--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 28/02/2019 14:56:28

Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+00:00) Monrovia, Reykjavik
[PAVILION (Administrator)] - [HP] (S-1-5-21-1250962233-688348625-1058799670-1001)

System: Microsoft Windows 8.1 Professionnel - - (6.3.9600) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 8.1 Professionnel|C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: HP Pavilion 17 Notebook PC      - Hewlett-Packard - IdNumber: TJ1603J0HG - UUID: 36314A54-3330-304A-4847-3863BB9F27B6
Processor : X64 - 2594 Mhz - Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
InsydeH2O Version 03.73.06F.42 - en|US|iso8859-1 - Insyde - S/N: TJ1603J0HG - F.42 - HPQOEM - 1
CoreTemp : 72 Celsius

----------| Quick


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0290&SUBSYS_103C227F&REV_1000\4&2B3BE9A5&0&0001
Avsoft Virtual Audio Device - Status: OK - Manufacturer: AVSOFT Corp. - PNPDeviceID: ROOT\MEDIA\0000
ManyCam Virtual Microphone - Status: OK - Manufacturer: Visicom Media Inc. - PNPDeviceID: ROOT\MEDIA\0001

---------- | Video

Intel(R) HD Graphics Family - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_0A16&SUBSYS_227F103C&REV_0B\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics Family - DriverVersion: 10.18.14.4889 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26624 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 15872 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 37888 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 52736 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82432 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35664 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25312 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34088 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 41880 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:8 %
CPU #2 value:39 %
CPU #3 value:14 %
CPU #4 value:14 %
Total Overall CPU Usage value:19 %

---------- | Network

Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter : SENT:869 bytes/sec / RECVD:869 bytes/sec
isatap.{921F3692-C440-4871-8574-422E0EBAC1B9} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{4F4E1AD3-CCFA-4338-AAFF-CE04EA042B03} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{9A2B0BA8-AC29-41E7-8492-5A866D2DA498} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{A94C704E-E186-4546-B86F-E1502BA3B049} : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:869 bytes/sec,  /  RECEIVE Maximum:869 bytes/sec

Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_227F103C&REV_08\4&ECAD542&0&00E3
Carte rÃ©seau de dÃ©bogage du noyau Microsoft - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter - Ethernet 802.3 - Realtek Semiconductor Corp. - Status: - PnPID : PCI\VEN_10EC&DEV_8179&SUBSYS_197D103C&REV_01\4&CC8B1E&0&00E2
Carte virtuelle directe Wi-Fi Microsoft - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&26C589B3&0&01
VirtualBox Host-Only Ethernet Adapter - Ethernet 802.3 - Oracle Corporation - Status: - PnPID : ROOT\NET\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
Kaspersky Security Data Escort Adapter - Ethernet 802.3 - Kaspersky Security Data Escort Provider - Status: - PnPID : ROOT\NET\0001
Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_1
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0002
Carte Microsoft ISATAP #3 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_2
VMware Virtual Ethernet Adapter for VMnet1 - Ethernet 802.3 - VMware, Inc. - Status: - PnPID : ROOT\VMWARE\0000
VMware Virtual Ethernet Adapter for VMnet8 - Ethernet 802.3 - VMware, Inc. - Status: - PnPID : ROOT\VMWARE\0001
Carte Microsoft ISATAP #4 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_3
Carte Microsoft ISATAP - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 16710 | Free (MB) : 7823
Pagefile = Total (MB) : 33487 | Free (MB) : 23532
Virtual = Total (MB) : 4194 | Free (MB) : 3913

Physical Memory 0 : Capacity: 8589934592 - Bottom-Slot 1(left) - Posit.: 1 - Manufacturer: Samsung - PartNumber: M471B1G73DB0-YK0  - S/N: 0078FD12
Physical Memory 1 : Capacity: 8589934592 - Bottom-Slot 2(right) - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B1G73EB0-YK0  - S/N: 40DAB836

---------- | SID Users

Administrateur : [S-1-5-21-1250962233-688348625-1058799670-500]
InvitÃ© : [S-1-5-21-1250962233-688348625-1058799670-501]
PAVILION : [S-1-5-21-1250962233-688348625-1058799670-1001]
Administrateurs : [S-1-5-32-544]
Administrateurs Hyper-V : [S-1-5-32-578]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
OpÃ©rateurs d'assistance de contrÃ´le d'accÃ¨s : [S-1-5-32-579]
OpÃ©rateurs de chiffrement : [S-1-5-32-569]
OpÃ©rateurs de configuration rÃ©seau : [S-1-5-32-556]
OpÃ©rateurs de sauvegarde : [S-1-5-32-551]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de gestion Ã  distance : [S-1-5-32-580]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau Ã  distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]
WinRMRemoteWMIUsers__ : [S-1-5-21-1250962233-688348625-1058799670-1000]
__vmware__ : [S-1-5-21-1250962233-688348625-1058799670-1003]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 829.74 Go | Free : 650.61 Go -> NTFS [SATA]
D:\ -> [Fixed] | [] | Total : 1032.94 Go | Free : 1021.24 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_ST2000LM&PROD_003_HN-M201RAD\4&3221BC86&0&000000

---------- | Windows updates - Activation - License


W.A.T : :)

Last detection : 2019-02-28 10:20:08
Downloaded last ones : 2019-02-13 11:44:00
Installed last ones : 2019-02-13 12:51:37
Next search : 2019-03-01 07:13:31

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated

Volume License


---------- | Browsers

IE : 11.0.9600.19036     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)
FF : 65.0.1.6981     (Â©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 72.0.3626.119     (Copyright 2018 Google Inc.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.144

---------- | Security

AS : Windows Defender Disabled
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

484 | [Owner : SystÃ¨me | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.3.9600.17031) = C:\Windows\System32\smss.exe     [20/11/2014 19:29:16]    CPU Usage:0 %
724 | [Owner : SystÃ¨me | Parent : 704() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe     [22/08/2013 13:25:40]    CPU Usage:0 %
776 | [Owner : SystÃ¨me | Parent : 704() | 4.29 Mo] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (6.3.9600.18577) = C:\Windows\System32\wininit.exe     [10/01/2019 00:01:31]    CPU Usage:0 %
848 | [Owner : SystÃ¨me | Parent : 776(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (6.3.9600.17793) = C:\Windows\System32\services.exe     [28/12/2016 17:38:14]    CPU Usage:0 %
856 | [Owner : SystÃ¨me | Parent : 776(wininit.exe) | 12.98 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.3.9600.17415) = C:\Windows\System32\lsass.exe     [20/11/2014 19:42:34]    CPU Usage:0 %
972 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 12.2 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1020 | [Owner : SERVICE RÃSEAU | Parent : 848(services.exe) | 9.94 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
812 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 36.17 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
860 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 46.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
524 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 26.35 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1092 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 6.8 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4889) = C:\Windows\System32\igfxCUIService.exe     [08/01/2019 15:45:08]    CPU Usage:0 %
1132 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 140.93 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1216 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 3.23 Mo] - (.HP - HP Service.) - (6.0.12.1) = C:\Windows\System32\hpservice.exe     [08/01/2019 15:44:58]    CPU Usage:0 %
1244 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 5.92 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.86) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe     [08/01/2019 15:47:56]    CPU Usage:0 %
1308 | [Owner : SERVICE RÃSEAU | Parent : 848(services.exe) | 23.91 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1572 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 10.29 Mo] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (6.3.9600.18895) = C:\Windows\System32\spoolsv.exe     [10/01/2019 00:01:37]    CPU Usage:0 %
1600 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 29.74 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1744 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 4.02 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.20.7559) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [27/07/2017 05:29:22]    CPU Usage:0 %
1760 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 88.17 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe     [28/02/2018 22:37:30]    CPU Usage:0 %
1816 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 15.08 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
1860 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 3.89 Mo] - (.Visicom Media Inc. - ManyCam Service.) - (1.0.0.3) = C:\ProgramData\ManyCam\Service\ManyCamService.exe     [31/03/2016 12:03:02]    CPU Usage:0 %
1888 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 5.54 Mo] - (.Microvirt Software Technology Co. Ltd. - MEmu Service.) - (3.0.0.0) = D:\Program Files\Microvirt\MEmu\MemuService.exe     [27/05/2017 02:23:37]    CPU Usage:0 %
2032 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 6.09 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.5.10.66) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [08/01/2019 15:49:06]    CPU Usage:0 %
1332 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 15.17 Mo] - (.TeamViewer GmbH - TeamViewer 14.) - (14.1.9025.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe     [10/01/2019 10:58:57]    CPU Usage:0 %
1932 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 10.33 Mo] - (.VMware, Inc. - VMware VMnet DHCP service.) - (15.0.2.40550) = C:\Windows\SysWOW64\vmnetdhcp.exe     [29/01/2019 23:55:42]    CPU Usage:0 %
2088 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 5.28 Mo] - (.VMware, Inc. - VMware NAT Service.) - (15.0.2.40550) = C:\Windows\SysWOW64\vmnat.exe     [29/01/2019 23:55:37]    CPU Usage:0 %
2136 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 9.38 Mo] - (.VMware, Inc. - VMware Authorization Service.) - (15.0.2.40550) = C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe     [21/11/2018 01:16:32]    CPU Usage:0 %
2632 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 7.46 Mo] - (.VMware, Inc. - VMware USB Arbitration Service.) - (18.1.2.0) = C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe     [02/11/2018 05:21:34]    CPU Usage:0 %
2824 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 40.57 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9600.19170) = C:\Windows\System32\SearchIndexer.exe     [10/01/2019 00:02:11]    CPU Usage:0 %
3508 | [Owner : SERVICE LOCAL | Parent : 848(services.exe) | 14.81 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
3496 | [Owner : SERVICE RÃSEAU | Parent : 848(services.exe) | 5 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.3.9600.17415) = C:\Windows\System32\svchost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
2780 | [Owner : SystÃ¨me | Parent : 848(services.exe) | 7.58 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe     [28/02/2018 22:37:30]    CPU Usage:0 %
3184 | [Owner : SystÃ¨me | Parent : 2240() | 0.14 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.23) = C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe     [08/01/2019 17:52:53]    CPU Usage:0 %
196 | [Owner : SystÃ¨me | Parent : 2240() | 0.12 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.23) = C:\Program Files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler64.exe     [08/01/2019 17:52:53]    CPU Usage:0 %
5600 | [Owner : SERVICE LOCAL | Parent : 812(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de pÃ©riphÃ©rique audio Windows.) - (6.3.9600.17415) = C:\Windows\System32\audiodg.exe     [20/11/2014 19:42:57]    CPU Usage:4 %
4724 | [Owner : SERVICE RÃSEAU | Parent : 972(svchost.exe) | 6.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [10/01/2019 00:01:41]    CPU Usage:0 %
2796 | [Owner : SERVICE LOCAL | Parent : 860(svchost.exe) | 21.13 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhost.exe     [20/11/2014 19:42:55]    CPU Usage:0 %
2544 | [Owner : SystÃ¨me | Parent : 12492() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.3.9600.16384) = C:\Windows\System32\csrss.exe     [22/08/2013 13:25:40]    CPU Usage:0 %
6780 | [Owner : SystÃ¨me | Parent : 12492() | 5.89 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (6.3.9600.18895) = C:\Windows\System32\winlogon.exe     [10/01/2019 00:01:41]    CPU Usage:0 %
7604 | [Owner : DWM-3 | Parent : 6780(winlogon.exe) | 47.08 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (6.3.9600.17415) = C:\Windows\System32\dwm.exe     [20/11/2014 19:43:44]    CPU Usage:2 %
1520 | [Owner : SystÃ¨me | Parent : 1244(RtkAudioService64.exe) | 11.32 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.290) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [08/01/2019 15:47:54]    CPU Usage:0 %
11808 | [Owner : PAVILION | Parent : 2032(SynTPEnhService.exe) | 19 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.5.10.66) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [08/01/2019 15:49:05]    CPU Usage:2 %
8420 | [Owner : PAVILION | Parent : 860(svchost.exe) | 11.72 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe     [20/11/2014 19:42:55]    CPU Usage:0 %
8416 | [Owner : PAVILION | Parent : 13276() | 152.89 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.18460) = C:\Windows\explorer.exe     [28/12/2016 18:05:34]    CPU Usage:0 %
3032 | [Owner : PAVILION | Parent : 5464() | 10.43 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4889) = C:\Windows\System32\igfxEM.exe     [08/01/2019 15:45:08]    CPU Usage:0 %
560 | [Owner : PAVILION | Parent : 5464() | 6.92 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4889) = C:\Windows\System32\igfxHK.exe     [08/01/2019 15:45:08]    CPU Usage:0 %
11744 | [Owner : PAVILION | Parent : 5464() | 9.25 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe     [08/01/2019 15:45:08]    CPU Usage:0 %
7132 | [Owner : PAVILION | Parent : 5596() | 3.31 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.5.10.66) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [08/01/2019 15:49:06]    CPU Usage:0 %
6696 | [Owner : PAVILION | Parent : 2780(ksde.exe) | 3.98 Mo] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe     [08/01/2019 17:08:41]    CPU Usage:0 %
6084 | [Owner : PAVILION | Parent : 1760(avp.exe) | 4.38 Mo] - (.AO Kaspersky Lab - Kaspersky Anti-Virus.) - (19.0.0.1088) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe     [08/01/2019 17:08:11]    CPU Usage:0 %
11828 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 11.54 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.683.1) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe     [08/01/2019 15:47:56]    CPU Usage:0 %
10044 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 23.92 Mo] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.32.5.2) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe     [27/12/2018 17:55:07]    CPU Usage:0 %
10900 | [Owner : PAVILION | Parent : 10044(IDMan.exe) | 6.33 Mo] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.22.1.1) = C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe     [27/12/2018 17:55:06]    CPU Usage:0 %
9484 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 66.44 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
1404 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 40.3 Mo] - (.Nota Inc. - GyStation.) - (3.5.3.0) = C:\Program Files (x86)\Gyazo\GyStation.exe     [30/01/2019 17:37:54]    CPU Usage:0 %
10424 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 236.81 Mo] - (.Visicom Media Inc. - ManyCam Virtual Webcam.) - (5.8.0.20) = C:\Program Files (x86)\ManyCam\ManyCam.exe     [14/08/2017 09:21:54]    CPU Usage:0 %
9996 | [Owner : PAVILION | Parent : 12336() | 8.74 Mo] - (.VMware, Inc. - VMware Tray Process.) - (15.0.2.40550) = C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe     [21/11/2018 01:29:24]    CPU Usage:0 %
3088 | [Owner : PAVILION | Parent : 9484(Discord.exe) | 45.31 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
11836 | [Owner : PAVILION | Parent : 2348() | 27.4 Mo] - (.Piriform Software Ltd - CCleaner.) - (5.52.0.6967) = C:\Program Files\CCleaner\CCleaner64.exe     [10/01/2019 10:01:44]    CPU Usage:0 %
3524 | [Owner : PAVILION | Parent : 10424(ManyCam.exe) | 32.11 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ManyCam\QtWebEngineProcess.exe     [25/09/2016 14:33:44]    CPU Usage:0 %
12396 | [Owner : PAVILION | Parent : 7092() | 74.05 Mo] - (.Skype Technologies S.A. - Skype.) - (8.40.0.70) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe     [02/02/2019 12:15:35]    CPU Usage:0 %
9384 | [Owner : PAVILION | Parent : 12396(Skype.exe) | 11.19 Mo] - (.Skype Technologies S.A. - Skype.) - (8.40.0.70) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe     [02/02/2019 12:15:35]    CPU Usage:0 %
7336 | [Owner : PAVILION | Parent : 12396(Skype.exe) | 39.73 Mo] - (.Skype Technologies S.A. - Skype.) - (8.40.0.70) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe     [02/02/2019 12:15:35]    CPU Usage:0 %
2424 | [Owner : PAVILION | Parent : 12396(Skype.exe) | 213.9 Mo] - (.Skype Technologies S.A. - Skype.) - (8.40.0.70) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe     [02/02/2019 12:15:35]    CPU Usage:0 %
4644 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 458.64 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:2 %
6464 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 48.95 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:2 %
10732 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 397.3 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
13128 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 901.5 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:47 %
8888 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 190.53 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
9912 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 656.89 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:2 %
11632 | [Owner : SERVICE LOCAL | Parent : 1132(svchost.exe) | 11.02 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17415) = C:\Windows\System32\dasHost.exe     [20/11/2014 19:43:04]    CPU Usage:0 %
2068 | [Owner : PAVILION | Parent : 4644(firefox.exe) | 735.83 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
6692 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 600.35 Mo] - (.JetBrains s.r.o. - PyCharm.) - (2018.3.3.0) = C:\Users\PAVILION\AppData\Local\JetBrains\PyCharm Community Edition 2018.3.3\bin\pycharm64.exe     [09/01/2019 17:14:22]    CPU Usage:0 %
8364 | [Owner : PAVILION | Parent : 6692(pycharm64.exe) | 1.64 Mo] - (.JetBrains - Filesystem events processor.) - (14.0.0.26) = C:\Users\PAVILION\AppData\Local\JetBrains\PyCharm Community Edition 2018.3.3\bin\fsnotifier64.exe     [09/01/2019 17:14:20]    CPU Usage:0 %
13288 | [Owner : PAVILION | Parent : 8364(fsnotifier64.exe) | 3.48 Mo] - (.Microsoft Corporation - HÃ´te de la fenÃªtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe     [20/11/2014 19:43:42]    CPU Usage:0 %
2532 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 71.27 Mo] - (.https://eddie.website - Eddie - Windows UI.) - (2.16.0.0) = C:\Program Files\AirVPN\Eddie-UI.exe     [10/08/2018 13:57:52]    CPU Usage:0 %
12488 | [Owner : PAVILION | Parent : 9484(Discord.exe) | 11.14 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
7316 | [Owner : PAVILION | Parent : 9484(Discord.exe) | 193.78 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
7004 | [Owner : PAVILION | Parent : 972(svchost.exe) | 7.9 Mo] - (.Microsoft Corporation - Runtime Broker.) - (6.3.9600.17415) = C:\Windows\System32\RuntimeBroker.exe     [20/11/2014 19:43:08]    CPU Usage:0 %
8172 | [Owner : PAVILION | Parent : 7316(Discord.exe) | 41.14 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
11924 | [Owner : PAVILION | Parent : 8172(Discord.exe) | 18.16 Mo] - (.Discord Inc. - Discord.) - (0.0.304.0) = C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe     [16/01/2019 11:35:39]    CPU Usage:0 %
9000 | [Owner : PAVILION | Parent : 972(svchost.exe) | 4.52 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.3.9600.17415) = C:\Windows\System32\dllhost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
4868 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 27.1 Mo] - (.AVSOFT Corp. - VCS Core dispatcher.) - (4.0.30.0) = C:\Program Files (x86)\AV Voice Changer 9.5 Diamond\VcsCore.exe     [11/01/2019 15:43:26]    CPU Usage:2 %
5036 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 95.97 Mo] - (.Microsoft Corporation - Connexion Bureau Ã  distance.) - (6.3.9600.18980) = C:\Windows\System32\mstsc.exe     [10/01/2019 00:01:37]    CPU Usage:0 %
10472 | [Owner : PAVILION | Parent : 8416(explorer.exe) | 31.84 Mo] - (.Microvirt Software Technology Co. Ltd. - MEmu Multiple Instances Manager.) - (3.0.8.0) = D:\Program Files\Microvirt\MEmu\MEmuConsole.exe     [27/05/2017 02:23:36]    CPU Usage:0 %
11932 | [Owner : SERVICE RÃSEAU | Parent : 972(svchost.exe) | 11.56 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\System32\wbem\WmiPrvSE.exe     [10/01/2019 00:01:42]    CPU Usage:0 %
2484 | [Owner : PAVILION | Parent : 10256() | 6.44 Mo] - (.-.) - (0.0.0.0) = D:\Program Files\Microvirt\MEmu\adb.exe     [30/03/2017 09:02:46]    CPU Usage:0 %
11080 | [Owner : PAVILION | Parent : 6084(avpui.exe) | 237.45 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
7320 | [Owner : PAVILION | Parent : 11080(firefox.exe) | 31.26 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
12276 | [Owner : PAVILION | Parent : 11080(firefox.exe) | 135.74 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
6452 | [Owner : PAVILION | Parent : 11080(firefox.exe) | 70.77 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
1896 | [Owner : PAVILION | Parent : 11080(firefox.exe) | 37.8 Mo] - (.Mozilla Corporation - Firefox.) - (65.0.1.6981) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [08/01/2019 16:09:32]    CPU Usage:0 %
11188 | [Owner : PAVILION | Parent : 10472(MEmuConsole.exe) | 240.97 Mo] - (.Microvirt Software Technology Co. Ltd. - MEmu App Player.) - (3.0.8.0) = D:\Program Files\Microvirt\MEmu\MEmu.exe     [27/05/2017 05:59:30]    CPU Usage:0 %
3144 | [Owner : PAVILION | Parent : 972(svchost.exe) | 12.64 Mo] - (.Microvirt Corporation - MemuHyperv Interface.) - (4.3.20.0) = D:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe     [30/03/2017 09:03:02]    CPU Usage:0 %
9508 | [Owner : PAVILION | Parent : 3144(MEmuSVC.exe) | 95.74 Mo] - (.-.) - (0.0.0.0) = D:\Program Files\Microvirt\MEmuHyperv\MEmuHeadless.exe     [30/03/2017 09:03:02]    CPU Usage:37 %
9044 | [Owner : PAVILION | Parent : 9508(MEmuHeadless.exe) | 3.47 Mo] - (.Microsoft Corporation - HÃ´te de la fenÃªtre de la console.) - (6.3.9600.17415) = C:\Windows\System32\conhost.exe     [20/11/2014 19:43:42]    CPU Usage:0 %
11168 | [Owner : PAVILION | Parent : 972(svchost.exe) | 84.92 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.3.9600.17415) = C:\Windows\System32\dllhost.exe     [20/11/2014 19:42:35]    CPU Usage:0 %
3232 | [Owner : PAVILION | Parent : 972(svchost.exe) | 46.87 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.3.9600.18460) = C:\Windows\explorer.exe     [28/12/2016 18:05:34]    CPU Usage:0 %
9380 | [Owner : PAVILION | Parent : 3232(explorer.exe) | 51.53 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\PAVILION\Downloads\Programs\QuickDiag.exe     [28/02/2019 14:26:13]    CPU Usage:2 %
10284 | [Owner : SystÃ¨me | Parent : 972(svchost.exe) | 6.01 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\System32\wbem\WmiPrvSE.exe     [10/01/2019 00:01:42]    CPU Usage:0 %
9472 | [Owner : SERVICE RÃSEAU | Parent : 972(svchost.exe) | 7.2 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.3.9600.18946) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [10/01/2019 00:01:41]    CPU Usage:0 %

---------- | Locked Applications


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.14.4889) -- C:\Windows\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.14.4889) -- C:\Windows\SYSTEM32\igdusc64.dll
(.Tonec Inc..-.Internet Download Manager module.) - (6.30.9.22) -- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
(.Tonec Inc..-.Internet Download Manager Network Monitor.) - (6.32.3.166) -- C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.DLL
(.Tonec Inc..-.Internet Download Manager Panel.) - (6.31.10.62) -- C:\Program Files (x86)\Internet Download Manager\IDMBRBTN64.DLL
(.Alexander Roshal.-.WinRAR shell extension.) - (5.60.0.0) -- C:\Program Files\WinRAR\rarext.dll
(.AO Kaspersky Lab.-.Shell Extension.) - (19.0.0.1243) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\ShellEx.dll
(.AO Kaspersky Lab.-.Helper Library.) - (20.0.543.426) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\remote_eka_prague_loader.dll
(.AO Kaspersky Lab.-.PR_REMOTE.) - (20.0.543.426) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\prremote.dll
(.AO Kaspersky Lab.-.Kaspersky Product Info library.) - (19.0.0.1239) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\product_info.dll
(.AO Kaspersky Lab.-.Product Metainformation.) - (19.0.0.1243) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\product_metainfo.dll
(.AO Kaspersky Lab.-.Component service provider.) - (1.10.0.0) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\kl_service.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4889) -- C:\Windows\system32\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.10.4889) -- C:\Windows\system32\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4889) -- C:\Windows\system32\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.10.4889) -- C:\Windows\system32\igfxDI.dll

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)


---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.618) -- C:\Windows\system32\RltkAPO64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

IDMan - (C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
Discord - (C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
Gyazo - (C:\Program Files (x86)\Gyazo\GyStation.exe [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
ManyCam - ("C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
Skype for Desktop - (C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\...\Run]) - User: HP\PAVILION
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Command Processor]
"PathCompletionChar"=9   
"EnableExtensions"=1   
"CompletionChar"=9   
"DefaultColor"=0   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot   
"Discord"=C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe   [16/01/2019 11:35:39]
"Gyazo"=C:\Program Files (x86)\Gyazo\GyStation.exe   [30/01/2019 17:37:54]
"ManyCam"="C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent   
"CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   
"Skype for Desktop"=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe   [02/02/2019 12:15:35]

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Discord"=0x020000000000000000000000   
"Gyazo"=0x020000000000000000000000   
"IDMan"=0x020000000000000000000000   
"ManyCam"=0x020000000000000000000000   
"Skype for Desktop"=0x020000000000000000000000   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=mstsc.exe\1   
"MRUList"=abhgfedc   
"b"=cmd\1   
"c"=notepad\1   
"d"=notepad.exe\1   
"e"=gpedit.msc\1   
"f"=temp\1   
"g"=%temp%\1   
"h"=WF.msc\1   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Envoyer Ã  OneNoteÂ 2013,winspool,nul:   
"UserSelectedDefault"=0   

[HKLM\Software\Microsoft\Command Processor]
"PathCompletionChar"=64   
"EnableExtensions"=1   
"CompletionChar"=64   
"DefaultColor"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"RTHDVCPL"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"Adobe ARM"=0x020000000000000000000000   
"Discord"=0x020000000000000000000000   
"vmware-tray.exe"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"Spooler"=yes   
"DeviceNotSelectedTimeout"=15   
"TransmissionRetryTimeout"=90   
"EnableDwmInputProcessing"=7   
"ShutdownWarningDialogTimeout"=4294967295   
"USERProcessHandleQuota"=10000   
"LoadAppInit_DLLs"=0   
"IconServiceLib"=IconCodecService.dll   
"DesktopHeapLogging"=1   
"DdeSendTimeout"=0   
"DwmInputUsesIoCompletionPort"=1   
"USERPostMessageLimit"=10000   
"USERNestedWindowLimit"=50   
"AppInit_DLLs"=   
"NaturalInputHandler"=Ninput.dll   
"ThreadUnresponsiveLogTimeout"=500   
"GDIProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D4A51ED779E342   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"PathCompletionChar"=64   
"EnableExtensions"=1   
"CompletionChar"=64   
"DefaultColor"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"   
"Discord"=C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall   
"vmware-tray.exe"="C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"Spooler"=yes   
"DeviceNotSelectedTimeout"=15   
"TransmissionRetryTimeout"=90   
"EnableDwmInputProcessing"=7   
"ShutdownWarningDialogTimeout"=4294967295   
"USERProcessHandleQuota"=10000   
"LoadAppInit_DLLs"=0   
"IconServiceLib"=IconCodecService.dll   
"DesktopHeapLogging"=1   
"DdeSendTimeout"=0   
"DwmInputUsesIoCompletionPort"=1   
"USERPostMessageLimit"=10000   
"USERNestedWindowLimit"=50   
"AppInit_DLLs"=   
"NaturalInputHandler"=Ninput.dll   
"ThreadUnresponsiveLogTimeout"=500   
"GDIProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

CCleaner Update
CCleanerSkipUAC
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
GyazoUpdateTaskMachine
GyazoUpdateTaskMachineDaily
Microsoft Office 15 Sync Maintenance for HP-PAVILION HP
Optimize Start Menu Cache Files-S-1-5-21-1250962233-688348625-1058799670-1001
User_Feed_Synchronization-{2C3AE804-55E2-4232-A38A-39C1574A3088}

---------- | Startings up registry Â¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM   
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"WaitToKillServiceTimeout"=2000   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=47   

