--------------- QuickDiag | g3n-h@ckm@n | V5_27.02.19.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 19/07/2019 11:27:45

Updated 27/02/2019 | 11:10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Personnel (Administrator)] - [DESKTOP-BVRDNI1] (S-1-5-21-3016070864-3641507875-3210199050-1001)

System: Microsoft Windows 10 Famille - - (10.0.17134) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1803)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: SATELLITE L70-A - TOSHIBA - IdNumber: 2E014317C - UUID: 16A61460-903B-11E3-BA71-C454441B39FC
Processor : X64 - 2494 Mhz - Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
InsydeH2O Version 03.73.061.50 - en|US|iso8859-1 - Insyde Corp. - S/N: 2E014317C - 1.50 - TOSQCI - 1
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

Conexant SmartAudio HD - Status: OK - Manufacturer: Conexant - PNPDeviceID: HDAUDIO\FUNC_01&VEN_14F1&DEV_5114&SUBSYS_1179FA80&REV_1001\4&15F9C4DC&0&0001

---------- | Video

Intel(R) HD Graphics 4600 - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_0416&SUBSYS_FA891179&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
NVIDIA GeForce GT 740M - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvd3dumx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvwgf2umx.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1292&SUBSYS_FA891179&REV_A1\4&34E05AE9&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 4600 - DriverVersion: 20.19.15.5070 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 86016 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34696 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36264 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25408 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:6 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:1 %

---------- | Network

Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec
Qualcomm Atheros AR956x Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:1 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_061211AD&REV_01\4&13FF2E12&0&00E2
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_1091&SUBSYS_FA821179&REV_10\FF1B39FCC45444FF00
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2343246D&0&11
Microsoft Wi-Fi Direct Virtual Adapter #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&2343246D&0&12
Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\7&22419453&0&0
Bluetooth Device (Personal Area Network) #2 - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\7&22419453&0&2
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH
RAS Async Adapter - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 4121 | Free (MB) : 2039
Pagefile = Total (MB) : 4842 | Free (MB) : 2894
Virtual = Total (MB) : 4194 | Free (MB) : 3886

Physical Memory 2 : Capacity: 4294967296 - DIMM1 - Posit.: 2 - Manufacturer: Samsung - PartNumber: M471B5173QH0-YK0  - S/N: 150CB5F1

---------- | SID Users

Administrateur : [S-1-5-21-3016070864-3641507875-3210199050-500]
DefaultAccount : [S-1-5-21-3016070864-3641507875-3210199050-503]
Invité : [S-1-5-21-3016070864-3641507875-3210199050-501]
Personnel : [S-1-5-21-3016070864-3641507875-3210199050-1001]
WDAGUtilityAccount : [S-1-5-21-3016070864-3641507875-3210199050-504]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 930.24 Go | Free : 671.53 Go -> NTFS [SATA]
E:\ -> [CDROM] | [Audio CD]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_MQ01ABD100\4&1CDF97BD&0&050000

---------- | Windows updates - Activation - License


W.A.T : :)

Test 1 : Windows Is Activated

Volume License


---------- | Browsers

IE : 11.0.17134.1     (© Microsoft Corporation. Tous droits réservés.)
GC : 75.0.3770.142     (Copyright 2019 Google LLC.)

Default : "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- ""

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.207

---------- | Security

AV : Windows Defender Enabled
AS : Avast Antivirus Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

