poisson-avril.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\pol.txt.lnk -> C:\Users\Utilisateur\Desktop\pol.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Poutine_Ioulia_Timochenko_m.jpg.lnk -> C:\Users\Utilisateur\Desktop\Poutine_Ioulia_Timochenko_m.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\profile_count_308046B0AF4A39CB.json.lnk -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\profile_count_308046B0AF4A39CB.json - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\PROPOSITION ETE 2022.docx.lnk -> C:\Users\Utilisateur\Desktop\PROPOSITION ETE 2022.docx - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Register.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\Quarantine\ZHPFix\Register - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Restaurant near Sanyou Cave above the Chang Jiang river, Hubei , China_1600x900.jpg.lnk -> C:\Users\Utilisateur\Desktop\Restaurant near Sanyou Cave above the Chang Jiang river, Hubei , China_1600x900.jpg - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\rire-image-animee-0008.gif.lnk -> C:\Users\Utilisateur\Desktop\rire-image-animee-0008.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\russie.txt.lnk -> C:\Users\Utilisateur\Desktop\russie.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (10).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (11).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (12).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (13).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (14).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (2).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (3).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (4).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (5).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (6).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (7).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (8).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7) (9).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Sauvegarder et restaurer (Windows 7).lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Shortcut.txt.lnk -> C:\Users\Utilisateur\Desktop\Shortcut.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\SIMP_48173422032515210.pdf.lnk -> C:\Users\Utilisateur\Desktop\SIMP_48173422032515210.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\site.lnk -> C:\Users\Utilisateur\Documents\site - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Système et sécurité.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Tableau prefecture publicite 2018 12 28.pdf.lnk -> C:\Users\Utilisateur\Desktop\Tableau prefecture publicite 2018 12 28.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\taux.txt.lnk -> C:\Users\Utilisateur\Desktop\taux.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Tempo.txt.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\Tempo.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\test.html.lnk -> C:\Users\Utilisateur\Documents\site\test.html - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\test.txt.lnk -> C:\Users\Utilisateur\Desktop\test.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\TraceZHPCleaner.txt.lnk -> C:\Users\Utilisateur\Desktop\TraceZHPCleaner.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Traitement_endoscopique_de_lHBP_par_laser2.pdf.lnk -> C:\Users\Utilisateur\Desktop\Traitement_endoscopique_de_lHBP_par_laser2.pdf - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\unnamed.gif.lnk -> C:\Users\Utilisateur\Desktop\unnamed.gif - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\UpdateLock-308046B0AF4A39CB.lnk -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\video4.wmv.lnk -> C:\Users\Utilisateur\Videos\Vidéos\video4.wmv - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\Vidéos.lnk -> C:\Users\Utilisateur\Videos\Vidéos - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--fullhistory-.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\windowsdefender--threat-.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ZHP.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ZHPCleaner (R).txt.lnk -> C:\Users\Utilisateur\Desktop\ZHPCleaner (R).txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.txt.lnk -> C:\Users\Utilisateur\Desktop\ZHPDiag.txt - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\SendTo\Transfert de fichiers Bluetooth.LNK -> C:\Windows\System32\fsquirt.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\system32\narrator.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\system32\osk.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Users\Utilisateur\Desktop\CCleaner64.exe - Raccourci.lnk -> C:\Users\Utilisateur\Documents\ccleaner\CCleaner64.exe - Status : OK C:\Users\Utilisateur\Desktop\firefox.exe - Raccourci.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe - Status : OK C:\Users\Utilisateur\Desktop\PhotoFiltre7.exe - Raccourci.lnk -> C:\Users\Utilisateur\Documents\PhotoFiltre7\PhotoFiltre7.exe - Status : OK C:\Users\Utilisateur\Desktop\SumatraPDF-3.3.3-64.exe - Raccourci.lnk -> C:\Users\Utilisateur\Documents\Sumatra\SumatraPDF-3.3.3-64.exe - Status : OK C:\Users\Utilisateur\Desktop\ZHPCleaner.lnk -> C:\Users\Utilisateur\ZHPCleaner.exe - Status : OK C:\Users\Utilisateur\Desktop\ZHPSuite.lnk -> C:\Users\Utilisateur\AppData\Roaming\ZHP\ZHPSuite.exe - Status : OK C:\Users\Utilisateur\Links\Desktop.lnk -> C:\Users\Utilisateur\Desktop - Status : OK C:\Users\Utilisateur\Links\Downloads.lnk -> C:\Users\Utilisateur\Downloads - Status : OK C:\Users\Utilisateur\Music\Documents - Raccourci.lnk -> C:\Users\Utilisateur\Documents - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\system32\notepad.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\system32\diskmgmt.msc - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\system32\eventvwr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\system32\mblctr.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Destinataire de télécopie.lnk -> C:\Windows\System32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\system32\narrator.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\system32\osk.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\system32\notepad.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - Status : OK C:\Windows\WinSxS\amd64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_aae8e58aa310aa7d\Event Viewer.lnk -> C:\Windows\system32\eventvwr.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.19041.1_none_a87cce111f2d21d5\Hyper-V Manager.lnk -> C:\Windows\System32\mmc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.746_none_b8eadbf8a9c907b3\Steps Recorder.lnk -> C:\Windows\system32\psr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..-disposableclientvm_31bf3856ad364e35_10.0.19041.985_none_c3639a9e3ab1a351\Windows Sandbox.lnk -> C:\Windows\system32\WindowsSandbox.