[HKLM\System\CurrentControlSet\Control\lsa]
"Bounds"=0x0030000000200000   
"auditbasedirectories"=0   
"fullprivilegeauditing"=0x00   
"crashonauditfail"=0   
"auditbaseobjects"=0   
"Security Packages"=""   [09/01/2019 00:26:13]
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"LsaPid"=856   
"SecureBoot"=1   
"ProductType"=6   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"GlobalFlag"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"ResourceTimeoutCount"=648000   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"CriticalSectionTimeout"=2592000   
"ProcessorControl"=2   
"HeapSegmentReserve"=0   
"ExcludeFromKnownDlls"=   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"NumberOfInitialSessions"=2   
"RunLevelExecute"=WinInit
ServiceControlManager   
"AutoChkTimeout"=1   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"PendingFileRenameOperations"=\??\C:\Windows\AppCompat\Programs\Amcache.hve.tmp
!\??\C:\Windows\AppCompat\Programs\Amcache.hve   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"StartRCM"=0   
"DeleteTempDirsOnExit"=0   
"fSingleSessionPerUser"=1   
"TSUserEnabled"=0   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"DelayConMgrTimeout"=0   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"AllowRemoteRPC"=0   
"ProductVersion"=5.1   
"fDenyTSConnections"=0   
"InstanceID"=7d1533be-4298-48e2-9803-026dc4c   
"GlassSessionId"=3   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Control Panel\Desktop]
"DragHeight"=4   
"CoolSwitchColumns"=7   
"ActiveWndTrackTimeout"=0   
"MouseCornerClipLength"=6   
"MouseMonitorEscapeSpeed"=0   
"DragWidth"=4   
"WallpaperStyle"=10   
"ScreenSaveActive"=1   
"TileWallpaper"=0   
"WheelScrollLines"=3   
"FontSmoothingType"=2   
"WindowArrangementActive"=1   
"BlockSendInputResets"=0   
"MenuShowDelay"=400   
"ClickLockTime"=1200   
"CaretWidth"=1   
"FocusBorderWidth"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"DragFullWindows"=1   
"CoolSwitchRows"=3   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"ForegroundLockTimeout"=200000   
"FontSmoothingGamma"=0   
"DragFromMaximize"=1   
"FontSmoothing"=2   
"FocusBorderHeight"=1   
"WheelScrollChars"=3   
"DockMoving"=1   
"SnapSizing"=1   
"CursorBlinkRate"=530   
"MouseWheelRouting"=1   
"RightOverlapChars"=3   
"FontSmoothingOrientation"=1   
"PaintDesktopVersion"=0   
"Win8DpiScaling"=0   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=1   
"Wallpaper"=C:\Windows\web\wallpaper\Windows\img0.jpg   [22/08/2013 06:52:55]
"MaxVirtualDesktopDimension"=1600   
"MaxMonitorDimension"=1600   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100D0B3080080070000B0040000C85E062F8398CE0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2952184650   
"Pattern Upgrade"=TRUE   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"UserSignedIn"=1   
"AllowStartMenuToDefaultOn"=1   
"SIDUpdatedOnLibraries"=1   
"LastClockSize"=0x270000000F000000460000000F000000410000000F000000   
"AppReadinessLogonComplete"=1   
"GlobalAssocChangedCounter"=72   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"StoreAppsOnTaskbar"=1   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=0   
"StartMenuInit"=6   
"ReindexedProfile"=1   
"RTStartMenuNotificationDisplayCount"=0   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x00000000FFFFFFFF   
"0"=0x610070006B000000   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=5   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=1   
"NoActiveDesktop"=1   
"NoDriveTypeAutoRun"=60   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=14   
"SmartScreenEnabled"=RequireAdmin   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableVirtualization"=1   
"EnableInstallerDetection"=1   
"PromptOnSecureDesktop"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"ConsentPromptBehaviorAdmin"=5   
"ValidateAdminCodeSignatures"=0   
"EnableUIADesktopToggle"=0   
"EnableCursorSuppression"=1   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktopChanges"=1   
"NoActiveDesktop"=1   
"NoDriveTypeAutoRun"=60   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoComponents"=1   
"NoAddingComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{8E74D236-7F35-4720-B138-1FED0B85EA75}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"HKeyRoot"=2147483649   
"DefaultValue"=2   
"ValueName"=Hidden   
"Text"=@shell32.dll,-30500   
"Type"=radio   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=29   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;SkyDrive;Work Folders   
"BuildNumber"=9600   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=C:\Windows\system32\userinit.exe,   
"LegalNoticeText"=   
"Shell"=explorer.exe   
"LegalNoticeCaption"=   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"ReportBootOk"=1   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"Background"=0 0 0   
"PasswordExpiryWarning"=5   
"CachedLogonsCount"=10   
"WinStationsDisabled"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"scremoveoption"=0   
"DisableCAD"=1   
"ShutdownFlags"=2147483755   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-32   
"LastUsedUsername"=   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=userinit.exe   
"Shell"=explorer.exe   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"DefaultDomainName"=   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultUserName"=   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"PerceivedType"=text   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=4259840   
"BrowserFlags"=4096   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"NeverShowExt"=   
"EditFlags"=131072   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForBrowse"=delta   
""=Folder   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"ThumbnailCutoff"=0   
"NoRecentDocs"=   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/01/2019 00:03:02]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/01/2019 00:03:02]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.MEDIA=8E3B81 SDI_X64_R1806.EXE"=0x534143500100000000000000070000002800000000521A000000000001000000000000000000030600210000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000082310600000000000100000001000000
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000285C03002FE9030001000000000000000000030600210000B395E7CF049FCE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000005440C505000000002D0000002D000000
"SIGN.MEDIA=4E81DE96 The-KMPlayer-FR-210909.exe"=0x5341435001000000000000000700000028000000635AA9000000000001000000000000000000030641220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000096E10000000000000100000001000000
"SIGN.MEDIA=D75B849A vlc-media-player-2-2-2-32-bit.exe"=0x5341435001000000000000000700000028000000488FD101E674D20101000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000245D0000000000000100000001000000
"SIGN.MEDIA=D75B849A mozilla-firefox_53-0_fr_11003_32.exe"=0x5341435001000000000000000700000028000000083FA4026F20A50201000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BA9F0000000000000100000001000000
"SIGN.MEDIA=D75B849A AdbeRdr90_fr_FR - Copie.exe"=0x534143500100000000000000070000002800000020D5950161D8950101000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000005000000000000000000000000000000000D6340100000000000100000001000000
"SIGN.MEDIA=228557 [www.Cpasbien.pe] Winrar 5.01 Fr (x86-x64)\Winrar PrÃ©crackÃ©\winrar-x64-501FrPrÃ©Crack_delta.exe"=0x53414350010000000000000007000000280000004C721F008918200001000000000000000000020600010000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A4110000000000000100000001000000
"SIGN.MEDIA=2314D0 Microsoft Office Professional Plus 2013 VL Edition x86 x64 FR\Office 2013 64 bit\setup.exe"=0x5341435001000000000000000700000028000000884603004F9D030001000000000000000000010600010000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000006C730300000000000100000001000000
"C:\Users\PAVILION\Desktop\VirtualBox-5.2.16-123759-Win.exe"=0x5341435001000000000000000700000028000000008CC706542AC80601000000000000000000030671200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000EBF30C00000000000700000007000000
"E:\Log\ChromeStandaloneSetup64.exe"=0x53414350010000000000000007000000280000006878100344B6100301000000000000000000030600210000975FD891C99ECE0100000080000000000200000028000000000000000000000000000000000000000000000000000000108A0000000000000100000001000000
"SIGN.MEDIA=6A16F8 Activateur win 10 fr\KMSAuto Net.exe"=0x5341435001000000000000000700000028000000F8166A00C6A16A00010000000000000000000306F1220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000CAE80000000000000100000001000000
"C:\Users\PAVILION\Desktop\KIS19.0.0.1088.exe"=0x534143500100000000000000070000002800000028B3700A1954020001000000000000000000030661220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000078150E00000000000100000001000000
"SIGN.MEDIA=626F8732 Le_Grand_Robert.exe"=0x5341435001000000000000000700000028000000ECF2010D0000000001000000000000000000010571000000975FD891C99ECE010000000000000000
"C:\Program Files\Microsoft Office\Office15\WINWORD.EXE"=0x5341435001000000000000000700000028000000685E1D0042AA1D0001000000000000000000010600010000B395E7CF049FCE010000000100000000
"C:\Program Files (x86)\The KMPlayer FR\KMPlayer.exe"=0x5341435001000000000000000700000028000000001C61000000000001000000000000000000000671020000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000079D10000000000000100000001000000
"C:\Program Files\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000D8FE050079F7060001000000000000000000030600210000B395E7CF049FCE010000000000000000020000002800000000000000000000000000000000000000000000000000000039010000000000000100000001000000
"C:\Users\PAVILION\Downloads\eddie-ui_2.16.3_windows-10_x64_installer.exe"=0x534143500100000000000000070000002800000058205A00DFBD5A0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000000ABF0000000000000100000001000000
"C:\Program Files\AirVPN\Eddie-UI.exe"=0x5341435001000000000000000700000028000000F8F000000D59010001000000000000000000030680210000B395E7CF049FCE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CA835C01000000000F0000000F000000
"C:\Users\PAVILION\Downloads\Skype-8.34.0.78.exe"=0x5341435001000000000000000700000028000000A834C003513BC00301000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Users\PAVILION\Downloads\VCS_Diamond95.exe"=0x5341435001000000000000000700000028000000081A37033EC8370301000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E7F20100000000000100000001000000
"C:\Users\PAVILION\Downloads\idman632build5.exe"=0x534143500100000000000000070000002800000060AD7600735D770001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D4D50200000000000100000001000000
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe"=0x534143500100000000000000070000002800000070B43D00E8B83D0001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000033020000000000001E0000001E000000
"C:\Users\PAVILION\Downloads\Programs\ManyCamSetup_v5.8.0.20.exe"=0x53414350010000000000000007000000280000009060D304E663D30401000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000BAF52E00000000000200000002000000
"C:\Program Files (x86)\ManyCam\ManyCam.exe"=0x53414350010000000000000007000000280000001048B60064C0B60001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000006B3DC501000000001000000010000000
"C:\Users\PAVILION\Downloads\Programs\memu-5-5-8-0.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE010000000000000000
"C:\Users\PAVILION\Downloads\Programs\memu-3-7-0.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A50B0400000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-3-1-2-5.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000009C800300000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-2-8-0.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A7E52200000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-2-3-1.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000B96E0300000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-2-3-1_2.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000000D490700000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-1-8-5-multi-win.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000643A1800000000000300000003000000
"SIGN.MEDIA=26087C4 Program Files\Microvirt\MEmu\MEmu.exe"=0x5341435001000000000000000700000028000000B8E226004D56270001000000000000000000030661220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000534A0100000000000100000001000000
"SIGN.MEDIA=26D3026 Program Files\Microvirt\MEmu\MEmuConsole.exe"=0x5341435001000000000000000700000028000000A8F8090002920A0001000000000000000000030661220000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009D000000000000000100000001000000
"SIGN.MEDIA=26D3026 Program Files\Microvirt\MEmu\MEmuSetup.exe"=0x5341435001000000000000000700000028000000A8C652001EEF520001000000000000000000030671220000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000099AB0500000000000500000005000000
"SIGN.MEDIA=26D3026 Program Files\Microvirt\MEmu\MEmu.exe"=0x5341435001000000000000000700000028000000B8E226004D56270001000000000000000000030661220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AAA80200000000000100000001000000
"SIGN.MEDIA=13B5BDE Program Files\Microvirt\MEmu\MEmuSetup.exe"=0x5341435001000000000000000700000028000000A8C652001EEF520001000000000000000000030671220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000421C3800000000000300000003000000
"SIGN.MEDIA=13B5BDE Program Files\Microvirt\MEmu\MEmu.exe"=0x5341435001000000000000000700000028000000B8E226004D56270001000000000000000000030661220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000006C270700000000000200000002000000
"C:\Users\PAVILION\Downloads\Programs\Memu-Setup-2.7.2.exe"=0x534143500100000000000000070000002800000088F46611E88A671101000000000000000000020600010000975FD891C99ECE010000000000000000
"C:\Users\PAVILION\Downloads\Programs\memu-2-9-1.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000131A0600000000000100000001000000
"D:\Program Files\Microvirt\MEmu\Uninstall\uninstall.exe"=0x5341435001000000000000000700000028000000387F810037D2810001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E5150100000000000500000005000000
"C:\Users\PAVILION\Downloads\Programs\memu2-3-0.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000007EF30C00000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\memu-2-2-0-multi-win.exe"=0x534143500100000000000000070000002800000030E9BB119467BC1101000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000033D60F00000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\XYAZ-Setup.exe"=0x53414350010000000000000007000000280000008013E50DC8B3E50D01000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000DCED0300000000000400000004000000
"C:\Windows\SysWOW64\explorer.exe"=0x534143500100000000000000070000002800000028CA2400CE2A250001000000000000000000030671220000975FD891C99ECE010000000000000000
"C:\Users\PAVILION\Downloads\Programs\nox_setup_v6.2.3.9_full.exe"=0x5341435001000000000000000700000028000000887C3314517E331401000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000073636800000000000100000001000000
"D:\Program Files\Nox\bin\Nox.exe"=0x534143500100000000000000070000002800000050AA69000A616A0001000000000000000000030661200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000009819101000000000E0000000E000000
"C:\Program Files (x86)\ManyCam\drivers\video\mdsu.exe"=0x534143500100000000000000070000002800000000730500CCC3050001000000000000000000030673220000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000002F000000000000000100000001000000
"C:\Program Files (x86)\ManyCam\uninstall.exe"=0x5341435001000000000000000700000028000000B8750B00EA2B0C0001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000057788800000000000200000002000000
"C:\Program Files (x86)\AV Voice Changer 9.5 Diamond\VcsCore.exe"=0x5341435001000000000000000700000028000000D0692500BFA5250001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000100000000000000000000000000000008437C802000000003800000038000000
"C:\Users\PAVILION\Downloads\Programs\VCS_Diamond95.exe"=0x5341435001000000000000000700000028000000081A37033EC8370301000000000000000000000671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000576E0400000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\torbrowser-install-win64-8.0.4_en-US.exe"=0x53414350010000000000000007000000280000004839580305BD580301000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000A8420300000000000200000002000000
"C:\Users\PAVILION\Downloads\Programs\TeamViewer_Setup.exe"=0x5341435001000000000000000700000028000000D8925901EAC2590101000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000008FF70000000000000100000001000000
"C:\Program Files\Oracle\VirtualBox\VirtualBox.exe"=0x5341435001000000000000000700000028000000505E1000ABA7100001000000000000000000030673200000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000009D77DA00000000000700000007000000
"C:\Users\PAVILION\Downloads\DiscordSetup.exe"=0x534143500100000000000000070000002800000058A9940312E8940301000000000000000000030600210000975FD891C99ECE0100000000000000000200000050000000000000000000004000000000000000000000000000000000DE020000000000000100000001000000000000000000000000000000000000000000000000000000642D0100000000000200000000000000
"C:\Program Files (x86)\AV Voice Changer 9.5 Diamond\UNWISE.EXE"=0x53414350010000000000000007000000280000004076020097E0020001000000000000000000000671220000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000003DCE0000000000000200000002000000
"C:\Users\PAVILION\Downloads\Programs\VCS_Diamond95_2.exe"=0x5341435001000000000000000700000028000000081A37033EC8370301000000000000000000000671020000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000007E560300000000000100000001000000
"D:\Program Files\Nox\bin\MultiPlayerManager.exe"=0x5341435001000000000000000700000028000000182718001112190001000000000000000000030661200000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C2B00000000000000100000001000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000018AC1700DF75180001000000000000000000010600010000975FD891C99ECE010000000100000000
"SIGN.MEDIA=13B5BDE Program Files\Microvirt\MEmu\MEmuConsole.exe"=0x5341435001000000000000000700000028000000A8F8090002920A0001000000000000000000030661220000975FD891C99ECE010000000000000000
"C:\Users\PAVILION\Downloads\python-3.7.2.exe"=0x5341435001000000000000000700000028000000F00C8301E5B9830101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000071680600000000000100000001000000
"C:\Users\PAVILION\Downloads\pycharm-community-2018.3.3.exe"=0x534143500100000000000000070000002800000058BA070D0C82080D01000000000000000000030600210000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000E1440500000000000300000003000000
"C:\Users\PAVILION\AppData\Local\JetBrains\PyCharm Community Edition 2018.3.3\bin\pycharm64.exe"=0x5341435001000000000000000700000028000000403214000D82140001000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D1E1F400000000000D0000000D000000
"C:\Users\PAVILION\Desktop\Memu-Setup.exe"=0x5341435001000000000000000700000028000000A80E05147A8E051401000000000000000000030671220000975FD891C99ECE010000000000000000
"D:\Program Files\Nox\bin\unzipcomplete.exe"=0x534143500100000000000000070000002800000098DF13000E8B140001000000000000000000010600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000DB000000000000000100000001000000
"D:\Program Files\Nox\bin\regsvr.exe"=0x5341435001000000000000000700000028000000101D0100F222010001000000000000000000010600010000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000005D000000000000000100000001000000
"D:\Program Files\Nox\bin\Nox_unload.exe"=0x5341435001000000000000000700000028000000A06F060046A3060001000000000000000000030661200000975FD891C99ECE010000000000000000
"D:\Program Files\Microvirt\MEmu\MEmuConsole.exe"=0x5341435001000000000000000700000028000000A8F8090002920A0001000000000000000000030661220000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003F5A0303000000002A0000002A000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8B411000E64120001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000086A00000000000001A0000001A000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000D8942200C4A3220001000000000000000000030600210000B395E7CF049FCE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000001000000000000000000000000000000000BAF79C01000000003200000032000000
"C:\Users\PAVILION\Downloads\Programs\AnyDesk.exe"=0x5341435001000000000000000700000028000000287120007BEC200001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000ABEF3900000000000400000004000000
"C:\Program Files\Microsoft Office\Office15\EXCEL.EXE"=0x5341435001000000000000000700000028000000684AF501285EF50101000000000000000000010600010000B395E7CF049FCE010000000100000000
"C:\Users\PAVILION\Downloads\Programs\Neos Email Spoofer.exe"=0x534143500100000000000000070000002800000000FE0C0000000000010000000000000000000306F5220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000008C000000000000000100000001000000
"C:\Users\PAVILION\AppData\Local\Discord\Update.exe"=0x5341435001000000000000000700000028000000583F170006691700010000000000000000000306F1220000975FD891C99ECE0100000080000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000D0070000000000000400000001000000000000000000004000000000000000000000000000000000CC050000000000000100000000000000
"C:\Users\PAVILION\Downloads\Programs\HitFilmExpress_x64_11.0.8319.47197.msi"=0x534143500100000000000000070000002800000000EC0000FC43010001000000000000000000010500100000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000143B0A00000000000400000004000000
"C:\Program Files\FXHOME\HitFilm Express\HitFilmExpress.exe"=0x5341435001000000000000000700000028000000683841010246410101000000000000000000030673220000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000875C2100000000000700000007000000
"C:\Program Files (x86)\Le Grand Robert\Uninstal.exe"=0x5341435001000000000000000700000028000000843601000000000003000000000000000000010571000000975FD891C99ECE0100000000000000000200000028000000000000000008000000000000000000000000000000000000803E0000000000000100000001000000
"C:\Program Files (x86)\The KMPlayer FR\unins000.exe"=0x5341435001000000000000000700000028000000D19F0B000000000003000000000000000000030641220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000004E150000000000000100000001000000
"C:\Users\PAVILION\Downloads\Compressed\VMware.Workstation.Pro.v15.0.2.X64.Incl.Keygen-AMPED\VMware.Workstation.Pro.v15.0.2.X64.Incl.Keygen-AMPED\amped\VMware-workstation-full-15.0.2-10952284.exe"=0x53414350010000000000000007000000280000000878FD1F3B5DFE1F01000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000002DB70600000000000200000002000000
"C:\Users\PAVILION\Downloads\Compressed\VMware.Workstation.Pro.v15.0.2.X64.Incl.Keygen-AMPED\VMware.Workstation.Pro.v15.0.2.X64.Incl.Keygen-AMPED\amped\AMPED\keygen.exe"=0x5341435001000000000000000700000028000000009001000000000001000000000000000000030671200000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000099EC0200000000000200000002000000
"C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe"=0x5341435001000000000000000700000028000000B0A72400977F250001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000009AA2CE04000000001A0000001A000000
"C:\Users\PAVILION\Downloads\Programs\Gyazo-3.5.3.exe"=0x534143500100000000000000070000002800000010489600AEBC960001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000DE2B2500000000000100000001000000
"C:\Program Files (x86)\Gyazo\Gyazowin.exe"=0x5341435001000000000000000700000028000000885D0A0081100B0001000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000000F240400000000000300000003000000
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C8B00E006A730F0001000000000000000000000600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D3465100000000000B0000000B000000
"C:\Users\PAVILION\Downloads\Compressed\DataProtector\DataProtector.exe"=0x5341435001000000000000000700000028000000007C300000000000010000000000000000000306E1220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B3DA0600000000000C0000000C000000
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x53414350010000000000000007000000280000009880CF026D0FD00201000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000D4010000000000000200000002000000
"C:\Program Files (x86)\Gyazo\GyOnboarding.exe"=0x5341435001000000000000000700000028000000882D090096E80900010000000000000000000306F1220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000084330000000000000100000001000000
"C:\Users\PAVILION\Downloads\NDP47-KB3186497-x86-x64-AllOS-ENU.exe"=0x534143500100000000000000070000002800000038BDAB030FB6AC0301000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000AAA80200000000000500000005000000
"C:\Users\PAVILION\Desktop\DataProtector\DataProtector.exe"=0x5341435001000000000000000700000028000000007C300000000000010000000000000000000306E1220000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A9730000000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\ccsetup552.exe"=0x534143500100000000000000070000002800000038222701189F270101000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000016573200000000000100000001000000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x534143500100000000000000070000002800000068C52B01227B2C0101000000000000000000030600210000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000100000001000000
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe"=0x534143500100000000000000070000002800000030290500D490050001000000000000000000030600210000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\Gyazo\GyazoGIF.exe"=0x5341435001000000000000000700000028000000884B06008414070001000000000000000000030671220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000008C000000000000000100000001000000
"C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.exe"=0x534143500100000000000000070000002800000040941600E304170003000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000B1140000000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\dotNetFx45_Full_setup.exe"=0x534143500100000000000000070000002800000000580F0078FA0F0001000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000083B00000000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\whitehatboxsetup.exe"=0x5341435001000000000000000700000028000000D6B943000000000001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000059000100000000000200000002000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0070800C68A080001000000000000000000030600210000B395E7CF049FCE010000000100000000
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"=0x534143500100000000000000070000002800000068F530039B1E310301000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000C7060000000000000100000001000000
"C:\Users\PAVILION\Desktop\Tor Browser\Browser\firefox.exe"=0x534143500100000000000000070000002800000000FE15007821160001000000000000000000030600210000B395E7CF049FCE0100000000000000000200000028000000000000000000000000000000000000000000000000000000514FFF00000000000400000004000000
"C:\Users\PAVILION\AppData\Local\Discord\app-0.0.304\Discord.exe"=0x5341435001000000000000000700000028000000585DDF04C840E00401000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000050050000000000000700000007000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F00F1A0095C41A0001000000000000000000030600210000B395E7CF049FCE010000000100000000
"C:\Users\PAVILION\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe"=0x5341435001000000000000000700000028000000188CCC03EE98CC0301000000000000000000030600210000975FD891C99ECE01000000000000000002000000280000000000000000000040000000000000000000000000000000000E440000000000000100000001000000
"C:\Users\PAVILION\Downloads\Programs\QuickDiag.exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000030600210000975FD891C99ECE010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"MouseSpeed"=#USR:Control Panel\Mouse   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"CoolSwitch"=USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"ScreenSaverActive"=USR:Control Panel\Desktop   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=130216565553372332
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"DisableAntiSpyware"=1
"ProductType"=2
"ProductStatus"=0
"InstallTime"=0x0E0E3F1F67A7D401
"DisableAntiVirus"=1
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1


[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)

[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] : vSockets DGRAM
[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : vSockets STREAM
[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011] : vSockets DGRAM
[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : vSockets STREAM
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] : vSockets DGRAM
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : vSockets STREAM
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011] : vSockets DGRAM
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : vSockets STREAM

---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.16.238] avec 32 octets de donn?es?:
R?ponse de 172.217.16.238?: octets=32 temps=153 ms TTL=52
R?ponse de 172.217.16.238?: octets=32 temps=153 ms TTL=52
R?ponse de 172.217.16.238?: octets=32 temps=148 ms TTL=52
R?ponse de 172.217.16.238?: octets=32 temps=156 ms TTL=52

Statistiques Ping pour 172.217.16.238:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 148ms, Maximum = 156ms, Moyenne = 152ms

---------- | @

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"ImageStoreRandomFolder"=mppp342
"OperationalData"=13
"CompatibilityFlags"=0
"SearchBandRestoreBarCount"=0
"SearchBandMigrationVersion"=1
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF24000000240000000C0400007C020000
"Start Page Redirect Cache_TIMESTAMP"=0xA19AD4C6C4CED401
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xE8490DD0C4CED401
"Start Page_TIMESTAMP"=0xD4E45B8C3BBAD401
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"Start Page Redirect Cache"=http://www.msn.com/fr-ca/?ocid=iehp
"Start Page Redirect Cache AcceptLangs"=fr-FR,fr;q=0.8,en-GB;q=0.5,en;q=0.3

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"IE5_UA_Backup_Flag"=5.0
"ZonesSecurityUpgrade"=0xBEFE698568A7D401
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"DoNotTrack"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"EnablePunycode"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\			IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D} --  C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll   [27/12/2018 17:55:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:37:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:37:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:37:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [20/11/2014 19:43:08]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:38:12]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:38:12]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL   [01/10/2012 19:38:12]

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   
"ShowDiscussionButton"=Yes   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"=0x67C200C5BF631F4587974D720C9A2ED9   
"ITBar7Layout"=0x13000000000000000000000020000000100001003300000001000000000700005E01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Layout64"=0x13000000000000000000000004000000100001000000000001000000000000005E01000006000000410100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000067C200C5BF631F4587974D720C9A2ED90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=28   

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"DefaultPackCorrection"=1   
"DefaultPackNTCorrection"=1   
"KnownProvidersUpgradeTime"=0x9466BA12E2CDD401   
"DownloadRetries"=3   
"Version"=4   
"UpgradeTime"=0x7A7437C7C4CED401   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"=   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{C500C267-63BF-451F-8797-4D720C9A2ED9}"=   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer Ã  OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liÃ©es OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer Ã  OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liÃ©es OneNote) -       []

---------- | SearchScopes

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [27/12/2018 17:55:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll  [08/01/2019 17:08:11]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [27/12/2018 17:55:06]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL  [01/10/2012 19:38:12]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC1E29BB-F56A-45D8-B023-D3EF710FA0E0}] -> (Kaspersky Protection) : C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\IEExt\ie_plugin.dll  [08/01/2019 17:08:11]

---------- | Chrome

C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\amkpcclbbgegoafihnpgomddadjhcadd =  :     __MSG_ExtensionDescription__ -     __MSG_ExtensionName__ - permissions:[nativeMessagingmanagementcookieswebRequest\u003Call_urls>webRequestBlockingstorage] - https://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/ - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\ngpampappnmepgilojfohadhhmbhlaek =  :     Download files with Internet Download Manager -     IDM Integration Module - permissions:[\u003Call_urls>tabscookiescontextMenuswebNavigationwebRequestwebRequestBlockingdownloadsdownloads.shelfmanagementstorageproxynativeMessaging] - https://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\PAVILION\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd]
[HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\amkpcclbbgegoafihnpgomddadjhcadd]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\mozilla\Firefox\Extensions]
"mozilla_cc3@internetdownloadmanager.com"=C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
[HKLM\Software\mozilla\Firefox\Extensions]
"light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\FFExt\light_plugin_firefox\addon.xpi
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Users\PAVILION\AppData\Roaming\Mozilla\Firefox\Profiles\y2az91gx.default\Prefs.js

user_pref("app.normandy.startupRolloutPrefs.extensions.fxmonitor.enabled", true);
user_pref("browser.startup.homepage", "https://instantpanel.net/");
user_pref("browser.startup.homepage_override.buildID", "20190211233335");
user_pref("browser.startup.homepage_override.mstone", "65.0.1");
user_pref("e10s.rollout.cohort", "webextensions-multiBucket4");
user_pref("extensions.blocklist.lastModified", "Wed, 27 Feb 2019 06:47:03 GMT");
user_pref("extensions.blocklist.pingCountTotal", 47);
user_pref("extensions.blocklist.pingCountVersion", 13);
user_pref("extensions.databaseSchema", 28);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", false);
user_pref("extensions.getAddons.cache.lastUpdate", 1551351846);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.lastAppBuildId", "20190211233335");
user_pref("extensions.lastAppVersion", "65.0.1");
user_pref("extensions.lastPlatformVersion", "65.0.1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pocket.settings.test.panelSignUp", "control");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{7079a924-6151-4be7-840a-fed6bfeff0c1}\",\"addons\":{\"fxmonitor@mozilla.org\":{\"version\":\"2.8\"}}}");
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.uuids", "{\"light_plugin_F88CEF8523DE460F9FA1D6E48BF8D340@kaspersky.com\":\"435ca3f1-8190-4056-9e5d-564dd4fa088c\",\"mozilla_cc3@internetdownloadmanager.com\":\"57de2e24-9fbd-4334-bd94-431c0399d76c\",\"screenshots@mozilla.org\":\"1d2779b9-a5f1-40f6-96d0-eeaafa96cf4d\",\"webcompat@mozilla.org\":\"b3f0b4b2-53e9-4722-95a5-1e2c5f0e78bd\",\"formautofill@mozilla.org\":\"b335c138-6535-4676-b176-9ad500edb217\",\"webcompat-reporter@mozilla.org\":\"1ad682ea-3242-454f-8167-76b72164dd99\",\"fxmonitor@mozilla.org\":\"c8c1fedf-f279-408e-b62c-500937b47937\"}");


[Profile0] - Name=default -> Profiles/y2az91gx.default

---------- | DNS

[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{083E4D95-FC4D-4394-A684-F3C581BE0F73}]
"DhcpNameServer"=10.15.162.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{083E4D95-FC4D-4394-A684-F3C581BE0F73}]
"NameServer"=10.14.154.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{A94C704E-E186-4546-B86F-E1502BA3B049}]
"DhcpNameServer"=192.168.43.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{083E4D95-FC4D-4394-A684-F3C581BE0F73}]
"DhcpNameServer"=10.15.162.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{083E4D95-FC4D-4394-A684-F3C581BE0F73}]
"NameServer"=10.14.154.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{A94C704E-E186-4546-B86F-E1502BA3B049}]
"DhcpNameServer"=192.168.43.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\vmware.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -t "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vmplayer.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmplayer.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vmware.exe] : "C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe" -t "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"regsvc"=RemoteRegistry
"PeerDist"=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Adobe]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\AppDataLow]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\AV Soft]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Chromium]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Clients]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\DataProtector]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Discord]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\DownloadManager]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\DuoDianApp]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\FXHOME]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Google]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Gyazo]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\IM Providers]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Intel]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\JavaSoft]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\JetBrains]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\KasperskyLab]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\ManyCam]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Mine]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Mozilla]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Netscape]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\nwjs]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\ODBC]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Oracle]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Piriform]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Policies]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Python]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\QtProject]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Realtek]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Synaptics]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\sysinternals]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\TeamViewer]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Visicom Media]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\VMware, Inc.]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\WinRAR]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Wow6432Node]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\BorisFX]
[HKLM\Software\Clients]
[HKLM\Software\FXHOME]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\KasperskyLab]
[HKLM\Software\Khronos]
[HKLM\Software\Lenovo]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\Oracle]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\TAP-Windows]
[HKLM\Software\VMware, Inc.]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Help]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AirVPN]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AV Soft]
[HKLM\Software\WOW6432Node\Avnex]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Internet Download Manager]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\PowerPivot]
[HKLM\Software\WOW6432Node\Python]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\ThinPrint]
[HKLM\Software\WOW6432Node\TVInstallTemp]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Visicom Media]
[HKLM\Software\WOW6432Node\VMware, Inc.]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


D:


---------- | C:

[22/08/2013 15:36:31] - |SHD| - [931] - C:\$Recycle.Bin
[MD5.0B17239B2E03F5AEA96929003CA22337] - [22/08/2013 15:44:03] - |RASH| - (.-.) - [404250] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 15:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[22/08/2013 14:45:52] - |SHD| - [0] - C:\Documents and Settings
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/01/2019 15:34:15] - |ASH| - (.-.) - [13688774656] - (0.0.0.0) - C:\hiberfil.sys
[08/01/2019 15:46:24] - |D| - [88188] - C:\Intel
[08/01/2019 16:12:48] - |RHD| - [846075976] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/01/2019 15:30:02] - |ASH| - (.-.) - [17179869184] - (0.0.0.0) - C:\pagefile.sys
[22/08/2013 15:36:30] - |D| - [0] - C:\PerfLogs
[22/08/2013 13:36:15] - |RD| - [4101086954] - C:\Program Files
[22/08/2013 13:36:15] - |RD| - [3809385309] - C:\Program Files (x86)
[22/08/2013 13:36:15] - |HD| - [2277047934] - C:\ProgramData
[28/02/2019 14:56:08] - |D| - [68684] - C:\QuickDiag
[MD5.FCDF242686DCD22574ABF1AA563BA48F] - [28/02/2019 14:56:28] - |A| - (.-.) - [152336] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/01/2019 15:30:02] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[08/01/2019 15:29:58] - |SHD| - [0] - C:\System Volume Information
[22/08/2013 13:36:15] - |RD| - [103732218367] - C:\Users
[22/08/2013 13:36:15] - |D| - [19689266594] - C:\Windows