480 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.17134.590) = C:\Windows\System32\smss.exe     [24/02/2019 16:47:11]    CPU Usage:0 %
680 | [Owner : Système | Parent : 668() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe     [12/04/2018 01:34:22]    CPU Usage:0 %
796 | [Owner : Système | Parent : 668() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.17134.1) = C:\Windows\System32\wininit.exe     [12/04/2018 01:34:22]    CPU Usage:0 %
864 | [Owner : Système | Parent : 796(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.17134.191) = C:\Windows\System32\services.exe     [15/08/2018 12:42:20]    CPU Usage:0 %
876 | [Owner : Système | Parent : 796(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.17134.376) = C:\Windows\System32\lsass.exe     [19/11/2018 16:03:12]    CPU Usage:0 %
388 | [Owner : Système | Parent : 864(services.exe) | 3.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
456 | [Owner : Système | Parent : 864(services.exe) | 29.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
608 | [Owner : UMFD-0 | Parent : 796(wininit.exe) | 3.8 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe     [17/07/2019 12:08:48]    CPU Usage:0 %
1004 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1072 | [Owner : Système | Parent : 864(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1276 | [Owner : Système | Parent : 864(services.exe) | 9.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1380 | [Owner : Système | Parent : 864(services.exe) | 5.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1524 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 11.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1532 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1540 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1548 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 11.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1712 | [Owner : Système | Parent : 864(services.exe) | 8.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1744 | [Owner : Système | Parent : 864(services.exe) | 9 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.5070) = C:\Windows\System32\igfxCUIService.exe     [02/12/2016 07:31:14]    CPU Usage:0 %
1772 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 17.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1864 | [Owner : Système | Parent : 864(services.exe) | 19.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1892 | [Owner : Système | Parent : 864(services.exe) | 10.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1980 | [Owner : Système | Parent : 864(services.exe) | 15.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2044 | [Owner : Système | Parent : 864(services.exe) | 10.4 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [22/06/2017 15:20:49]    CPU Usage:0 %
1188 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 8.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2076 | [Owner : Système | Parent : 864(services.exe) | 5.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2084 | [Owner : Système | Parent : 864(services.exe) | 9.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2092 | [Owner : Système | Parent : 864(services.exe) | 72.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2164 | [Owner : Système | Parent : 864(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2172 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2252 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2480 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 12.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2556 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2584 | [Owner : Système | Parent : 864(services.exe) | 8.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2616 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 6.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2624 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 8.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2632 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 12.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2700 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2808 | [Owner : SERVICE LOCAL | Parent : 2584(svchost.exe) | 12.29 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe     [12/04/2018 01:34:12]    CPU Usage:0 %
2880 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 10.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2956 | [Owner : Système | Parent : 864(services.exe) | 12.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3008 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 9.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3184 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3212 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 19.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3304 | [Owner : Système | Parent : 864(services.exe) | 15.82 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3340 | [Owner : Système | Parent : 864(services.exe) | 11.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3380 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (19.6.4546.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe     [18/07/2019 19:43:47]    CPU Usage:0 %
3984 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 5.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4048 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 9.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4200 | [Owner : Système | Parent : 864(services.exe) | 18.61 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe     [12/04/2018 01:34:41]    CPU Usage:0 %
4416 | [Owner : Système | Parent : 864(services.exe) | 7.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4696 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 7.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4532 | [Owner : Système | Parent : 864(services.exe) | 10.43 Mo] - (.Conexant Systems Inc. - Conexant Audio Message Service.) - (1.16.0.0) = C:\Windows\System32\CxAudMsg64.exe     [22/06/2017 15:22:20]    CPU Usage:0 %
4528 | [Owner : Système | Parent : 864(services.exe) | 6.66 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.31.1644) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [16/12/2018 20:29:48]    CPU Usage:0 %
4516 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 10.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4524 | [Owner : Système | Parent : 864(services.exe) | 6.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3280 | [Owner : Système | Parent : 864(services.exe) | 11.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3252 | [Owner : Système | Parent : 864(services.exe) | 21.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3956 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
808 | [Owner : Système | Parent : 864(services.exe) | 22.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4252 | [Owner : Système | Parent : 864(services.exe) | 5.28 Mo] - (.ELAN Microelectronics Corp. - Elan Service.) - (11.10.8.3) = C:\Program Files\Elantech\ETDService.exe     [25/09/2015 19:58:06]    CPU Usage:0 %
4892 | [Owner : Système | Parent : 864(services.exe) | 12.44 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.24) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe     [11/10/2017 12:23:00]    CPU Usage:0 %
4896 | [Owner : Système | Parent : 864(services.exe) | 6.4 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe     [12/08/2015 16:03:42]    CPU Usage:0 %
428 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 32.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
396 | [Owner : Système | Parent : 864(services.exe) | 5.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
3752 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 6.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5236 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5308 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 5.45 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5356 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe     [15/08/2018 12:42:35]    CPU Usage:0 %
5444 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.13.17134.619) = C:\Program Files\Windows Defender\MsMpEng.exe     [13/03/2019 17:45:45]    CPU Usage:0 %
5740 | [Owner : Système | Parent : 864(services.exe) | 8.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5860 | [Owner : Système | Parent : 864(services.exe) | 13.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5924 | [Owner : Système | Parent : 864(services.exe) | 12.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6064 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 16.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6208 | [Owner : Système | Parent : 864(services.exe) | 6.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6540 | [Owner : Système | Parent : 864(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6916 | [Owner : Système | Parent : 864(services.exe) | 11.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4292 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 10.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6948 | [Owner : SERVICE RÉSEAU | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.13.17134.677) = C:\Program Files\Windows Defender\NisSrv.exe     [10/04/2019 17:53:58]    CPU Usage:0 %
8068 | [Owner : Système | Parent : 864(services.exe) | 28.4 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe     [10/04/2019 17:53:48]    CPU Usage:0 %
2816 | [Owner : Système | Parent : 4576() | 0.25 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe     [16/05/2019 08:24:16]    CPU Usage:0 %
5800 | [Owner : Système | Parent : 4580() | 0.31 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe     [04/04/2018 10:03:47]    CPU Usage:0 %
7944 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 9.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
7352 | [Owner : Système | Parent : 4580() | 0.18 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe     [04/04/2018 10:03:47]    CPU Usage:0 %
2984 | [Owner : Système | Parent : 4576() | 0.25 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe     [16/05/2019 08:24:16]    CPU Usage:0 %
6964 | [Owner : Système | Parent : 864(services.exe) | 9.61 Mo] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10066) = C:\Program Files\rempl\sedsvc.exe     [11/06/2019 11:37:42]    CPU Usage:0 %
8824 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe     [12/04/2018 01:34:04]    CPU Usage:0 %
2020 | [Owner : Système | Parent : 864(services.exe) | 17.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6332 | [Owner : Système | Parent : 864(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1632 | [Owner : Système | Parent : 8896() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.17134.1) = C:\Windows\System32\csrss.exe     [12/04/2018 01:34:22]    CPU Usage:0 %
4756 | [Owner : Système | Parent : 8896() | 10.14 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.17134.319) = C:\Windows\System32\winlogon.exe     [18/10/2018 15:29:56]    CPU Usage:0 %
7808 | [Owner : UMFD-2 | Parent : 4756(winlogon.exe) | 7.18 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.17134.885) = C:\Windows\System32\fontdrvhost.exe     [17/07/2019 12:08:48]    CPU Usage:0 %
9140 | [Owner : DWM-2 | Parent : 4756(winlogon.exe) | 62.74 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.17134.1) = C:\Windows\System32\dwm.exe     [12/04/2018 01:34:19]    CPU Usage:0 %
7312 | [Owner : Système | Parent : 2044(NVDisplay.Container.exe) | 23.44 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7719) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe     [22/06/2017 15:21:19]    CPU Usage:0 %
1684 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4196 | [Owner : Système | Parent : 1980(svchost.exe) | 2.6 Mo] - (.Microsoft Corporation - sedlauncher.) - (10.0.17134.10066) = C:\Program Files\rempl\sedlauncher.exe     [11/06/2019 11:36:54]    CPU Usage:0 %
6748 | [Owner : Système | Parent : 4196(sedlauncher.exe) | 0.48 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.17134.1) = C:\Windows\System32\conhost.exe     [12/04/2018 01:34:20]    CPU Usage:0 %
3716 | [Owner : Système | Parent : 864(services.exe) | 6.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
8016 | [Owner : Personnel | Parent : 4252(ETDService.exe) | 20.12 Mo] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (11.66.8.7) = C:\Program Files\Elantech\ETDCtrl.exe     [25/09/2015 19:58:06]    CPU Usage:0 %
932 | [Owner : Personnel | Parent : 2084(svchost.exe) | 23.99 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe     [12/04/2018 01:34:12]    CPU Usage:0 %
976 | [Owner : Personnel | Parent : 864(services.exe) | 16.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
2968 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1908 | [Owner : Personnel | Parent : 864(services.exe) | 31.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
6532 | [Owner : Système | Parent : 864(services.exe) | 7.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5920 | [Owner : Personnel | Parent : 1980(svchost.exe) | 21.66 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe     [13/03/2019 17:45:45]    CPU Usage:0 %
8964 | [Owner : Personnel | Parent : 1980(svchost.exe) | 8.22 Mo] - (.AVAST Software - Avast Driver Updater.) - (2.5.6.0) = C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe     [10/04/2019 14:01:20]    CPU Usage:0 %
3276 | [Owner : Personnel | Parent : 7424() | 12.63 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.5070) = C:\Windows\System32\igfxEM.exe     [02/12/2016 07:31:44]    CPU Usage:0 %
2136 | [Owner : Personnel | Parent : 1208() | 97.51 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.858) = C:\Windows\explorer.exe     [17/07/2019 12:09:47]    CPU Usage:0 %
8608 | [Owner : Personnel | Parent : 7424() | 8.91 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.5070) = C:\Windows\System32\igfxHK.exe     [02/12/2016 07:32:02]    CPU Usage:0 %
8688 | [Owner : Personnel | Parent : 7424() | 11.23 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe     [02/12/2016 07:32:42]    CPU Usage:0 %
3544 | [Owner : Personnel | Parent : 8016(ETDCtrl.exe) | 9.16 Mo] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) - (11.23.8.1) = C:\Program Files\Elantech\ETDCtrlHelper.exe     [25/09/2015 19:58:06]    CPU Usage:0 %
580 | [Owner : Système | Parent : 8068(SearchIndexer.exe) | 9.91 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.677) = C:\Windows\System32\SearchProtocolHost.exe     [10/04/2019 17:53:22]    CPU Usage:0 %
7260 | [Owner : Personnel | Parent : 456(svchost.exe) | 73.04 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.753) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [18/05/2019 21:47:04]    CPU Usage:0 %
8880 | [Owner : Personnel | Parent : 456(svchost.exe) | 6.59 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe     [12/04/2018 01:34:22]    CPU Usage:0 %
5476 | [Owner : Personnel | Parent : 4416(svchost.exe) | 13.86 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe     [12/04/2018 01:34:37]    CPU Usage:0 %
7316 | [Owner : Système | Parent : 864(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
4456 | [Owner : Personnel | Parent : 456(svchost.exe) | 7.12 Mo] - (.Microsoft Corporation - SkypeApp.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe     [01/07/2019 15:55:42]    CPU Usage:0 %
7016 | [Owner : Personnel | Parent : 456(svchost.exe) | 11.81 Mo] - (.-.) - (8.48.0.51) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe     [01/07/2019 15:55:42]    CPU Usage:0 %
9196 | [Owner : Personnel | Parent : 864(services.exe) | 20.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
1644 | [Owner : SERVICE RÉSEAU | Parent : 456(svchost.exe) | 13.3 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe     [12/04/2018 01:34:40]    CPU Usage:0 %
968 | [Owner : Personnel | Parent : 2136(explorer.exe) | 9.19 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.13.17134.1) = C:\Program Files\Windows Defender\MSASCuiL.exe     [12/04/2018 01:33:58]    CPU Usage:0 %
3764 | [Owner : Personnel | Parent : 2136(explorer.exe) | 8.29 Mo] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.95.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe     [22/06/2017 15:22:24]    CPU Usage:0 %
8916 | [Owner : SERVICE LOCAL | Parent : 864(services.exe) | 6.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5608 | [Owner : Personnel | Parent : 4396() | 43.02 Mo] - (.AVAST Software - Avast Antivirus.) - (19.6.4546.633) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [18/07/2019 19:44:09]    CPU Usage:0 %
7980 | [Owner : Personnel | Parent : 3236() | 6.94 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.201.9) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe     [16/12/2018 03:05:40]    CPU Usage:0 %
1604 | [Owner : Personnel | Parent : 456(svchost.exe) | 6.86 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe     [12/04/2018 01:34:40]    CPU Usage:0 %
6640 | [Owner : Personnel | Parent : 3980() | 43.9 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files\internet explorer\iexplore.exe     [12/04/2018 18:19:11]    CPU Usage:0 %
8624 | [Owner : SERVICE LOCAL | Parent : 2480(svchost.exe) | 14.98 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.17134.829) = C:\Windows\System32\audiodg.exe     [12/06/2019 16:22:48]    CPU Usage:0 %
8596 | [Owner : Personnel | Parent : 6640(iexplore.exe) | 171.53 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe     [12/04/2018 18:19:11]    CPU Usage:0 %
6836 | [Owner : Personnel | Parent : 456(svchost.exe) | 13.01 Mo] - (.Adobe - Adobe® Flash® Player Utility.) - (32.0.0.207) = C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe     [12/06/2019 15:58:14]    CPU Usage:0 %
1560 | [Owner : Personnel | Parent : 456(svchost.exe) | 10.48 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.17134.1) = C:\Windows\System32\dllhost.exe     [12/04/2018 01:34:22]    CPU Usage:0 %
6636 | [Owner : Système | Parent : 8068(SearchIndexer.exe) | 6.13 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.677) = C:\Windows\System32\SearchFilterHost.exe     [10/04/2019 17:53:20]    CPU Usage:0 %
4812 | [Owner : Personnel | Parent : 6640(iexplore.exe) | 56.68 Mo] - (.SosVirus - QuickDiag.) - (27.2.19.1) = C:\Users\Personnel\Downloads\QuickDiag (2).exe     [19/07/2019 11:27:23]    CPU Usage:0 %
1068 | [Owner : Système | Parent : 864(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe     [24/02/2019 16:47:31]    CPU Usage:0 %
5116 | [Owner : Système | Parent : 456(svchost.exe) | 8.38 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\System32\wbem\WmiPrvSE.exe     [12/04/2018 01:34:40]    CPU Usage:0 %
9192 | [Owner : SERVICE RÉSEAU | Parent : 456(svchost.exe) | 9.53 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.17134.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [12/04/2018 01:34:55]    CPU Usage:0 %