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.19041.1_none_88835f4d79d6a242\Component Services.lnk -> C:\Windows\system32\comexp.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.746_none_290f6af7d5263efa\Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-charmap_31bf3856ad364e35_10.0.19041.1_none_a84acae243b8ad63\Character Map.lnk -> C:\Windows\system32\charmap.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\Disk Cleanup.lnk -> C:\Windows\system32\cleanmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-commandprompt-shortcut_31bf3856ad364e35_10.0.19041.1_none_efaf63248e6d4479\Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..-tools-mmc-adsiedit_31bf3856ad364e35_10.0.19041.1466_none_27d69d4b8f185d67\ADSIEdit.lnk -> C:\Windows\system32\adsiedit.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-sitesandservices_31bf3856ad364e35_10.0.19041.746_none_7d35d325c812757b\Active Directory Sites and Services.lnk -> C:\Windows\system32\dssite.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-d..services-adam-setup_31bf3856ad364e35_10.0.19041.746_none_1a1e8292dcf10728\ADAM Install.lnk -> C:\Windows\ADAM\adaminstall.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.19041.746_none_770f598aef14382e\dfrgui.lnk -> C:\Windows\system32\dfrgui.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-e..er-server-shortcuts_31bf3856ad364e35_10.0.19041.1_none_5e85a7ed6f490164\Administrative Tools.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\01a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02 - Command Prompt.lnk -> C:\Windows\system32\cmd.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\02a - Windows PowerShell.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\03 - Computer Management.lnk -> C:\Windows\system32\compmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04 - Disk Management.lnk -> C:\Windows\system32\diskmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\04-1 - NetworkStatus.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\05 - Device Manager.lnk -> C:\Windows\system32\control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\06 - SystemAbout.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\07 - Event Viewer.lnk -> C:\Windows\system32\eventvwr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\08 - PowerAndSleep.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\09 - Mobility Center.lnk -> C:\Windows\system32\mblctr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Desktop.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\1 - Run.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\10 - AppsAndFeatures.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\2 - Search.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\4 - Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\5 - Task Manager.lnk -> C:\Windows\system32\taskmgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\computer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Control Panel.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\File Explorer.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Run.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Shows Desktop.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\Window Switcher.lnk -> - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1415_none_eda4f56addac5a98\Windows Fax and Scan.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1586_none_eda110bcddae418b\Fax Recipient.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.1586_none_eda110bcddae418b\Windows Fax and Scan.lnk -> C:\Windows\system32\WFS.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1387_none_8f7af7ce4c3f80e1\Immersive Control Panel.lnk -> C:\Windows\System32\Control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1566_none_8f636e2a4c516c74\Immersive Control Panel.lnk -> C:\Windows\System32\Control.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-clientshortcuts_31bf3856ad364e35_10.0.19041.1_none_9f9e4023b60d2433\IIS Client Manager.lnk -> C:\Windows\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.19041.906_none_5f45625010b4cd19\IIS6 Manager.lnk -> C:\Windows\system32\inetsrv\InetMgr6.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.19041.906_none_65f82ba919c64b11\IIS Manager.lnk -> C:\Windows\system32\inetsrv\InetMgr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.19041.1_none_8ddc3834fb6f659f\iSCSI Initiator.lnk -> C:\Windows\system32\iscsicpl.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\ODBC Data Sources (64-bit).lnk -> C:\Windows\system32\odbcad32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\Memory Diagnostics Tool.lnk -> C:\Windows\system32\MdSched.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1566_none_e2d33b2e4df989bf\Magnify.lnk -> C:\Windows\system32\magnify.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-shortcut_31bf3856ad364e35_10.0.19041.1_none_64c27fc7ed12e401\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.19041.1110_none_4f46693352ed3250\System Configuration.lnk -> C:\Windows\system32\msconfig.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1110_none_20a89186aedb6af7\System Information.lnk -> C:\Windows\system32\msinfo32.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\Paint.lnk -> C:\Windows\system32\mspaint.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.789_none_9beee4eb02a5f8c7\Narrator.lnk -> C:\Windows\system32\narrator.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-nfs-adminmmc_31bf3856ad364e35_10.0.19041.1_none_9da8f6be034114e3\Services For Network File System.lnk -> C:\Windows\system32\nfsmgmt.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1320_none_e3d2189d253c2e6b\Notepad.lnk -> C:\Windows\system32\notepad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1566_none_e3bff13d2549656f\Notepad.lnk -> C:\Windows\system32\notepad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.19041.1_none_60ade0eff94c37fc\On-Screen Keyboard.lnk -> C:\Windows\system32\osk.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Performance Monitor.lnk -> C:\Windows\system32\perfmon.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.19041.746_none_7a0308f7ffc334d5\Resource Monitor.lnk -> C:\Windows\system32\perfmon.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE (x86).lnk -> C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-powershell-ise_31bf3856ad364e35_10.0.19041.1_none_1ed6cb15a1b51b10\Windows PowerShell ISE.lnk -> C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1387_none_72bdb9e123faa487\Quick Assist.lnk -> C:\Windows\system32\quickassist.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1566_none_72a6303d240c901a\Quick Assist.lnk -> C:\Windows\system32\quickassist.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.19041.1237_none_9d556cf140e198b4\RecoveryDrive.lnk -> C:\Windows\system32\RecoveryDrive.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_d22800313aa7eb5c\Registry Editor.lnk -> C:\Windows\regedit.