---------- | C:\Windows

[22/08/2013 15:36:30] - |D| - [802] - C:\Windows\addins
[22/08/2013 15:36:31] - |D| - [1175552] - C:\Windows\ADFS
[22/08/2013 15:36:30] - |D| - [35430660] - C:\Windows\AppCompat
[22/08/2013 15:36:31] - |D| - [12307764] - C:\Windows\apppatch
[22/08/2013 15:36:30] - |D| - [0] - C:\Windows\AppReadiness
[22/08/2013 15:36:30] - |RD| - [561595634] - C:\Windows\assembly
[MD5.FA78F9739F8F0239A539A06B10D354C7] - [22/08/2013 11:21:53] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [56832] - (6.3.9600.16384) - C:\Windows\bfsvc.exe
[20/11/2014 19:09:20] - |SHD| - [586747] - C:\Windows\BitLockerDiscoveryVolumeContents
[22/08/2013 15:36:31] - |D| - [36958773] - C:\Windows\Boot
[MD5.1E7D60EBE13C490C69073964A5A3E4A6] - [22/08/2013 14:46:23] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[22/08/2013 15:36:31] - |D| - [2298936] - C:\Windows\Branding
[22/08/2013 15:36:30] - |D| - [7214468] - C:\Windows\Camera
[22/08/2013 15:20:01] - |D| - [0] - C:\Windows\CbsTemp
[08/01/2019 15:40:34] - |D| - [0] - C:\Windows\CSC
[22/08/2013 15:36:30] - |D| - [4503720] - C:\Windows\Cursors
[22/08/2013 15:36:31] - |D| - [4142] - C:\Windows\debug
[22/08/2013 15:36:30] - |RD| - [24214] - C:\Windows\DesktopTileResources
[22/08/2013 15:36:30] - |D| - [3766720] - C:\Windows\diagnostics
[22/08/2013 15:43:29] - |D| - [0] - C:\Windows\DigitalLocker
[22/08/2013 15:36:31] - |SD| - [65] - C:\Windows\Downloaded Program Files
[MD5.927A999E2433DA64FFBE3CA9A9A98A67] - [12/01/2019 22:07:01] - |A| - (.-.) - [4696] - (0.0.0.0) - C:\Windows\DPINST.LOG
[MD5.D5075ADEF4C947E6582E69EC31CBFE41] - [22/08/2013 15:37:25] - |A| - (.-.) - [2988] - (0.0.0.0) - C:\Windows\DtcInstall.log
[22/08/2013 15:36:31] - |HD| - [29208] - C:\Windows\ELAMBKUP
[01/02/2019 15:44:11] - |D| - [49664] - C:\Windows\en-GB
[22/08/2013 15:43:29] - |D| - [48128] - C:\Windows\en-US
[MD5.ED6B4C95E2A6D67480B9DBB8A8E7D9B4] - [28/12/2016 18:05:34] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [2755504] - (6.3.9600.18460) - C:\Windows\explorer.exe
[22/08/2013 15:36:30] - |D| - [14523009] - C:\Windows\FileManager
[22/08/2013 13:36:15] - |RSD| - [528732953] - C:\Windows\Fonts
[20/11/2014 18:46:17] - |D| - [111616] - C:\Windows\fr-FR
[22/08/2013 15:36:30] - |D| - [93333007] - C:\Windows\Globalization
[MD5.A7E01266BF3B766C425CAE88323BBF0A] - [08/01/2019 17:46:49] - |A| - (.-.) - [30] - (0.0.0.0) - C:\Windows\grwin.ini
[22/08/2013 15:36:31] - |D| - [3066119] - C:\Windows\Help
[MD5.95DBA7370490F85BD8A48B913A3D8541] - [10/01/2019 00:02:40] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [1001984] - (6.3.9600.18722) - C:\Windows\HelpPane.exe
[MD5.B934411DFE7DEACFA95A1255A48133C9] - [20/11/2014 19:43:17] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [17408] - (6.3.9600.17415) - C:\Windows\hh.exe
[22/08/2013 15:36:30] - |D| - [152846228] - C:\Windows\IME
[22/08/2013 15:36:31] - |RD| - [7295444] - C:\Windows\ImmersiveControlPanel
[22/08/2013 13:36:15] - |D| - [62575315] - C:\Windows\Inf
[22/08/2013 15:36:31] - |D| - [119175822] - C:\Windows\InputMethod
[22/08/2013 15:36:31] - |SHD| - [1471830097] - C:\Windows\Installer
[22/08/2013 15:36:31] - |D| - [61417] - C:\Windows\L2Schemas
[22/08/2013 15:36:31] - |D| - [0] - C:\Windows\LiveKernelReports
[22/08/2013 13:36:15] - |D| - [34362544] - C:\Windows\Logs
[22/08/2013 15:36:30] - |RSD| - [19944453] - C:\Windows\Media
[22/08/2013 15:36:31] - |D| - [18917376] - C:\Windows\MediaViewer
[MD5.514A6AA5ACCDC4ACA2C6DE9955F873F3] - [04/02/2019 17:43:10] - |A| - (.-.) - [2205135686] - (0.0.0.0) - C:\Windows\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [22/08/2013 07:01:23] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[22/08/2013 15:36:30] - |D| - [621086927] - C:\Windows\Microsoft.NET
[10/01/2019 00:49:19] - |D| - [1263] - C:\Windows\Migration
[09/01/2019 23:41:28] - |D| - [303248] - C:\Windows\Minidump
[22/08/2013 15:36:31] - |D| - [0] - C:\Windows\ModemLogs
[MD5.FC2EA5BD5307D2CFA5AAA38E0C0DDCE9] - [28/12/2016 17:43:04] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [221184] - (6.3.9600.17930) - C:\Windows\notepad.exe
[22/08/2013 15:36:30] - |RD| - [65] - C:\Windows\Offline Web Pages
[08/01/2019 15:29:27] - |D| - [2073265] - C:\Windows\Panther
[08/01/2019 16:14:02] - |D| - [0] - C:\Windows\PCHEALTH
[22/08/2013 15:36:30] - |D| - [44985368] - C:\Windows\Performance
[MD5.84D4CBA19DFD2B6566EBFFFA808394F8] - [20/11/2014 10:17:27] - |A| - (.-.) - [47910] - (0.0.0.0) - C:\Windows\PFRO.log
[22/08/2013 15:36:30] - |D| - [1283899] - C:\Windows\PLA
[22/08/2013 15:36:30] - |D| - [8445300] - C:\Windows\PolicyDefinitions
[08/01/2019 15:30:23] - |D| - [33744247] - C:\Windows\Prefetch
[MD5.ACBB258BD003F4986AFD0197C5F018B6] - [20/11/2014 19:09:35] - |A| - (.-.) - [36235] - (0.0.0.0) - C:\Windows\Professional.xml
[MD5.B1AE730D49678C10B7FCFFD16B6A6507] - [23/12/2018 22:21:28] - |A| - (.Copyright Â© 2001-2016 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC. - Python.) - [908304] - (3.7.2150.1013) - C:\Windows\py.exe
[MD5.8921A23B8E48F91FDB1065B8FE73B09B] - [23/12/2018 22:23:10] - |A| - (.Copyright Â© 2001-2016 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC. - Python.) - [60944] - (3.7.2150.1013) - C:\Windows\pyshellext.amd64.dll
[MD5.2428B61FCDEDCFD85422FCF31C7ACEC3] - [23/12/2018 22:21:28] - |A| - (.Copyright Â© 2001-2016 Python Software Foundation. Copyright Â© 2000 BeOpen.com. Copyright Â© 1995-2001 CNRI. Copyright Â© 1991-1995 SMC. - Python.) - [908816] - (3.7.2150.1013) - C:\Windows\pyw.exe
[MD5.B67DB709F5FDAA89CA6C2CB6C1E39B3B] - [20/11/2014 19:43:03] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [154624] - (6.3.9600.17415) - C:\Windows\regedit.exe
[22/08/2013 15:36:30] - |D| - [1071164] - C:\Windows\Registration
[22/08/2013 15:36:30] - |D| - [2881776] - C:\Windows\rescache
[22/08/2013 15:36:31] - |D| - [2830767] - C:\Windows\Resources
[22/08/2013 15:36:31] - |D| - [0] - C:\Windows\SchCache
[22/08/2013 15:36:30] - |D| - [118561] - C:\Windows\schemas
[22/08/2013 15:36:31] - |D| - [1084512] - C:\Windows\security
[22/08/2013 14:45:15] - |D| - [52420418] - C:\Windows\ServiceProfiles
[22/08/2013 13:36:15] - |D| - [154343939] - C:\Windows\servicing
[22/08/2013 14:45:23] - |D| - [42] - C:\Windows\Setup
[MD5.F8B8C314D59B0CE7BF3415B4097D1C2A] - [01/02/2019 13:41:21] - |A| - (.-.) - [2436] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/02/2019 13:41:21] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[08/01/2019 16:13:09] - |D| - [66140] - C:\Windows\SHELLNEW
[20/11/2014 19:09:20] - |D| - [31373168] - C:\Windows\SKB
[08/01/2019 15:39:18] - |D| - [208681453] - C:\Windows\SoftwareDistribution
[22/08/2013 15:36:30] - |D| - [214296265] - C:\Windows\Speech
[MD5.7826082B93262AB6460E77B91C61EA30] - [28/12/2016 17:27:29] - |A| - (.Â© Microsoft Corporation. - Print driver host for applications.) - [128512] - (6.3.9600.17480) - C:\Windows\splwow64.exe
[MD5.A77E65831A152C8FCA5B822749E2624D] - [22/08/2013 15:19:59] - |A| - (.-.) - [35891] - (0.0.0.0) - C:\Windows\Starter.xml
[MD5.CA5764B8249E652E2F4E067BA320466E] - [08/01/2019 15:49:26] - |A| - (.-.) - [565] - (0.0.0.0) - C:\Windows\Synaptics.log
[MD5.451B8B0CE9A9057BD6B1814C6D7A49D2] - [08/01/2019 15:49:26] - |A| - (.-.) - [1130] - (0.0.0.0) - C:\Windows\Synaptics.PD.log
[22/08/2013 15:36:30] - |D| - [31039] - C:\Windows\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 13:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[22/08/2013 13:36:16] - |RD| - [4341764593] - C:\Windows\System32
[22/08/2013 15:36:30] - |D| - [9398840] - C:\Windows\SystemResources
[22/08/2013 13:36:16] - |D| - [1368718786] - C:\Windows\SysWOW64
[22/08/2013 15:36:31] - |D| - [0] - C:\Windows\TAPI
[22/08/2013 15:36:30] - |D| - [6] - C:\Windows\Tasks
[22/08/2013 13:36:16] - |D| - [57034217] - C:\Windows\Temp
[22/08/2013 15:36:30] - |RD| - [22151] - C:\Windows\ToastData
[22/08/2013 15:36:31] - |D| - [0] - C:\Windows\tracing
[22/08/2013 15:36:31] - |D| - [275672] - C:\Windows\twain_32
[MD5.727B4519FE9919447108CBEC4768F34A] - [20/11/2014 19:44:18] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [54272] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.DC3314175ED9757DA0104EF013922BDE] - [22/08/2013 14:46:17] - |A| - (.-.) - [5446] - (0.0.0.0) - C:\Windows\vmgcoinstall.log
[22/08/2013 15:36:30] - |D| - [15612486] - C:\Windows\vpnplugins
[22/08/2013 15:36:30] - |D| - [12420] - C:\Windows\Vss
[22/08/2013 15:36:31] - |D| - [8817972] - C:\Windows\Web
[MD5.DAA6AAD525D12F8985695B882301336F] - [22/08/2013 13:25:43] - |A| - (.-.) - [167] - (0.0.0.0) - C:\Windows\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [22/08/2013 06:53:50] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.009DD16B2E6563CA74302CEE6B5F10D1] - [08/01/2019 15:39:18] - |A| - (.-.) - [1159464] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.335C38783B3F1B383ECAC17DB3705895] - [20/11/2014 19:42:37] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [9728] - (6.3.9600.17415) - C:\Windows\winhlp32.exe
[22/08/2013 15:36:31] - |D| - [1824826] - C:\Windows\WinStore
[22/08/2013 13:36:16] - |D| - [7098740938] - C:\Windows\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [22/08/2013 06:52:18] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.73E19BE0E0ECD88616B5762F621B0226] - [20/11/2014 19:43:32] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [11264] - (6.3.9600.17415) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy

[MD5.EC3584F3DB838942EC3669DB02DC908E] - [01/02/2019 11:29:05] - |A| - (.-.) - [11] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[01/02/2019 11:29:05] - |D| - [0] - C:\Windows\System32\GroupPolicy\Machine
[01/02/2019 11:29:05] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[08/01/2019 17:52:50] - C:\Windows\Installer\14f525e.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2019 10:55:58] - C:\Windows\Installer\2d8d71.msi : (Oracle VM VirtualBox 6.0.4 installation package - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2012 03:48:11] - C:\Windows\Installer\421f97.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2018 13:11:22] - C:\Windows\Installer\45c150.msi : (Kaspersky Internet Security - Kaspersky Lab)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2018 13:11:30] - C:\Windows\Installer\45c156.msi : (Kaspersky Secure Connection - Kaspersky Lab)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:23:18] - C:\Windows\Installer\fdd18e.msi : (Python 3.7.2 Core Interpreter (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:23:40] - C:\Windows\Installer\fdd193.msi : (Python 3.7.2 Development Libraries (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:23:54] - C:\Windows\Installer\fdd198.msi : (Python 3.7.2 Executables (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:24:16] - C:\Windows\Installer\fdd19d.msi : (Python 3.7.2 Standard Library (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:25:28] - C:\Windows\Installer\fdd1a2.msi : (Python 3.7.2 Test Suite (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:23:50] - C:\Windows\Installer\fdd1a7.msi : (Python 3.7.2 Documentation (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:25:36] - C:\Windows\Installer\fdd1ac.msi : (Python 3.7.2 Utility Scripts (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:25:04] - C:\Windows\Installer\fdd1b1.msi : (Python 3.7.2 Tcl/Tk Support (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:23:14] - C:\Windows\Installer\fdd1b6.msi : (Python Launcher - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/12/2018 22:24:48] - C:\Windows\Installer\fdd1bb.msi : (Python 3.7.2 pip Bootstrap (32-bit) - Python Software Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/01/2019 23:20:41] - [18440192] - (.().-. - ()) - C:\Windows\Installer\310332.msp
[08/01/2019 23:22:41] - [17375232] - (.().-. - ()) - C:\Windows\Installer\36410d.msp
[08/01/2019 23:38:02] - [48541696] - (.().-. - ()) - C:\Windows\Installer\42209f.msp
[08/01/2019 23:38:12] - [4100096] - (.().-. - ()) - C:\Windows\Installer\4220b7.msp
[08/01/2019 23:39:07] - [48394240] - (.().-. - ()) - C:\Windows\Installer\4221b7.msp
[08/01/2019 15:39:29] - [53345280] - (.().-. - ()) - C:\Windows\Installer\4d75c.msp