---------- | Locked Applications

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe)

---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.5070) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.5070) -- C:\WINDOWS\SYSTEM32\igdusc64.dll
(.AVAST Software.-.Avast Shell Extension.) - (19.6.4546.0) -- C:\Program Files\AVAST Software\Avast\ashShell.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)


---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.21.0.0) -- C:\WINDOWS\System32\winsqlite3.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\InputHost.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
OneDrive - ("C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\...\Run]) - User: DESKTOP-BVRDNI1\Personnel
CCleaner Smart Cleaning - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\...\Run]) - User: DESKTOP-BVRDNI1\Personnel
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
ETDCtrl - (%ProgramFiles%\Elantech\ETDCtrl.exe [HKLM\SOFTWARE\...\Run]) - User: Public
cAudioFilterAgent - (C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public
SmartAudio - ("C:\Program Files\CONEXANT\SAII\SACpl.exe" /t [HKLM\SOFTWARE\...\Run]) - User: Public
iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   
"CCleaner Smart Cleaning"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x03000000BD74F86FC46BD401   
"CCleaner Monitoring"=0x020000000000000000000000   
"AvastBrowserAutoLaunch_EED673341E9972012CEF778528558ED8"=0x020000000000000000000000   
"CCleaner Smart Cleaning"=0x0100000042EF80A4C46BD401   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=regedit\1   
"MRUList"=bca   
"b"=cmd\1   
"c"=cmd admin\1   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ENVY 5640 series,winspool,Ne03:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=1   

[HKLM\Software\Microsoft\Command Processor]
"DefaultColor"=0   
"EnableExtensions"=1   
"CompletionChar"=64   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   
"ETDCtrl"=%ProgramFiles%\Elantech\ETDCtrl.exe   
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe   [22/06/2017 15:22:24]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui   
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe" /t   
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x040000000000000000000000   
"ETDCtrl"=0x040000000000000000000000   
"cAudioFilterAgent"=0x040000000000000000000000   
"AvastUI.exe"=0x040000000000000000000000   
"iTunesHelper"=0x050000009F6F697AC46BD401   
"SmartAudio"=0x040000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"SunJavaUpdateSched"=0x040000000000000000000000   
"Dropbox"=0x040000000000000000000000   
"AvastUI.exe"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D3D1ED98C0F7D8   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Avast Driver Updater Startup
Avast Emergency Update
Avast Secure Browser Heartbeat Task (Hourly)
Avast Secure Browser Heartbeat Task (Logon)
AvastUpdateTaskMachineCore
AvastUpdateTaskMachineUA
CCleaner Update
CCleanerSkipUAC
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
OneDrive Standalone Update Task-S-1-5-21-3016070864-3641507875-3210199050-1001

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=2000   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"LastBootSucceeded"=0   
"LastBootShutdown"=0   
"DirtyShutdownCount"=4   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [22/06/2017 12:32:27]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaPid"=876   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SecureBoot"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"AutoChkSkipSystemPartition"=0   
"ResourceTimeoutCount"=648000   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=28d2e3b6-0df8-4d92-8158-bc283e8   
"GlassSessionId"=2   


---------- | .LNK with Arguments

c:\users\personnel\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretTimeout"=5000   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\Users\Personnel\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{f67c2083-ac93-4b3e-a3bc-8a4641586703}.JPG   [19/08/2017 10:14:53]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E1E078012000000   
"MaxVirtualDesktopDimension"=3840   
"MaxMonitorDimension"=3840   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100B02E0D0000090000C006000000E22FE423EACC0143003A005C00550073006500720073005C0050006500720073006F006E006E0065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C004D006900630072006F0073006F00660074002E00570069006E0064006F00770073002E00500068006F0074006F0073005F003800770065006B007900620033006400380062006200770065005C004C006F00630061006C00530074006100740065005C00500068006F0074006F0073004100700070004200610063006B00670072006F0075006E0064005C007B00660036003700630032003000380033002D0061006300390033002D0034006200330065002D0061003300620063002D003800610034003600340031003500380036003700300033007D002E004A0050004700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"Pattern Upgrade"=TRUE   
"AutoColorization"=1   
"ImageColor"=2939909043   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EnableAutoTray"=1   
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"SlowContextMenuEntries"=0x5D54A9A2C2A0B4429708A0B2BADD77C8AC8D0600B083204722C5CF11876300608CC02F24A7F30000FB9A790967ADD111ABCD00C04FC309364B8000000114020000000000C0000000000000463A430200550F3DCB2CBC1A4C85ED23ED75B5106B8A0A0100   
"UserSignedIn"=1   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=0   
"GlobalAssocChangedCounter"=1144   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"EdgeDesktopShortcutCreated"=1   
"PostAppInstallTasksCompleted"=1   
"Reason Setting"=255   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"StoreAppsOnTaskbar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=13   
"TaskbarStateLastRun"=0x6671285D00000000   
"ReindexedProfile"=1   
"DisablePreviewDesktop"=0   
"TaskbarGlomLevel"=2   
"DontUsePowerShellOnWinX"=1   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x00000000FFFFFFFF   
"0"=0x6D0061006700690078000000   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   
"DefaultLevel"=262144   
"TransparentEnabled"=1   
"PolicyScope"=0   
"ExecutableTypes"=ADE
ADP
BAS
BAT
CHM
CMD
COM
CPL
CRT
EXE
HLP
HTA
INF
INS
ISP
LNK
MDB
MDE
MSC
MSI
MSP
MST
OCX
PCD
PIF
REG
SCR
SHS
URL
VB
WSC   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"ConsentPromptBehaviorAdmin"=0   
"PromptOnSecureDesktop"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=2   
"SmartScreenEnabled"=Off   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   
"DefaultLevel"=262144   
"TransparentEnabled"=1   
"PolicyScope"=0   
"ExecutableTypes"=ADE
ADP
BAS
BAT
CHM
CMD
COM
CPL
CRT
EXE
HLP
HTA
INF
INS
ISP
LNK
MDB
MDE
MSC
MSI
MSP
MST
OCX
PCD
PIF
REG
SCR
SHS
URL
VB
WSC   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"ConsentPromptBehaviorAdmin"=0   
"PromptOnSecureDesktop"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=25   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"PUUActive"=0x0EFB17D004000300F40073021E620D00D8100F00D8100F00D200000002002D00C6FC18D5C538F10125EB3B00214906004E1B0500060E010000000000394817005F400000B30800006CDC6662FF3DD501702F2300000000000100000049191500EE420000EF280000B7E7260000000000   
"BuildNumber"=17134   
"FirstLogon"=0   
"DP"=0xD200E8003C010300F50000000EFB17D0B7E72600000000006CDC6662FF3DD501D600AB72F93DD501864B0C00EF0C070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F80510100EF9E00C04009040040090440939000806640A0016640E201A8E9000018120A0238121A06C74100807A4C0B097ACC1B0B9B380100024194030A41944345EB00004F00984A4F50984A8CD400801103000811130008EA0401803E0608193E0E08198B3201802883A5102C87A71130270180C07C9748C07E97483B0B00400C500A000CD40A08   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=54491023488   
"ShutdownFlags"=2147483815   
"Userinit"=C:\Windows\system32\userinit.exe,   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-3016070864-3641507875-3210199050-1001   
"LastUsedUsername"=Personnel   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"allocatecdroms"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe   [12/04/2018 01:34:22]