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_10.0.19041.1_none_0f506321e073254e\Security Configuration Management.lnk -> C:\Windows\system32\secpol.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.19041.1_none_8554f027e5186b5e\services.lnk -> C:\Windows\system32\services.msc - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_10.0.19041.746_none_77bd4cfbe87238a7\Snipping Tool.lnk -> C:\Windows\system32\SnippingTool.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_10.0.19041.746_none_a89acde4afbab635\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1266_none_c2a2211ad648e627\Remote Desktop Connection.lnk -> C:\Windows\system32\mstsc.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1202_none_a27aa61d221bdc5c\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft-windows-wordpad_31bf3856ad364e35_10.0.19041.1566_none_a25fdcf5222f2ebd\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_microsoft.windows.powershell.common_31bf3856ad364e35_10.0.19041.1_none_e6d05ddbba96a35b\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-logcollector_31bf3856ad364e35_10.0.19041.1_none_56138d203a7fc4cf\MultiPoint Log Collector.lnk -> C:\Program Files\Windows MultiPoint Server\LogCollector.exe - Status : OK C:\Windows\WinSxS\amd64_multipoint-wmsmanager_31bf3856ad364e35_10.0.19041.1_none_d1ffdc3927836528\MultiPoint Manager.lnk -> C:\Program Files\Windows MultiPoint Server\WmsManager.exe - Status : OK C:\Windows\WinSxS\amd64_networking-mpssvc-shortcut_31bf3856ad364e35_10.0.19041.1_none_3b48028dac22b3be\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\system32\WF.msc - Status : OK C:\Windows\WinSxS\amd64_taskschedulersettings_31bf3856ad364e35_10.0.19041.1_none_00dc114da3ba6b01\Task Scheduler.lnk -> C:\Windows\system32\taskschd.msc - Status : OK C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.lnk -> C:\Program Files\Hyper-V\VMCreate.exe - Status : OK C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\MultiPoint Dashboard.lnk -> C:\Program Files\Windows MultiPoint Server\WmsDashboard.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_04959f34117554a3\ODBC Data Sources (32-bit).lnk -> C:\Windows\syswow64\odbcad32.exe - Status : OK C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\OneDrive\OneDrive.exe - Status : OK ---------- | Tasks [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [27/09/2020 09:51:42] - |AH| - [6] - C:\Windows\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [31/10/2020 10:48:28] - |D| - [2632] - C:\Windows\System32\Tasks\Agent Activation Runtime [MD5.4ECBC4D8D70EC07F1A25875A8AAC1C4B] - [16/11/2021 18:11:44] - |A| - [2960] - C:\Windows\System32\Tasks\CCleanerSkipUAC - Utilisateur : "C:\Users\Utilisateur\Documents\ccleaner\CCleaner64.exe" [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [606312] - C:\Windows\System32\Tasks\Microsoft [MD5.0D0C618594B50A5D840E6E93A47C62B9] - [27/09/2020 09:53:36] - |A| - [3510] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.9E83BBB4CECDEE6075B35E327526C0C9] - [27/09/2020 09:53:36] - |A| - [3634] - C:\Windows\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA : C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [MD5.00000000000000000000000000000000] - [23/03/2022 17:32:42] - |D| - [4874] - C:\Windows\System32\Tasks\Mozilla [MD5.00000000000000000000000000000000] - [28/10/2020 18:30:15] - |D| - [4522] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.5BCBB8BD8F6F979C0DE4214D5AAF96E1] - [27/09/2020 09:59:38] - |A| - [3394] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3815178331-2204352776-922299370-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.808E47B2A43A5203232793656FA5DF0B] - [29/10/2020 01:13:21] - |A| - [2854] - C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-689131383-3917851706-2055228383-500 : %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [MD5.00000000000000000000000000000000] - [07/12/2019 11:14:52] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver| "{9524948D-2DF0-4AE1-81D2-15379AF411D8}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt?ms-resource://AppUp.IntelGraphicsExperience/Resources/System_Item_Title_IntelGraphicsControlPanel}|Desc=@{AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt?ms-resource://AppUp.IntelGraphicsExperience/Resources/System_Item_Title_IntelGraphicsControlPanel}|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-550378684-1537206484-183059731-190685656-3791983998-2183447881-322861850|EmbedCtxt=@{AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt?ms-resource://AppUp.IntelGraphicsExperience/Resources/System_Item_Title_IntelGraphicsControlPanel}|Platform=2:6:2|Platform2=GTEQ| "{7D03915A-25E5-48DF-89C9-CE4408A3EED7}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ| "{98EA62D4-90F9-4BB5-A8E6-5D1AFCDAB509}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar|Desc=Xbox Game Bar|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox Game Bar|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DBF5FC52-6ABD-46D0-8D1C-65625196018B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ| "{CCA7A48C-4604-45D2-9416-3D94AB9F8788}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Cortana|Desc=Cortana|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1880626798-2296700190-2192216202-2581987570-949377748-777141861-2889999867|EmbedCtxt=Cortana|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{D5E6BFD6-9741-42A0-9EA4-E853F787E9C3}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{27B95E30-5DB0-4302-A5DC-F7DBB7C88435}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote for Windows 10|Desc=OneNote for Windows 10|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote for Windows 10|Platform=2:6:2|Platform2=GTEQ| "{F20BAA84-D8BC-43FA-94C6-591B113EDF2B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ| "{5E48BDA2-4B81-497D-BCF1-F486E528171E}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Store|Desc=Microsoft Store|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=Microsoft Store|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{5B9F8660-3828-4C94-B2DD-10331DED6A94}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{322B9F23-8DE0-4936-89E9-C66C8317A009}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-689131383-3917851706-2055228383-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{C6A99E25-4224-4BB1-B547-5D60A990C6BA}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe|Name=Microsoft Edge (mDNS-In)|Desc=Règle de trafic entrant pour Microsoft Edge pour autoriser le trafic mDNS.