---------- | %System%\*.in*

[22/08/2013 15:36:48] - [75] - C:\Windows\System32\desktop.ini
[28/12/2016 18:11:12] - [16303] - C:\Windows\System32\ieuinit.inf
[20/11/2014 19:28:14] - [1737218] - C:\Windows\System32\PerfStringBackup.INI
[22/08/2013 06:56:03] - [60124] - C:\Windows\System32\tcpmon.ini
[20/11/2014 19:29:24] - [2255] - C:\Windows\System32\WimBootCompress.ini
[28/12/2016 18:11:12] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[27/01/2019 18:51:48] - [1766386] - C:\Windows\Syswow64\PerfStringBackup.INI
[20/11/2014 19:29:39] - [2255] - C:\Windows\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.BE452D7BF880125D2832F99BFDBFD1AE] - |A| - [22/08/2013 06:57:05] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\pcamain.sdb
[MD5.7C989C78DAD405CCC18520B6BDB9761C] - |A| - [13/02/2019 11:43:40] - (.-.) - [423.43 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.B1A282901EBBBA8F8B715CC3C35067D1] - |A| - [12/02/2019 13:36:36] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc10D0.tmp
[MD5.843CB64AEC51E21ED48D89F8CBFDD911] - |ASH| - [12/02/2019 13:36:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc10D0.tmp.LOG1
[MD5.5FC3E8244C6512DF88AC5FD4216CDFD7] - |ASH| - [12/02/2019 13:36:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc10D0.tmp.LOG2
[MD5.7979ABA41D1A23BF8ED0A1583B5052B9] - |A| - [12/02/2019 13:35:31] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc123C.tmp
[MD5.6C5D03C937EAF69886821090AD0B86F2] - |ASH| - [12/02/2019 13:35:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc123C.tmp.LOG1
[MD5.7E3F19259CE3F9B25E5D8F62303ECB8E] - |ASH| - [12/02/2019 13:35:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc123C.tmp.LOG2
[MD5.F75870F3221F8323F48996987E7A72F6] - |A| - [12/02/2019 13:36:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1351.tmp
[MD5.162765E47C3425E1DAC963BC349433AA] - |ASH| - [12/02/2019 13:36:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1351.tmp.LOG1
[MD5.4FCCC89B1B15ED42A2BB2ADB6845CDE7] - |ASH| - [12/02/2019 13:36:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1351.tmp.LOG2
[MD5.6177CF3DDF44312DF34B0E3DA6609254] - |A| - [12/02/2019 13:36:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1566.tmp
[MD5.562C62F6E6383A19DDC24A74A61BA09F] - |ASH| - [12/02/2019 13:36:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1566.tmp.LOG1
[MD5.A85A33F60A1E9595BC117B9C54A2BAC1] - |ASH| - [12/02/2019 13:36:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1566.tmp.LOG2
[MD5.8B380C9CCC022FD2BCF58D939CACAA70] - |ASH| - [18/01/2019 00:21:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc15B9.tmp.LOG1
[MD5.100E0807FF6A2A8671606C18D0D62873] - |ASH| - [18/01/2019 00:21:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc15B9.tmp.LOG2
[MD5.FF8E1779739961A7F5A1C518B2BD474D] - |ASH| - [18/01/2019 00:21:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc17FC.tmp.LOG1
[MD5.C51A29B992DF179A0DCCA4F5486C3EBF] - |ASH| - [18/01/2019 00:21:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc17FC.tmp.LOG2
[MD5.2ED02C6DC3F14D0A0B7EC6F4654ADCEF] - |A| - [12/02/2019 13:36:38] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1835.tmp
[MD5.00ED21C2B7E22ACBE18B006D4E985D3C] - |ASH| - [12/02/2019 13:36:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1835.tmp.LOG1
[MD5.55841C4E365D0575911608734439F351] - |ASH| - [12/02/2019 13:36:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1835.tmp.LOG2
[MD5.F0A6F35642A3AFED9672EB2E4D367D8E] - |A| - [12/02/2019 13:36:38] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1A0B.tmp
[MD5.EC7C4455ACF8BFDDF7EF7169AA3AE94A] - |ASH| - [12/02/2019 13:36:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1A0B.tmp.LOG1
[MD5.E7137B6F6EFD4022EAF588627B462CB7] - |ASH| - [12/02/2019 13:36:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1A0B.tmp.LOG2
[MD5.927E2218477EA2D7C84B4CA95ECA44E6] - |ASH| - [18/01/2019 00:21:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1A7E.tmp.LOG1
[MD5.1AD9A408306C301DE59AB2C412CFC315] - |ASH| - [18/01/2019 00:21:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1A7E.tmp.LOG2
[MD5.3C25FB20BA8C09EF4F2AD97D778D7409] - |A| - [12/02/2019 13:35:33] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1B26.tmp
[MD5.CB777FFE2485D2FE18EADFE1D2954AA4] - |ASH| - [12/02/2019 13:35:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1B26.tmp.LOG1
[MD5.0CA444A61F79B33E5C8CF808A21E6388] - |ASH| - [12/02/2019 13:35:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1B26.tmp.LOG2
[MD5.F086B5C5364C7E3711FCC6264E513986] - |A| - [12/02/2019 13:36:39] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1C9C.tmp
[MD5.DD01167FE45D1C873A5B00F8FE78C626] - |ASH| - [12/02/2019 13:36:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1C9C.tmp.LOG1
[MD5.339A499B2C9318DF957B2FF6A69D0DFD] - |ASH| - [12/02/2019 13:36:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1C9C.tmp.LOG2
[MD5.6BFE8D20A1BBC03D81CBF77E2BE74F52] - |A| - [12/02/2019 13:35:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1D89.tmp
[MD5.55ABD70C554382830DFD348893379331] - |ASH| - [12/02/2019 13:35:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1D89.tmp.LOG1
[MD5.C853FD14DD091E05342244DADCAD8C94] - |ASH| - [12/02/2019 13:35:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1D89.tmp.LOG2
[MD5.4E75E78CD92DE4FA899F664794E53737] - |ASH| - [18/01/2019 00:21:23] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1DF9.tmp.LOG1
[MD5.F3D6601B29DC0717B886922A2CC67B2F] - |ASH| - [18/01/2019 00:21:23] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc1DF9.tmp.LOG2
[MD5.70A959DEEB20AE64F48C94F6663B9680] - |A| - [12/02/2019 13:36:40] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2028.tmp
[MD5.857C72A75B8F9070660300316BE99DA5] - |ASH| - [12/02/2019 13:36:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2028.tmp.LOG1
[MD5.88BAAACE5744B6AE0EA42523F9D4896A] - |ASH| - [12/02/2019 13:36:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2028.tmp.LOG2
[MD5.C711891F9F4DF5A4C99803F7C45B1B21] - |ASH| - [18/01/2019 00:21:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc204C.tmp.LOG1
[MD5.A30D505C88983F6EA19149F9DC4974E9] - |ASH| - [18/01/2019 00:21:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc204C.tmp.LOG2
[MD5.C7C974DBE166738B4C918A252683A364] - |A| - [12/02/2019 13:35:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2087.tmp
[MD5.0EDA313760A6E9F56767B33AB9F73C35] - |ASH| - [12/02/2019 13:35:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2087.tmp.LOG1
[MD5.AE81ADFB1CAA51064574ECF54EF4934E] - |ASH| - [12/02/2019 13:35:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2087.tmp.LOG2
[MD5.38B59DECD3C5C39294F0C3AD3665A920] - |A| - [12/02/2019 13:36:40] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc223C.tmp
[MD5.87A33CC0C4DBB58CE626698555935FBE] - |ASH| - [12/02/2019 13:36:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc223C.tmp.LOG1
[MD5.4F6DB077E938370128FD7A4BAB771323] - |ASH| - [12/02/2019 13:36:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc223C.tmp.LOG2
[MD5.B533109EFCF3423FF15C2771114B0628] - |A| - [12/02/2019 13:35:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc229C.tmp
[MD5.D0A7337C67FA514A83522DAAB33D27A7] - |ASH| - [12/02/2019 13:35:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc229C.tmp.LOG1
[MD5.A2446EE7FD54294A52795091AC17759F] - |ASH| - [12/02/2019 13:35:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc229C.tmp.LOG2
[MD5.1496AB801D491D70DA3E7785F5896C28] - |ASH| - [18/01/2019 00:21:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc229F.tmp.LOG1
[MD5.FA5CCBC5C993EC57FEA4DA55B13886D2] - |ASH| - [18/01/2019 00:21:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc229F.tmp.LOG2
[MD5.EB4582EAA36706DB5FCB05679BD67166] - |ASH| - [18/01/2019 00:21:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2494.tmp.LOG1
[MD5.19E3FBB1C06C1676F99968BD111BAD86] - |ASH| - [18/01/2019 00:21:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2494.tmp.LOG2
[MD5.AB4566264AB0F216035742C8443E9997] - |A| - [12/02/2019 13:36:41] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc24AE.tmp
[MD5.2B0D3035C9611891FAAE1BE70A10664A] - |ASH| - [12/02/2019 13:36:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc24AE.tmp.LOG1
[MD5.D662C58460684C8744233722BF52A00F] - |ASH| - [12/02/2019 13:36:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc24AE.tmp.LOG2
[MD5.925D2F751B6CD3BF687A244B7AF13E1C] - |A| - [12/02/2019 13:36:32] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc252.tmp
[MD5.65276FD87C397114EAE343EE238805DE] - |ASH| - [12/02/2019 13:36:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc252.tmp.LOG1
[MD5.BD469CAD3E6220C256F6A1348E735C63] - |ASH| - [12/02/2019 13:36:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc252.tmp.LOG2
[MD5.15EA18B6A0DA4E58A16699F564C49688] - |A| - [12/02/2019 13:36:42] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2730.tmp
[MD5.F3A777A36AD0AF9FAB8E35D4B9E18CE6] - |ASH| - [12/02/2019 13:36:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2730.tmp.LOG1
[MD5.1DE13B205DC888E7A8BE63E9E784DE64] - |ASH| - [12/02/2019 13:36:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2730.tmp.LOG2
[MD5.1EF7B7931BD1D2AFD578DCEA41B14AED] - |ASH| - [18/01/2019 00:21:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2744.tmp.LOG1
[MD5.FE3DD641BFAF4C9223E83E5A220CDB74] - |ASH| - [18/01/2019 00:21:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2744.tmp.LOG2
[MD5.0748B5E987FAAA0108C39DD92C46591F] - |ASH| - [18/01/2019 00:21:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2978.tmp.LOG1
[MD5.2B9B17D5F55563B4A2324F9A23B1CEEF] - |ASH| - [18/01/2019 00:21:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2978.tmp.LOG2
[MD5.4FA48C061661B378837473407D4DB534] - |A| - [12/02/2019 13:36:42] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2A0F.tmp
[MD5.20881DA95C9E77D0C8E6FB64582FEB54] - |ASH| - [12/02/2019 13:36:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2A0F.tmp.LOG1
[MD5.7050B901AA4E0A69F17877EFB28114EE] - |ASH| - [12/02/2019 13:36:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2A0F.tmp.LOG2
[MD5.DF3DB6D0FF2709B4EB7D29CEA731758D] - |ASH| - [18/01/2019 00:21:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2B7D.tmp.LOG1
[MD5.F87A7D0EE629DFE8B3B818396DA053CF] - |ASH| - [18/01/2019 00:21:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2B7D.tmp.LOG2
[MD5.9D4BE6DD21AD1EFC399564875972BAF8] - |A| - [12/02/2019 13:36:43] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2C91.tmp
[MD5.31A9B1622C1E0E1EBC03DB09B3263594] - |ASH| - [12/02/2019 13:36:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2C91.tmp.LOG1
[MD5.7B34440952952B32485D27E7C8EA0BFA] - |ASH| - [12/02/2019 13:36:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2C91.tmp.LOG2
[MD5.EEA39F8C03C06999395FD1E3020E40D7] - |ASH| - [18/01/2019 00:21:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2DEF.tmp.LOG1
[MD5.EFE8D8A86D710CC8944763907DD42192] - |ASH| - [18/01/2019 00:21:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2DEF.tmp.LOG2
[MD5.7D7FE4E3C38ABE01B2D817FA5AAB7C1B] - |A| - [12/02/2019 13:36:43] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2E86.tmp
[MD5.1EFE67D163D1864158D6FF26E44FC913] - |ASH| - [12/02/2019 13:36:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2E86.tmp.LOG1
[MD5.B6ABC6A711B561259D465171930DCDFB] - |ASH| - [12/02/2019 13:36:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc2E86.tmp.LOG2
[MD5.0BD9764F91AA0410BC611CDA71208B10] - |ASH| - [18/01/2019 00:21:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc30FD.tmp.LOG1
[MD5.8C4328992A279102799CCC1FE2371CC9] - |ASH| - [18/01/2019 00:21:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc30FD.tmp.LOG2
[MD5.0910CAB9E8D7B9B8770BC7945BE63192] - |A| - [12/02/2019 13:36:44] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc31D2.tmp
[MD5.64356A9D791AEDAFC991FB23C336D183] - |ASH| - [12/02/2019 13:36:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc31D2.tmp.LOG1
[MD5.659E3694D542FEF51CAC84A978B83B29] - |ASH| - [12/02/2019 13:36:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc31D2.tmp.LOG2
[MD5.13E079F1045B31B54D2FC0EE1EB45DFB] - |ASH| - [18/01/2019 00:21:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc32C3.tmp.LOG1
[MD5.BA4837EEC476E7BA9FCF378D73B7D0F7] - |ASH| - [18/01/2019 00:21:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc32C3.tmp.LOG2
[MD5.A9AB57E4D6679B5CB5D821023D235EBD] - |A| - [12/02/2019 13:36:45] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc33F6.tmp
[MD5.D2E775AB15994CDB6338A06DB7E46213] - |ASH| - [12/02/2019 13:36:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc33F6.tmp.LOG1
[MD5.8C448C384D44C6A61A7F51EA0A8DF910] - |ASH| - [12/02/2019 13:36:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc33F6.tmp.LOG2
[MD5.260AAFE78D95D661E75B39CAEA0D543A] - |ASH| - [18/01/2019 00:21:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3479.tmp.LOG1
[MD5.06EC2F5AF96F78B69FC22E19BA2F0DF7] - |ASH| - [18/01/2019 00:21:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3479.tmp.LOG2
[MD5.8BA6A6A7C8F04066FFBACACFC521D57F] - |A| - [12/02/2019 13:36:45] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3649.tmp
[MD5.296501B7C98B9C1239B28AEA8187904E] - |ASH| - [12/02/2019 13:36:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3649.tmp.LOG1
[MD5.DD5CFCC6FB2F5FAEE0E898C44023D214] - |ASH| - [12/02/2019 13:36:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3649.tmp.LOG2
[MD5.93FC1DC245F0C4A19A477D221EDC6A42] - |A| - [12/02/2019 13:34:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc36B4.tmp
[MD5.1375D4B7EC00DF31D3E838807B8EB7BC] - |ASH| - [12/02/2019 13:34:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc36B4.tmp.LOG1
[MD5.1CEA92BF5B0BFC8A99015444CB5EA68E] - |ASH| - [12/02/2019 13:34:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc36B4.tmp.LOG2
[MD5.08F177D4AC3F80A47F50FBF4159A4023] - |ASH| - [18/01/2019 00:21:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc372A.tmp.LOG1
[MD5.359EE63E66B074FF11235220A37937A3] - |ASH| - [18/01/2019 00:21:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc372A.tmp.LOG2
[MD5.343E8F1126B40685F4D8D652808968F0] - |A| - [12/02/2019 13:34:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3906.tmp
[MD5.5E750DF4737FE884ACA77747EABE38AA] - |ASH| - [12/02/2019 13:34:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3906.tmp.LOG1
[MD5.21EA49758EA07BBF0C3D5161357DD27D] - |ASH| - [12/02/2019 13:34:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3906.tmp.LOG2
[MD5.21A08BB9B0C1598663465A8C440EFCB5] - |A| - [12/02/2019 13:36:46] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3938.tmp
[MD5.89B1CCDC90F2ECE670B1A38BAE846687] - |ASH| - [12/02/2019 13:36:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3938.tmp.LOG1
[MD5.C921778BC880D78A655DE20213B2C68F] - |ASH| - [12/02/2019 13:36:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3938.tmp.LOG2
[MD5.63AFC578418655EEA7FB34275DC8C077] - |ASH| - [18/01/2019 00:21:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc39BB.tmp.LOG1
[MD5.3F316D7890B03AC7229AADDD1C1D95C2] - |ASH| - [18/01/2019 00:21:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc39BB.tmp.LOG2
[MD5.3ED822E6BF61FF55C45C2A4A47EEF817] - |A| - [12/02/2019 13:34:36] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B0B.tmp
[MD5.F959D764A3CF9BE90151F41E88A342FC] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B0B.tmp.LOG1
[MD5.91449E5115CBEED0A56E83780DF8F566] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B0B.tmp.LOG2
[MD5.7EE7FBA830368ACDE7EDC2ABC9C28456] - |A| - [12/02/2019 13:36:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B6B.tmp
[MD5.1934B82ADFA1E1AA1516F0D9E7412A75] - |ASH| - [12/02/2019 13:36:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B6B.tmp.LOG1
[MD5.66EB91CC535F86FB22CEB59D397A0868] - |ASH| - [12/02/2019 13:36:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3B6B.tmp.LOG2
[MD5.6AFCFF8FEF92100F1598655301755ADC] - |ASH| - [18/01/2019 00:21:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3BDF.tmp.LOG1
[MD5.600032C23EB45C6B1F360043EE3E4DD8] - |ASH| - [18/01/2019 00:21:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3BDF.tmp.LOG2
[MD5.E8BBE129A269DD25F01C4344486D6F91] - |A| - [12/02/2019 13:34:36] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3D8D.tmp
[MD5.E8BB96B598BF317059EBE4FF2D0E2391] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3D8D.tmp.LOG1
[MD5.4D748A8FECED08374497FEC95C8A6B19] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3D8D.tmp.LOG2
[MD5.F50B2ECB47DAD51091668C9714BA7CD7] - |A| - [12/02/2019 13:34:36] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DD8.tmp
[MD5.81F60EDAE7F3B44619210BAEFAA82BCF] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DD8.tmp.LOG1
[MD5.B18F25E814B33FFB2D98BBF8618172F1] - |ASH| - [12/02/2019 13:34:36] - (.-.) - [248 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DD8.tmp.LOG2
[MD5.D6DCABCD78DAD6E7F8150C858D32B709] - |A| - [12/02/2019 13:36:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DED.tmp
[MD5.751C23EB2D1F652192C370660E5FE82E] - |ASH| - [12/02/2019 13:36:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DED.tmp.LOG1
[MD5.33880ECA24D28570B36811F5FF46A79E] - |ASH| - [12/02/2019 13:36:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3DED.tmp.LOG2
[MD5.C16FFCFDBE98F80CEEE8FB47BE0201C3] - |A| - [12/02/2019 13:34:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F11.tmp
[MD5.FD84B8B8D266528238EEB577A05D48E0] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F11.tmp.LOG1
[MD5.43603489262CF6EF768EEE7296484EB8] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [308 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F11.tmp.LOG2
[MD5.ED07C2F3F64740A20C70A694B80CC7F4] - |ASH| - [18/01/2019 00:21:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F2C.tmp.LOG1
[MD5.FB3A8870D7607B347454A00648145729] - |ASH| - [18/01/2019 00:21:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F2C.tmp.LOG2
[MD5.BF8CBE2C75D7199CEDDA9D9E9D5A45FE] - |A| - [12/02/2019 13:34:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F62.tmp
[MD5.721E3DC5282551FD9BDF53C0492B819B] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F62.tmp.LOG1
[MD5.4DEF55CF7A9D26763CD1B6159AEF5B3E] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [44 Ko] - (0.0.0.0) - C:\Windows\Temp\amc3F62.tmp.LOG2
[MD5.DA2D10C7F9626BF943BE7917FF424A82] - |A| - [12/02/2019 13:36:48] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4040.tmp
[MD5.054B2BE3274002070F31423F70917C76] - |ASH| - [12/02/2019 13:36:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4040.tmp.LOG1
[MD5.2DA488842C06601312A843BCC64E88C6] - |ASH| - [12/02/2019 13:36:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4040.tmp.LOG2
[MD5.D4F335177AF9A3A3CBF11950D70143BF] - |ASH| - [18/01/2019 00:21:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc41CD.tmp.LOG1
[MD5.F5809E7173487308007DBB91A7757EB9] - |ASH| - [18/01/2019 00:21:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc41CD.tmp.LOG2
[MD5.3790B9B3FFD6AE2C9D8A9C6A231BB516] - |A| - [12/02/2019 13:34:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4213.tmp
[MD5.A7323B2C582AC48F78D12C271C8D0CC7] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4213.tmp.LOG1
[MD5.E8112D6651A6EE3711C0DAA2AFBC1958] - |ASH| - [12/02/2019 13:34:37] - (.-.) - [20 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4213.tmp.LOG2
[MD5.ABEDAD3DDF05C0C96B00CCD1E9C48D27] - |A| - [12/02/2019 13:36:49] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4293.tmp
[MD5.D3F98620489ED1A962C120CBD00E3574] - |ASH| - [12/02/2019 13:36:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4293.tmp.LOG1
[MD5.F8B6FF128215489A4CA2FC6FF041D45E] - |ASH| - [12/02/2019 13:36:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4293.tmp.LOG2
[MD5.FB8BB2BCECEBDB4AAAE87A8D88B69FD3] - |ASH| - [18/01/2019 00:21:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc43F1.tmp.LOG1
[MD5.D2EEFCAACF674E822ADDFA7DD9862ED2] - |ASH| - [18/01/2019 00:21:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc43F1.tmp.LOG2
[MD5.B1F2D12AF128194DAD1BF57907B6D120] - |A| - [12/02/2019 13:36:33] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc447.tmp
[MD5.0B3F5ACBCA5B4A758959D80B49A8B8BB] - |ASH| - [12/02/2019 13:36:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc447.tmp.LOG1
[MD5.6DDA01D36A54F977A10D6118EFC3707D] - |ASH| - [12/02/2019 13:36:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc447.tmp.LOG2
[MD5.C6D54DC1FB09D21D6928EB383B84B5F5] - |A| - [12/02/2019 13:36:49] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc45C0.tmp
[MD5.FC0E2FF18964C84E958065B0878A7BC4] - |ASH| - [12/02/2019 13:36:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc45C0.tmp.LOG1
[MD5.68B2C85E891C82C7FEB15A761987F5DF] - |ASH| - [12/02/2019 13:36:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc45C0.tmp.LOG2
[MD5.865264EAA01BC2F9CC071AEB1649868D] - |ASH| - [18/01/2019 00:21:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4682.tmp.LOG1
[MD5.4C7C0862E281F6E12E3725E748C54961] - |ASH| - [18/01/2019 00:21:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4682.tmp.LOG2
[MD5.C4E75F3BB8FB31FF12D699EB09B15448] - |A| - [12/02/2019 13:36:50] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc47A5.tmp
[MD5.B06A893290F297A5E80EA9B86C4F6ED1] - |ASH| - [12/02/2019 13:36:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc47A5.tmp.LOG1
[MD5.0B92D44559E0D834933EAE07C9510B16] - |ASH| - [12/02/2019 13:36:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc47A5.tmp.LOG2
[MD5.B88010273AA5A30A735DA4AB19E4D6D9] - |A| - [12/02/2019 13:34:39] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4888.tmp
[MD5.2F4CC5641BB80EA693578D5B1481D0A4] - |ASH| - [12/02/2019 13:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4888.tmp.LOG1
[MD5.4C35D01EA92729B59D3E653B6961FD4E] - |ASH| - [12/02/2019 13:34:39] - (.-.) - [20 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4888.tmp.LOG2
[MD5.2C8158F7276A9889D7A10877F629BCA6] - |ASH| - [18/01/2019 00:21:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc48D5.tmp.LOG1
[MD5.991C4D31FA2EB11BE172994EF25381D3] - |ASH| - [18/01/2019 00:21:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc48D5.tmp.LOG2
[MD5.FE18E5E79477609F6B38F56146968D34] - |A| - [12/02/2019 13:34:39] - (.-.) - [768 Ko] - (0.0.0.0) - C:\Windows\Temp\amc49E1.tmp
[MD5.683AB0870CCBD44376AACAC4AA0BF073] - |ASH| - [12/02/2019 13:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc49E1.tmp.LOG1
[MD5.F49720091B8777EC4CBD79CA243502C1] - |ASH| - [12/02/2019 13:34:39] - (.-.) - [764 Ko] - (0.0.0.0) - C:\Windows\Temp\amc49E1.tmp.LOG2
[MD5.9EF675004E157A5254F00F35B874F9B2] - |A| - [12/02/2019 13:36:51] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4B6F.tmp
[MD5.7A542D99D7EDF0A2ABAD909530AF05E1] - |ASH| - [12/02/2019 13:36:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4B6F.tmp.LOG1
[MD5.30E815B032580BBFC9D8F94CA9E3E91E] - |ASH| - [12/02/2019 13:36:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4B6F.tmp.LOG2
[MD5.98A8F34614CAF97D61837E1FE263D9C0] - |ASH| - [18/01/2019 00:21:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4B85.tmp.LOG1
[MD5.39B2406BC45B4571C602239328ACC86B] - |ASH| - [18/01/2019 00:21:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4B85.tmp.LOG2
[MD5.3E7E4306C4DC03FD611976D76139D3BD] - |A| - [12/02/2019 13:36:32] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D.tmp
[MD5.9B9361ED97271CE900042985C6D9AC17] - |ASH| - [12/02/2019 13:36:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D.tmp.LOG1
[MD5.05ECF9F092DE559E2A6DA9180D6EFDB5] - |ASH| - [12/02/2019 13:36:32] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D.tmp.LOG2
[MD5.C86BB944E0CC60F89255840DFB6AF473] - |A| - [12/02/2019 13:36:51] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D55.tmp
[MD5.353CAEE20AC005139750C0427DF75FA8] - |ASH| - [12/02/2019 13:36:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D55.tmp.LOG1
[MD5.9B9B21E182A897039F62AB25040C2C2D] - |ASH| - [12/02/2019 13:36:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D55.tmp.LOG2
[MD5.322F7B0E572773E37C46FDE7E69D354E] - |ASH| - [18/01/2019 00:21:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D8A.tmp.LOG1
[MD5.7686B3B8FC81600AF7A57899524ACF75] - |ASH| - [18/01/2019 00:21:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4D8A.tmp.LOG2
[MD5.7792713D94831A7F322EF6D93655861B] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4F7F.tmp.LOG1
[MD5.C0E9F9C220ECF799845E14C31CBAE9F3] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4F7F.tmp.LOG2
[MD5.F5A4B41DA8715407560B4A1D8F169F00] - |A| - [12/02/2019 13:36:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4FA7.tmp
[MD5.D2F39BDDEB959B9EDCED8B69D25A0EC1] - |ASH| - [12/02/2019 13:36:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4FA7.tmp.LOG1
[MD5.DD725EBD62EFF7DF39EFB665F3329157] - |ASH| - [12/02/2019 13:36:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc4FA7.tmp.LOG2
[MD5.C86C556711BADC0A08EB1F2A10940B68] - |A| - [12/02/2019 13:34:41] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc50AA.tmp
[MD5.23D3E2A7F50061FBAD570418AE044C0C] - |ASH| - [12/02/2019 13:34:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc50AA.tmp.LOG1
[MD5.CB20123E464F7CA597D554615779D930] - |ASH| - [12/02/2019 13:34:41] - (.-.) - [208 Ko] - (0.0.0.0) - C:\Windows\Temp\amc50AA.tmp.LOG2
[MD5.B1F05D7EEA3839739CA478645FFA9447] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5126.tmp.LOG1
[MD5.281E41D5ECF2C686DE9D2AEA4B89C58A] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5126.tmp.LOG2
[MD5.18DA37546AC2996F0D0F70037E325CC1] - |A| - [12/02/2019 13:36:52] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc518D.tmp
[MD5.06443DDC20CB712CC5118D1454566315] - |ASH| - [12/02/2019 13:36:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc518D.tmp.LOG1
[MD5.92B336DD27180703B071CBD70394AD3C] - |ASH| - [12/02/2019 13:36:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc518D.tmp.LOG2
[MD5.5CEFDA1809B52C7AA3DE2A6C4B91E285] - |A| - [12/02/2019 13:35:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc51BB.tmp
[MD5.09CCFABD6E42B681D4B4DEC5029362A8] - |ASH| - [12/02/2019 13:35:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc51BB.tmp.LOG1
[MD5.C4942DC2A3C926BE2517E56F6DD58CC3] - |ASH| - [12/02/2019 13:35:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc51BB.tmp.LOG2
[MD5.A0627FD3DDD02B21CC3AF0EF41BC48F1] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc52BD.tmp.LOG1
[MD5.0179C4E24908B1642D9351B132F1C42A] - |ASH| - [18/01/2019 00:21:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc52BD.tmp.LOG2
[MD5.6B53B1A40190D0E507DB92DCA95CA68D] - |A| - [12/02/2019 13:34:42] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5329.tmp
[MD5.7D7C79F13FDC4D53970BD821BB36AA26] - |ASH| - [12/02/2019 13:34:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5329.tmp.LOG1
[MD5.A062C03C7B018C06AD8E08B843E56FF5] - |ASH| - [12/02/2019 13:34:42] - (.-.) - [436 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5329.tmp.LOG2
[MD5.414C8BADF7E09F2A2D8A8535F4A15564] - |A| - [12/02/2019 13:35:48] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53C0.tmp
[MD5.271B04902414973254577490C1596920] - |ASH| - [12/02/2019 13:35:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53C0.tmp.LOG1
[MD5.0B8F3ACE5D720C48A6BF57AE6EB88C7E] - |ASH| - [12/02/2019 13:35:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53C0.tmp.LOG2
[MD5.79F65476D9BA3A1355ABBB404B578415] - |A| - [12/02/2019 13:36:53] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53D0.tmp
[MD5.A1D6A122BB8034267A2F73CD77B915DD] - |ASH| - [12/02/2019 13:36:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53D0.tmp.LOG1
[MD5.3952E90DCCE3B952D1AFC508046C26E2] - |ASH| - [12/02/2019 13:36:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc53D0.tmp.LOG2
[MD5.84A70376B056823F7ECB3E2E389CAA7A] - |A| - [12/02/2019 13:34:42] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc54B1.tmp
[MD5.D2E62C5EF5491AA12C0635DCFACAAE6A] - |ASH| - [12/02/2019 13:34:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc54B1.tmp.LOG1
[MD5.5965A0F04B4C445C93988D5ABC202BB0] - |ASH| - [12/02/2019 13:34:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc54B1.tmp.LOG2
[MD5.3889C060E6D74772CDFDF49D71EA570B] - |ASH| - [18/01/2019 00:21:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc54E1.tmp.LOG1
[MD5.5D21D60F5B0B35EFC543F00CB665BB13] - |ASH| - [18/01/2019 00:21:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc54E1.tmp.LOG2
[MD5.A5567C1A06870F636305C595016B9DDD] - |A| - [12/02/2019 13:36:54] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc55F4.tmp
[MD5.936E6AD19D4E12B4D4AECB3EB165BC03] - |ASH| - [12/02/2019 13:36:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc55F4.tmp.LOG1
[MD5.328E137AF8ECF62AAFD1ABCF84E1799B] - |ASH| - [12/02/2019 13:36:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc55F4.tmp.LOG2
[MD5.69FA40CE54D39BB672B47C02157676B6] - |ASH| - [18/01/2019 00:21:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5762.tmp.LOG1
[MD5.CCE1D0D6168BC7E499390EFC70AFD36D] - |ASH| - [18/01/2019 00:21:38] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5762.tmp.LOG2
[MD5.AF5BFE0E06119262C962C41655D4FBD5] - |A| - [12/02/2019 13:36:54] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5885.tmp
[MD5.DE9B30FAFE0FA96813342E860C6E1DBE] - |ASH| - [12/02/2019 13:36:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5885.tmp.LOG1
[MD5.00325F2F9045D1FB39D97E4887F09585] - |ASH| - [12/02/2019 13:36:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5885.tmp.LOG2
[MD5.292C9564AD3718E2796FA989C995E14C] - |A| - [12/02/2019 13:34:44] - (.-.) - [768 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5B1B.tmp
[MD5.1ED8FFEE49760D49715B8FFFABF7135F] - |ASH| - [12/02/2019 13:34:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5B1B.tmp.LOG1
[MD5.F07C8EEDE5F9726A2050C8C22AC40A4F] - |ASH| - [12/02/2019 13:34:44] - (.-.) - [624 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5B1B.tmp.LOG2
[MD5.13911884415827C0A95B48E3461A9F0E] - |ASH| - [18/01/2019 00:21:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5B1C.tmp.LOG1
[MD5.429EC21795DD01F4AF1F702921454F2F] - |ASH| - [18/01/2019 00:21:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5B1C.tmp.LOG2
[MD5.E06EB8883267FB50923FD6FD2808E19F] - |A| - [12/02/2019 13:36:55] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5CBC.tmp
[MD5.8D98B8463DC076CCD0CFFC97E6F5C721] - |ASH| - [12/02/2019 13:36:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5CBC.tmp.LOG1
[MD5.2F9C6E11F83F3C1B2BAB95953CE29CFF] - |ASH| - [12/02/2019 13:36:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5CBC.tmp.LOG2
[MD5.BAC03B1CE065F073AD176B307855AAAD] - |ASH| - [18/01/2019 00:21:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5D7F.tmp.LOG1
[MD5.A3A1BEF24BB9B0EDF082354BB08DC5A8] - |ASH| - [18/01/2019 00:21:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5D7F.tmp.LOG2
[MD5.5C60FE62AFCA5EF95BF551F7D8EA284B] - |A| - [12/02/2019 13:34:45] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5DBA.tmp
[MD5.AE136644472A312A4DF0D87F40854DEA] - |ASH| - [12/02/2019 13:34:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5DBA.tmp.LOG1
[MD5.D9ACBE9703A9ECBC8FE5D1CB2E58967C] - |ASH| - [12/02/2019 13:34:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5DBA.tmp.LOG2
[MD5.54DD315715D99A5DDA0ADF9CF3A3D0E5] - |A| - [12/02/2019 13:36:56] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5E73.tmp
[MD5.3EB2339F5A3CAB8E25B117B000684A3E] - |ASH| - [12/02/2019 13:36:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5E73.tmp.LOG1
[MD5.CF2ED003500F808007AEB95EB0F9D89E] - |ASH| - [12/02/2019 13:36:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5E73.tmp.LOG2
[MD5.F15A968EE4863272E6AA63D75C5D14E8] - |A| - [12/02/2019 13:34:45] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5F51.tmp
[MD5.85B94127203A50965150E03CA677CCE2] - |ASH| - [12/02/2019 13:34:45] - (.-.) - [80 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5F51.tmp.LOG1
[MD5.5E7FAC08549839F87CF22CCFF10EF48A] - |ASH| - [12/02/2019 13:34:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5F51.tmp.LOG2
[MD5.D7392B355D35E009387AA4733B18DB0B] - |ASH| - [18/01/2019 00:21:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5F74.tmp.LOG1
[MD5.4D2A1D330AAB770265941E52A4F91D3C] - |ASH| - [18/01/2019 00:21:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc5F74.tmp.LOG2
[MD5.DD890166E136CDD50F38FB74F3AFE0CF] - |A| - [12/02/2019 13:36:57] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc620D.tmp
[MD5.94EBC1F095E485857A84CA4E60CA9E84] - |ASH| - [12/02/2019 13:36:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc620D.tmp.LOG1
[MD5.CA504D389ADC0E6D35793053573F1585] - |ASH| - [12/02/2019 13:36:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc620D.tmp.LOG2
[MD5.B003CECCCDBD583A778E459FAD85B00A] - |ASH| - [18/01/2019 00:21:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6292.tmp.LOG1
[MD5.8C6D4B614CA31928F3463196594218B4] - |ASH| - [18/01/2019 00:21:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6292.tmp.LOG2
[MD5.DCC9CD9CE68585082F1D29B10E6659BC] - |A| - [12/02/2019 13:36:33] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc63C.tmp
[MD5.718BF265EA60CF177F3C710FED225EE9] - |ASH| - [12/02/2019 13:36:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc63C.tmp.LOG1
[MD5.9AA7D00185365E51C87CF412ACF8842C] - |ASH| - [12/02/2019 13:36:33] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc63C.tmp.LOG2
[MD5.4385824F40BE032B652550D62C4C7EE0] - |ASH| - [18/01/2019 00:21:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6504.tmp.LOG1
[MD5.449A547FFEB2DF8E133EAC170DF4C380] - |ASH| - [18/01/2019 00:21:41] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6504.tmp.LOG2
[MD5.D40366A0EE00F1A38783002D0F689F25] - |A| - [12/02/2019 13:36:58] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc654B.tmp
[MD5.6BD4496889FE7089AFCC1D2A0E2E3DE7] - |ASH| - [12/02/2019 13:36:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc654B.tmp.LOG1
[MD5.21F7C1F47F5FE24193E2A3A6713D9D92] - |ASH| - [12/02/2019 13:36:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc654B.tmp.LOG2
[MD5.26142B4B2A5590E85178F43EB9B0EEB8] - |ASH| - [18/01/2019 00:23:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc65A1.tmp.LOG1
[MD5.74E98BBA6CD34B3CAB06527E722304BC] - |ASH| - [18/01/2019 00:23:52] - (.-.) - [20 Ko] - (0.0.0.0) - C:\Windows\Temp\amc65A1.tmp.LOG2
[MD5.6A9C8DD8A30C26CF8FC9AB9FCE1AC117] - |A| - [12/02/2019 13:34:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc65F9.tmp
[MD5.A20E6D0B35A5C01111B69F326358461A] - |ASH| - [12/02/2019 13:34:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc65F9.tmp.LOG1
[MD5.F7AD25486EEA064C4B7F5BA06DDFAD50] - |ASH| - [12/02/2019 13:34:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc65F9.tmp.LOG2
[MD5.13937C22B9D375DF6232BE040C80A82A] - |ASH| - [18/01/2019 00:21:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6708.tmp.LOG1
[MD5.A0EAD0C6291E2EC897A388E7AA23A1BA] - |ASH| - [18/01/2019 00:21:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6708.tmp.LOG2
[MD5.50A7335F846CBDCE1A3ACA868694608A] - |A| - [12/02/2019 13:36:58] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc67CC.tmp
[MD5.47742DD503237819ED1506A6E75E1A85] - |ASH| - [12/02/2019 13:36:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc67CC.tmp.LOG1
[MD5.844FAA35F5913C6B2E681A7B060D2666] - |ASH| - [12/02/2019 13:36:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc67CC.tmp.LOG2
[MD5.E5F993741BBBC0B376A79AE6637A853B] - |A| - [12/02/2019 13:34:47] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc68C8.tmp
[MD5.E554964ADC64E3A0760B188E2637D28B] - |ASH| - [12/02/2019 13:34:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc68C8.tmp.LOG1
[MD5.30ECACF6BAA44323858D3FDF40E5B856] - |ASH| - [12/02/2019 13:34:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc68C8.tmp.LOG2
[MD5.C76578505283BDB699998F99E19821C1] - |ASH| - [18/01/2019 00:21:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc69A9.tmp.LOG1
[MD5.9A1368A07644F59BC0EE4EB062F6C36E] - |ASH| - [18/01/2019 00:21:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc69A9.tmp.LOG2
[MD5.BF67B7B6850CDE671391AAA88A07CB8F] - |A| - [12/02/2019 13:36:59] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6B29.tmp
[MD5.E03995A308B00D5306DC1859793569AD] - |ASH| - [12/02/2019 13:36:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6B29.tmp.LOG1
[MD5.0C95F52A90B0ADA85420276662DB5CC2] - |ASH| - [12/02/2019 13:36:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6B29.tmp.LOG2
[MD5.1DE15D63326AB6F8C8ED15B2F4A016AA] - |ASH| - [18/01/2019 00:21:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6BDD.tmp.LOG1
[MD5.FEEAB7FC13A05B128D8C9BDA57221DE1] - |ASH| - [18/01/2019 00:21:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6BDD.tmp.LOG2
[MD5.5A8A249173745CBC0AA349F536C58173] - |A| - [12/02/2019 13:36:59] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6CDF.tmp
[MD5.831BD87422346E92B7CCB197A9D30715] - |ASH| - [12/02/2019 13:36:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6CDF.tmp.LOG1
[MD5.C4ADEBD8789037A4C60E4A43C8285F35] - |ASH| - [12/02/2019 13:36:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6CDF.tmp.LOG2
[MD5.EFFC04F1D710700E1DAE4FD91C407C80] - |ASH| - [18/01/2019 00:23:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6D43.tmp.LOG1
[MD5.45A84AA3137A02DF4E00275215691590] - |ASH| - [18/01/2019 00:23:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6D43.tmp.LOG2
[MD5.EC1211A6733DD37F71145AC8B714FE91] - |ASH| - [18/01/2019 00:21:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6E6E.tmp.LOG1
[MD5.625746243353CB80CE9F635950D59DF4] - |ASH| - [18/01/2019 00:21:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6E6E.tmp.LOG2
[MD5.56456DDD72988A526E990561D19915A4] - |A| - [12/02/2019 13:37:00] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6EF3.tmp
[MD5.4A2549B614AE855530AAF109371BECF2] - |ASH| - [12/02/2019 13:37:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6EF3.tmp.LOG1
[MD5.084B891CAF80B82D86FE23994CC975D1] - |ASH| - [12/02/2019 13:37:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc6EF3.tmp.LOG2
[MD5.8420EEE2330F9CA897E00B906A9C56FB] - |A| - [12/02/2019 13:34:49] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc708A.tmp
[MD5.40CA23DEE354BD84826A09BB638D88CD] - |ASH| - [12/02/2019 13:34:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc708A.tmp.LOG1
[MD5.1B17BC92EEB805C7FB7A2E9076700A9A] - |ASH| - [12/02/2019 13:34:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc708A.tmp.LOG2
[MD5.D9C9F3AF3D7E0803DC1D342A662B9C15] - |A| - [12/02/2019 13:37:00] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc70D9.tmp
[MD5.1AEC0235BEAB36086062E6D67E3FDD87] - |ASH| - [12/02/2019 13:37:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc70D9.tmp.LOG1
[MD5.8C0E682547FDBE65E246417FA6E048CF] - |ASH| - [12/02/2019 13:37:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc70D9.tmp.LOG2
[MD5.363F24FA6B0848AC88338AEB69F73E68] - |ASH| - [18/01/2019 00:21:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc715D.tmp.LOG1
[MD5.FB2668363B31114C1EE9CF3DBC4C4458] - |ASH| - [18/01/2019 00:21:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc715D.tmp.LOG2
[MD5.C882CCA05DD903F946031FD1EB9136CB] - |A| - [12/02/2019 13:37:01] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc72FD.tmp
[MD5.9B468F7B2FBEEAB719528B7D7237B629] - |ASH| - [12/02/2019 13:37:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc72FD.tmp.LOG1
[MD5.65247DFF5BC173A6BD6243D437C758D5] - |ASH| - [12/02/2019 13:37:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc72FD.tmp.LOG2
[MD5.A42070F66D527EE2BC6D0C49A04C306C] - |A| - [12/02/2019 13:34:50] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7349.tmp
[MD5.E029CAA4C0CE7A305BF4A26AA54D8500] - |ASH| - [12/02/2019 13:34:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7349.tmp.LOG1
[MD5.4C355162BE6219374703B22E46C37B74] - |ASH| - [12/02/2019 13:34:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7349.tmp.LOG2
[MD5.F548827CE77922E15D546963DDFBBE6D] - |ASH| - [18/01/2019 00:21:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7371.tmp.LOG1
[MD5.ECCA5F441559BE6FFCBDCBF62ABC6594] - |ASH| - [18/01/2019 00:21:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7371.tmp.LOG2
[MD5.2664F35439B8EDE8619CEB648E5BE09F] - |A| - [12/02/2019 13:37:02] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc758E.tmp
[MD5.9930C74FA0200C1AF4BE72B6C4803E05] - |ASH| - [12/02/2019 13:37:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc758E.tmp.LOG1
[MD5.99BA04491A454DD25488FFBB0763A97A] - |ASH| - [12/02/2019 13:37:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc758E.tmp.LOG2
[MD5.565FBF6791E132994CFB2D8F09B03865] - |ASH| - [18/01/2019 00:21:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc776A.tmp.LOG1
[MD5.1F2722AAAFE3F2CCA14177BB5CCD3401] - |ASH| - [18/01/2019 00:21:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc776A.tmp.LOG2
[MD5.8A75C23E2CD741733DCC9312435D6B59] - |A| - [12/02/2019 13:34:51] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc782C.tmp
[MD5.ECE3E59BAF08B2704738540EB0891259] - |ASH| - [12/02/2019 13:34:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc782C.tmp.LOG1
[MD5.56DD13635B09A21D0888767C9B9D098A] - |ASH| - [12/02/2019 13:34:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc782C.tmp.LOG2
[MD5.8EED7BF8511DFFE494B0ADA006826DB5] - |A| - [12/02/2019 13:37:02] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc786D.tmp
[MD5.AA479B086CD873B3888A051B8590B499] - |ASH| - [12/02/2019 13:37:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc786D.tmp.LOG1
[MD5.B739239D70AFDE7B6EE554701C501079] - |ASH| - [12/02/2019 13:37:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc786D.tmp.LOG2
[MD5.A3030B761326E6798CF8684974CD5E22] - |ASH| - [18/01/2019 00:21:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc79BD.tmp.LOG1
[MD5.5B03A02E1D5F5D08BB1AEB0B452FBD7B] - |ASH| - [18/01/2019 00:21:46] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc79BD.tmp.LOG2
[MD5.C6E3A3E2AFA80FA3EE681BD402C6244A] - |ASH| - [18/01/2019 00:21:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7C00.tmp.LOG1
[MD5.A163A2522EAF7E6C7E0DE20B3A0B8161] - |ASH| - [18/01/2019 00:21:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7C00.tmp.LOG2
[MD5.29EF396C5E1F80CBA6033A73E8494EBD] - |ASH| - [18/01/2019 00:21:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7DD5.tmp.LOG1
[MD5.716A05CE9F0B3A623E2D2621A8FE6679] - |ASH| - [18/01/2019 00:21:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7DD5.tmp.LOG2
[MD5.03551DEE241817874893C89ABF6B0D4E] - |A| - [12/02/2019 13:34:53] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7E08.tmp
[MD5.A55DCF16589EEE17AC2D4BF41964002E] - |ASH| - [12/02/2019 13:34:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7E08.tmp.LOG1
[MD5.3495CFC53AF78DB06F28B6D0A2FE9061] - |ASH| - [12/02/2019 13:34:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7E08.tmp.LOG2
[MD5.111E91C54E489476C13263046437EFA7] - |ASH| - [18/01/2019 00:21:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7FCA.tmp.LOG1
[MD5.AA3BF57009AD2DFB06095BA4C514EC6E] - |ASH| - [18/01/2019 00:21:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc7FCA.tmp.LOG2
[MD5.66B7F2CF2F46B9FE6C09E2316EDBC8AE] - |A| - [12/02/2019 13:34:54] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc80C8.tmp
[MD5.2BDD7122639F2848CC524959F6A7D565] - |ASH| - [12/02/2019 13:34:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc80C8.tmp.LOG1
[MD5.A04875544D6436D4D1BA892EF21723C2] - |ASH| - [12/02/2019 13:34:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc80C8.tmp.LOG2
[MD5.F40663C3AF42DD08ADBD0B9643C3A9E5] - |ASH| - [18/01/2019 00:20:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8155.tmp.LOG1
[MD5.5B3F61E30CF8BCC03C329FE4BD411556] - |ASH| - [18/01/2019 00:20:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8155.tmp.LOG2
[MD5.BDFEF1D16CB712BF57603D20C88916AD] - |ASH| - [18/01/2019 00:21:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc81EE.tmp.LOG1
[MD5.028202FC6F872E7A60884436AF01F27B] - |ASH| - [18/01/2019 00:21:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc81EE.tmp.LOG2
[MD5.5FDD27BC8B7B3D63D413B80DFA37DAA7] - |A| - [12/02/2019 13:34:54] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc82BD.tmp
[MD5.007066F5624683EE624DA8BCE6D74640] - |ASH| - [12/02/2019 13:34:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc82BD.tmp.LOG1
[MD5.6AC4A1F438779CE97F403560F6E88BAE] - |ASH| - [12/02/2019 13:34:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc82BD.tmp.LOG2
[MD5.353C3FEC9DD92C930EE1AF359283F68D] - |ASH| - [18/01/2019 00:20:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc834A.tmp.LOG1
[MD5.E91252C249B7B6ED9C2EEF7F991A7BE5] - |ASH| - [18/01/2019 00:20:43] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc834A.tmp.LOG2
[MD5.71EACB305F3EB55B16371D83058DB485] - |A| - [12/02/2019 13:36:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc850.tmp
[MD5.8174D9F4ECFC012972A01E563FE9FAA1] - |ASH| - [12/02/2019 13:36:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc850.tmp.LOG1
[MD5.453FB05E52683FF7BB36C0202015887F] - |ASH| - [12/02/2019 13:36:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc850.tmp.LOG2
[MD5.37A80AE7E44E0F6F48BED3B963EFF25C] - |ASH| - [18/01/2019 00:20:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8510.tmp.LOG1
[MD5.1C2C272A7260823D6AFF3075C2F008E0] - |ASH| - [18/01/2019 00:20:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8510.tmp.LOG2
[MD5.721F29BD230E20BB134F6EE8F1DD16BF] - |ASH| - [18/01/2019 00:21:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc85B8.tmp.LOG1
[MD5.67930FC93190AAD1E0DD888FB4BB9A87] - |ASH| - [18/01/2019 00:21:49] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc85B8.tmp.LOG2
[MD5.6F47020E4B1A938E44A1DF5D0A7F5782] - |ASH| - [18/01/2019 00:20:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc86F6.tmp.LOG1
[MD5.2FC1E21116757287EFDC8AC56EE09862] - |ASH| - [18/01/2019 00:20:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc86F6.tmp.LOG2
[MD5.F69BD83B17420C5130DF302C006F1957] - |A| - [12/02/2019 13:37:06] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc87C0.tmp
[MD5.F159C9702B8CF6F6FC2726D6FA34FBCB] - |ASH| - [12/02/2019 13:37:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc87C0.tmp.LOG1
[MD5.011C5B1E4A9E708821E139AD1CB91CAF] - |ASH| - [12/02/2019 13:37:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc87C0.tmp.LOG2
[MD5.BE2A8863A9B78C98A47E21EAB6242F3B] - |ASH| - [18/01/2019 00:21:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc87EC.tmp.LOG1
[MD5.8A9C77A9A047D44616D2CEF909813816] - |ASH| - [18/01/2019 00:21:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc87EC.tmp.LOG2
[MD5.C98F7E417002FCD6E155B5A8CB3FC92A] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88B8.tmp.LOG1
[MD5.1AF0CE0F8A42CBE159113C02CB2C1894] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [236 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88B8.tmp.LOG2
[MD5.D5AD28E68929124984E9184F42333FF2] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88DB.tmp.LOG1
[MD5.0F6D875E63F160E5A7AA29E228F20FBF] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [44 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88DB.tmp.LOG2
[MD5.E0F57611A8313BA7599D6D970C5959C2] - |A| - [12/02/2019 13:34:56] - (.-.) - [1536 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88F6.tmp
[MD5.A4A1ADAA81428C3443433FC871D06F09] - |ASH| - [12/02/2019 13:34:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88F6.tmp.LOG1
[MD5.78A51221DABF6B8AE3AE128A9BBF343C] - |ASH| - [12/02/2019 13:34:56] - (.-.) - [1316 Ko] - (0.0.0.0) - C:\Windows\Temp\amc88F6.tmp.LOG2
[MD5.C7928068646AC6BABDCC30CD9285E4B4] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8994.tmp.LOG1
[MD5.71943AF08574E2BBB318429F3D5A1CAF] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [252 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8994.tmp.LOG2
[MD5.19A56CE82699761F3F81DEADB8F51649] - |A| - [12/02/2019 13:37:07] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8A42.tmp
[MD5.F4442A129B243C38250BD339FE03D1D9] - |ASH| - [12/02/2019 13:37:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8A42.tmp.LOG1
[MD5.BE74F9A2F9B6ED8846E58BFD97B3646F] - |ASH| - [12/02/2019 13:37:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8A42.tmp.LOG2
[MD5.6248648ABDDF720C0468F4881608ACBB] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8AD0.tmp.LOG1
[MD5.73C3D21BE929908624BC66623C8980DD] - |ASH| - [18/01/2019 00:20:45] - (.-.) - [20 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8AD0.tmp.LOG2
[MD5.3F3A705D246C2CAAFDE60B9EA36FC884] - |ASH| - [18/01/2019 00:21:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8C03.tmp.LOG1
[MD5.EBA5315EFD4CB855E800DAE76A7E91AD] - |ASH| - [18/01/2019 00:21:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8C03.tmp.LOG2
[MD5.74872A760D5E1BAAB07A1B4F84380808] - |A| - [12/02/2019 13:36:02] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8CD2.tmp
[MD5.EE7CEEFF9096A59BE9538B1F599AE051] - |ASH| - [12/02/2019 13:36:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8CD2.tmp.LOG1
[MD5.820C4806BA832F168D4A85D7201CF393] - |ASH| - [12/02/2019 13:36:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8CD2.tmp.LOG2
[MD5.3C3D7FF0F1C15FA72E6639276658F12D] - |ASH| - [18/01/2019 00:21:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8E66.tmp.LOG1
[MD5.7CD7870942264C5989E64C3B3EBD38B0] - |ASH| - [18/01/2019 00:21:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc8E66.tmp.LOG2
[MD5.F32BC922EA04D8CCFBFE482A0D81DA9B] - |A| - [12/02/2019 13:36:03] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9000.tmp
[MD5.5B3BA37E838D713023CF5FC133865D7A] - |ASH| - [12/02/2019 13:36:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9000.tmp.LOG1
[MD5.6B872C08275698DF369B694F1DD1F733] - |ASH| - [12/02/2019 13:36:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9000.tmp.LOG2
[MD5.95CD27D6D9B94E11794726B91C6532A3] - |ASH| - [18/01/2019 00:21:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9145.tmp.LOG1
[MD5.1F217776627FD1DB0B155D5C4F4874F7] - |ASH| - [18/01/2019 00:21:52] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9145.tmp.LOG2
[MD5.F118A48DEA04C53405810645D4E4563D] - |A| - [12/02/2019 13:36:04] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9243.tmp
[MD5.AE38A974B33FA0DE13B742117C577482] - |ASH| - [12/02/2019 13:36:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9243.tmp.LOG1
[MD5.400B694E4E89114A8584AEBEADD54EC7] - |ASH| - [12/02/2019 13:36:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9243.tmp.LOG2
[MD5.CEDD4E2EC56BCEB4F133C8C8F3459692] - |ASH| - [18/01/2019 00:20:47] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9368.tmp.LOG1
[MD5.CA289299642758655086DABFBAFF7F9D] - |ASH| - [18/01/2019 00:20:47] - (.-.) - [32 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9368.tmp.LOG2
[MD5.E0D7B2925BBA0191155C151B506C4907] - |ASH| - [18/01/2019 00:21:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9379.tmp.LOG1
[MD5.D6760B58A23C2CA186A4B0FA3B43A3C6] - |ASH| - [18/01/2019 00:21:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9379.tmp.LOG2
[MD5.4D8915F7EDFDEDDD918C4C1F9E32AE37] - |ASH| - [18/01/2019 00:20:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9425.tmp.LOG1
[MD5.75E448DF2C2A0D538E46057299C821EC] - |ASH| - [18/01/2019 00:20:48] - (.-.) - [608 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9425.tmp.LOG2
[MD5.560A685940801B0FE96B6A5EDE08ED33] - |A| - [12/02/2019 13:36:04] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9438.tmp
[MD5.5A83EE7C9E824F3DD84C28F0F7BB9384] - |ASH| - [12/02/2019 13:36:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9438.tmp.LOG1
[MD5.97DC7B8E54A63AC9104A05015BCF450E] - |ASH| - [12/02/2019 13:36:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9438.tmp.LOG2
[MD5.ADD4BAF75826B78DC4206DF3C64DEEF7] - |ASH| - [18/01/2019 00:21:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc95AC.tmp.LOG1
[MD5.3AD4E714C473EFFEEF1F3CF6E4E365CC] - |ASH| - [18/01/2019 00:21:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc95AC.tmp.LOG2
[MD5.6008CE296DC7225C8B7CC14344EEAE72] - |ASH| - [18/01/2019 00:20:48] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc95AE.tmp.LOG1
[MD5.09E73DDFC01F8DD6506C8EEE0F282753] - |ASH| - [18/01/2019 00:20:48] - (.-.) - [164 Ko] - (0.0.0.0) - C:\Windows\Temp\amc95AE.tmp.LOG2
[MD5.8BF43CB1F2DE46A2604E79B2CA525332] - |A| - [12/02/2019 13:36:05] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc969A.tmp
[MD5.CECAFDC83EB3E7BA4B91609F667A7563] - |ASH| - [12/02/2019 13:36:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc969A.tmp.LOG1
[MD5.82D445F0FE602A0B2CA614A2F624FE26] - |ASH| - [12/02/2019 13:36:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc969A.tmp.LOG2
[MD5.E831DD4C6A8C508D9FAF70B99C32A5FC] - |A| - [12/02/2019 13:37:10] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc96F5.tmp
[MD5.BB75B722DD5E1DF21298430D9C3F65F8] - |ASH| - [12/02/2019 13:37:10] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc96F5.tmp.LOG1
[MD5.A206578AD909EC9211A68B94F026FDCC] - |ASH| - [12/02/2019 13:37:10] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc96F5.tmp.LOG2
[MD5.BD88E7919DBCB3E1322D0C10D016C62B] - |ASH| - [18/01/2019 00:21:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc97D0.tmp.LOG1
[MD5.027E36A0383A03689F234D3E58E19948] - |ASH| - [18/01/2019 00:21:54] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc97D0.tmp.LOG2
[MD5.5865BE733A89F77AF3FC14386D20B5CB] - |A| - [12/02/2019 13:36:05] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc989F.tmp
[MD5.357BCF33517B04640479132897733F9F] - |ASH| - [12/02/2019 13:36:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc989F.tmp.LOG1
[MD5.05D55AC884739ECB82BFBFF44EA8AC83] - |ASH| - [12/02/2019 13:36:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc989F.tmp.LOG2
[MD5.F99A0807BFC3641E72AE38601AE4BD20] - |ASH| - [18/01/2019 00:21:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc99B5.tmp.LOG1
[MD5.2463DE80577D6B1ED9F66CD5D5F258D2] - |ASH| - [18/01/2019 00:21:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc99B5.tmp.LOG2
[MD5.3EC963B112B2BE6F39630E9209CE648B] - |A| - [12/02/2019 13:37:12] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9C26.tmp
[MD5.833140D8DB40C209289E92B6F849D290] - |ASH| - [12/02/2019 13:37:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9C26.tmp.LOG1
[MD5.640B8542FA1FE24DAA133174CCAE5D62] - |ASH| - [12/02/2019 13:37:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9C26.tmp.LOG2
[MD5.4E1CBF33D4E744685774E1FCD503E925] - |ASH| - [18/01/2019 00:21:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9CD3.tmp.LOG1
[MD5.2AC48339B24B3FABCA875AD941B60193] - |ASH| - [18/01/2019 00:21:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9CD3.tmp.LOG2
[MD5.E9EFA9DDDACF61C70AE9BF707312412B] - |ASH| - [18/01/2019 00:20:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9DBB.tmp.LOG1
[MD5.1C7723AB1A092314707CC2CA65905A08] - |ASH| - [18/01/2019 00:20:50] - (.-.) - [428 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9DBB.tmp.LOG2
[MD5.E9FF140F7BEE8E0A4B65565E8A6F1975] - |A| - [12/02/2019 13:37:12] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9E59.tmp
[MD5.A7066D1689CD183035A5D44854629A00] - |ASH| - [12/02/2019 13:37:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9E59.tmp.LOG1
[MD5.1219AD0C539396947798D1F8ABB00140] - |ASH| - [12/02/2019 13:37:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9E59.tmp.LOG2
[MD5.032882FF6113D634A81FCC7AC5669B8B] - |ASH| - [18/01/2019 00:20:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9EA6.tmp.LOG1
[MD5.0D1B908536B8EEB2B43135CD51E1AAF3] - |ASH| - [18/01/2019 00:20:50] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9EA6.tmp.LOG2
[MD5.561A0CC98566D6EF1E2E2B9625BF5D1E] - |ASH| - [18/01/2019 00:21:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9EC8.tmp.LOG1
[MD5.826A4C05B168B06A54D0C4C2F52DB31A] - |ASH| - [18/01/2019 00:21:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9EC8.tmp.LOG2
[MD5.3985BED0721C2E111BDBA8E5698B8353] - |ASH| - [18/01/2019 00:20:51] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9FE1.tmp.LOG1
[MD5.679B5058805E9ACE8C40EB7E04E2CA3E] - |ASH| - [18/01/2019 00:20:51] - (.-.) - [484 Ko] - (0.0.0.0) - C:\Windows\Temp\amc9FE1.tmp.LOG2
[MD5.62CA8DA4962390287468433B1ACB8B0B] - |A| - [12/02/2019 13:37:13] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA02F.tmp
[MD5.E82E98BEDDA863B39DD3798D1D9A4C66] - |ASH| - [12/02/2019 13:37:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA02F.tmp.LOG1
[MD5.5445E46D863FFA539C847B248555C730] - |ASH| - [12/02/2019 13:37:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA02F.tmp.LOG2
[MD5.7A081E65C58308C3318E0804D3C621D4] - |ASH| - [18/01/2019 00:21:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA179.tmp.LOG1
[MD5.D7072A3E7C9C665F13D0657FE03F2095] - |ASH| - [18/01/2019 00:21:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA179.tmp.LOG2
[MD5.CA67C43D733CC62828EB0294ABA435E5] - |A| - [12/02/2019 13:37:13] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA2B1.tmp
[MD5.74E8D274874F31A871E6411CCAC23E61] - |ASH| - [12/02/2019 13:37:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA2B1.tmp.LOG1
[MD5.ABDD38FC5B43D77875F9CF9CCC759DFE] - |ASH| - [12/02/2019 13:37:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA2B1.tmp.LOG2
[MD5.54F4975B8C566E9FAA75E3F70224889B] - |ASH| - [18/01/2019 00:21:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA37D.tmp.LOG1
[MD5.A0F17FFA9579BF2D98190BC7B89BA97B] - |ASH| - [18/01/2019 00:21:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA37D.tmp.LOG2
[MD5.339016834AE85F57DE7C82804ACBF7C3] - |A| - [12/02/2019 13:36:34] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA45.tmp
[MD5.FAC81FDA3D3877EF7BFF4AC9300DF9CD] - |ASH| - [12/02/2019 13:36:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA45.tmp.LOG1
[MD5.4180F0BA081050A1A0792760F37D0C16] - |ASH| - [12/02/2019 13:36:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA45.tmp.LOG2
[MD5.B835E111E3795805EE02BA35410EEC95] - |A| - [12/02/2019 13:37:14] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA4C5.tmp
[MD5.1D54C21F3CF2E09EB59375C3E805B3FA] - |ASH| - [12/02/2019 13:37:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA4C5.tmp.LOG1
[MD5.BD889EF4DE14486E2D396BD27A68C16A] - |ASH| - [12/02/2019 13:37:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA4C5.tmp.LOG2
[MD5.65B6E5705C37E57E6191F6146C9D9534] - |ASH| - [18/01/2019 00:21:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA63E.tmp.LOG1
[MD5.5364BAD3E68706300802BB4614168623] - |ASH| - [18/01/2019 00:21:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA63E.tmp.LOG2
[MD5.881BE34843CB3BDEAF3CEE87F2A50ED4] - |A| - [12/02/2019 13:37:14] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA737.tmp
[MD5.72B16141B3574F5E29231457905D8463] - |ASH| - [12/02/2019 13:37:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA737.tmp.LOG1
[MD5.215D751D96D1884939DAC3A41E3F2DD4] - |ASH| - [12/02/2019 13:37:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA737.tmp.LOG2
[MD5.9A808501AAFDFEBC3EBB1F7E94FAFE89] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA81D.tmp.LOG1
[MD5.0274E55B37090EBAE3C4BAB060C409FE] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA81D.tmp.LOG2
[MD5.3A7504140A706729A15781BE073803BD] - |A| - [12/02/2019 13:37:15] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA94B.tmp
[MD5.8A9DBE689E3669F805371D1D2ED7B795] - |ASH| - [12/02/2019 13:37:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA94B.tmp.LOG1