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command]
""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"   
[HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [12/04/2018 18:19:11]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command]
""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [12/04/2018 18:19:11]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files\Elantech\ETDCtrlHelper.exe"=0x5341435001000000000000000700000028000000D0862700B2AD270001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D0F8FA14000000000302000003020000
"SIGN.MEDIA=B668F7C5 current\bitdefender_antivirus.exe"=0x534143500100000000000000070000002800000098B4B4000306B50001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000001E850000000000000100000001000000
"SIGN.MEDIA=B668F7C5 current\Combined-Community-Codec-Pack-2014-07-13.exe"=0x534143500100000000000000070000002800000020009F000F4F9F0001000000000000000000030600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AB5E0000000000000100000001000000
"SIGN.MEDIA=B668F7C5 current\bitdefender_ts_21_64b.exe"=0x534143500100000000000000070000002800000040EECD16739ECE1601000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003EB80B00000000000200000002000000
"SIGN.MEDIA=B668F7C5 current\pf7-setup-fr.exe"=0x5341435001000000000000000700000028000000B6EE80000000000001000000000000000000000671000000E63F486B2AA0D201000000000000000002000000280000000000000000080040000000000000000000000000000000000A430200000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F307005894080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601002029020001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007C2DCB0B000000006300000063000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040930C00D5A10C0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Users\Personnel\AppData\Local\Temp\GUMEBE6.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000583F11002342110001000000000000000000000A00210000E63F486B2AA0D201000000800000000002000000280000000000000000000040000000000000000000000000000000004C2B0200000000000100000001000000
"SIGN.IE=069BE0 sconnect-ie-v2.3.0.0.exe"=0x5341435001000000000000000700000028000000E09B060018AB060001000000000000000000010600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077010000000000000100000001000000
"C:\Users\Personnel\Downloads\avast_free_antivirus_setup_online.exe"=0x5341435001000000000000000700000028000000F08B65007099650001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BAF90500000000000100000001000000
"C:\Program Files\Bitdefender Agent\installer\installer.exe"=0x5341435001000000000000000700000028000000A0C60900F4900A0003000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E3090000000000000100000001000000
"C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x534143500100000000000000070000002800000000E434000000000001000000000000000000020661200000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000077B90100000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600A653960001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000E9659500000000002200000022000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Personnel\Downloads\ccleaner_5-32-6129_fr_14492.exe"=0x534143500100000000000000070000002800000038BC940091CD940001000000000000000000000A00210000E63F486B2AA0D2010000000000000000
"C:\Users\Personnel\Downloads\adwcleaner-7-0-0-0 (1).exe"=0x5341435001000000000000000700000028000000C88B7C006CAA7C0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000070060500000000000100000001000000
"C:\Users\Personnel\Downloads\adwcleaner_7.0.1.0 (1).exe"=0x5341435001000000000000000700000028000000C8E57C00C3187D0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000
"C:\Users\Personnel\AppData\Local\SConnectHost\uninstall_sconnect.exe"=0x5341435001000000000000000700000028000000C1990000F626040003000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C0020000000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8DE97001A40980001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000003E000000000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Personnel\Downloads\adwcleaner_7.0.3.1.exe"=0x5341435001000000000000000700000028000000D0E57D0082347E0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000017820200000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F62022C28630201000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000100000000000000000000000000000000036DE0B00000000000300000003000000
"C:\Users\Personnel\Downloads\adwcleaner_7.0.4.0.exe"=0x5341435001000000000000000700000028000000D00F7E00268F7E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000367B0100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup537.exe"=0x5341435001000000000000000700000028000000708EA500C46EA60001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A93B4700000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\scalc.exe"=0x534143500100000000000000070000002800000000960100CBD6010001000000000000000000000A71220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000003E720100000000000700000007000000
"C:\Users\Personnel\Downloads\adwcleaner_7.0.5.0.exe"=0x534143500100000000000000070000002800000000B27C000000000001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000069970100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup537 (1).exe"=0x5341435001000000000000000700000028000000708EA500C46EA60001000000000000000000000A00210000DB80FDAC2839D30100000000000000000200000028000000000000000000004000000000000000000000000000000000B1164900000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\17.005.0107.0008\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0AC03001457040001000000000000000000000A71200000DB80FDAC2839D3010000000100000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.044.0301.0006\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A0BC0300204F040001000000000000000000000A00210000DB80FDAC2839D3010000000100000000
"C:\Program Files (x86)\ImageScan_V1.06.105d4\ImageScan.exe"=0x5341435001000000000000000700000028000000002C54000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000250D8900000000001100000011000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.091.0506.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A8E003002796040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000F0A522004741230001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000001000000000000000000000000000000000B7210200000000000D0000000D000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.131.0701.0007\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000A80204003EA4040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.2.exe"=0x5341435001000000000000000700000028000000D02C710032B5710001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000016B70100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup545.exe"=0x534143500100000000000000070000002800000038AFFD005D73FE0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000A4410500000000000100000001000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.2 (2).exe"=0x5341435001000000000000000700000028000000D02C710032B5710001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004B120100000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020F30300A795040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\FileSyncConfig.exe"=0x53414350010000000000000007000000280000006010040082C7040001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"=0x5341435001000000000000000700000028000000A0E000000B5F010001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000019B10800000000000100000001000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02004C22030001000000010000000000000A61220000BFA2139DEDD1D3010000000000000000
"C:\Users\Personnel\Downloads\ccleaner_5-47-6716_fr_14492.exe"=0x5341435001000000000000000700000028000000B84C00015D00010101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000009CA81C00000000000100000001000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.192.0920.0015_1\FileSyncConfig.exe"=0x534143500100000000000000070000002800000060340400A607050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncConfig.exe"=0x534143500100000000000000070000002800000020570400F14C050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0.exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000092420100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup551.exe"=0x5341435001000000000000000700000028000000307B26015C8D260101000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000040000000000000000000000000000000002D323501000000000100000001000000
"C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe"=0x5341435001000000000000000700000028000000000A90002FC5900001000000000000000000030600210000BFA2139DEDD1D30100000000000000000200000050000000000000008000001200000000000000000000000000000000748618010000000002000000020000000000000000000012000000000000000000000000000000009E4D0100000000000100000000000000
"C:\Users\Personnel\Downloads\ccsetup551 (1).exe"=0x5341435001000000000000000700000028000000307B26015C8D260101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0 (1).exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Personnel\Downloads\musicmaker.exe"=0x5341435001000000000000000700000028000000387A49002BCD490001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000025290300000000000100000001000000
"C:\Users\Personnel\Downloads\musicmaker (1).exe"=0x5341435001000000000000000700000028000000387A49002BCD490001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000937C0000000000000200000002000000
"C:\Users\Personnel\Downloads\MP3CutterSetup.exe"=0x5341435001000000000000000700000028000000E01B0F000000000001000000000000000000030600010000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C0730200000000000100000001000000
"C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\MP3Cutter.exe"=0x534143500100000000000000070000002800000000F00E000000000001000000000000000000000A71200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E55C0000000000000200000002000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.6.0 (2).exe"=0x5341435001000000000000000700000028000000D0B26F0055B46F0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000A4660100000000000100000001000000
"C:\Users\Personnel\Downloads\nero6614-6.6.14.0.exe"=0x5341435001000000000000000700000028000000A0272202E613230201000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000028000000000000000008004000000000000000000000000000000000E4260600000000000200000002000000
"C:\Users\Personnel\Downloads\cdbxp_setup_4.5.8.7041.exe"=0x534143500100000000000000070000002800000040596300C50F640001000000000000000000030600010000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000092EF0300000000000100000001000000
"C:\Users\Personnel\Downloads\adwcleaner_7.2.7.0.exe"=0x5341435001000000000000000700000028000000D0A46F000FD26F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Users\Personnel\Downloads\ccleaner_5-53-7034_fr_14492.exe"=0x534143500100000000000000070000002800000038C927011208280101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe"=0x534143500100000000000000070000002800000048B600006317010001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000009B2F0000000000000200000002000000
"C:\Users\Personnel\Downloads\adwcleaner_7.3.exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D2E40000000000000100000001000000
"C:\Users\Personnel\Downloads\ccleaner_5-55-7108_fr_14492.exe"=0x534143500100000000000000070000002800000008924301A8ED430101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000F06DE20B000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe"=0x534143500100000000000000070000002800000000960100B501020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000C0620700000000000300000003000000
"C:\Users\Personnel\Downloads\adwcleaner_7.3 (1).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006AEB0000000000000100000001000000
"D:\Start PC.exe"=0x5341435001000000000000000700000028000000002002000000000001000000000000000000010671200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000010000000000000000000000000000030E50000000000000500000005000000
"C:\Users\Personnel\Downloads\adwcleaner_7.3 (2).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000604D0100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup557.exe"=0x534143500100000000000000070000002800000018404501DC8F450101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000DA0C0800000000000100000001000000
"C:\Users\Personnel\Downloads\avastdriverupdater.exe"=0x53414350010000000000000007000000280000006872150042F3150001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000CDD31A00000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\simpress.exe"=0x534143500100000000000000070000002800000000960100472B020001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000A00F0000000000000200000002000000
"C:\Users\Personnel\Downloads\adwcleaner_7.3 (3).exe"=0x5341435001000000000000000700000028000000D0326B00387A6B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000173F0100000000000100000001000000
"C:\Users\Personnel\Downloads\ccsetup558.exe"=0x5341435001000000000000000700000028000000F0EB3A01C0413B0101000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000004000000000000000000000000000000000FB629206000000000100000001000000
"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\VideoProjectsLauncher.exe"=0x5341435001000000000000000700000028000000005801000000000001000000000000000000000A73220000BFA2139DEDD1D301000000000000000002000000280000000000000000000010000000000000000000000000000000009B080000000000000100000001000000
"C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe"=0x534143500100000000000000070000002800000070BE1A0007351B0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000086C0000000000000100000001000000
"C:\Program Files (x86)\MAGIX\Vidéo easy SOS Cassettes vidéo ! Version 7.0\VideoEasy.exe"=0x5341435001000000000000000700000028000000008FB100D988B20001000000000000000000020671020000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000E75C9E01000000000B0000000B000000
"C:\Users\Personnel\AppData\Local\Microsoft\OneDrive\19.103.0527.0003\FileSyncConfig.exe"=0x534143500100000000000000070000002800000078D404009BC1050001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"=0x534143500100000000000000070000002800000088A3B4000D4BB50001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000AA030000000000000100000001000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0BD1700C839180001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EFC81A00000000000200000002000000
"C:\Users\Personnel\Desktop\AdsFix.exe"=0x534143500100000000000000070000002800000098EF5D008A1D5E0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000020248400000000000200000002000000
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000088D0C00ACE60C0001000000010000000000000A00210000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"=0x5341435001000000000000000700000028000000F0B41B0090B31C0001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D5150100000000000100000001000000
"C:\Users\Personnel\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11594.exe"=0x5341435001000000000000000700000028000000683DDA0382E8DA0301000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007D246D00000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D04086000918870001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000BC000000000000000200000002000000
"C:\Users\Personnel\Downloads\QuickDiag (2).exe"=0x534143500100000000000000070000002800000098F74E00B9194F0001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5c690731-8d29-11e9-ac97-28e34730fc03}] : "F:\Fondation_Ronald_McDonald_USB_2015.EXE"      (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131726849000528469