|EmbedCtxt=Microsoft Edge| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760f-a5c8-4bfe-b314-d56a7b44a362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2ea9b43f-3045-43b5-80f2-fd06c55fbb90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163c566-d381-4467-87bc-a65a18d5b649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5a46010e-c74b-4cb1-a041-d22759fe9f9c}] : (Sftplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6fae73b7-b735-4b50-a0da-0dc2484b1f1a}] : (HyperVideo) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81c87465-de07-4efc-9d93-61e891d52fd2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a3e32dba-ba89-4f17-8386-2d0127fbd4cc}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b95b836b-234e-4857-a1f8-d0d9a9bec1c5}] : (vmbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}] : (ComputeAccelerator) [] -> @c_computeaccelerator.inf,%ClassDesc%;Compute accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [28/12/2019 02:21:42] - (10.0.0.929) - (Qualcomm - BT Filter) - C:\Windows\System32\drivers\btfilter.sys [12/10/2021 19:37:46] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\CimFS.SYS [30/08/2019 04:50:06] - (12.0.0.929) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\Windows\System32\drivers\Qcamain10x64.sys [12/05/2020 23:29:48] - (1.0.0.5) - (Acer Incorporated - AcerAirplaneModeController) - C:\Windows\System32\drivers\AcerAirplaneModeController.sys [15/05/2020 00:52:20] - (19.0.25.10) - (Synaptics Incorporated - Synaptics I2C Driver) - C:\Windows\System32\drivers\SynRMIHID.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware (3ware) -> C:\Windows\system32\drivers\3ware.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> C:\Windows\system32\drivers\ACPI.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> C:\Windows\system32\Drivers\acpiex.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ADP80XX (ADP80XX) -> C:\Windows\system32\drivers\ADP80XX.SYS - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsata (amdsata) -> C:\Windows\system32\drivers\amdsata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdsbs (amdsbs) -> C:\Windows\system32\drivers\amdsbs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - amdxata (amdxata) -> C:\Windows\system32\drivers\amdxata.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - arcsas (Pilote miniport Storport Adaptec SAS/SATA-II RAID) -> C:\Windows\system32\drivers\arcsas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - atapi (Canal IDE) -> C:\Windows\system32\drivers\atapi.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - b06bdrv (Carte réseau QLogic VBD) -> C:\Windows\system32\drivers\bxvbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - bttflt (Filtre Microsoft Hyper-V VHDPMEM BTT) -> C:\Windows\system32\drivers\bttflt.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - cht4iscsi (cht4iscsi) -> C:\Windows\system32\drivers\cht4sx64.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - CLFS (Common Log (CLFS)) -> C:\Windows\system32\drivers\CLFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - CNG (CNG) -> C:\Windows\system32\Drivers\cng.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - disk (Pilote de disque) -> C:\Windows\system32\drivers\disk.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - ebdrv (Carte QLogic 10 Gigabit Ethernet VBD) -> C:\Windows\system32\drivers\evbda.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - EhStorClass (Enhanced Storage Filter Driver) -> C:\Windows\system32\drivers\EhStorClass.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - EhStorTcgDrv (Pilote Microsoft pour dispositif de stockage prenant en charge les protocoles IEEE 1667 et TCG) -> C:\Windows\system32\drivers\EhStorTcgDrv.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [File System Driver] - FileInfo (File Information FS MiniFilter) -> C:\Windows\system32\drivers\fileinfo.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - FltMgr (FltMgr) -> C:\Windows\system32\drivers\fltmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - fvevol (Pilote de filtre de chiffrement de lecteur BitLocker) -> C:\Windows\system32\DRIVERS\fvevol.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - HpSAMD (HpSAMD) -> C:\Windows\system32\drivers\HpSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - hwpolicy (Hardware Policy Driver) -> C:\Windows\system32\drivers\hwpolicy.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - iaStorAVC (Contrôleur RAID SATA de circuit microprogrammé Intel) -> C:\Windows\system32\drivers\iaStorAVC.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - iaStorV (Contrôleur RAID Intel Windows 7) -> C:\Windows\system32\drivers\iaStorV.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - intelide (intelide) -> C:\Windows\system32\drivers\intelide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - intelpep (Pilote de plug-in du moteur d’alimentation Intel(R)) -> C:\Windows\system32\drivers\intelpep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - iorate (Pilote du filtre du taux d’E/S du disque) -> C:\Windows\system32\drivers\iorate.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - isapnp (isapnp) -> C:\Windows\system32\drivers\isapnp.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - ItSas35i (ItSas35i) -> C:\Windows\system32\drivers\ItSas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - KSecDD (KSecDD) -> C:\Windows\system32\Drivers\ksecdd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - KSecPkg (KSecPkg) -> C:\Windows\system32\Drivers\ksecpkg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS (LSI_SAS) -> C:\Windows\system32\drivers\lsi_sas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS2i (LSI_SAS2i) -> C:\Windows\system32\drivers\lsi_sas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SAS3i (LSI_SAS3i) -> C:\Windows\system32\drivers\lsi_sas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - LSI_SSS (LSI_SSS) -> C:\Windows\system32\drivers\lsi_sss.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas (megasas) -> C:\Windows\system32\drivers\megasas.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas2i (megasas2i) -> C:\Windows\system32\drivers\MegaSas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasas35i (megasas35i) -> C:\Windows\system32\drivers\megasas35i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - megasr (megasr) -> C:\Windows\system32\drivers\megasr.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - mountmgr (Gestionnaire des points de montage) -> C:\Windows\system32\drivers\mountmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - msisadrv (msisadrv) -> C:\Windows\system32\drivers\msisadrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Mup (Mup) -> C:\Windows\system32\Drivers\mup.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - mvumis (mvumis) -> C:\Windows\system32\drivers\mvumis.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - NDIS (Pilote système NDIS) -> C:\Windows\system32\drivers\ndis.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - nvdimm (Pilote de périphérique NVDIMM Microsoft) -> C:\Windows\system32\drivers\nvdimm.