[MD5.67A6A051397009834CDC59890C615C01] - |ASH| - [12/02/2019 13:37:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA94B.tmp.LOG2
[MD5.9E6586EEC62A9BA68A4D14E8494383A9] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA966.tmp.LOG1
[MD5.5B4EAA2BC0935F079484AFDA32D4832F] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [88 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA966.tmp.LOG2
[MD5.9B51D7D2263138A6955568CCE6E32CD9] - |ASH| - [18/01/2019 00:21:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA96B.tmp.LOG1
[MD5.B6B3B752912F5D74EBEF081EBB4A8557] - |ASH| - [18/01/2019 00:21:59] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcA96B.tmp.LOG2
[MD5.661E255F20B1F7CA2F6295E6BA776710] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAA32.tmp.LOG1
[MD5.0F09483CC3810D9C8ED2ADF2D51C09E5] - |ASH| - [18/01/2019 00:20:53] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAA32.tmp.LOG2
[MD5.B61CBCE4273A7EAB3DA4070CFBA9DE14] - |A| - [12/02/2019 13:37:15] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcABAE.tmp
[MD5.3F6F311C8FB708F3D1194B3433A6950B] - |ASH| - [12/02/2019 13:37:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcABAE.tmp.LOG1
[MD5.0CF008EF4880B7E2FDA52F3126E5B536] - |ASH| - [12/02/2019 13:37:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcABAE.tmp.LOG2
[MD5.69D9EB5ADB9590F302311935EF75D4EA] - |A| - [12/02/2019 13:37:16] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAD93.tmp
[MD5.AAB03FD406B8332D94CAAA1FCACE64E3] - |ASH| - [12/02/2019 13:37:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAD93.tmp.LOG1
[MD5.3192BCDF495C820FB896A41F7A401BFB] - |ASH| - [12/02/2019 13:37:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAD93.tmp.LOG2
[MD5.CFA403B3D03EE2E9D63D89ECEE5A304A] - |ASH| - [18/01/2019 00:22:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAF48.tmp.LOG1
[MD5.5656FD29C317D4CD9F188D4D1F32AEBB] - |ASH| - [18/01/2019 00:22:00] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAF48.tmp.LOG2
[MD5.D504AD5E91C5B064B11C1A1A7F89062B] - |A| - [12/02/2019 13:37:16] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAF69.tmp
[MD5.FEA15E56E5C7C2EC89D216D0BEA6C06A] - |ASH| - [12/02/2019 13:37:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAF69.tmp.LOG1
[MD5.B24EE9DD3F49709F93DCCB7C7E1350D7] - |ASH| - [12/02/2019 13:37:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcAF69.tmp.LOG2
[MD5.77E2D4549AE131893F332C56EF25483B] - |A| - [12/02/2019 13:37:17] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB15E.tmp
[MD5.FC925F56D959013C326632743AFFDD16] - |ASH| - [12/02/2019 13:37:17] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB15E.tmp.LOG1
[MD5.2E051332E07ECE461D5BBC1DB9FA493F] - |ASH| - [12/02/2019 13:37:17] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB15E.tmp.LOG2
[MD5.544EE472023883CBA61A9480BC7E4DDE] - |ASH| - [18/01/2019 00:22:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB16C.tmp.LOG1
[MD5.5E7CF2220CAF49BDC9558B5B8A1BFDBD] - |ASH| - [18/01/2019 00:22:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB16C.tmp.LOG2
[MD5.F42AB018ABDA628B148CAFA2C9C1383C] - |ASH| - [18/01/2019 00:20:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB270.tmp.LOG1
[MD5.133DC278221B88D6E6F82578D44276AB] - |ASH| - [18/01/2019 00:20:55] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB270.tmp.LOG2
[MD5.04E9F43BD52E15F0720E2B2E0B126BE7] - |ASH| - [18/01/2019 00:22:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB342.tmp.LOG1
[MD5.2FC8A773A836519BC9C9F02EA31AB51E] - |ASH| - [18/01/2019 00:22:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB342.tmp.LOG2
[MD5.48C55B4519B4615E04C641B94469F8AA] - |A| - [12/02/2019 13:37:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB41E.tmp
[MD5.0FE771E2F6C8682EF95F1366449173F0] - |ASH| - [12/02/2019 13:37:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB41E.tmp.LOG1
[MD5.5A44CB9190B69E621AC311F64D274C80] - |ASH| - [12/02/2019 13:37:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB41E.tmp.LOG2
[MD5.395B9C16456996625F74BB14397B5703] - |ASH| - [18/01/2019 00:22:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB517.tmp.LOG1
[MD5.B3696FD0AD40F1270251BAE4E75787EB] - |ASH| - [18/01/2019 00:22:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB517.tmp.LOG2
[MD5.7464153B3D993625AE6EA253038C573C] - |ASH| - [18/01/2019 00:20:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB5BD.tmp.LOG1
[MD5.7C632CC9F287F5C392F2F4FA7FACFC67] - |ASH| - [18/01/2019 00:20:56] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB5BD.tmp.LOG2
[MD5.E09A4E547BDAFA7C2EEF814D9A332434] - |A| - [12/02/2019 13:37:18] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB661.tmp
[MD5.15A7E92108476C92D90BF5A88C29DA92] - |ASH| - [12/02/2019 13:37:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB661.tmp.LOG1
[MD5.06DE51CB9DC71964DDD1ED6DC366E211] - |ASH| - [12/02/2019 13:37:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB661.tmp.LOG2
[MD5.6F2A41DEAA4E2F7172AF307B311FC49C] - |ASH| - [18/01/2019 00:22:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB73B.tmp.LOG1
[MD5.11169772DA6B7AE558FC8023F6EB0B27] - |ASH| - [18/01/2019 00:22:02] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB73B.tmp.LOG2
[MD5.6E68E389357B54FBB16C40FA6CAF3368] - |A| - [12/02/2019 13:37:19] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB8D3.tmp
[MD5.E8BE43EDB4168F4EFA3706353D84D682] - |ASH| - [12/02/2019 13:37:19] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB8D3.tmp.LOG1
[MD5.7117FCC55DBB082954E2ABC238E873C3] - |ASH| - [12/02/2019 13:37:19] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB8D3.tmp.LOG2
[MD5.E4E48F241413758E5BE3A74C55CBD455] - |ASH| - [18/01/2019 00:22:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB8F2.tmp.LOG1
[MD5.9685C9CC98AC15DCCF33840E9BB918D9] - |ASH| - [18/01/2019 00:22:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcB8F2.tmp.LOG2
[MD5.8E543C4422A4B77D730658CC268E5C44] - |ASH| - [18/01/2019 00:20:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBA32.tmp.LOG1
[MD5.3B2801B7B0A193699F4B492D0D9FF391] - |ASH| - [18/01/2019 00:20:57] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBA32.tmp.LOG2
[MD5.FBC528D48A1C208A929A277D53431C04] - |ASH| - [18/01/2019 00:22:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBAC8.tmp.LOG1
[MD5.E461E1A56A8EFDB9AFD784BEE4E4B011] - |ASH| - [18/01/2019 00:22:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBAC8.tmp.LOG2
[MD5.DE88D5E4B1152EC06A31D183D0CF137B] - |A| - [12/02/2019 13:37:19] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBB06.tmp
[MD5.00C33391C538AEB09AA6AA440F247300] - |ASH| - [12/02/2019 13:37:19] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBB06.tmp.LOG1
[MD5.169BE131F210768D69342BC8DF024E84] - |ASH| - [12/02/2019 13:37:19] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBB06.tmp.LOG2
[MD5.06A3F12D2BB30CD970DACF1FD7F8CE2F] - |ASH| - [18/01/2019 00:20:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBCC3.tmp.LOG1
[MD5.FE9597335DF2FFA2BA6DCBEA03006DC5] - |ASH| - [18/01/2019 00:20:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBCC3.tmp.LOG2
[MD5.F0B563C697C011479DF3EE052DCD2493] - |ASH| - [18/01/2019 00:20:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBCD1.tmp.LOG1
[MD5.8C258EC330EF1B4F28591F15E157CEEA] - |ASH| - [18/01/2019 00:20:58] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBCD1.tmp.LOG2
[MD5.8973D7C6D1FF15A5891333E496237D4C] - |A| - [12/02/2019 13:37:20] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBD0B.tmp
[MD5.12988518C3CDFDF96A52E472C47787D0] - |ASH| - [12/02/2019 13:37:20] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBD0B.tmp.LOG1
[MD5.4B880BAEA314DBBF597A5FAC596ECE56] - |ASH| - [12/02/2019 13:37:20] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBD0B.tmp.LOG2
[MD5.8D9FF1DB8765063D19B470664F935E7C] - |ASH| - [18/01/2019 00:22:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBD68.tmp.LOG1
[MD5.C40CFE1C5261F62CD055B76C54309ECA] - |ASH| - [18/01/2019 00:22:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBD68.tmp.LOG2
[MD5.4FFEE909FF15036AEBC1271193647319] - |A| - [12/02/2019 13:37:21] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBF1F.tmp
[MD5.77FB89A2C01C268B1E6B629EDDD49DAB] - |ASH| - [12/02/2019 13:37:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBF1F.tmp.LOG1
[MD5.2350B5AA2A6E03E806200F8AE0668BE6] - |ASH| - [12/02/2019 13:37:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBF1F.tmp.LOG2
[MD5.0F1642D096F667AC0191231A0FF8E3CE] - |ASH| - [18/01/2019 00:22:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBF2F.tmp.LOG1
[MD5.4F18D89A50EDC8CDD99BC51384D4C229] - |ASH| - [18/01/2019 00:22:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcBF2F.tmp.LOG2
[MD5.4FB7573F322D3B543FF6562E72BC733D] - |ASH| - [18/01/2019 00:22:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC104.tmp.LOG1
[MD5.14972F392423B14DA47E1442174BAC53] - |ASH| - [18/01/2019 00:22:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC104.tmp.LOG2
[MD5.41B263B538FCF21DA85CFCD28C8E6E25] - |A| - [12/02/2019 13:37:21] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC1EF.tmp
[MD5.DE28C6C582FA8C52F9667660CCC1F7B8] - |ASH| - [12/02/2019 13:37:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC1EF.tmp.LOG1
[MD5.7EE019D995B98579F69174131424DCEA] - |ASH| - [12/02/2019 13:37:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC1EF.tmp.LOG2
[MD5.7F4DCEF7FE5BB82B6670A02C6A658D7B] - |ASH| - [18/01/2019 00:22:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC386.tmp.LOG1
[MD5.15FB3EE12764667A23A8DAE4F2530001] - |ASH| - [18/01/2019 00:22:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC386.tmp.LOG2
[MD5.C39337802DC7B23DD0CB188A1794A125] - |A| - [12/02/2019 13:37:22] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC432.tmp
[MD5.846C88B7301DB1ECE6E80CB51482D56C] - |ASH| - [12/02/2019 13:37:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC432.tmp.LOG1
[MD5.A1D559AE2C832F29901CF285C93F7C54] - |ASH| - [12/02/2019 13:37:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC432.tmp.LOG2
[MD5.AA1E2F61C7C04AD1D385B43736004E0B] - |ASH| - [18/01/2019 00:22:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC5F8.tmp.LOG1
[MD5.2DF66688E319C916408349AF0B068ED2] - |ASH| - [18/01/2019 00:22:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC5F8.tmp.LOG2
[MD5.0518CB747CA4B62918CB916A3D1F054C] - |A| - [12/02/2019 13:37:22] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC695.tmp
[MD5.8FCC4BA45D7FF6A4A18A93027AF202C3] - |ASH| - [12/02/2019 13:37:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC695.tmp.LOG1
[MD5.7356D53552E3A6F350AEBC624FA8F535] - |ASH| - [12/02/2019 13:37:22] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC695.tmp.LOG2
[MD5.F75B57B511E1AECA1E43FD50140504B6] - |ASH| - [18/01/2019 00:21:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC7DE.tmp.LOG1
[MD5.F9BD4A027718EDCDEE89758B764A3B7E] - |ASH| - [18/01/2019 00:21:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC7DE.tmp.LOG2
[MD5.B4496AEEB392A2EA3898F0C04D02F486] - |ASH| - [18/01/2019 00:22:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC82B.tmp.LOG1
[MD5.8E9C1004FC4352C5D7E689C8434FD64E] - |ASH| - [18/01/2019 00:22:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC82B.tmp.LOG2
[MD5.A6093823C974876F395EF0DE0B1DF68B] - |A| - [12/02/2019 13:37:23] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC87A.tmp
[MD5.30F9043B3DC0A62410AF426B2BB49765] - |ASH| - [12/02/2019 13:37:23] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC87A.tmp.LOG1
[MD5.52C65C6139F5FDB2F626E80C1B27B96E] - |ASH| - [12/02/2019 13:37:23] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcC87A.tmp.LOG2
[MD5.750788512C1EEAF71F46BBBB0ABBDD86] - |ASH| - [18/01/2019 00:22:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA40.tmp.LOG1
[MD5.F286851C149B4B15AFC876EFA6804C94] - |ASH| - [18/01/2019 00:22:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA40.tmp.LOG2
[MD5.C26F5401A0B4786EC0CA6058F60967B2] - |A| - [12/02/2019 13:37:23] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA6F.tmp
[MD5.A7C65CC653659DACA3DE8DE4BF9FA674] - |ASH| - [12/02/2019 13:37:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA6F.tmp.LOG1
[MD5.1B4B99A6BC90810046A0CCA7CFD951D7] - |ASH| - [12/02/2019 13:37:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA6F.tmp.LOG2
[MD5.54063248FB5B50822E3959F773222E7D] - |A| - [12/02/2019 13:36:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA7.tmp
[MD5.17D77621E74B85993E99BE1CE2763005] - |ASH| - [12/02/2019 13:36:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA7.tmp.LOG1
[MD5.8E9C964B1037C56A3966480581CD912A] - |ASH| - [12/02/2019 13:36:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCA7.tmp.LOG2
[MD5.433E9D8361AE26109F5BF6E576B8889A] - |ASH| - [18/01/2019 00:22:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCC83.tmp.LOG1
[MD5.416A9FDEBA9534BF5CE100747499083F] - |ASH| - [18/01/2019 00:22:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCC83.tmp.LOG2
[MD5.A7072B68EA168CB7F5BBE5B13FDEC6ED] - |A| - [12/02/2019 13:37:24] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCCD1.tmp
[MD5.C782EEA128A7BE2CBF5EAD1B96B4510B] - |ASH| - [12/02/2019 13:37:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCCD1.tmp.LOG1
[MD5.D0008BB00F422C3DC52DBCBECE72482E] - |ASH| - [12/02/2019 13:37:24] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCCD1.tmp.LOG2
[MD5.45032630810C764C87DA36BAB3E75D19] - |ASH| - [18/01/2019 00:22:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCE78.tmp.LOG1
[MD5.3542C2A8A3C758678B33DCE0494E85FA] - |ASH| - [18/01/2019 00:22:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCE78.tmp.LOG2
[MD5.197E2AD32730F21C05280E938B17A966] - |A| - [12/02/2019 13:37:25] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCF34.tmp
[MD5.7165DEF22BAE1182ED40CCCF92D55F7F] - |ASH| - [12/02/2019 13:37:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCF34.tmp.LOG1
[MD5.E04EFB7E1493A0E879A8B5F557CA380F] - |ASH| - [12/02/2019 13:37:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcCF34.tmp.LOG2
[MD5.2B048C83C4B2B280D53A523B99106EF5] - |A| - [12/02/2019 13:37:25] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD129.tmp
[MD5.0090C77FF46E8EF93D4947416C2F0EA8] - |ASH| - [12/02/2019 13:37:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD129.tmp.LOG1
[MD5.550335E3E8ECE16A65203B03B985D6D0] - |ASH| - [12/02/2019 13:37:25] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD129.tmp.LOG2
[MD5.573AC37CEBE2950CDDDF0EF87AD48360] - |ASH| - [18/01/2019 00:22:09] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD176.tmp.LOG1
[MD5.7CDD9FF8DC5FBA0F3959F1E7A4802D93] - |ASH| - [18/01/2019 00:22:09] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD176.tmp.LOG2
[MD5.E4FE99AA309AF99039F01DD024C8EA0F] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD212.tmp.LOG1
[MD5.9D775C9A7824FC4203D2A467C1A07C2A] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD212.tmp.LOG2
[MD5.72249E2E274A0DEDED084D8E6B13147E] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD27E.tmp.LOG1
[MD5.ECD86499751847AB034370F8E5C92C1C] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [1296 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD27E.tmp.LOG2
[MD5.7C2A369D5B61124D9E062B8E9075E16A] - |A| - [12/02/2019 13:37:26] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD2FE.tmp
[MD5.EEC477C1B43B74D3019BFDC17F5ED61C] - |ASH| - [12/02/2019 13:37:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD2FE.tmp.LOG1
[MD5.F0709F72DDA8C5112444FC801219B713] - |ASH| - [12/02/2019 13:37:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD2FE.tmp.LOG2
[MD5.CFEBF97C852578A75F152EF1AD61D88B] - |ASH| - [18/01/2019 00:22:09] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD3E8.tmp.LOG1
[MD5.1247F1AA7ED0ED016EACEC38AEC63334] - |ASH| - [18/01/2019 00:22:09] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD3E8.tmp.LOG2
[MD5.691DA7253F25F8E4AAF979AFB16F6C59] - |A| - [12/02/2019 13:37:26] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD4E4.tmp
[MD5.5342DF69C35D1CE7BCAE76D78466B2BB] - |ASH| - [12/02/2019 13:37:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD4E4.tmp.LOG1
[MD5.ACD726D151ED9EEE54E980AE78400198] - |ASH| - [12/02/2019 13:37:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD4E4.tmp.LOG2
[MD5.425AAC7F2FCC1221FA354ED5021DE48A] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD55E.tmp.LOG1
[MD5.6E6FDE8E64AF112FD8B894070DBABD02] - |ASH| - [18/01/2019 00:21:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD55E.tmp.LOG2
[MD5.257DED611CAECE4ABD7D188AD1F54D5F] - |ASH| - [18/01/2019 00:22:10] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD5ED.tmp.LOG1
[MD5.B5CDEC5D415EB446ECB3B61270A2479E] - |ASH| - [18/01/2019 00:22:10] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD5ED.tmp.LOG2
[MD5.DDEA8674832382015C50364F074A1342] - |A| - [12/02/2019 13:37:27] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD708.tmp
[MD5.4D8F8DC6D08F0EB299F266C7FABD9146] - |ASH| - [12/02/2019 13:37:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD708.tmp.LOG1
[MD5.67FB65A7AA380179F79B07C58841F940] - |ASH| - [12/02/2019 13:37:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD708.tmp.LOG2
[MD5.3FE795C3DBC553D0E41F424BCA36A7BE] - |ASH| - [18/01/2019 00:22:11] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD8CC.tmp.LOG1
[MD5.41DBEF365638A2C941BBB5FAFA410333] - |ASH| - [18/01/2019 00:22:11] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD8CC.tmp.LOG2
[MD5.6F05DAB5B61961EEEE1CF37E1EBFA76C] - |A| - [12/02/2019 13:37:27] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD9A9.tmp
[MD5.EAB978851A713BE8330F764EA0E567AE] - |ASH| - [12/02/2019 13:37:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD9A9.tmp.LOG1
[MD5.5CBF19C2F39C40658C4F9D1885658F00] - |ASH| - [12/02/2019 13:37:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcD9A9.tmp.LOG2
[MD5.6DE13400EE2C16A6EE2429E1426DD6FB] - |ASH| - [18/01/2019 00:21:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDA22.tmp.LOG1
[MD5.0D1C5B445DF63110CF02E9B9B4954BCA] - |ASH| - [18/01/2019 00:21:06] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDA22.tmp.LOG2
[MD5.6EC31B70A6E8F54D965F564D9BC6725D] - |ASH| - [18/01/2019 00:22:11] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDAA2.tmp.LOG1
[MD5.DFEC2CF9F375101BA6C95A011592836E] - |ASH| - [18/01/2019 00:22:11] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDAA2.tmp.LOG2
[MD5.038692D5A948CAD6FA374A9FD1E7344A] - |A| - [12/02/2019 13:37:28] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDBFB.tmp
[MD5.373E74F57599F930879D268C0D861B01] - |ASH| - [12/02/2019 13:37:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDBFB.tmp.LOG1
[MD5.F91449F3E52C62AD1F71C4D25A6BFCE4] - |ASH| - [12/02/2019 13:37:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDBFB.tmp.LOG2
[MD5.B8251DD37DBCBC89C49171D1C47553A2] - |ASH| - [18/01/2019 00:22:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDD33.tmp.LOG1
[MD5.79E14403B0306CC5CB18BD3AE030213F] - |ASH| - [18/01/2019 00:22:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDD33.tmp.LOG2
[MD5.E1DC3128342C1DDB4304D72574C5AA83] - |ASH| - [18/01/2019 00:21:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDE0B.tmp.LOG1
[MD5.81C8479A369E1B5F52E9DB3AFB3E25AA] - |ASH| - [18/01/2019 00:21:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDE0B.tmp.LOG2
[MD5.872C47F0AAAA245B2A825CCD7CF2473F] - |A| - [12/02/2019 13:37:29] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDECB.tmp
[MD5.3CF24B0B224FF8CBD0D71145C3E1DB54] - |ASH| - [12/02/2019 13:37:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDECB.tmp.LOG1
[MD5.D46D7C47D1B132FD1513138DFC2CD94C] - |ASH| - [12/02/2019 13:37:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDECB.tmp.LOG2
[MD5.979B5D93B808D8EEF9176146A7408E45] - |ASH| - [18/01/2019 00:22:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDF48.tmp.LOG1
[MD5.9E90AD8D128DD14D3EDB57944B547261] - |ASH| - [18/01/2019 00:22:12] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDF48.tmp.LOG2
[MD5.02EB269DCBD498B9BF6BF27CDFE122AC] - |ASH| - [18/01/2019 00:21:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDFD1.tmp.LOG1
[MD5.98EAFF67503C097F4AD919F5DEE4E3EF] - |ASH| - [18/01/2019 00:21:07] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcDFD1.tmp.LOG2
[MD5.3B4983CD3CA089CF7B83A538B42A58D3] - |A| - [12/02/2019 13:37:29] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE14D.tmp
[MD5.B2902A4E4285BC1F2619BC0D0D8E4C4D] - |ASH| - [12/02/2019 13:37:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE14D.tmp.LOG1
[MD5.BC0A03E37AA8DDC9D7AFF0F121BE2CC8] - |ASH| - [12/02/2019 13:37:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE14D.tmp.LOG2
[MD5.D23DD29644257801CB9B6D1159CEB907] - |ASH| - [18/01/2019 00:21:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE1E5.tmp.LOG1
[MD5.3EEB31B0C00C9E51FCECDB54B9910B45] - |ASH| - [18/01/2019 00:21:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE1E5.tmp.LOG2
[MD5.B3FB19E09000DC47B35C7959A7AA7EED] - |ASH| - [18/01/2019 00:22:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE237.tmp.LOG1
[MD5.D975D7D78E290CF9C240C76F594AE258] - |ASH| - [18/01/2019 00:22:13] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE237.tmp.LOG2
[MD5.903B30973524F807D41BE015E3ED7249] - |A| - [12/02/2019 13:37:30] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE3BF.tmp
[MD5.7A137F014BA7E31C3797D59D3B7C6822] - |ASH| - [12/02/2019 13:37:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE3BF.tmp.LOG1
[MD5.03968E04DFA89CA57278009A0E08D88E] - |ASH| - [12/02/2019 13:37:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE3BF.tmp.LOG2
[MD5.C37EC5FB8D32FDD08C96ED1B213497E7] - |ASH| - [18/01/2019 00:21:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE3FA.tmp.LOG1
[MD5.88E80A6219ED776C2BF74AF12BDFDED8] - |ASH| - [18/01/2019 00:21:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE3FA.tmp.LOG2
[MD5.1A72FFF2FB52BF06533B554E8AA5BD31] - |ASH| - [18/01/2019 00:22:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE489.tmp.LOG1
[MD5.3E0165205133D813D63E0A31C8AD9A95] - |ASH| - [18/01/2019 00:22:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE489.tmp.LOG2
[MD5.FCA5989FC345EDE4FAFD5EDB44A0633C] - |A| - [12/02/2019 13:37:30] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE5D3.tmp
[MD5.B4FBCB275C41EEF4D044C4DA5EF3C388] - |ASH| - [12/02/2019 13:37:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE5D3.tmp.LOG1
[MD5.2AEF9BBA2C19EF61B83D32ED3569BF59] - |ASH| - [12/02/2019 13:37:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE5D3.tmp.LOG2
[MD5.E9AF37839029BBEB080D03853E86BC56] - |ASH| - [18/01/2019 00:22:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE6BD.tmp.LOG1
[MD5.3FC74E4A65CB23D4E46CB49A32A0CE84] - |ASH| - [18/01/2019 00:22:14] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE6BD.tmp.LOG2
[MD5.4CC01A484BB3C0889195D02D9A8B288D] - |A| - [12/02/2019 13:37:31] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE8B2.tmp
[MD5.C25344FB799D8F9FFD50CA8C32E45039] - |ASH| - [12/02/2019 13:37:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE8B2.tmp.LOG1
[MD5.82F527DD98C8B0F02BCB64914AA2E6F1] - |ASH| - [12/02/2019 13:37:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE8B2.tmp.LOG2
[MD5.BA7197468569DE9AC36CF72E1DE42A07] - |A| - [12/02/2019 13:36:26] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE921.tmp
[MD5.ACC3F74E78CB59F4497C4CD4BB272D80] - |ASH| - [12/02/2019 13:36:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE921.tmp.LOG1
[MD5.58E6709FC1CFFC4A1C75164CD2E67FB8] - |ASH| - [12/02/2019 13:36:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE921.tmp.LOG2
[MD5.6D5356C076DF008B8FEAFF0627BE6919] - |ASH| - [18/01/2019 00:22:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE96D.tmp.LOG1
[MD5.A310E51F55C17C476D74FAED7BBA3E6A] - |ASH| - [18/01/2019 00:22:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcE96D.tmp.LOG2
[MD5.0F99C8116038CAD6948F7AA3C8F87EA1] - |A| - [12/02/2019 13:36:26] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEB16.tmp
[MD5.E27DB59B576BD67B85AB28FFBFD2AC91] - |ASH| - [12/02/2019 13:36:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEB16.tmp.LOG1
[MD5.79D2A975C79B5E7ACB67905F42F048FA] - |ASH| - [12/02/2019 13:36:26] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEB16.tmp.LOG2
[MD5.B36FD211BB3B5DEC6F6324F8D07DCE3C] - |ASH| - [18/01/2019 00:22:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEB34.tmp.LOG1
[MD5.FF0E1CB99038A4D53AB06DAA5BA0C425] - |ASH| - [18/01/2019 00:22:15] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEB34.tmp.LOG2
[MD5.5D80AE0F9291FB12B7840AF588F79FFD] - |A| - [12/02/2019 13:36:27] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcED3A.tmp
[MD5.77D15896B3CB14CCAD7DE8FE574A453E] - |ASH| - [12/02/2019 13:36:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcED3A.tmp.LOG1
[MD5.59A10E5AB08BC78D45AB09120C18B7F0] - |ASH| - [12/02/2019 13:36:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcED3A.tmp.LOG2
[MD5.60D5676D090FBFC5E39CD54CD4FCA00C] - |ASH| - [18/01/2019 00:22:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcED67.tmp.LOG1
[MD5.BC6B8F2CEDEE07FA4CFDE649A359F31F] - |ASH| - [18/01/2019 00:22:16] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcED67.tmp.LOG2
[MD5.36C7C0B9E3A799752368BFB360D8283B] - |A| - [12/02/2019 13:36:35] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEDB.tmp
[MD5.9FA8F7D490E9FD3240F3163A89B88A70] - |ASH| - [12/02/2019 13:36:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEDB.tmp.LOG1
[MD5.71F146041B6463DDAB97FDE0E95D6720] - |ASH| - [12/02/2019 13:36:35] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEDB.tmp.LOG2
[MD5.4A3C8541A8B3E792428854ECA0C1D92B] - |A| - [12/02/2019 13:36:27] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEF6E.tmp
[MD5.78985DC2ECE83FFC7F08E1423D958CB7] - |ASH| - [12/02/2019 13:36:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEF6E.tmp.LOG1
[MD5.0EF755220825481384CFE023F83938E7] - |ASH| - [12/02/2019 13:36:27] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcEF6E.tmp.LOG2
[MD5.E70941D4F8031C53B5AB7EDBE2A1D758] - |ASH| - [18/01/2019 00:22:17] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF0D3.tmp.LOG1
[MD5.DDB6A9FB64C6A54B4281DB38E38D6E11] - |ASH| - [18/01/2019 00:22:17] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF0D3.tmp.LOG2
[MD5.2587208ED795FEE02F37772FF2F47ECB] - |A| - [12/02/2019 13:36:28] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF1A1.tmp
[MD5.F6EB48E6050D5E345FB7BAC061048EFF] - |ASH| - [12/02/2019 13:36:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF1A1.tmp.LOG1
[MD5.2A5B81ED7A51BCB10370290F9C6474B3] - |ASH| - [12/02/2019 13:36:28] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF1A1.tmp.LOG2
[MD5.3F7E88D49F3256D7652151DE7A2FF6D4] - |ASH| - [18/01/2019 00:22:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF401.tmp.LOG1
[MD5.0FD36B08BED38285438DBF7734230842] - |ASH| - [18/01/2019 00:22:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF401.tmp.LOG2
[MD5.DFA11F5165F057AEE3A86CEDFF965561] - |A| - [12/02/2019 13:36:29] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF403.tmp
[MD5.8DBE0EB20CB730AC18C55F92CE6C5ECA] - |ASH| - [12/02/2019 13:36:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF403.tmp.LOG1
[MD5.CB09B1C244F01F26A7DF54D1E8894A55] - |ASH| - [12/02/2019 13:36:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF403.tmp.LOG2
[MD5.18EBFC2FC999DF4950B4B1A53175E6C0] - |ASH| - [18/01/2019 00:22:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF5D6.tmp.LOG1
[MD5.467FDF7CB08A2AE56781C68B45137B97] - |ASH| - [18/01/2019 00:22:18] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF5D6.tmp.LOG2
[MD5.33F3EFA78FC091F8E58669206189D6BB] - |A| - [12/02/2019 13:38:40] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF67B.tmp
[MD5.244D03A7440C72DD2518FDB3AD4D158C] - |ASH| - [12/02/2019 13:38:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF67B.tmp.LOG1
[MD5.380E9F04242CD7451673CB328D488AD3] - |ASH| - [12/02/2019 13:38:40] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF67B.tmp.LOG2
[MD5.1FF1EFCC0ACEE7947168483215E11E1E] - |A| - [12/02/2019 13:36:29] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF6A4.tmp
[MD5.7596B0FD1022EA1D46B0E89E681537E7] - |ASH| - [12/02/2019 13:36:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF6A4.tmp.LOG1
[MD5.78751B1A59099D6A09CFEE843721CB81] - |ASH| - [12/02/2019 13:36:29] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF6A4.tmp.LOG2
[MD5.D983F4B05683BC33631AF834328BD672] - |A| - [12/02/2019 13:36:30] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF8B9.tmp
[MD5.435404127867962B59DBBEA021B70A36] - |ASH| - [12/02/2019 13:36:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF8B9.tmp.LOG1
[MD5.5769A5CD9276BF91010E4B32BA8E7655] - |ASH| - [12/02/2019 13:36:30] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcF8B9.tmp.LOG2
[MD5.2350617B1C139F58E89CF9286E1AC774] - |A| - [12/02/2019 13:36:31] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFC44.tmp
[MD5.D503D0F38B7C19B02017230D8DDBBA55] - |ASH| - [12/02/2019 13:36:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFC44.tmp.LOG1
[MD5.DA63E47A6D843E1975F80EE11963C764] - |ASH| - [12/02/2019 13:36:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFC44.tmp.LOG2
[MD5.397A6868BA5B5DE5FFEB70711BB27B6B] - |A| - [12/02/2019 13:37:36] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFCC8.tmp
[MD5.795A86DC123C099F8D3F97C9E93F91B2] - |ASH| - [12/02/2019 13:37:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFCC8.tmp.LOG1
[MD5.AF9010DB2836EA9BE55B3DF5827CBCC6] - |ASH| - [12/02/2019 13:37:36] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFCC8.tmp.LOG2
[MD5.3255D83591E98073A0B7254946312901] - |A| - [12/02/2019 13:38:42] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFD42.tmp
[MD5.014E4955CD4E00DB7420496223403D4C] - |ASH| - [12/02/2019 13:38:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFD42.tmp.LOG1
[MD5.76687162F6BA7C5D2D7808DFE1CBA262] - |ASH| - [12/02/2019 13:38:42] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFD42.tmp.LOG2
[MD5.0329F0F10CD16736CEEE509FC71BC445] - |A| - [12/02/2019 13:36:31] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFE29.tmp
[MD5.0AE1260EC2889EDA819559D6B5365D89] - |ASH| - [12/02/2019 13:36:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFE29.tmp.LOG1
[MD5.0B2659EBA8909DBE0E1ECADE74FD2D7A] - |ASH| - [12/02/2019 13:36:31] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFE29.tmp.LOG2
[MD5.FFA815362E3987F3A0214490040BED02] - |A| - [12/02/2019 13:37:37] - (.-.) - [256 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFEEC.tmp
[MD5.B54A433173B304218FF658ABE8A3BA8A] - |ASH| - [12/02/2019 13:37:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFEEC.tmp.LOG1
[MD5.E7418B3958A9B42ECB0885C13DA60056] - |ASH| - [12/02/2019 13:37:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\Temp\amcFEEC.tmp.LOG2
[MD5.C437E8370B77810D369C932CAABDE7B7] - |A| - [14/02/2019 23:01:32] - (.-.) - [31.25 Ko] - (0.0.0.0) - C:\Windows\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [14/02/2019 23:01:32] - [0.04 Ko] - C:\Windows\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [25/02/2019 22:58:47] - [2580.4 Ko] - C:\Windows\Temp\CR_05C77.tmp
[MD5.2AD8E269A733A89AF1C0F48531562075] - |A| - [20/02/2019 22:29:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.AC7ACF5F23D9A8B3F349BA22A13170B9] - |A| - [02/02/2019 01:48:02] - (.-.) - [6.8 Ko] - (0.0.0.0) - C:\Windows\Temp\ScheduledHeartbeat.log
[MD5.FBE1EC27CA810399FBAA7442C722F36A] - |A| - [01/02/2019 13:40:36] - (.-.) - [2785.02 Ko] - (0.0.0.0) - C:\Windows\Temp\vminst.log
[MD5.00000000000000000000000000000000] - |D| - [27/01/2019 18:52:46] - [5.84 Ko] - C:\Windows\Temp\vmware-SystÃ¨me
[MD5.00000000000000000000000000000000] - |D| - [01/02/2019 13:41:37] - [75.53 Ko] - C:\Windows\Temp\vmware-SystÃ¨me-2046722181
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:15] - [0 Ko] - C:\Windows\System32\0409
[MD5.3B7A3C0377F8EDC95599639EBBF10A72] - |A| - [08/01/2019 15:44:58] - (.Â© Copyright 2015 HP Development Company, L.P. - HP Mobile Data Protection  User Mode DLL.) - [44.33 Ko] - (6.0.12.1) - C:\Windows\System32\accelerometerdll.DLL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [3882.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.96A6FCCACCAF7402A3FEC9632D4CFD42] - |A| - [10/01/2019 00:02:40] - (.-.) - [438.11 Ko] - (0.0.0.0) - C:\Windows\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [26/01/2019 11:49:47] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [10/01/2019 00:49:19] - [2576.89 Ko] - C:\Windows\System32\Appraiser
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [544.17 Ko] - C:\Windows\System32\ar-SA
[MD5.D638E3AD81E149A75EEF59E9C743E27C] - |A| - [22/08/2013 15:36:38] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\Windows\System32\AutoWorkplace.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [543.6 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [6115.88 Ko] - C:\Windows\System32\Boot
[MD5.A5F320FFE96F6939D2FF39360ADA9B5A] - |A| - [20/11/2014 19:43:22] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [94 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [0.93 Ko] - C:\Windows\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [103549.58 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [63805.44 Ko] - C:\Windows\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [1190.47 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [08/01/2019 15:45:05] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\Windows\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [366.5 Ko] - C:\Windows\System32\Com
[MD5.00000000000000000000000000000000] - |SD| - [21/11/2014 00:00:59] - [1440.19 Ko] - C:\Windows\System32\CompatTel
[MD5.6E2604E36B2D67061BD0E3DC966DDC7E] - |A| - [08/01/2019 15:47:59] - (.2013 Â© Real Sound Lab SIA, iSoft Solutions - CONEQÂ Media Suite APO GUI Library.) - [119.42 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [326191.81 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 15:36:31] - [34.62 Ko] - C:\Windows\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [402.18 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [368.79 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [420.63 Ko] - C:\Windows\System32\de-DE
[MD5.08750A50CF027F93070C8BB78E27C3B7] - |ASH| - [22/08/2013 15:36:48] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [20/11/2014 19:30:03] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\Windows\System32\dfpinc.dat
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [08/01/2019 15:46:08] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [08/01/2019 15:46:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [107672.45 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:31:28] - [1048194.08 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [08/01/2019 16:17:23] - [1903.91 Ko] - C:\Windows\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2013 15:36:30] - [116 Ko] - C:\Windows\System32\dsc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [648.92 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:15] - [1656.5 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [16460.65 Ko] - C:\Windows\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [21350.12 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [400.01 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [308.87 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [390.69 Ko] - C:\Windows\System32\fi-FI
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [08/01/2019 15:45:05] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\Windows\System32\FilmModeDetection.wmv
[MD5.86177A958F4B9AD449C1EC7569DE2193] - |A| - [01/10/2012 19:35:42] - (.- MicrosoftÂ® Forms DLL.) - [1555.13 Ko] - (15.0.4420.1017) - C:\Windows\System32\FM20.DLL
[MD5.E44C360B261B0C35F175370F20D5DDCD] - |A| - [01/10/2012 19:38:12] - (.- MicrosoftÂ® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\Windows\System32\FM20ENU.DLL
[MD5.2A7D873D71572E1EF6D0552BABC1B03E] - |A| - [01/10/2012 20:04:00] - (.- MicrosoftÂ® Forms International DLL.) - [35.16 Ko] - (15.0.4420.1017) - C:\Windows\System32\FM20FRA.DLL
[MD5.A9FAA8A6FD608BC2E0F3CA69B9827008] - |A| - [22/08/2013 14:44:50] - (.-.) - [471.47 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:14] - [1711 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [41785.59 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.55158C8F4CFAB021134137B68BBFD01F] - |A| - [22/08/2013 06:58:31] - (.-.) - [72.53 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [08/01/2019 15:46:08] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [08/01/2019 15:46:08] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv4_0.exe.config
[MD5.44A8F60A38C87271B582FE4DEEAF73E0] - |A| - [10/01/2019 00:02:29] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4762.5 Ko] - (3.10.5.5585) - C:\Windows\System32\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |HD| - [22/08/2013 15:36:31] - [0.01 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [501.56 Ko] - C:\Windows\System32\he-IL
[MD5.74507B315C2E4DE907B3444AF1F7E3F6] - |A| - [08/01/2019 15:44:58] - (.Â© Copyright 2015 HP Development Company, L.P. - HP Mobile Data Protection CoInstaller.) - [90.81 Ko] - (6.0.12.1) - C:\Windows\System32\HPMDPCoInst.dll
[MD5.3475B79A3F19BFE22A8690C875F973D5] - |A| - [08/01/2019 15:44:58] - (.Â© Copyright 2015 HP Development Company, L.P. - HP Service.) - [30.83 Ko] - (6.0.12.1) - C:\Windows\System32\hpservice.exe
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [335.45 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [417.87 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.2F0FE49E65FBE3A2BA9AC4637BB62D1C] - |A| - [08/01/2019 15:45:13] - (.-.) - [100.45 Ko] - (0.0.0.0) - C:\Windows\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.3A2CAFB86D748BE8361043D24D307051] - |A| - [08/01/2019 15:45:26] - (.-.) - [17623.52 Ko] - (0.0.0.0) - C:\Windows\System32\igd11dxva64.dll
[MD5.7A59F71D0D1B8074789A2F8245D101CB] - |A| - [08/01/2019 15:45:06] - (.-.) - [6567.54 Ko] - (0.0.0.0) - C:\Windows\System32\igdclbif.bin
[MD5.893071C2545CAABB5613CA7E995BDD21] - |A| - [08/01/2019 15:45:27] - (.-.) - [192.95 Ko] - (0.0.0.0) - C:\Windows\System32\igdde64.dll
[MD5.245AF5A8F975919AD0976692561FE8B9] - |A| - [08/01/2019 15:45:40] - (.Copyright (C) 2012-2013 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [212.95 Ko] - (4.0.0.1192) - C:\Windows\System32\igfx11cmrt64.dll
[MD5.68E64252E4ADABA880F1227D6CFBF508] - |A| - [08/01/2019 15:45:41] - (.Copyright (C) 2010 - 2013 - MDF(CM) JIT Dynamic Link Library.) - [1348.95 Ko] - (4.0.0.1192) - C:\Windows\System32\igfxcmjit64.dll
[MD5.23A29E4867BD2C2DA2424DD45A810BEC] - |A| - [08/01/2019 15:45:41] - (.Copyright (C) 2010 - 2013 - MDF(CM) Runtime Dynamic Link Library.) - [214.12 Ko] - (4.0.0.1192) - C:\Windows\System32\igfxcmrt64.dll
[MD5.022A132EF5514217B86E333CE3C69BC7] - |A| - [08/01/2019 15:46:10] - (.-.) - [258.45 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCPL.cpl
[MD5.536B4778D7115FF0D802EF5E35AA3FED] - |A| - [08/01/2019 15:45:41] - (.-.) - [92.95 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCUIServicePS.dll
[MD5.A0DF234D8293D61C3D8484F3641E6849] - |A| - [08/01/2019 15:45:41] - (.-.) - [67.95 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLib.dll
[MD5.E62D4E5864ADC564EF66E2637FEE26A5] - |A| - [08/01/2019 15:45:41] - (.-.) - [80.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLibv2_0.dll
[MD5.367846951BD7FF3B80CAAEE1E85D2E6D] - |A| - [08/01/2019 15:45:42] - (.-.) - [19.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILib.dll
[MD5.FF7B9C0C5CB681CA09F585F3059E8C9B] - |A| - [08/01/2019 15:45:42] - (.-.) - [18.95 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILibv2_0.dll
[MD5.A184763E27B2D060238D140EA47E3BE3] - |A| - [08/01/2019 15:45:42] - (.-.) - [18.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLib.dll
[MD5.DBA15331CEA6B19D1B820DF6E76D316E] - |A| - [08/01/2019 15:45:42] - (.-.) - [18.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLibv2_0.dll
[MD5.193BD07143B4885F74E46438804E98C0] - |A| - [08/01/2019 15:45:42] - (.-.) - [13.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLib.dll
[MD5.C7BDD81B78544E338BF0C6E918ECF627] - |A| - [08/01/2019 15:45:42] - (.-.) - [13.45 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLibv2_0.dll
[MD5.FD5A53A1AAAACF3FE4C8C762609AE037] - |A| - [08/01/2019 15:45:08] - (.-.) - [375.04 Ko] - (0.0.0.0) - C:\Windows\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [08/01/2019 15:46:09] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [08/01/2019 15:46:12] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [08/01/2019 15:46:12] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [08/01/2019 15:46:12] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [08/01/2019 15:46:12] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [08/01/2019 15:46:12] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [08/01/2019 15:46:12] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [08/01/2019 15:46:12] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp
[MD5.9CE8FCA582B4CB4E83367B65C2AA4DDD] - |A| - [08/01/2019 15:46:12] - (.-.) - [3.96 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [08/01/2019 15:45:05] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\Windows\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [23350.17 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [4637.5 Ko] - C:\Windows\System32\InputMethod
[MD5.7AFC232B40C5B2CE20F5C16A13E62606] - |A| - [08/01/2019 15:45:46] - (.Copyright Â© The Khronos Group Inc 2014 - OpenCL Client DLL.) - [88.95 Ko] - (2.0.2.0) - C:\Windows\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [423.46 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [574.94 Ko] - C:\Windows\System32\ja-JP
[MD5.111011F4D527CE443544F7574E599BD9] - |A| - [20/11/2014 19:42:51] - (.-.) - [2.36 Ko] - (0.0.0.0) - C:\Windows\System32\KeyboardFilterShim.sdb
[MD5.48BA9C6110A5EBA910E7FB2E7D23CFC1] - |A| - [08/01/2019 17:08:16] - (.Copyright Â© Kaspersky Lab ZAO 1996-2012. - Filtering Platform Helper Class.) - [107.59 Ko] - (1.0.0.12) - C:\Windows\System32\klfphc.dll
[MD5.7AC19A1EEF8F735AF745F8CE501217F5] - |A| - [08/01/2019 17:07:54] - (.Â© 2018 AO Kaspersky Lab. - System Interceptors PDK usermode service interceptor.) - [149.38 Ko] - (20.0.68.0) - C:\Windows\System32\klhkum.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [684.01 Ko] - C:\Windows\System32\ko-KR
[MD5.FAFA8B2317AABF4EBDC94D74CDB73394] - |A| - [22/08/2013 06:59:51] - (.-.) - [11741.31 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [90.07 Ko] - C:\Windows\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [14851.77 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [345.5 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [361.77 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [30076.84 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [22/08/2013 06:52:45] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.3774B5C0E0BBA8C8EE54DF3606AB815C] - |A| - [22/08/2013 06:53:23] - (.-.) - [1.14 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [10/01/2019 00:22:31] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [45.5 Ko] - C:\Windows\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [4148.28 Ko] - C:\Windows\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [5.5 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [371.41 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [640 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [22/08/2013 06:58:31] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [51 Ko] - C:\Windows\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [397.67 Ko] - C:\Windows\System32\nl-NL
[MD5.F746E5DDC489931AD269ECFFA4A39815] - |A| - [22/08/2013 15:36:38] - (.-.) - [8.5 Ko] - (0.0.0.0) - C:\Windows\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [22/08/2013 06:52:33] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [13554.14 Ko] - C:\Windows\System32\oobe
[MD5.7646D2FCB702C7768665C7540FE63498] - |A| - [22/08/2013 15:39:08] - (.-.) - [126.33 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.7D4A82332DE135F4D04A474A3E665472] - |A| - [20/11/2014 18:46:22] - (.-.) - [149.59 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [22/08/2013 15:39:08] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [20/11/2014 18:46:22] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.2FF273C5502AA9F53D58D80D70156324] - |A| - [22/08/2013 15:39:08] - (.-.) - [674.57 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.8CA927C7177100F9BFE6B8107496628C] - |A| - [20/11/2014 18:46:22] - (.-.) - [761.24 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.2CF6266DF7B8E8CB33E2A09E88FAE17E] - |A| - [20/11/2014 19:28:14] - (.-.) - [1696.5 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [420.05 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:14] - [834.3 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [22/08/2013 09:17:09] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\Windows\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [400.27 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [398.69 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\System32\RasToast
[MD5.3BFE960E8C0DAA6ABACF0026816764AE] - |A| - [08/01/2019 15:48:04] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [319.56 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.FAC5145454CEA7C36B260EEFDF99BCE2] - |A| - [08/01/2019 15:48:04] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [319.57 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.66C1159AE243D4F42EB9203781683D14] - |A| - [08/01/2019 15:48:04] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [215.19 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.8D5CA7B459D04C6031CC075615EBE081] - |A| - [08/01/2019 15:48:04] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [91.67 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.B07A062AC8ADAD04F96393E1309D8412] - |A| - [08/01/2019 15:48:04] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [113.77 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.5BF01B6CB276E439AFEE5968CABF5CE0] - |A| - [08/01/2019 15:48:04] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [383.63 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [22/08/2013 10:54:19] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [22/08/2013 06:55:37] - (.-.) - [8 Ko] - (0.0.0.0) - C:\Windows\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [353.03 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [337.64 Ko] - C:\Windows\System32\sl-SI
[MD5.523965212FDCEFC5503B38B76AF8B037] - |A| - [08/01/2019 15:48:08] - (.Copyright (C) 2018 DTS, Inc. - DTS Universal APO DLL.) - [971.34 Ko] - (3.5.17.0) - C:\Windows\System32\sl3apo64.dll
[MD5.03A9E79CD229873353E177FF5ADF0F01] - |A| - [08/01/2019 15:48:08] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Controller DLL.) - [3337.87 Ko] - (3.5.17.0) - C:\Windows\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:15] - [98.08 Ko] - C:\Windows\System32\slmgr
[MD5.18F23364AD2D0B7F35B6FD22CD0CE790] - |A| - [08/01/2019 15:48:08] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [260.27 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll
[MD5.EC70E7273FA253E2AB8A85492D5C5798] - |A| - [08/01/2019 15:48:08] - (.Copyright (C) 2018 DTS, Inc. - DTS APO Technology DLL.) - [3055.44 Ko] - (3.5.17.0) - C:\Windows\System32\sltech64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [20149.02 Ko] - C:\Windows\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [7931.31 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [37071.23 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [9265.62 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [23.63 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [224.5 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [345.43 Ko] - C:\Windows\System32\sr-Latn-RS
[MD5.EE4545993EFE0D182C2B1C96DEE850B3] - |A| - [08/01/2019 15:48:08] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.17 Ko] - (4.0.0.59) - C:\Windows\System32\SRAPO64.dll
[MD5.DDC5CDDA7BE211B553A89D614BEC274B] - |A| - [08/01/2019 15:48:08] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.12 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM.dll
[MD5.252AE3348D156F5D6F2BA50E29872480] - |A| - [08/01/2019 15:48:08] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.44 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM64.dll
[MD5.B7CC32E00C5C5152D221DF182827F58E] - |A| - [20/11/2014 19:42:58] - (.-.) - [49.56 Ko] - (0.0.0.0) - C:\Windows\System32\srms.dat
[MD5.A9B3A78601B6154F8AA9F702100750FB] - |A| - [08/01/2019 15:48:09] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.47 Ko] - (4.0.0.59) - C:\Windows\System32\SRRPTR64.dll
[MD5.00000000000000000000000000000000] - |D| - [08/01/2019 15:48:23] - [2155.27 Ko] - C:\Windows\System32\SRSLabs
[MD5.37421A0F8858435C568416646E7897F5] - |A| - [08/01/2019 15:48:09] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [528.4 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.E2292F88C7B419AF65A7828118FE9CEA] - |A| - [08/01/2019 15:48:09] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [170.8 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [16208 Ko] - C:\Windows\System32\sru
[MD5.B59958CD06C9F89C39281FB12F1BB233] - |A| - [22/08/2013 06:57:09] - (.-.) - [513.74 Ko] - (0.0.0.0) - C:\Windows\System32\staticurllist.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [377.28 Ko] - C:\Windows\System32\sv-SE
[MD5.F731B1C55F35F85BE7758A15020737AF] - |A| - [08/01/2019 15:49:08] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [792.54 Ko] - (19.5.10.66) - C:\Windows\System32\SynCOM.dll
[MD5.8EFD6C776E6A8A369651C0A472CFDCE6] - |A| - [08/01/2019 15:49:09] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynTPAPI.) - [275.04 Ko] - (19.5.10.66) - C:\Windows\System32\SynTPAPI.dll
[MD5.A560AD026E37BB6AAA496A4AF45BB2CF] - |A| - [08/01/2019 15:49:10] - (.Copyright (C) Synaptics Incorporated 1996-2018 - Synaptics Pointing Device Driver Co-Installer.) - [339.54 Ko] - (19.5.10.66) - C:\Windows\System32\SynTPCo65.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [1545.13 Ko] - C:\Windows\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [1081.99 Ko] - C:\Windows\System32\SystemResetPlatform
[MD5.FFFCC3C3ED6886A95D3C0E1B49C652BA] - |A| - [20/11/2014 19:29:22] - (.-.) - [136.33 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [431.39 Ko] - C:\Windows\System32\Tasks
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [22/08/2013 06:56:03] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.60CE51972E0A06217C52202F7208EB9A] - |A| - [22/08/2013 10:18:00] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\Windows\System32\TelemetrySampleManifest.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [567.21 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [398.61 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [552.26 Ko] - C:\Windows\System32\uk-UA
[MD5.AE78A63EDDDC86179FA3A65A04936C1B] - |A| - [21/11/2018 01:27:52] - (.Copyright Â© 1998-2018 VMware, Inc. - VMware bridge notify DLL (64-bit).) - [101.01 Ko] - (14.0.0.0) - C:\Windows\System32\vmnetbridge.dll
[MD5.81613540FBCFD93F7338E81EEF6C8B6B] - |A| - [29/01/2019 23:55:37] - (.Copyright Â© 1998-2017 VMware, Inc. - VMware network adapter install library.) - [130.96 Ko] - (14.0.0.0) - C:\Windows\System32\vnetinst.dll
[MD5.8EA2159536BCD37CE1AF6B94240BA357] - |A| - [29/01/2019 23:55:29] - (.Copyright Â© 1998-2018 VMware, Inc. - VMware network install library.) - [1236.42 Ko] - (15.0.2.40550) - C:\Windows\System32\vnetlib64.dll
[MD5.C2C107802DA78B2152141044741CE01C] - |A| - [29/01/2019 23:56:01] - (.Copyright Â© 1998-2018 VMware, Inc. - VSockets Library.) - [45.38 Ko] - (9.8.12.0) - C:\Windows\System32\vsocklib.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [96582.88 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:14] - [0 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [115439.73 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [22/08/2013 08:29:44] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [128 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [46 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [14.53 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [27.59 Ko] - C:\Windows\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [7842.82 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [98316 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [1928.5 Ko] - C:\Windows\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:15] - [207.64 Ko] - C:\Windows\System32\winrm
[MD5.F1DF7849450DBC5D5C3A464E8A791C8C] - |A| - [22/08/2013 06:57:09] - (.-.) - [1485.18 Ko] - (0.0.0.0) - C:\Windows\System32\WpcNBModel.bin
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [399.43 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:30] - [416.02 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [415.72 Ko] - C:\Windows\System32\zh-TW
[MD5.8A63A03AE53A58DCD77C31B5DD1D591A] - |A| - [08/01/2019 17:41:17] - (.-.) - [0.12 Ko] - (0.0.0.0) - C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.0055B62657CE7561F68136FB1E54AFAC] - |A| - [08/01/2019 15:52:11] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[MD5.CDC1AD6FC7528792B3B6D56F0F08B332] - |A| - [27/01/2019 18:52:07] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\%TMP%
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [2228.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [528.17 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [524.6 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0.93 Ko] - C:\Windows\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [320 Ko] - C:\Windows\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [1586.31 Ko] - C:\Windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [383.68 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [351.29 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [400.63 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [4965.17 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [327.5 Ko] - C:\Windows\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [3462.99 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [627.92 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [1653.5 Ko] - C:\Windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [14081.62 Ko] - C:\Windows\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [18336.53 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [380.51 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [291.87 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [372.19 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [1686 Ko] - C:\Windows\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [35902.76 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [10/01/2019 00:02:24] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\Windows\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [486.06 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [317.45 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [398.37 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.AA788FC40B8C67EF996296A61FAA1673] - |A| - [08/01/2019 15:45:24] - (.-.) - [17154.78 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\igd11dxva32.dll
[MD5.810A91CDECC729445AF84CBCA821FEBC] - |A| - [08/01/2019 15:45:46] - (.Copyright Â© The Khronos Group Inc 2014 - OpenCL Client DLL.) - [92.95 Ko] - (2.0.2.0) - C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [403.96 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [562.94 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [672.51 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [90.07 Ko] - C:\Windows\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [327.5 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [343.77 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [24609.21 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [3036.5 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [789 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [45.5 Ko] - C:\Windows\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [52.28 Ko] - C:\Windows\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [5.5 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [354.41 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [51 Ko] - C:\Windows\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [378.67 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [639 Ko] - C:\Windows\SysWOW64\oobe
[MD5.4795E632E0CE91D20FBF937353FE2103] - |A| - [27/01/2019 18:51:48] - (.-.) - [1724.99 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.4B96BF5C5222F7B9280713421FF10C8E] - |A| - [29/01/2019 20:00:30] - (.-.) - [4 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\persistent_q.db
[MD5.BB7DF04E1B0A2570657527A7E108AE23] - |A| - [29/01/2019 20:00:30] - (.-.) - [32 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\persistent_q.db-shm
[MD5.6D0D681D2EEDC0CDEE206F83080D13D1] - |A| - [29/01/2019 20:00:30] - (.-.) - [12.1 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\persistent_q.db-wal
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [400.05 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [834.3 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [381.27 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [379.69 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0.76 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [352.79 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.DDC5CDDA7BE211B553A89D614BEC274B] - |A| - [08/01/2019 15:48:08] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.12 Ko] - (4.0.0.59) - C:\Windows\SysWOW64\SRCOM.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [359.78 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.10310533D84B01DE27B38E6E5878FD7F] - |A| - [08/01/2019 15:49:09] - (.Copyright (C) Synaptics Incorporated 1996-2018 - SynCOM.) - [421.04 Ko] - (19.5.10.66) - C:\Windows\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [550.21 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [381.11 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [533.76 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.92BBB76CDF269E7373F153A8296B13E2] - |A| - [29/01/2019 23:55:37] - (.Copyright Â© 1998-2018 VMware, Inc. - VMware NAT Service.) - [386.92 Ko] - (15.0.2.40550) - C:\Windows\SysWOW64\vmnat.exe
[MD5.CF3EDFAA9CC87E223F9316B5D0F1AA84] - |A| - [29/01/2019 23:55:42] - (.Copyright Â© 1998-2018 VMware, Inc. - VMware VMnet DHCP service.) - [365.42 Ko] - (15.0.2.40550) - C:\Windows\SysWOW64\vmnetdhcp.exe
[MD5.120F95A5235A4B744C6C6F47CB1BB51F] - |A| - [29/01/2019 23:56:01] - (.Copyright Â© 1998-2018 VMware, Inc. - VSockets Library.) - [41.38 Ko] - (9.8.12.0) - C:\Windows\SysWOW64\vsocklib.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 13:36:16] - [16285.64 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [0 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [158.1 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [6460.66 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [1928.5 Ko] - C:\Windows\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/11/2014 18:46:16] - [207.64 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [389.93 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [406.02 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 15:36:31] - [405.72 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | [PAVILION]