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=0
"ProductType"=2
"InstallTime"=0x7D8E003341EBD201
"InstallLocation"=C:\Program Files\Windows Defender\
"ProductStatus"=0
"OOBEInstallTime"=0xCBA0A32343EBD201
"ManagedDefenderProductType"=0
"DisableAntiVirus"=0
"LastEnabledTime"=0x96226EDC523DD501
"PassiveMode"=0

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.198.206] avec 32 octets de donn?es?:
R?ponse de 216.58.198.206?: octets=32 temps=27 ms TTL=48
R?ponse de 216.58.198.206?: octets=32 temps=28 ms TTL=48
R?ponse de 216.58.198.206?: octets=32 temps=28 ms TTL=48
R?ponse de 216.58.198.206?: octets=32 temps=28 ms TTL=48

Statistiques Ping pour 216.58.198.206:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 27ms, Maximum = 28ms, Moyenne = 27ms

---------- | @

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\WINDOWS\System32\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://google.fr/
"SmoothScroll"=1
"ImageStoreRandomFolder"=3d74zpm
"OperationalData"=13
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF300200000A0000001C0600002E020000
"Start Page_TIMESTAMP"=0x6273E3D44A3DD501
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0xE17480D6133ED501
"IE10TourShown"=1
"IE10TourShownTime"=0xBD267F76B6FCD301
"IE11EdgeNotifyTime"=0xD8FEF3E95E3DD501
"EdgeReminderRemainingCount"=4
"TabProcGrowth"=100
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0010000960000003004000076020000
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xFDFF64CE41EBD201
"Use FormSuggest"=no
"FormSuggest Passwords"=yes
"FormSuggest PW Ask"=yes
"SearchBandMigrationVersion"=1
"HistoryViewType"=0x0000
"IE11DefaultsFRECompletionTime"=0xB79AD916CC3DD501
"IE11DefaultsFREConfigUpdateTimestamp"=0xB79AD916CC3DD501

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0xBD267F76B6FCD301
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"LockDatabase"=131992713354573300
"EnableHttp1_1"=1
"ProxyHttp1.1"=1
"ProxyOverride"=*.local
"AutoConfigProxy"=wininet.dll
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShell.dll   [18/07/2019 19:43:50]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [12/04/2018 01:34:24]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"KnownProvidersUpgradeTime"=0xBD267F76B6FCD301   
"Version"=5   
"UpgradeTime"=0xBD267F76B6FCD301   
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1AE2C481-BF51-4AA2-8869-1E443AEf58EC}] : (Réglages SConnect) -       []

---------- | SearchScopes

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 : 
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42DC2A7C-EC0F-45B5-A5F0-AD11DF49B655}] - (Yahoo Search) - https://fr.search.yahoo.com/search?p={searchTerms}&intl=fr&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\ssv.dll  [18/03/2019 12:05:20]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\jp2ssv.dll  [18/03/2019 12:05:20]

---------- | Chrome

C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck =  :     __MSG_avastAppDesc__ -     __MSG_avastAppShortName__ - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki =  :     Avast Browser Security and Web Reputation Plugin. -     Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\njpedbdniajflhgfoipnjkednnlkngbj =  :     __MSG_newtab_chrome_extension_description__ -     __MSG_newtab_chrome_extension_name__ - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Personnel\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\njpedbdniajflhgfoipnjkednnlkngbj]