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvraid (nvraid) -> C:\Windows\system32\drivers\nvraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - nvstor (nvstor) -> C:\Windows\system32\drivers\nvstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - partmgr (Gestionnaire de partitions) -> C:\Windows\system32\drivers\partmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> C:\Windows\system32\drivers\pci.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - pciide (pciide) -> C:\Windows\system32\drivers\pciide.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pcmcia (pcmcia) -> C:\Windows\system32\drivers\pcmcia.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> C:\Windows\system32\drivers\pcw.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - pdc (CDP) -> C:\Windows\system32\drivers\pdc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - percsas2i (percsas2i) -> C:\Windows\system32\drivers\percsas2i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - percsas3i (percsas3i) -> C:\Windows\system32\drivers\percsas3i.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - pmem (Pilote de disque de mémoire persistante Microsoft) -> C:\Windows\system32\drivers\pmem.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> C:\Windows\system32\DRIVERS\ramdisk.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> C:\Windows\system32\drivers\rdyboost.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - sbp2port (Pilote de bus de transport/protocole SBP-2) -> C:\Windows\system32\drivers\sbp2port.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - scmbus (Pilote de bus de mémoire de classe stockage Microsoft) -> C:\Windows\system32\drivers\scmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - SgrmAgent (System Guard Runtime Monitor Agent) -> C:\Windows\system32\drivers\SgrmAgent.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid2 (SiSRaid2) -> C:\Windows\system32\drivers\SiSRaid2.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SiSRaid4 (SiSRaid4) -> C:\Windows\system32\drivers\sisraid4.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - SmartSAMD (SmartSAMD) -> C:\Windows\system32\drivers\SmartSAMD.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - spaceport (Pilote des espaces de stockage) -> C:\Windows\system32\drivers\spaceport.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - stexstor (stexstor) -> C:\Windows\system32\drivers\stexstor.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storahci (Lecteur AHCI SATA Microsoft standard) -> C:\Windows\system32\drivers\storahci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storflt (Accélérateur de stockage Microsoft Hyper-V) -> C:\Windows\system32\drivers\vmstorfl.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - stornvme (Pilote NVM Express standard de Microsoft) -> C:\Windows\system32\drivers\stornvme.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storufs (Pilote Universal Flash Storage (UFS) Microsoft) -> C:\Windows\system32\drivers\storufs.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - storvsc (storvsc) -> C:\Windows\system32\drivers\storvsc.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Tcpip (Pilote pour protocole TCP/IP) -> C:\Windows\system32\drivers\tcpip.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - Telemetry (Service de télémétrie Intel(R)) -> C:\Windows\system32\drivers\IntelTA.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - vdrvroot (Énumérateur de lecteur virtuel Microsoft) -> C:\Windows\system32\drivers\vdrvroot.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vmbus (Bus VMBus) -> C:\Windows\system32\drivers\vmbus.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - volmgr (Pilote du gestionnaire de volumes) -> C:\Windows\system32\drivers\volmgr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volmgrx (Gestionnaire de volumes dynamiques) -> C:\Windows\system32\drivers\volmgrx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volsnap (Pilote de cliché instantané du volume) -> C:\Windows\system32\drivers\volsnap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - volume (Pilote de volume) -> C:\Windows\system32\drivers\volume.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S0 - [Kernel Driver] - vpci (Bus PCI virtuel Microsoft Hyper-V) -> C:\Windows\system32\drivers\vpci.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - vsmraid (vsmraid) -> C:\Windows\system32\drivers\vsmraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - VSTXRAID (Pilote Windows du contrôleur RAID de stockage VIA StorX) -> C:\Windows\system32\drivers\vstxraid.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False S0 - [Kernel Driver] - WdBoot (Pilote de démarrage de l’antivirus Microsoft Defender) -> C:\Windows\system32\drivers\wd\WdBoot.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R0 - [Kernel Driver] - Wdf01000 (Service Infrastructure de pilote en mode noyau) -> C:\Windows\system32\drivers\Wdf01000.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - WdFilter (Pilote du mini-filtre de l’antivirus Microsoft Defender) -> C:\Windows\system32\drivers\wd\WdFilter.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WFPLWFS (Plateforme de filtrage Microsoft Windows) -> C:\Windows\system32\drivers\wfplwfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> C:\Windows\system32\drivers\WindowsTrustedRT.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [Kernel Driver] - WindowsTrustedRTProxy (Service sécurisé d'exécution approuvée Microsoft Windows) -> C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> C:\Windows\system32\drivers\Wof.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - AFD (Pilote de fonction connexe pour Winsock) -> C:\Windows\system32\drivers\afd.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - afunix (afunix) -> C:\Windows\system32\drivers\afunix.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - ahcache (Application Compatibility Cache) -> C:\Windows\system32\DRIVERS\ahcache.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - bam (Background Activity Moderator Driver) -> C:\Windows\system32\drivers\bam.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicDisplay (BasicDisplay) -> C:\Windows\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - BasicRender (BasicRender) -> C:\Windows\system32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Beep (Beep) -> C:\Windows\system32\drivers\Beep.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> C:\Windows\system32\drivers\cdrom.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - CimFS (CimFS) -> C:\Windows\system32\drivers\CimFS.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False S1 - [Kernel Driver] - dam (Desktop Activity Moderator Driver) -> C:\Windows\system32\drivers\dam.sys - AcceptPause : False - AcceptStop : False - DesktopInteract : False R1 - [File System Driver] - Dfsc (Pilote du client de l’espace de noms DFS) -> C:\Windows\system32\Drivers\dfsc.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> C:\Windows\system32\drivers\dxgkrnl.