[09/01/2019 09:46:07] - |D| - [3084] - C:\Users\PAVILION\.android
[12/01/2019 21:42:19] - |D| - [34197] - C:\Users\PAVILION\.MemuHyperv
[12/01/2019 16:34:54] - |D| - [186309119] - C:\Users\PAVILION\.PyCharmCE2018.3
[08/01/2019 16:17:54] - |D| - [87424] - C:\Users\PAVILION\.VirtualBox
[08/01/2019 15:40:38] - |HD| - [3978563147] - C:\Users\PAVILION\AppData
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Application Data
[08/01/2019 15:41:02] - |RD| - [412] - C:\Users\PAVILION\Contacts
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Cookies
[08/01/2019 15:40:38] - |RD| - [8525899660] - C:\Users\PAVILION\Desktop
[08/01/2019 15:40:38] - |RD| - [73014119633] - C:\Users\PAVILION\Documents
[08/01/2019 15:40:38] - |RD| - [6539447560] - C:\Users\PAVILION\Downloads
[08/01/2019 15:40:38] - |RD| - [690] - C:\Users\PAVILION\Favorites
[08/01/2019 15:52:14] - |SHD| - [25308] - C:\Users\PAVILION\IntelGraphicsProfiles
[08/01/2019 15:40:38] - |RD| - [2304] - C:\Users\PAVILION\Links
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Local Settings
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Menu DÃ©marrer
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Mes documents
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\ModÃ¨les
[08/01/2019 15:40:38] - |RD| - [504] - C:\Users\PAVILION\Music
[09/01/2019 15:39:01] - |D| - [528996953] - C:\Users\PAVILION\Nox_share
[08/01/2019 15:40:38] - |ASH| - [2359296] - C:\Users\PAVILION\NTUSER.DAT
[08/01/2019 15:40:39] - |ASH| - [2027520] - C:\Users\PAVILION\ntuser.dat.LOG1
[08/01/2019 15:40:39] - |ASH| - [1826816] - C:\Users\PAVILION\ntuser.dat.LOG2
[08/01/2019 15:40:39] - |ASH| - [65536] - C:\Users\PAVILION\NTUSER.DAT{c30f8186-70e4-11e4-80c2-90b11c2512fc}.TM.blf
[08/01/2019 15:40:39] - |ASH| - [524288] - C:\Users\PAVILION\NTUSER.DAT{c30f8186-70e4-11e4-80c2-90b11c2512fc}.TMContainer00000000000000000001.regtrans-ms
[08/01/2019 15:40:40] - |ASH| - [524288] - C:\Users\PAVILION\NTUSER.DAT{c30f8186-70e4-11e4-80c2-90b11c2512fc}.TMContainer00000000000000000002.regtrans-ms
[08/01/2019 15:40:40] - |SH| - [20] - C:\Users\PAVILION\ntuser.ini
[08/01/2019 15:40:38] - |RD| - [504] - C:\Users\PAVILION\Pictures
[12/01/2019 16:36:44] - |D| - [47422819] - C:\Users\PAVILION\PycharmProjects
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Recent
[08/01/2019 15:40:38] - |RD| - [282] - C:\Users\PAVILION\Saved Games
[08/01/2019 15:41:02] - |RD| - [1875] - C:\Users\PAVILION\Searches
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\SendTo
[08/01/2019 15:40:38] - |RD| - [504] - C:\Users\PAVILION\Videos
[08/01/2019 16:50:09] - |D| - [8625517655] - C:\Users\PAVILION\VirtualBox VMs
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Voisinage d'impression
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\Voisinage rÃ©seau
[08/01/2019 15:40:38] - |D| - [3629466517] - C:\Users\PAVILION\AppData\Local
[08/01/2019 15:40:40] - |D| - [21879869] - C:\Users\PAVILION\AppData\LocalLow
[08/01/2019 15:40:38] - |D| - [327226987] - C:\Users\PAVILION\AppData\Roaming
[08/01/2019 23:39:37] - |D| - [19397987] - C:\Users\PAVILION\AppData\Local\Adobe
[08/01/2019 23:42:36] - |D| - [131874] - C:\Users\PAVILION\AppData\Local\AirVPN
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\AppData\Local\Application Data
[14/02/2019 13:06:12] - |D| - [608931] - C:\Users\PAVILION\AppData\Local\Diagnostics
[10/01/2019 21:30:15] - |D| - [398121575] - C:\Users\PAVILION\AppData\Local\Discord
[25/01/2019 23:32:40] - |D| - [233625553] - C:\Users\PAVILION\AppData\Local\FXHOME
[25/01/2019 23:32:42] - |D| - [31435104] - C:\Users\PAVILION\AppData\Local\FXHOME Helper
[08/01/2019 16:46:13] - |D| - [155333256] - C:\Users\PAVILION\AppData\Local\Google
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\AppData\Local\Historique
[26/01/2019 12:56:30] - |D| - [0] - C:\Users\PAVILION\AppData\Local\HitFilm Express Activation
[08/01/2019 15:51:17] - |AH| - [45672] - C:\Users\PAVILION\AppData\Local\IconCache.db
[12/01/2019 16:33:34] - |D| - [616019328] - C:\Users\PAVILION\AppData\Local\JetBrains
[01/02/2019 00:27:13] - |D| - [1151308] - C:\Users\PAVILION\AppData\Local\ManyCam
[08/01/2019 15:40:38] - |D| - [529230516] - C:\Users\PAVILION\AppData\Local\Microsoft
[08/01/2019 16:12:54] - |D| - [0] - C:\Users\PAVILION\AppData\Local\Microsoft Help
[08/01/2019 16:09:42] - |D| - [1072871753] - C:\Users\PAVILION\AppData\Local\Mozilla
[08/01/2019 16:47:55] - |D| - [911] - C:\Users\PAVILION\AppData\Local\MSfree Inc
[09/01/2019 15:36:40] - |D| - [155807] - C:\Users\PAVILION\AppData\Local\Nox
[12/01/2019 16:14:49] - |D| - [24783592] - C:\Users\PAVILION\AppData\Local\Package Cache
[08/01/2019 15:40:48] - |D| - [40679266] - C:\Users\PAVILION\AppData\Local\Packages
[09/01/2019 00:07:41] - |D| - [83665994] - C:\Users\PAVILION\AppData\Local\Programs
[10/01/2019 21:28:28] - |D| - [37511] - C:\Users\PAVILION\AppData\Local\SquirrelTemp
[15/01/2019 18:47:55] - |D| - [0] - C:\Users\PAVILION\AppData\Local\TeamViewer
[08/01/2019 15:40:38] - |D| - [415906330] - C:\Users\PAVILION\AppData\Local\Temp
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\AppData\Local\Temporary Internet Files
[08/01/2019 15:40:47] - |D| - [0] - C:\Users\PAVILION\AppData\Local\VirtualStore
[09/01/2019 08:54:56] - |D| - [6260215] - C:\Users\PAVILION\AppData\Local\Visicom Media
[27/01/2019 18:56:54] - |D| - [4034] - C:\Users\PAVILION\AppData\Local\VMware
[12/01/2019 01:42:22] - |D| - [136590] - C:\Users\PAVILION\AppData\LocalLow\Adobe
[08/01/2019 17:53:39] - |SD| - [21743279] - C:\Users\PAVILION\AppData\LocalLow\Microsoft
[08/01/2019 16:09:50] - |D| - [0] - C:\Users\PAVILION\AppData\LocalLow\Mozilla
[08/01/2019 15:40:50] - |D| - [113330] - C:\Users\PAVILION\AppData\Roaming\Adobe
[17/01/2019 18:26:11] - |D| - [609278] - C:\Users\PAVILION\AppData\Roaming\AnyDesk
[11/01/2019 15:44:25] - |D| - [8365357] - C:\Users\PAVILION\AppData\Roaming\Avnex
[10/01/2019 21:30:24] - |D| - [108064391] - C:\Users\PAVILION\AppData\Roaming\discord
[09/01/2019 00:26:12] - |D| - [0] - C:\Users\PAVILION\AppData\Roaming\DMCache
[23/02/2019 00:52:46] - |D| - [0] - C:\Users\PAVILION\AppData\Roaming\Google
[30/01/2019 18:01:39] - |D| - [32] - C:\Users\PAVILION\AppData\Roaming\Gyazo
[09/01/2019 00:26:13] - |D| - [20754824] - C:\Users\PAVILION\AppData\Roaming\IDM
[12/01/2019 16:35:08] - |D| - [76] - C:\Users\PAVILION\AppData\Roaming\JetBrains
[01/02/2019 14:36:16] - |D| - [291] - C:\Users\PAVILION\AppData\Roaming\Macromedia
[01/02/2019 00:13:36] - |D| - [21679514] - C:\Users\PAVILION\AppData\Roaming\ManyCam
[08/01/2019 15:40:38] - |SD| - [93269585] - C:\Users\PAVILION\AppData\Roaming\Microsoft
[08/01/2019 16:09:42] - |D| - [74261129] - C:\Users\PAVILION\AppData\Roaming\Mozilla
[09/01/2019 00:07:51] - |D| - [0] - C:\Users\PAVILION\AppData\Roaming\Skype
[08/01/2019 15:52:33] - |D| - [0] - C:\Users\PAVILION\AppData\Roaming\Synaptics
[10/01/2019 10:59:01] - |D| - [4436] - C:\Users\PAVILION\AppData\Roaming\TeamViewer
[08/01/2019 16:09:14] - |D| - [98509] - C:\Users\PAVILION\AppData\Roaming\vlc
[27/01/2019 18:56:52] - |D| - [6223] - C:\Users\PAVILION\AppData\Roaming\VMware
[17/01/2019 01:29:05] - |D| - [12] - C:\Users\PAVILION\AppData\Roaming\WinRAR
[08/01/2019 15:41:02] - |SH| - [174] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[08/01/2019 15:40:40] - |SHD| - [0] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[08/01/2019 15:40:38] - |RD| - [45272] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[08/01/2019 15:40:38] - |RD| - [3888] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[08/01/2019 15:40:38] - |RD| - [1486] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[08/01/2019 15:41:02] - |RD| - [174] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[08/01/2019 23:40:19] - |D| - [1957] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AirVPN
[08/01/2019 15:40:38] - |SH| - [564] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[10/01/2019 21:30:25] - |D| - [2197] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
[08/01/2019 15:40:38] - |A| - [369] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[09/01/2019 00:25:36] - |D| - [6390] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[08/01/2019 15:40:50] - |A| - [1458] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[12/01/2019 16:34:34] - |D| - [1508] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
[08/01/2019 15:40:38] - |D| - [170] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[12/01/2019 21:42:43] - |D| - [2150] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu
[08/01/2019 15:40:38] - |A| - [369] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[12/01/2019 16:14:57] - |D| - [7633] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7
[10/01/2019 00:40:50] - |A| - [812] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[08/01/2019 15:41:02] - |RD| - [174] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[08/01/2019 15:40:38] - |RD| - [5274] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[11/01/2019 15:44:37] - |D| - [4342] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voice Changer Software Diamond
[08/01/2019 16:11:49] - |D| - [4357] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[08/01/2019 15:41:02] - |SH| - [174] - C:\Users\PAVILION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[22/08/2013 15:36:30] - |RHD| - [20682] - C:\Users\Public\Desktop
[22/08/2013 15:36:32] - |ASH| - [174] - C:\Users\Public\desktop.ini
[22/08/2013 15:36:30] - |RD| - [278] - C:\Users\Public\Documents
[22/08/2013 15:36:30] - |RD| - [174] - C:\Users\Public\Downloads
[22/08/2013 15:36:30] - |RHD| - [1174] - C:\Users\Public\Libraries
[22/08/2013 15:36:30] - |RD| - [380] - C:\Users\Public\Music
[22/08/2013 15:36:30] - |RD| - [380] - C:\Users\Public\Pictures
[22/08/2013 15:36:30] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[08/01/2019 16:11:08] - |D| - [135312289] - C:\ProgramData\Adobe
[22/08/2013 14:45:52] - |SHD| - [0] - C:\ProgramData\Application Data
[25/01/2019 23:30:10] - |D| - [33085369] - C:\ProgramData\BorisFX
[08/01/2019 15:34:47] - |SHD| - [0] - C:\ProgramData\Bureau
[22/08/2013 14:45:52] - |SHD| - [0] - C:\ProgramData\Desktop
[22/08/2013 14:45:52] - |SHD| - [0] - C:\ProgramData\Documents
[25/01/2019 23:30:10] - |D| - [9359611] - C:\ProgramData\FXHOME
[09/01/2019 00:26:13] - |D| - [0] - C:\ProgramData\IDM
[08/01/2019 17:08:00] - |D| - [1530872266] - C:\ProgramData\Kaspersky Lab
[01/02/2019 00:14:02] - |D| - [544984] - C:\ProgramData\ManyCam
[08/01/2019 15:34:47] - |SHD| - [0] - C:\ProgramData\Menu DÃ©marrer
[22/08/2013 13:36:15] - |SD| - [478572943] - C:\ProgramData\Microsoft
[08/01/2019 16:12:52] - |D| - [11514] - C:\ProgramData\Microsoft Help
[08/01/2019 15:34:47] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[30/01/2019 17:36:51] - |D| - [21797] - C:\ProgramData\Mozilla
[09/01/2019 00:17:14] - |D| - [23357361] - C:\ProgramData\Package Cache
[22/08/2013 15:36:30] - |D| - [2061] - C:\ProgramData\regid.1991-06.com.microsoft
[10/01/2019 21:30:14] - |D| - [60074328] - C:\ProgramData\SquirrelMachineInstalls
[08/01/2019 15:48:26] - |D| - [133335] - C:\ProgramData\SRS Labs
[22/08/2013 14:45:52] - |SHD| - [0] - C:\ProgramData\Start Menu
[08/01/2019 15:52:33] - |D| - [1878] - C:\ProgramData\Synaptics
[22/08/2013 14:45:52] - |SHD| - [0] - C:\ProgramData\Templates
[27/01/2019 18:51:31] - |D| - [5730966] - C:\ProgramData\VMware