---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.201.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.201.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\Personnel\AppData\Roaming\Mozilla\Firefox\Profiles\5j21fe11.default\Prefs.js

user_pref("browser.startup.homepage", "google.fr");
user_pref("browser.startup.homepage_override.buildID", "20170608105825");
user_pref("browser.startup.homepage_override.mstone", "54.0");
user_pref("extensions.adblockplus.currentVersion", "2.9.1");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1498233768608,\"softExpiration\":1498288289321,\"hardExpiration\":1498384981496,\"data\":{\"notifications\":[],\"version\":\"201706231002\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"downloadCount\":1}");
user_pref("extensions.blocklist.pingCountTotal", 2);
user_pref("extensions.blocklist.pingCountVersion", 2);
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Personnel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5j21fe11.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":true},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.50\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", true);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1498212272);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "54.0");
user_pref("extensions.lastPlatformVersion", "54.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pocket.settings.test.panelSignUp", "v1");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webextensions.uuids", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":\"91bb347b-a6dc-43e0-920c-bdd5b0230ce1\"}");
user_pref("extensions.xpiState", "{\"app-profile\":{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"d\":\"C:\\\\Users\\\\Personnel\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5j21fe11.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\",\"e\":true,\"v\":\"2.9.1\",\"st\":1498142479750}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1496962878045},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.50\",\"st\":1496962878039},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1496962878797},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1496962879238},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1496962878100}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"54.0\",\"st\":1496962878070}},\"winreg-app-global\":{\"bdwteffv20@bitdefender.com\":{\"d\":\"C:\\\\Program Files\\\\Bitdefender\\\\Bitdefender 2017\\\\antispam32\\\\bdwteff\",\"e\":false,\"v\":\"4.2.5\",\"st\":1492799770403,\"mt\":1498233829245}}}");


[Profile0] - Name=default -> Profiles/5j21fe11.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2fdbb621-5476-4137-9806-3719a0f3b484}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2fdbb621-5476-4137-9806-3719a0f3b484}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\mpc-hc.exe] : "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"wusvcs"=WaaSMedicSvc
"BthAppGroup"=BluetoothUserService
"BcastDVRUserService"=BcastDVRUserService
"Camera"=FrameS
"diagnostics"=DiagSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"DevicesFlow"=DevicesFlowUserSvc
DevicePickerUserSvc
"smbsvcs"=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Adobe]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\AppDataLow]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Apple Inc.]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Avast Software]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Browser Cleanup]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Canneverbe Limited]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Chromium]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Clients]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Dropbox]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\DropboxUpdate]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Elantech]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Gabest]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Gemalto]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Google]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Haali]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Intel]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\JavaSoft]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\LAV]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Macromedia]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MAGIX]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MAGIX AG]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MediaChance]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Mozilla]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\MPC-HC]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Netscape]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\OpenOffice]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\PhotoFiltre 7]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Piriform]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Policies]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\SYNCJM]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\sysinternals]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\yahoo]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AdsFix]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\AVAST Software]
[HKLM\Software\Clients]
[HKLM\Software\Cnxt_Uiu_Parms]
[HKLM\Software\Conexant]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\UIU]
[HKLM\Software\USB2800]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Avast]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Canneverbe Limited]
[HKLM\Software\WOW6432Node\Combined-Community-Codec-Pack]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\HaaliMkx]
[HKLM\Software\WOW6432Node\HiVision Multimedia]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\MAGIX]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenOffice]
[HKLM\Software\WOW6432Node\Oracle]
[HKLM\Software\WOW6432Node\Piriform]
[HKLM\Software\WOW6432Node\SlimWare Utilities Inc]
[HKLM\Software\WOW6432Node\USB2800]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives


---------- | C:

[18/07/2019 12:16:38] - |SHD| - [258] - C:\$RECYCLE.BIN
[18/07/2019 09:42:47] - |D| - [267172703] - C:\AdsFix
[MD5.8D85654884C46F90C54DEEB75A3B8E7A] - [18/07/2019 09:50:41] - |A| - (.-.) - [27080] - (0.0.0.0) - C:\AdsFix_18_07_2019_11_19_45.txt
[29/07/2017 09:50:28] - |D| - [33609557] - C:\AdwCleaner
[MD5.A83ADADB310E8370E382469507594069] - [24/06/2017 12:32:21] - |A| - (.-.) - [789] - (0.0.0.0) - C:\bdlog.txt
[MD5.A146476F4D2F554BE8527DEF0B97132A] - [19/07/2019 02:45:29] - |SH| - (.-.) - [80] - (0.0.0.0) - C:\bootTel.dat
[22/06/2017 12:26:55] - |SHD| - [0] - C:\Documents and Settings
[22/06/2017 15:47:04] - |D| - [586913214] - C:\EBP
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2018 16:43:30] - |ASH| - (.-.) - [1687937024] - (0.0.0.0) - C:\hiberfil.sys
[22/06/2017 15:17:18] - |D| - [473538] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2017 12:19:47] - |ASH| - (.-.) - [738197504] - (0.0.0.0) - C:\pagefile.sys
[12/04/2018 01:38:20] - |D| - [0] - C:\PerfLogs
[12/04/2018 01:38:20] - |RD| - [6487685524] - C:\Program Files
[12/04/2018 01:38:20] - |RD| - [3448783742] - C:\Program Files (x86)
[12/04/2018 01:38:20] - |HD| - [3817700533] - C:\ProgramData
[17/07/2019 12:30:01] - |D| - [436948] - C:\QuickDiag
[MD5.50D3DA80358B08052F67D17261AAEC6B] - [19/07/2019 11:27:45] - |A| - (.-.) - [157174] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.B30CBB4C2806BFBC85157523A207371D] - [17/07/2019 12:52:20] - |RAST| - (.-.) - [363796] - (0.0.0.0) - C:\QuickDiag_17_07_2019_12_52_20.txt
[05/06/2018 17:09:19] - |SHD| - [0] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/06/2017 12:19:49] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[22/06/2017 12:19:46] - |SHD| - [0] - C:\System Volume Information
[11/04/2018 23:04:33] - |RD| - [236219935777] - C:\Users
[11/04/2018 23:04:33] - |D| - [28214502707] - C:\Windows