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - FileCrypt (FileCrypt) -> C:\Windows\system32\drivers\filecrypt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - GpuEnergyDrv (GPU Energy Driver) -> C:\Windows\system32\drivers\gpuenergydrv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Msfs (Msfs) -> C:\Windows\system32\drivers\Msfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - mssmbios (Microsoft System Management BIOS Driver) -> C:\Windows\system32\drivers\mssmbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NdisCap (Capture NDIS Microsoft) -> C:\Windows\system32\drivers\ndiscap.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> C:\Windows\system32\drivers\netbios.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - NetBT (NetBT) -> C:\Windows\system32\DRIVERS\netbt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - Npfs (Npfs) -> C:\Windows\system32\drivers\Npfs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - npsvctrig (Named pipe service trigger provider) -> C:\Windows\system32\drivers\npsvctrig.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - nsiproxy (NSI Proxy Service Driver) -> C:\Windows\system32\drivers\nsiproxy.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Null (Null) -> C:\Windows\system32\drivers\Null.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Psched (Planificateur de paquets QoS) -> C:\Windows\system32\drivers\pacer.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [File System Driver] - rdbss (Sous-système de mise en mémoire tampon redirigée) -> C:\Windows\system32\DRIVERS\rdbss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - tdx (Pilote de prise en charge TDI héritée NetIO) -> C:\Windows\system32\DRIVERS\tdx.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - Vid (Vid) -> C:\Windows\system32\drivers\Vid.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> C:\Windows\system32\drivers\vwififlt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - AtherosSvc (AtherosSvc) -> C:\Windows\System32\drivers\AdminService.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - AudioEndpointBuilder (Générateur de points de terminaison du service Audio Windows) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Audiosrv (Audio Windows) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BFE (Moteur de filtrage de base) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BITS (Service de transfert intelligent en arrière-plan) -> C:\Windows\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - BrokerInfrastructure (Service d’infrastructure des tâches en arrière-plan) -> C:\Windows\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - CDPSvc (Service de plateforme des appareils connectés) -> C:\Windows\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CoreMessagingRegistrar (CoreMessaging) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - cplspcon (Intel(R) Content Protection HDCP Service) -> C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHDCPSvc.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - CryptSvc (Services de chiffrement) -> C:\Windows\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - cvhsvc (Client Virtualization Handler) -> "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DcomLaunch (Lanceur de processus serveur DCOM) -> C:\Windows\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - Dhcp (Client DHCP) -> C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DiagTrack (Expériences des utilisateurs connectés et télémétrie) -> C:\Windows\System32\svchost.exe -k utcsvc -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - DispBrokerDesktopSvc (Service de stratégie d'affichage) -> C:\Windows\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Dnscache (Client DNS) -> C:\Windows\system32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Share Process] - DoSvc (Optimisation de livraison) -> C:\Windows\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - DPS (Service de stratégie de diagnostic) -> C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - DusmSvc (Consommation des données) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - edgeupdate (Service Mise à jour de Microsoft Edge (edgeupdate)) -> "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - EventLog (Journal d’événements Windows) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - EventSystem (Système d’événement COM+) -> C:\Windows\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - FontCache (Service de cache de police Windows) -> C:\Windows\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Share Process] - gpsvc (Client de stratégie de groupe) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - igccservice (Intel(R) Graphics Command Center Service) -> C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - igfxCUIService2.0.0.0 (Intel(R) HD Graphics Control Panel Service) -> C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIServiceN.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : False S2 - [Own Process] - IntelAudioService (Intel(R) Audio Service) -> C:\Windows\system32\cAVS\IAS\IntelAudioService.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - iphlpsvc (Assistance IP) -> C:\Windows\System32\svchost.exe -k NetSvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanServer (Serveur) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LanmanWorkstation (Station de travail) -> C:\Windows\System32\svchost.exe -k NetworkService -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - LSM (Gestionnaire de session locale) -> C:\Windows\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False S2 - [Own Process] - MapsBroker (Gestionnaire des cartes téléchargées) -> C:\Windows\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - mpssvc (Pare-feu Windows Defender) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - NlaSvc (Connaissance des emplacements réseau) -> C:\Windows\System32\svchost.exe -k NetworkService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - nsi (Service Interface du magasin réseau) -> C:\Windows\system32\svchost.exe -k LocalService -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Power (Alimentation) -> C:\Windows\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ProfSvc (Service de profil utilisateur) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - QcomWlanSrv (Qualcomm Atheros WLAN Driver Service) -> C:\Windows\System32\drivers\QcomWlanSrvx64.exe - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RasMan (Gestionnaire des connexions d’accès à distance) -> C:\Windows\System32\svchost.exe -k netsvcs - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - RpcEptMapper (Mappeur de point de terminaison RPC) -> C:\Windows\system32\svchost.exe -k RPCSS -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - RpcSs (Appel de procédure distante (RPC)) -> C:\Windows\system32\svchost.exe -k rpcss -p - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Own Process] - RtkAudioUniversalService (Realtek Audio Universal Service) -> "C:\Windows\System32\RtkAudUService64.