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[22/08/2013 15:36:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[08/01/2019 15:34:47] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[22/08/2013 15:36:30] - |RD| - [182179] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[22/08/2013 15:36:30] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[22/08/2013 15:36:30] - |RD| - [16870] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[22/08/2013 15:36:30] - |RD| - [28184] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[08/01/2019 23:39:42] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[08/01/2019 15:48:29] - |A| - [2018] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beats Audio.lnk
[22/08/2013 06:57:22] - |RAS| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk
[01/02/2019 16:13:14] - |D| - [934] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[22/08/2013 15:36:33] - |SH| - [1086] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/08/2013 06:57:05] - |RAS| - [853] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
[20/11/2014 19:29:47] - |RAS| - [2440] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[08/01/2019 16:09:37] - |A| - [1171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[08/01/2019 16:46:36] - |A| - [2242] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[30/01/2019 17:37:55] - |D| - [3057] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[26/01/2019 12:57:02] - |D| - [1123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm Express
[22/08/2013 06:54:10] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[09/01/2019 00:25:36] - |D| - [6282] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[08/01/2019 17:08:30] - |D| - [5567] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[08/01/2019 17:08:50] - |D| - [6130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[08/01/2019 17:46:40] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Le Grand Robert
[22/08/2013 15:36:30] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/02/2019 00:14:04] - |D| - [3156] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
[08/01/2019 16:14:31] - |D| - [56400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[08/01/2019 15:40:05] - |D| - [2245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[01/02/2019 10:56:27] - |D| - [3919] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[22/08/2013 06:57:08] - |RAS| - [2365] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk
[22/08/2013 06:45:50] - |RAS| - [1588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
[02/02/2019 12:15:40] - |D| - [1340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[22/08/2013 15:36:30] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[22/08/2013 15:36:30] - |RD| - [6359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[10/01/2019 10:59:00] - |A| - [983] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 14.lnk
[08/01/2019 16:09:07] - |D| - [6846] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[29/01/2019 23:55:05] - |D| - [3650] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[22/08/2013 06:48:43] - |RAS| - [2191] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk
[08/01/2019 16:11:49] - |D| - [4285] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[22/08/2013 15:36:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[08/01/2019 23:39:41] - |D| - [186222032] - C:\Program Files (x86)\Adobe
[09/01/2019 00:17:10] - |D| - [94594837] - C:\Program Files (x86)\AV Voice Changer 9.5 Diamond
[22/08/2013 13:36:15] - |D| - [766172060] - C:\Program Files (x86)\Common Files
[22/08/2013 15:36:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[08/01/2019 16:46:22] - |D| - [467927750] - C:\Program Files (x86)\Google
[30/01/2019 17:37:54] - |D| - [16196936] - C:\Program Files (x86)\Gyazo
[08/01/2019 23:25:40] - |D| - [268712] - C:\Program Files (x86)\HP
[08/01/2019 15:46:24] - |D| - [3582604] - C:\Program Files (x86)\Intel
[09/01/2019 00:25:13] - |D| - [16583903] - C:\Program Files (x86)\Internet Download Manager
[22/08/2013 15:36:30] - |D| - [6972459] - C:\Program Files (x86)\Internet Explorer
[08/01/2019 17:08:00] - |D| - [361436359] - C:\Program Files (x86)\Kaspersky Lab
[08/01/2019 17:46:08] - |D| - [79492] - C:\Program Files (x86)\Le Grand Robert
[09/01/2019 08:39:04] - |D| - [162254704] - C:\Program Files (x86)\ManyCam
[02/02/2019 12:15:33] - |D| - [206466497] - C:\Program Files (x86)\Microsoft
[08/01/2019 16:12:56] - |D| - [102815591] - C:\Program Files (x86)\Microsoft Analysis Services
[08/01/2019 16:12:54] - |D| - [98365963] - C:\Program Files (x86)\Microsoft Office
[08/01/2019 15:39:31] - |D| - [42890830] - C:\Program Files (x86)\Microsoft Silverlight
[08/01/2019 16:14:13] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server
[22/08/2013 15:36:30] - |D| - [8854863] - C:\Program Files (x86)\Microsoft.NET
[08/01/2019 16:09:32] - |D| - [184350899] - C:\Program Files (x86)\Mozilla Firefox
[08/01/2019 16:09:34] - |D| - [359674] - C:\Program Files (x86)\Mozilla Maintenance Service
[10/01/2019 10:58:52] - |D| - [92293153] - C:\Program Files (x86)\TeamViewer
[08/01/2019 16:09:02] - |D| - [184570366] - C:\Program Files (x86)\VideoLAN
[27/01/2019 18:51:31] - |D| - [780711391] - C:\Program Files (x86)\VMware
[22/08/2013 15:36:30] - |D| - [1814264] - C:\Program Files (x86)\Windows Defender
[22/08/2013 15:36:30] - |D| - [6522368] - C:\Program Files (x86)\Windows Mail
[22/08/2013 15:36:30] - |D| - [3399194] - C:\Program Files (x86)\Windows Media Player
[22/08/2013 15:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Multimedia Platform
[22/08/2013 15:36:30] - |D| - [7641658] - C:\Program Files (x86)\Windows NT
[22/08/2013 15:36:30] - |D| - [5544592] - C:\Program Files (x86)\Windows Photo Viewer
[22/08/2013 15:36:30] - |D| - [230912] - C:\Program Files (x86)\Windows Portable Devices
[22/08/2013 15:36:30] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[22/08/2013 15:36:30] - |D| - [0] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[08/01/2019 23:40:19] - |D| - [18955821] - C:\Program Files\AirVPN
[26/01/2019 12:56:30] - |D| - [51000015] - C:\Program Files\BorisFX
[01/02/2019 16:13:07] - |D| - [41190792] - C:\Program Files\CCleaner
[22/08/2013 13:36:15] - |D| - [546473868] - C:\Program Files\Common Files
[22/08/2013 15:36:45] - |ASH| - [174] - C:\Program Files\desktop.ini
[08/01/2019 15:34:47] - |SHD| - [0] - C:\Program Files\Fichiers communs
[26/01/2019 12:56:30] - |D| - [713465747] - C:\Program Files\FXHOME
[08/01/2019 15:46:22] - |D| - [33911715] - C:\Program Files\Intel
[22/08/2013 15:36:31] - |D| - [26499588] - C:\Program Files\Internet Explorer
[08/01/2019 16:12:56] - |D| - [120126431] - C:\Program Files\Microsoft Analysis Services
[08/01/2019 16:12:53] - |D| - [1306218024] - C:\Program Files\Microsoft Office
[08/01/2019 15:39:31] - |D| - [55721038] - C:\Program Files\Microsoft Silverlight
[08/01/2019 16:14:02] - |D| - [35280] - C:\Program Files\Microsoft SQL Server
[08/01/2019 16:14:13] - |D| - [678864] - C:\Program Files\Microsoft.NET
[01/02/2019 10:56:21] - |D| - [276850805] - C:\Program Files\Oracle
[08/01/2019 15:48:22] - |D| - [46967250] - C:\Program Files\Realtek
[08/01/2019 15:49:23] - |D| - [142854168] - C:\Program Files\Synaptics
[08/01/2019 23:43:30] - |D| - [272409] - C:\Program Files\TAP-Windows
[22/08/2013 14:47:10] - |HD| - [0] - C:\Program Files\Uninstall Information
[22/08/2013 15:36:31] - |D| - [14684952] - C:\Program Files\Windows Defender
[22/08/2013 15:36:31] - |D| - [6881280] - C:\Program Files\Windows Mail
[22/08/2013 15:36:31] - |D| - [5504574] - C:\Program Files\Windows Media Player
[22/08/2013 15:36:31] - |D| - [286208] - C:\Program Files\Windows Multimedia Platform
[22/08/2013 15:36:31] - |D| - [7994426] - C:\Program Files\Windows NT
[22/08/2013 15:36:31] - |D| - [6475920] - C:\Program Files\Windows Photo Viewer
[22/08/2013 15:36:31] - |D| - [286208] - C:\Program Files\Windows Portable Devices
[22/08/2013 15:36:31] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[22/08/2013 15:36:31] - |HD| - [670163723] - C:\Program Files\WindowsApps
[22/08/2013 15:36:31] - |D| - [0] - C:\Program Files\WindowsPowerShell
[08/01/2019 16:11:48] - |D| - [7587674] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[08/01/2019 23:39:41] - |D| - [9977435] - C:\Program Files (x86)\Common Files\Adobe
[08/01/2019 15:46:21] - |D| - [71042881] - C:\Program Files (x86)\Common Files\Intel
[22/08/2013 15:36:30] - |D| - [154584791] - C:\Program Files (x86)\Common Files\Microsoft Shared
[22/08/2013 15:36:30] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[22/08/2013 15:36:30] - |D| - [10376491] - C:\Program Files (x86)\Common Files\System
[29/01/2019 23:54:33] - |D| - [3783120] - C:\Program Files (x86)\Common Files\ThinPrint
[27/01/2019 18:47:17] - |D| - [516404640] - C:\Program Files (x86)\Common Files\VMware