---------- | C:\WINDOWS

[12/04/2018 01:38:20] - |D| - [802] - C:\WINDOWS\addins
[12/04/2018 01:38:20] - |D| - [8245613] - C:\WINDOWS\appcompat
[12/04/2018 01:38:20] - |D| - [8333246] - C:\WINDOWS\apppatch
[12/04/2018 01:38:20] - |D| - [0] - C:\WINDOWS\AppReadiness
[12/04/2018 01:38:20] - |RD| - [466947458] - C:\WINDOWS\assembly
[12/04/2018 01:38:20] - |D| - [720353] - C:\WINDOWS\bcastdvr
[MD5.178BA90AA13F6F834E5C060DC923FB55] - [12/04/2018 01:34:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [67072] - (10.0.17134.1) - C:\WINDOWS\bfsvc.exe
[12/04/2018 01:38:20] - |D| - [38320063] - C:\WINDOWS\Boot
[MD5.3B1A4D453D0EB8A5E4D695A8D6540F8C] - [05/06/2018 17:21:03] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[12/04/2018 01:38:21] - |D| - [2448984] - C:\WINDOWS\Branding
[MD5.9130CCE19B5DB3D2E31F9F789263FC4A] - [22/06/2017 16:41:36] - |A| - (.Copyright (c) 1999-2006 Microsoft Corporation - CAPICOM Module.) - [511328] - (2.1.0.2) - C:\WINDOWS\capicom.dll
[12/04/2018 01:30:02] - |D| - [0] - C:\WINDOWS\CbsTemp
[22/06/2017 15:23:12] - |D| - [54486161] - C:\WINDOWS\Cnxt
[MD5.A155FFABF2F04265A97274CCAB44D773] - [12/04/2018 18:23:39] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml
[12/04/2018 01:38:21] - |D| - [11482410] - C:\WINDOWS\Cursors
[12/04/2018 01:38:21] - |D| - [28948807] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [05/06/2018 17:06:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[12/04/2018 01:38:21] - |D| - [4607251] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [05/06/2018 17:06:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\DigitalLocker
[12/04/2018 01:38:21] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[12/04/2018 01:38:21] - |HD| - [81040] - C:\WINDOWS\ELAMBKUP
[MD5.030BED8976DD3D3D5BDED63A679E0FF7] - [20/06/2012 10:27:06] - |A| - (.Copyright (C) eMPIA Technology, Inc. 2002-2006 - BDA Monitor Application.) - [85504] - (5.7.1107.0) - C:\WINDOWS\emMON.exe
[12/04/2018 18:18:37] - |D| - [0] - C:\WINDOWS\en-US
[MD5.A1D1CE7D323A357163A500CDC15EDA54] - [17/07/2019 12:09:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4038688] - (10.0.17134.858) - C:\WINDOWS\explorer.exe
[12/04/2018 01:38:21] - |RSD| - [377007866] - C:\WINDOWS\Fonts
[12/04/2018 18:18:37] - |D| - [109568] - C:\WINDOWS\fr-FR
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[12/04/2018 01:38:21] - |D| - [47867303] - C:\WINDOWS\Globalization
[12/04/2018 01:38:21] - |D| - [71367505] - C:\WINDOWS\Help
[MD5.30D302335B017DC3B53519BD9E33D763] - [24/02/2019 16:47:12] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1054720] - (10.0.17134.556) - C:\WINDOWS\HelpPane.exe
[MD5.A50C9DF7603E2F1AEA6B54053794A326] - [12/04/2018 01:34:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.17134.1) - C:\WINDOWS\hh.exe
[12/04/2018 01:38:21] - |D| - [29869] - C:\WINDOWS\IdentityCRL
[12/04/2018 01:38:21] - |D| - [28827030] - C:\WINDOWS\IME
[12/04/2018 01:38:21] - |RD| - [8489793] - C:\WINDOWS\ImmersiveControlPanel
[12/04/2018 01:36:48] - |D| - [69161697] - C:\WINDOWS\INF
[12/04/2018 01:38:21] - |D| - [1392019087] - C:\WINDOWS\InfusedApps
[12/04/2018 01:38:21] - |D| - [38137502] - C:\WINDOWS\InputMethod
[12/04/2018 01:38:21] - |SHDC| - [1688364876] - C:\WINDOWS\Installer
[12/04/2018 01:38:21] - |D| - [94163] - C:\WINDOWS\L2Schemas
[12/04/2018 01:38:21] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[11/04/2018 23:04:39] - |D| - [46973660] - C:\WINDOWS\Logs
[12/04/2018 01:38:21] - |RSD| - [20486563] - C:\WINDOWS\media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [12/04/2018 01:34:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[12/04/2018 01:38:20] - |RD| - [608613946] - C:\WINDOWS\Microsoft.NET
[12/04/2018 01:38:21] - |D| - [3135] - C:\WINDOWS\Migration
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.BB9A06B8F2DD9D24C77F389D7B2B58D2] - [12/04/2018 01:34:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [245760] - (10.0.17134.1) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [22/06/2017 15:20:49] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[12/04/2018 18:22:25] - |D| - [199472] - C:\WINDOWS\OCR
[12/04/2018 01:38:21] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[24/05/2018 14:23:17] - |DC| - [222566329] - C:\WINDOWS\Panther
[12/04/2018 01:38:21] - |D| - [461854] - C:\WINDOWS\Performance
[MD5.43F54A0EB4FAA35249D65175B047D05C] - [18/12/2017 18:48:09] - |A| - (.-.) - [258728] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[12/04/2018 01:38:21] - |D| - [1136442] - C:\WINDOWS\PLA
[12/04/2018 01:38:21] - |D| - [2822167] - C:\WINDOWS\PolicyDefinitions
[05/06/2018 16:30:21] - |D| - [20457267] - C:\WINDOWS\Prefetch
[12/04/2018 01:38:21] - |RD| - [1965018] - C:\WINDOWS\PrintDialog
[12/04/2018 01:38:21] - |D| - [5519070] - C:\WINDOWS\Provisioning
[MD5.AC91328EE5CFFBD695CE912F75F876F6] - [12/04/2018 01:34:34] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [336384] - (10.0.17134.1) - C:\WINDOWS\regedit.exe
[12/04/2018 01:38:21] - |D| - [1117876] - C:\WINDOWS\registration
[12/04/2018 01:38:21] - |D| - [25079248] - C:\WINDOWS\rescache
[12/04/2018 01:38:21] - |D| - [3883941] - C:\WINDOWS\Resources
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\SchCache
[12/04/2018 01:38:21] - |D| - [122082] - C:\WINDOWS\schemas
[12/04/2018 01:38:21] - |D| - [3949008] - C:\WINDOWS\security
[05/06/2018 17:20:20] - |D| - [54293023] - C:\WINDOWS\ServiceProfiles
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\ServiceState
[11/04/2018 23:04:33] - |D| - [229049220] - C:\WINDOWS\servicing
[12/04/2018 01:41:20] - |D| - [42] - C:\WINDOWS\Setup
[MD5.7839ADB8CA8AD83F4B8C6EFC44DE9F1C] - [15/07/2019 12:48:21] - |A| - (.-.) - [918] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/07/2019 12:48:21] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[12/04/2018 01:38:21] - |D| - [6443008] - C:\WINDOWS\ShellComponents
[12/04/2018 01:38:21] - |D| - [53634048] - C:\WINDOWS\ShellExperiences
[12/04/2018 18:19:39] - |D| - [3070736] - C:\WINDOWS\SKB
[22/06/2017 12:29:29] - |D| - [364490351] - C:\WINDOWS\SoftwareDistribution
[12/04/2018 01:38:21] - |D| - [86037185] - C:\WINDOWS\Speech
[12/04/2018 01:38:21] - |D| - [63476142] - C:\WINDOWS\Speech_OneCore
[MD5.1CC7C7CCB919892585890F22DB69258D] - [17/07/2019 12:08:14] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [131072] - (10.0.17134.885) - C:\WINDOWS\splwow64.exe
[12/04/2018 01:38:21] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [18/03/2017 23:03:33] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[11/04/2018 23:04:33] - |D| - [7465302315] - C:\WINDOWS\System32
[12/04/2018 01:38:21] - |D| - [225514114] - C:\WINDOWS\SystemApps
[12/04/2018 01:38:21] - |D| - [25702081] - C:\WINDOWS\SystemResources
[11/04/2018 23:04:41] - |D| - [1521301989] - C:\WINDOWS\SysWOW64
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\TAPI
[18/03/2017 23:03:29] - |D| - [528] - C:\WINDOWS\Tasks
[12/04/2018 01:38:21] - |D| - [111279] - C:\WINDOWS\Temp
[12/04/2018 01:38:21] - |D| - [13610496] - C:\WINDOWS\TextInput
[12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\tracing
[12/04/2018 01:38:21] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.076387B253E6A381090F59EDBFC5EEF6] - [12/04/2018 01:34:53] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[12/04/2018 01:38:21] - |D| - [12420] - C:\WINDOWS\Vss
[11/04/2018 23:04:37] - |D| - [25818] - C:\WINDOWS\WaaS
[12/04/2018 01:38:21] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.23CF8138F49416231807E6DE371FB9E6] - [18/03/2017 23:03:33] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [12/04/2018 01:34:36] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [18/06/2019 16:20:00] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.EE1F0DE1ED3E8A5BF080B3497049969E] - [12/04/2018 01:34:52] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.17134.1) - C:\WINDOWS\winhlp32.exe
[11/04/2018 23:04:33] - |D| - [12767886091] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [12/04/2018 01:33:56] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.5266C61652051E9EF3A4D199001F6B17] - [12/04/2018 01:34:19] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.17134.1) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[08/08/2017 10:01:05] - C:\WINDOWS\Installer\278df3c9.msi : (Java SE Runtime Environment 8 Update 144 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:41:29] - C:\WINDOWS\Installer\3050a6.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2016 19:11:18] - C:\WINDOWS\Installer\3050b2.msi : (OpenOffice 4.1.3 - OpenOffice)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/05/2019 22:15:58] - C:\WINDOWS\Installer\336f3213.msi : (Looks for updates for your computer's software and drivers to improve performance. - AVAST Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/05/2019 08:22:52] - C:\WINDOWS\Installer\3bd817de.msi : (Google Update Helper - Google LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/10/2017 10:35:42] - C:\WINDOWS\Installer\3ebc5c44.msi : (Apple Mobile Device Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/03/2019 12:04:24] - C:\WINDOWS\Installer\4f3c285.msi : (Java SE Runtime Environment 8 Update 201 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/03/2019 12:06:26] - C:\WINDOWS\Installer\4f3c28e.msi : (Java Auto Updater - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2018 10:03:43] - C:\WINDOWS\Installer\6a428019.msi : (Avast Update Helper - AVAST Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2019 10:14:14] - C:\WINDOWS\Installer\6bbaf104.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/10/2018 19:57:49] - C:\WINDOWS\Installer\82a802.msi : (Java SE Runtime Environment 8 Update 191 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2018 10:44:12] - C:\WINDOWS\Installer\8efd55.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2018 10:44:14] - C:\WINDOWS\Installer\8f01d5.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/07/2018 03:48:04] - C:\WINDOWS\Installer\8f03c7.msi : (Apple Software Update Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/03/2018 14:02:42] - C:\WINDOWS\Installer\8f03cb.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2016 14:46:20] - C:\WINDOWS\Installer\9803b31.msi : (GemPcCCID Version 2.0.7 - Gemalto)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/09/2013 11:22:17] - C:\WINDOWS\Installer\a3eeec7.msi : (MAGIX Speed burnR (MSI) - v7.0.1.27 (fr-FR) - MAGIX AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/09/2013 12:42:53] - C:\WINDOWS\Installer\a3eeed5.msi : (MAGIX Video easy Rescue Your Videotapes! - v5.0.1.104 (en-II) - MAGIX AG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/06/2019 17:32:45] - C:\WINDOWS\Installer\a3eeed9.msi : (MAGIX USB-Videowandler 2 - MAGIX)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/07/2017 06:57:12] - [1732608] - (.().-. - ()) - C:\WINDOWS\Installer\118f8fa.msp
[12/05/2018 08:05:37] - [7094272] - (.().-. - ()) - C:\WINDOWS\Installer\124396.msp
[13/11/2017 06:26:16] - [23506944] - (.().-. - ()) - C:\WINDOWS\Installer\127f030.msp
[13/06/2019 14:38:00] - [2260992] - (.().-. - ()) - C:\WINDOWS\Installer\19a80426.msp
[23/02/2018 15:25:19] - [1343488] - (.().-. - ()) - C:\WINDOWS\Installer\24267e85.msp
[18/09/2018 10:10:59] - [4706304] - (.().-. - ()) - C:\WINDOWS\Installer\26e89ee5.msp
[23/12/2016 21:39:56] - [75468800] - (.().-. - ()) - C:\WINDOWS\Installer\3050a7.msp
[13/05/2019 08:57:34] - [59400192] - (.().-. - ()) - C:\WINDOWS\Installer\41f2416b.msp
[28/08/2017 18:40:46] - [2424832] - (.().-. - ()) - C:\WINDOWS\Installer\4a2cca48.msp
[10/04/2017 07:34:47] - [92508160] - (.().-. - ()) - C:\WINDOWS\Installer\52555ce.msp
[29/11/2017 12:42:28] - [1355776] - (.().-. - ()) - C:\WINDOWS\Installer\5390f685.msp
[13/11/2018 06:24:12] - [3485696] - (.().-. - ()) - C:\WINDOWS\Installer\56715d61.msp
[03/01/2019 11:17:04] - [1720320] - (.().-. - ()) - C:\WINDOWS\Installer\5b5a4aa8.msp
[09/07/2018 07:47:48] - [27000832] - (.().-. - ()) - C:\WINDOWS\Installer\80f4d4f6.msp
[13/08/2018 08:19:45] - [1441792] - (.().-. - ()) - C:\WINDOWS\Installer\a1ee54f.msp
[08/10/2018 13:11:44] - [2174976] - (.().-. - ()) - C:\WINDOWS\Installer\a891be41.msp
[08/04/2019 08:22:42] - [7155712] - (.().-. - ()) - C:\WINDOWS\Installer\aaca14d.msp
[22/10/2018 15:33:19] - [2584576] - (.().-. - ()) - C:\WINDOWS\Installer\c6d1cf59.msp
[10/12/2018 08:52:51] - [44044288] - (.().-. - ()) - C:\WINDOWS\Installer\e99aa4a.msp