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SamSs (Gestionnaire de comptes de sécurité) -> C:\Windows\system32\lsass.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - Schedule (Planificateur de tâches) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SENS (Service de notification d’événements système) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - sftlist (Application Virtualization Client) -> "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - SgrmBroker (Service Broker du moniteur d'exécution System Guard) -> C:\Windows\system32\SgrmBroker.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - ShellHWDetection (Détection matériel noyau) -> C:\Windows\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Spooler (Spouleur d’impression) -> C:\Windows\System32\spoolsv.exe - AcceptPause : False - AcceptStop : True - DesktopInteract : True S2 - [Own Process] - sppsvc (Protection logicielle) -> C:\Windows\system32\sppsvc.exe - AcceptPause : False - AcceptStop : False - DesktopInteract : False R2 - [Share Process] - StorSvc (Service de stockage) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SysMain (SysMain) -> C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - SystemEventsBroker (Service Broker des événements système) -> C:\Windows\system32\svchost.exe -k DcomLaunch -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Themes (Thèmes) -> C:\Windows\System32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - TrkWks (Client de suivi de lien distribué) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UserManager (Gestionnaire des utilisateurs) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - UsoSvc (Mettre à jour le service Orchestrator) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - Wcmsvc (Gestionnaire des connexions Windows) -> C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WinDefend (Service antivirus Microsoft Defender) -> "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe" - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - Winmgmt (Infrastructure de gestion Windows) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : True - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WlanSvc (Service de configuration automatique WLAN) -> C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - WpnService (Service du système de notifications Push Windows) -> C:\Windows\system32\svchost.exe -k netsvcs -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Share Process] - wscsvc (Centre de sécurité) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Own Process] - WSearch (Windows Search) -> C:\Windows\system32\SearchIndexer.exe /Embedding - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - CDPUserSvc_4b6215 (Service pour utilisateur de plateforme d’appareils connectés_4b6215) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - OneSyncSvc_4b6215 (Hôte de synchronisation_4b6215) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Unknown] - WpnUserService_4b6215 (Service utilisateur de notifications Push Windows_4b6215) -> C:\Windows\system32\svchost.exe -k UnistackSvcGroup - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - bindflt (Windows Bind Filter Driver) -> C:\Windows\system32\drivers\bindflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> C:\Windows\system32\drivers\cldflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - lltdio (Pilote E/S de mappage de découverte de topologie de la couche de liaison) -> C:\Windows\system32\drivers\lltdio.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - luafv (Virtualisation de fichier UAC) -> C:\Windows\system32\drivers\luafv.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MMCSS (Multimedia Class Scheduler) -> C:\Windows\system32\drivers\mmcss.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - MsLldp (Protocole LLDP (Link Layer Discovery Protocol) Microsoft) -> C:\Windows\system32\drivers\mslldp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - Ndu (Windows Network Data Usage Monitoring Driver) -> C:\Windows\system32\drivers\Ndu.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> C:\Windows\system32\drivers\peauth.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - rspndr (Répondeur de découverte de la topologie de la couche de liaison) -> C:\Windows\system32\drivers\rspndr.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - storqosflt (Pilote de filtre de qualité de service de stockage) -> C:\Windows\system32\drivers\storqosflt.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> C:\Windows\system32\drivers\tcpipreg.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [Kernel Driver] - wanarp (Pilote ARP IP d’accès à distance) -> C:\Windows\system32\DRIVERS\wanarp.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False R2 - [File System Driver] - wcifs (Windows Container Isolation) -> C:\Windows\system32\drivers\wcifs.sys - AcceptPause : False - AcceptStop : True - DesktopInteract : False ---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted) ---------- | Uninstall (Whitelist) [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 98.0.2 (x64 fr)] : (Mozilla Firefox (x64 fr).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Microsoft Edge Update] : (Microsoft Edge Update.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Thunderbird 91.7.0 (x86 fr)] : (Mozilla Thunderbird (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> ---------- | Ports ---------- | Installer [HKCR\Installer\Products\3BDB0510DFFA1A74DA8BED6056E83B2B] : Contrôle d’intégrité du PC Windows -> C:\Windows\Installer\{0150BDB3-AFFD-47A1-ADB8-DE06658EB3B2}\ArpIcon.ico ---------- | UserSettings [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.AccountsControl_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.ScreenSketch_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.549981C3F5F10_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsMaps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.SkypeApp_kzf8qxf38zg5c [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.BingWeather_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Getstarted_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.People_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.BingNews_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.GetHelp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\wlrmdr.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\ccleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\AppData\Roaming\ZHP\ZHPSuite.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\AppData\Roaming\ZHP\ZHPCleaner.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\sdclt.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\cmd.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\ZHPSuite.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\notepad.