---------- | C:\Program Files\Common files

[08/01/2019 17:08:58] - |D| - [2420466] - C:\Program Files\Common files\AV
[08/01/2019 16:14:18] - |D| - [14488] - C:\Program Files\Common files\DESIGNER
[22/08/2013 15:36:31] - |D| - [432047815] - C:\Program Files\Common files\microsoft shared
[26/01/2019 12:56:30] - |D| - [99650664] - C:\Program Files\Common files\OFX
[22/08/2013 15:36:31] - |D| - [2702] - C:\Program Files\Common files\Services
[22/08/2013 15:36:31] - |D| - [11536307] - C:\Program Files\Common files\System
[29/01/2019 23:54:30] - |D| - [801426] - C:\Program Files\Common files\VMware

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [22/08/2013 14:45:54] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.2DAB1EB9ADFD9A3EDD582B59EEA36EB5] - [01/02/2019 16:13:14] - |A| - [4128] - C:\Windows\System32\Tasks\CCleaner Update         :   C:\Program Files\CCleaner\CCUpdate.exe
[MD5.C3A1F57412EE8900391E699EEEDF9EB3] - [01/02/2019 16:13:16] - |A| - [2802] - C:\Windows\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.E2E7C0520B2908748F415DBCF5C2D667] - [08/01/2019 16:46:22] - |A| - [3374] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.0DFFBA1ECC691F89524F7B4162184532] - [08/01/2019 16:46:22] - |A| - [3502] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.CAE68C3DEE850561AA1E122D2AEFFFCA] - [30/01/2019 17:38:01] - |A| - [3282] - C:\Windows\System32\Tasks\GyazoUpdateTaskMachine         :   "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
[MD5.7189479E1E9DB357294A550427C31B08] - [30/01/2019 17:38:02] - |A| - [3408] - C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily         :   "C:\Program Files (x86)\Gyazo\GyazoUpdate.exe"
[MD5.00000000000000000000000000000000] - [22/08/2013 15:36:30] - |D| - [404210] - C:\Windows\System32\Tasks\Microsoft
[MD5.A6874AD8663BE2CBF9DB397B06062B22] - [01/02/2019 13:06:37] - |A| - [5044] - C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HP-PAVILION HP         :   C:\Program Files\Microsoft Office\Office15\MsoSync.exe
[MD5.239571032F3C2704846226CE5990101D] - [08/01/2019 15:46:15] - |A| - [3596] - C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1250962233-688348625-1058799670-1001         :   C:\Program Files\Microsoft Office\Office15\MsoSync.exe
[MD5.1F04B0C8CD63026C2C8EC4406726299D] - [25/01/2019 17:56:13] - |A| - [3924] - C:\Windows\System32\Tasks\User_Feed_Synchronization-{2C3AE804-55E2-4232-A38A-39C1574A3088}         :   C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [08/01/2019 15:41:17] - |D| - [4470] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [22/08/2013 15:36:31] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|
"{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1998D0DC-9330-4C82-93A7-8E34272D86F6}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-1250962233-688348625-1058799670-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{28375222-D553-4AA1-8D73-DB908D5B7F6E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=D:\Program Files\Microvirt\MEmu\MEmu.exe|Name=MEmu.exe|
"{C680946C-4A86-4BD8-8A40-2FC277ED0DD7}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|App=D:\Program Files\Microvirt\MEmu\MEmu.exe|Name=MEmu.exe|
"{F190A802-EFA3-458D-A0E2-3B819EB0C22E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=D:\Program Files\Nox\bin\Nox.exe|Name=Nox.exe|Desc=|
"{FE34EAAB-09EF-41E5-A4EF-54C9A60D4F54}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe|Name=NoxVMHandle.exe|Desc=|
"{CF982581-8928-406A-9CBF-BF7F83AC9CD4}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe|Name=VMware Authd Service|Edge=TRUE|
"{84B0608E-F025-4C53-A8AC-F5EE46532644}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe|Name=VMware Authd Service (private)|Edge=TRUE|
"{C8558A0A-AF5A-4965-8EE4-E5D1737D0B08}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe|Name=VMware Workstation Server|Edge=TRUE|
"{3DACDE57-2445-454A-8E20-4F0932DCC9E1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe|Name=VMware Workstation Server (private)|Edge=TRUE|
"{4940F31E-5546-45A5-A3DE-9226123DAFB6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{48616484-9B69-4DFA-827B-166646ED65F4}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{939767AD-8E5C-4708-B9C7-927860ACBC94}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{D98E197B-1CAE-46BE-8835-26655A8D778D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{CBC163EE-6A16-403C-81E4-700E60CA1FF8}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1250962233-688348625-1058799670-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{5051938C-152E-43FE-92B2-7D0CBE86C562}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-1250962233-688348625-1058799670-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{B4B858EB-6E82-45A9-9579-BAD716CC47A5}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|
"{600BDA7B-7867-4BF7-B1DF-472895E2A44B}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|
"{1556E6C6-64B2-4DEE-9964-ABAC98F82E13}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|Name=80|
"{35F8DA2C-C531-4BED-9D81-AB5A8E07823C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=GoogleÂ Chrome (mDNS-In)|Desc=RÃ¨gle de trafic entrant pour GoogleÂ Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{091BC97E-2352-4362-A539-10A6D8FF7596}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @PrintQueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%SECURITYACCELERATORCLASSNAME%;Security Accelerator
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @idtsec.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @%SystemRoot%\System32\Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{884B96C3-56EF-11D1-BC8C-00A0C91405DD}] : (vmkbd3) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8c78b96c-9120-4da4-a144-ff427f2cf132}] : (BarcodeScanner) [] -> @hidscanner.inf,%ClassName%;POS HID Barcode scanners
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @AudioEndpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @WSDPrint.Inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[20/02/2018 10:53:38] - (14.0.0.9) - (AO Kaspersky Lab - Updatable component loader [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kl1.sys
[27/01/2018 10:10:16] - (5.2.6.0) - (AO Kaspersky Lab - Cryptographic Module Driver x64 (56 bit)) - C:\Windows\system32\DRIVERS\cm_km.sys
[27/12/2017 09:10:46] - (15.1.0.1) - (AO Kaspersky Lab - Backup Disk Filter [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klbackupdisk.sys
[29/01/2019 23:56:01] - (9.8.12.0) - (VMware, Inc. - VMware vSockets Service) - C:\Windows\system32\DRIVERS\vsock.sys
[22/06/2018 01:31:02] - (9.8.6.0) - (VMware, Inc. - VMware PCI VMCI Bus Device) - C:\Windows\System32\drivers\vmci.sys
[08/01/2019 15:45:00] - (6.0.12.1) - (HP - HP Disk Filter - SATA/RAID) - C:\Windows\system32\DRIVERS\hpdskflt.sys
[08/01/2019 17:07:54] - (20.0.68.61) - (AO Kaspersky Lab - klhk [fre_win7_x64]) - C:\Windows\System32\drivers\klhk.sys
[02/02/2018 02:45:32] - (15.1.0.4) - (AO Kaspersky Lab - Backup File Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klbackupflt.sys
[08/01/2019 17:07:54] - (15.1.38.0) - (AO Kaspersky Lab - Filter Core [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klflt.sys
[08/01/2019 17:07:54] - (15.1.115.0) - (AO Kaspersky Lab - Core System Interceptors [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klif.sys
[30/05/2017 17:51:40] - (14.0.0.3) - (AO Kaspersky Lab - Format Recognizer [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\klpd.sys
[29/01/2019 23:56:00] - (1.6.2.0) - (VMware, Inc. - VMware VMware Input Filter and Injection Driver (64-bit)) - C:\Windows\system32\DRIVERS\vmkbd.sys
[17/02/2018 01:50:42] - (14.1.0.35) - (AO Kaspersky Lab - WFP Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwfp.sys
[17/02/2018 01:50:40] - (14.0.0.100) - (AO Kaspersky Lab - WFP Network Connection Filter Driver [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klwtp.sys
[12/02/2018 03:17:16] - (14.0.0.18) - (AO Kaspersky Lab - Packet Network Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klim6.sys
[28/01/2019 02:14:36] - (6.0.4.28413) - (Oracle Corporation - VirtualBox NDIS 6.0 Lightweight Filter Driver) - C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
[08/01/2019 16:17:25] - (6.0.4.28413) - (Oracle Corporation - VirtualBox USB Monitor Driver) - C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
[08/01/2019 16:17:24] - (6.0.4.28413) - (Oracle Corporation - VirtualBox Support Driver) - C:\Windows\system32\DRIVERS\VBoxDrv.sys
[24/02/2018 04:17:48] - (15.0.0.11) - (AO Kaspersky Lab - Network Processor [fre_wnet_x64]) - C:\Windows\system32\DRIVERS\kneps.sys
[25/04/2018 20:41:26] - (16.2.12.0) - (AO Kaspersky Lab - Virtual Disk [fre_win7_x64]) - C:\Windows\system32\DRIVERS\kldisk.sys
[28/01/2019 02:14:32] - (6.0.4.28413) - (Oracle Corporation - VirtualBox NDIS 6.0 Host-Only Network Adapter Driver) - C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
[12/02/2018 15:51:02] - (9.0.0.22) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\kltap.sys
[21/04/2016 09:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\tap0901.sys
[21/11/2018 01:27:52] - (14.0.0.0) - (VMware, Inc. - VMware virtual network adapter driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetadapter.sys
[29/01/2019 23:55:37] - (14.0.0.0) - (VMware, Inc. - VMware virtual network driver (64-bit)) - C:\Windows\system32\DRIVERS\VMNET.SYS
[08/01/2019 15:44:47] - (10.0.16299.21304) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\Windows\System32\drivers\RtsPer.sys
[08/01/2019 15:45:00] - (7.0.13.1) - (Hewlett-Packard Company - Keyboard Filter Driver) - C:\Windows\System32\drivers\HpqKbFiltr64.sys
[15/01/2018 04:13:30] - (15.0.0.3) - (AO Kaspersky Lab - Keyboard Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klkbdflt.sys
[08/01/2019 15:49:15] - (19.5.10.66) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\Windows\system32\DRIVERS\SynTP.sys
[11/12/2017 10:49:16] - (13.0.0.4) - (AO Kaspersky Lab - Mouse Device Filter [fre_win8_x64]) - C:\Windows\system32\DRIVERS\klmouflt.sys
[08/01/2019 15:49:26] - (19.5.10.66) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[08/01/2019 15:45:00] - (6.0.12.1) - (HP - HP Accelerometer) - C:\Windows\system32\DRIVERS\Accelerometer.sys
[23/03/2016 20:05:40] - (1.1.16.1) - (HP - HP Wireless Button Driver) - C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys
[16/02/2017 09:16:06] - (5.0.3.0) - (Visicom Media Inc. - ManyCam Virtual Webcam Driver) - C:\Windows\system32\DRIVERS\mcvidrv.sys
[09/01/2019 00:17:24] - (2.0.0.1) - (AVSOFT Corp. - AVSOFT Corp. Virtual Audio Device (WDM)) - C:\Windows\system32\DRIVERS\vcsvad.sys
[29/12/2014 03:59:36] - (4.1.0.0) - (Visicom Media Inc. - ManyCam Virtual Microphone) - C:\Windows\system32\drivers\mcaudrv_x64.sys
[10/01/2019 00:02:58] - (5.1.2.253) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL
[21/11/2018 01:27:52] - (14.0.0.0) - (VMware, Inc. - VMware bridge driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetbridge.sys
[29/01/2019 23:55:37] - (14.0.0.0) - (VMware, Inc. - VMware network application interface driver (64-bit)) - C:\Windows\system32\DRIVERS\vmnetuserif.sys
[29/01/2019 23:56:00] - (15.0.0.46) - (VMware, Inc. - VMware kernel driver) - C:\Windows\system32\DRIVERS\vmx86.sys
[29/01/2019 23:55:26] - (8.11.6.0) - (VMware, Inc. - VMware USB monitor) - C:\Windows\system32\DRIVERS\hcmon.sys
[27/12/2018 17:55:06] - (6.32.3.80) - (Tonec Inc. - Internet Download Manager WFP Driver) - C:\Windows\system32\DRIVERS\idmwfp.sys
[30/03/2017 09:03:02] - (4.3.20.0) - (Microvirt Corporation - MemuHyperv Support Driver) - D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys
[28/02/2018 01:24:42] - (6.1.2.439) - (VMware, Inc. - VMware Virtual Storage Volume Driver) - C:\Windows\SysWOW64\drivers\vstor2-x64.sys
[30/03/2017 09:03:01] - (0.0.0.0) - ( -) - D:\Program Files\Microvirt\MEmuHyperv\HPVR0.r0
[30/03/2017 09:03:02] - (0.0.0.0) - ( -) - D:\Program Files\Microvirt\MEmuHyperv\MEmuDDR0.r0
[30/03/2017 09:03:02] - (0.0.0.0) - ( -) - D:\Program Files\Microvirt\MEmuHyperv\MEmuDD2R0.r0

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - agp440 (@machine.inf,%agp440_svcdesc%;Intel AGP Bus Filter) -> System32\drivers\agp440.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - cm_km (AO Kaspersky Lab Cryptographic Module x64 (56 bit)) -> system32\DRIVERS\cm_km.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;Broadcom NetXtreme II 10 GigE VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - gagp30kx (@machine.inf,%gagp30kx_svcdesc%;Filtre AGP version 3.0 gÃ©nÃ©rique Microsoft pour plates-formes Ã  base de processeur K8) -> System32\drivers\gagp30kx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - hpdskflt (@oem4.inf,%service_desc%;HP Filter) -> system32\DRIVERS\hpdskflt.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - kl1 (kl1) -> system32\DRIVERS\kl1.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - klbackupdisk (Kaspersky Lab klbackupdisk) -> system32\DRIVERS\klbackupdisk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - klelam (klelam) -> system32\DRIVERS\klelam.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2 () -> System32\drivers\lsi_sas2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3 () -> System32\drivers\lsi_sas3.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nv_agp (@machine.inf,%agpnvidia_svcdesc%;NVIDIA nForce AGP Bus Filter) -> System32\drivers\nv_agp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@machine.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - uagp35 (@machine.inf,%uagp35_svcdesc%;Filtre AGP version 3.5 Microsoft) -> System32\drivers\uagp35.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - uliagpkx (@machine.inf,%uliagpkx_svcdesc%;Uli AGP Bus Filter) -> System32\drivers\uliagpkx.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - viaide () -> System32\drivers\viaide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vmci (@oem34.inf,%loc.vmciServiceDisplayName%;VMware VMCI Bus Driver) -> System32\drivers\vmci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@volume.inf,%VolumeClassName%;Storage volumes) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - vsock (vSockets Virtual Machine Communication Interface Sockets driver) -> system32\DRIVERS\vsock.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> system32\DRIVERS\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: False
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klbackupflt (Kaspersky Lab klbackupflt) -> system32\DRIVERS\klbackupflt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kldisk (kldisk) -> \SystemRoot\system32\DRIVERS\kldisk.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - KLHK (@oem26.inf,%klhkDisplayName%;Kaspersky Lab service driver) -> \SystemRoot\System32\drivers\klhk.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - KLIF (Kaspersky Lab Driver) -> system32\DRIVERS\klif.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klim6 (@oem23.inf,%KLIM6_Desc%;Kaspersky Anti-Virus NDIS 6 Filter) -> \SystemRoot\system32\DRIVERS\klim6.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - klpd (Kaspersky Lab format recognizer driver) -> system32\DRIVERS\klpd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwfp (klwfp) -> \SystemRoot\system32\DRIVERS\klwfp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - klwtp (KLwtp - WFP callout traffic inspector) -> \SystemRoot\system32\DRIVERS\klwtp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - kneps (kneps) -> \SystemRoot\system32\DRIVERS\kneps.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@netnb.inf,%NetBIOS_Desc%;NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> \SystemRoot\system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VBoxDrv (VirtualBox Service) -> \SystemRoot\system32\DRIVERS\VBoxDrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VBoxNetLwf (@oem30.inf,%VBoxNetLwfService_Desc%;VirtualBox NDIS6 Bridged Networking Service) -> \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VBoxUSBMon (VirtualBox USB Monitor Service) -> \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vmkbd3 (VMware Input Filter and Injection Driver (vmkbd)) -> \SystemRoot\system32\DRIVERS\vmkbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> \SystemRoot\system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ws2ifsl (Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - hcmon (VMware hcmon) -> \SystemRoot\system32\DRIVERS\hcmon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - IDMWFP (IDMWFP) -> \SystemRoot\system32\DRIVERS\idmwfp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> \SystemRoot\system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - memudrv () -> \??\D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> \SystemRoot\system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> \SystemRoot\system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - VMnetBridge (@oem32.inf,%VMware_Desc%;VMware Bridge Protocol) -> \SystemRoot\system32\DRIVERS\vmnetbridge.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - VMnetuserif (VMware Virtual Ethernet Userif for VMnet) -> \SystemRoot\system32\DRIVERS\vmnetuserif.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - vmx86 (VMware vmx86) -> \SystemRoot\system32\DRIVERS\vmx86.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.23A0B9F051625718C2A0EC9E28D384E8] - [28/02/2018 01:24:42] - (.Copyright (C) 1998-2017 VMware, Inc. - VMware Virtual Storage Volume Driver.) - [51.34 Ko] - (6.1.2.439) - C:\Windows\Syswow64\Drivers\vstor2-x64.sys

---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-1250962233-688348625-1058799670-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PyCharm Community Edition 2018.3.3] : (JetBrains PyCharm Community Edition 2018.3.3.-.JetBrains s.r.o.) -> C:\Users\PAVILION\AppData\Local\JetBrains\PyCharm Community Edition 2018.3.3\bin\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3F0315F9-40A3-4DFA-B187-C9A5683E7A58}] : (HitFilm Express.-.FXHOME) -> MsiExec.exe /I{3F0315F9-40A3-4DFA-B187-C9A5683E7A58}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{431EEEDD-6D71-4269-8F7F-836CFAF69A17}] : (VMware Workstation.-.VMware, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9717E939-E68C-4DAB-816B-962743B8B41D}] : (Oracle VM VirtualBox 6.0.4.-.Oracle Corporation) -> MsiExec.exe /I{9717E939-E68C-4DAB-816B-962743B8B41D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AV Voice Changer Software Diamond 9.5] : (AV Voice Changer Software Diamond 9.5.-.AVSOFT Corp.) -> C:\PROGRA~2\AVVOIC~1.5DI\UNWISE.EXE C:\PROGRA~2\AVVOIC~1.5DI\INSTALL.LOG
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Internet Security.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F10AA188-7166-430E-8810-FEAB2AD73DE3} REMOVE=ALL
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{06CE3F8B-A658-462C-AD3D-FA7142297E97}] : (Python 3.7.2 Utility Scripts (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{06CE3F8B-A658-462C-AD3D-FA7142297E97}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0D2B3674-3B1E-4281-B5FD-37D700602129}] : (Python 3.7.2 pip Bootstrap (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{0D2B3674-3B1E-4281-B5FD-37D700602129}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{34AD493A-01AA-4D6A-9229-BF0406F22D14}] : (Python 3.7.2 Tcl/Tk Support (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{34AD493A-01AA-4D6A-9229-BF0406F22D14}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3A09B849-4D48-41AA-9461-112E6CEC405D}] : (Python 3.7.2 Core Interpreter (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{3A09B849-4D48-41AA-9461-112E6CEC405D}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{667226B8-23CA-47C1-A070-D3B85E8C9292}] : (Python 3.7.2 Standard Library (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{667226B8-23CA-47C1-A070-D3B85E8C9292}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1] : (Gyazo 3.5.3.0.-.Nota Inc.) -> "C:\Program Files (x86)\Gyazo\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{718613F4-492D-4272-ACC3-D04A8EF0F883}] : (Kaspersky Internet Security.-.Kaspersky Lab) -> MsiExec.exe /I{718613F4-492D-4272-ACC3-D04A8EF0F883}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A14E7090-5888-460B-9003-1C3DA5AD3D35}] : (Python 3.7.2 Development Libraries (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{A14E7090-5888-460B-9003-1C3DA5AD3D35}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AB0000000001}] : (Adobe Reader XI (11.0.23) - FranÃ§ais.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}] : (Python 3.7.2 Documentation (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{D2FA452F-4742-4805-BEB1-AC81ED48F4A8}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}] : (Python 3.7.2 Executables (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{D6FF50CC-E41E-4FFB-B7B9-72D71BF00C55}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0B6A6E9-C7E1-4730-A29D-71C02B800028}] : (Python 3.7.2 Test Suite (32-bit).-.Python Software Foundation) -> MsiExec.exe /I{F0B6A6E9-C7E1-4730-A29D-71C02B800028}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F10AA188-7166-430E-8810-FEAB2AD73DE3}] : (Kaspersky Secure Connection.-.Kaspersky Lab) -> MsiExec.exe /I{F10AA188-7166-430E-8810-FEAB2AD73DE3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}] : (Python Launcher.-.Python Software Foundation) -> MsiExec.exe /X{FA2A3867-8965-4CF7-83E2-C8960652F5AD}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\4F316817D2942724CA3C0DA4E80F8F38] : Kaspersky Internet Security -> C:\Windows\Installer\{718613F4-492D-4272-ACC3-D04A8EF0F883}\arp.ico
[HKCR\Installer\Products\68AB67CA7DA76301B744BA0000000010] : Adobe Reader XI (11.0.23) - FranÃ§ais -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
[HKCR\Installer\Products\7683A2AF56987FC4382E8C6960255FDA] : Python Launcher -> C:\Windows\Installer\{FA2A3867-8965-4CF7-83E2-C8960652F5AD}\ARPIcon
[HKCR\Installer\Products\881AA01F6617E0348801EFBAA27DD33E] : Kaspersky Secure Connection -> C:\Windows\Installer\{F10AA188-7166-430E-8810-FEAB2AD73DE3}\arp.ico
[HKCR\Installer\Products\939E7179C86EBAD418B66972348B4BD1] : Oracle VM VirtualBox 6.0.4 -> C:\Windows\Installer\{9717E939-E68C-4DAB-816B-962743B8B41D}\IconVirtualBox
[HKCR\Installer\Products\9F5130F33A04AFD41B789C5A86E3A785] : HitFilm Express -> C:\Windows\Installer\{3F0315F9-40A3-4DFA-B187-C9A5683E7A58}\Uninstall.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\DDEEE13417D69624F8F738C6AF6FA971] : VMware Workstation

---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

La collecte des donnÃ©es des compteurs de performance a Ã©tÃ© dÃ©sactivÃ©e Ã  partir du service Â«Â VMwareÂ Â» car la bibliothÃ¨que de compteurs de performance pour ce service a gÃ©nÃ©rÃ© une ou plusieurs erreurs. Les erreurs Ã  lÂorigine de cette action ont Ã©tÃ© Ã©crites dans le journal des Ã©vÃ©nements des applications. Corrigez les erreurs avant dÂactiver les compteurs de performance pour ce service.
------------

Windows ne peut pas ouvrir la DLL de compteur extensible 64 bits VMware dans un environnement 32 bits. Contactez le fabricant du fichier pour obtenir une version 32 bits. Si vous exÃ©cutez un environnement 64 bits natif, vous pouvez Ã©galement ouvrir la DLL de compteur extensible 64 bits en utilisant la version 64 bits de lÂAnalyseur de performances. Pour utiliser cet outil, ouvrez le dossier Windows, puis le dossier System32 et dÃ©marrez Perfmon.exe.
------------

La collecte des donnÃ©es des compteurs de performance a Ã©tÃ© dÃ©sactivÃ©e Ã  partir du service Â«Â OutlookÂ Â» car la bibliothÃ¨que de compteurs de performance pour ce service a gÃ©nÃ©rÃ© une ou plusieurs erreurs. Les erreurs Ã  lÂorigine de cette action ont Ã©tÃ© Ã©crites dans le journal des Ã©vÃ©nements des applications. Corrigez les erreurs avant dÂactiver les compteurs de performance pour ce service.
------------

Windows ne peut pas ouvrir la DLL de compteur extensible 64 bits Outlook dans un environnement 32 bits. Contactez le fabricant du fichier pour obtenir une version 32 bits. Si vous exÃ©cutez un environnement 64 bits natif, vous pouvez Ã©galement ouvrir la DLL de compteur extensible 64 bits en utilisant la version 64 bits de lÂAnalyseur de performances. Pour utiliser cet outil, ouvrez le dossier Windows, puis le dossier System32 et dÃ©marrez Perfmon.exe.
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Un problÃ¨me a empÃªchÃ© lÂenvoi des donnÃ©es du Programme dÂamÃ©lioration de lÂexpÃ©rience utilisateur Ã  Microsoft (erreur 80070005).
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=3
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------

Nom de lÂapplication dÃ©faillante MEmu.exe, version : 3.0.8.0, horodatage : 0x045fb6c0
Nom du module dÃ©faillant : ig75icd32.dll, version : 10.18.14.4889, horodatage : 0x5a32f402
Code dÂexception : 0xc0000409
DÃ©calage dÂerreur : 0x0048e616
ID du processus dÃ©faillant : 0x2584
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d4ce892fac6ef9
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : D:\Program Files\Microvirt\MEmu\MEmu.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Windows\SYSTEM32\ig75icd32.dll
ID de rapport : 1af1fac6-3a97-11e9-8292-3863bb9f27b6
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Ãchec de lÂactivation des licences (slui.exe) avec le code dÂerreur suivantÂ :
hr=0x8007007B
Arguments de la ligne de commandeÂ :
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
------------


----------( EOF)---------- - 4064 | 15:01:15