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\PhotoFiltre7\PhotoFiltre7.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\SnippingTool.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\ZHPCleaner.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Desktop\FRST64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\Sumatra\SumatraPDF-3.3.3-64.exe [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Desktop\QuickDiag.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[Description] : @%SystemRoot%\system32\powrprof.dll,-14,Automatically balances performance with energy consumption on capable hardware. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-15,Balanced (recommended) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1400,Favor performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\3af9B8d9-7c97-431d-ad78-34a8bfea439f]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1401,High Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[Description] : @%SystemRoot%\system32\powrprof.dll,-12,Favors performance, but may use more energy. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-13,High Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1404,Favor energy savings over performance. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\961cc777-2547-4f9d-8174-7d86181b8a7a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1405,Better Battery-life Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[Description] : @%SystemRoot%\system32\powrprof.dll,-10,Saves energy by reducing your computer performance where possible. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\a1841308-3541-4fab-bc81-f71556f20b4a]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-11,Power Saver [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[Description] : @%SystemRoot%\system32\powrprof.dll,-1402,Maximize bias towards performance instead of energy savings. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\ded574b5-45a0-4f42-8737-46345c09c238]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-1403,Max Performance Overlay [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[Description] : @%SystemRoot%\system32\powrprof.dll,-18,Provides ultimate performance on higher end PCs. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e9a42b02-d5df-448d-aa00-03f14749eb61]~[FriendlyName] : @%SystemRoot%\system32\powrprof.dll,-19,Ultimate Performance [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Version [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|SequenceNumber [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Search_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|MicrosoftWindows.Client.CBS_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|windows.immersivecontrolpanel_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsStore_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.AccountsControl_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.XboxGamingOverlay_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.SecHealthUI_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Windows.Photos_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.ScreenSketch_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.549981C3F5F10_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.ZuneVideo_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.LockApp_cw5n1h2txyewy [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsCalculator_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|microsoft.windowscommunicationsapps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.WindowsMaps_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.SkypeApp_kzf8qxf38zg5c [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.BingWeather_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.Getstarted_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.People_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.BingNews_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|Microsoft.GetHelp_8wekyb3d8bbwe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\explorer.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\wlrmdr.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\ApplicationFrameHost.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\ccleaner\CCleaner64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\AppData\Roaming\ZHP\ZHPSuite.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\AppData\Roaming\ZHP\ZHPCleaner.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\sdclt.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\cmd.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\ZHPSuite.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\notepad.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\PhotoFiltre7\PhotoFiltre7.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Windows\System32\SnippingTool.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\ZHPCleaner.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Desktop\FRST64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Documents\Sumatra\SumatraPDF-3.3.3-64.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-689131383-3917851706-2055228383-1001]|\Device\HarddiskVolume3\Users\Utilisateur\Desktop\QuickDiag.exe ---------- | ADS ---------- | 20 LastEventLog Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Impossible d’initialiser l’index. Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser l’application. Contexte : Application Windows Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser l’objet rassembleur. Contexte : Application Windows, Catalogue SystemIndex Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser le plug-in dans . Contexte : Application Windows, Catalogue SystemIndex Détails : L’objet spécifié est introuvable. Spécifiez le nom d’un objet existant. (HRESULT : 0x80040d06) (0x80040d06) ------------ Impossible d’initialiser le gestionnaire plug-in . Contexte : Application Windows Détails : (HRESULT : 0x8e5e0713) (0x8e5e0713) ------------ Le service de recherche Windows a été arrêté à cause d’un problème avec l’indexeur : The catalog is corrupt. Détails : Le catalogue d’index des contenus est endommagé. 0xc0041801 (0xc0041801) ------------ Le service de recherche a détecté des fichiers de données endommagés dans l’index {id=4810 - onecoreuap\base\appmodel\search\search\ytrip\common\util\jetutil.cpp (310)}. Le service tentera de corriger automatiquement ce problème en recréant l’index. Détails : 0x8e5e0713 (0x8e5e0713) ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x8007045b, Un arrêt système est en cours. . ------------ Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x8007045b, Un arrêt système est en cours. ] ------------ Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}): DownloadLatest Failed: État HTTP 403 : Le client n’a pas les droits d’accès suffisants à l’objet serveur demandé. ------------ ----------( EOF)---------- - 4481 | 07:34:39