---------- | %System%\*.in*

[12/04/2018 01:33:56] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[05/06/2018 16:51:51] - [1677054] - C:\WINDOWS\System32\PerfStringBackup.INI
[12/04/2018 01:34:33] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[12/04/2018 01:34:20] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini
[12/04/2018 01:34:00] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[12/04/2018 01:34:49] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.38E79838EBED0979EB577A228180200E] - |A| - [18/07/2019 12:24:55] - (.-.) - [29.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.html
[MD5.26E01C8DA26C152B0F5559C001AEED5C] - |A| - [18/07/2019 12:24:48] - (.-.) - [12.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\battery-report.xml
[MD5.00000000000000000000000000000000] - |D| - [19/07/2019 02:47:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [19/07/2019 02:47:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [19/07/2019 02:47:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [19/07/2019 02:47:10] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/07/2019 12:29:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GeoInfo.tmp
[MD5.ACC6EAB75438E941D509CA6C98BD1ADB] - |A| - [18/07/2019 13:58:06] - (.-.) - [18.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\HighPerformancePlan.log
[MD5.00000000000000000000000000000000] - |D| - [18/07/2019 12:21:12] - [1.75 Ko] - C:\WINDOWS\Temp\HP
[MD5.DE1BC462C296ECACF579D4437F236ECD] - |A| - [18/07/2019 12:21:55] - (.-.) - [13.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [19/07/2019 04:03:50] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.59F0170A9FA6BD1F5C9155C13400C949] - |A| - [18/07/2019 13:58:05] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PowerPlan.log
[MD5.1693F0A2202BABEC20F86AA349109479] - |A| - [18/07/2019 13:57:58] - (.-.) - [12.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\UsoStoreFile.xml
[MD5.00000000000000000000000000000000] - |D| - [05/06/2018 16:44:56] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [12/04/2018 01:34:07] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [12/04/2018 01:34:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:14] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [12/04/2018 01:34:27] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [12/04/2018 01:34:32] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:33] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [12/04/2018 01:34:44] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |A| - [12/04/2018 01:34:04] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [12/04/2018 01:34:04] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:20] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [12/04/2018 01:34:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:39] - [2891.9 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\af-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [27.97 Ko] - C:\WINDOWS\System32\am-et
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2710.82 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.B4F803BBEAFAD4DE89C6D3718E93F4F0] - |A| - [12/04/2018 01:34:15] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [602 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\as-IN
[MD5.09BA156D2582A9B27B3B04031B9FD343] - |A| - [18/07/2019 19:44:42] - (.Copyright (c) 2019 AVAST Software - Avast start-up scanner.) - [354.88 Ko] - (19.6.4546.0) - C:\WINDOWS\System32\aswBoot.exe
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [12/04/2018 01:34:04] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [345.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [12/04/2018 01:34:02] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4838.38 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.BDD249D9FA40B81ED70224FBA3502877] - |A| - [27/07/2015 04:04:48] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [211.62 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll
[MD5.D970D0B41F5A199732BC125A8B460E25] - |A| - [27/07/2015 04:04:48] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [212.62 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll
[MD5.1F1E974C66981B0DCA8F172C4E578EFC] - |A| - [27/07/2015 04:04:48] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [45.12 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US
[MD5.06DB0A736F8A78151518276F232669FC] - |A| - [12/04/2018 01:34:19] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [181 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [105715.76 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [38547.18 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [3187.84 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [01/12/2016 23:20:22] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [368 Ko] - C:\WINDOWS\System32\com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [330312.3 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [53.11 Ko] - C:\WINDOWS\System32\Configuration
[MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [01/12/2016 23:20:22] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [403.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.BDEBD2FC4927DA00EEA263AF9CF8F7ED] - |A| - [12/04/2018 01:34:15] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [414.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe
[MD5.58A51645E11E64133A0085F313116164] - |A| - [20/03/2017 14:26:52] - (.Conexant Systems Inc. - Conexant Audio Processing Objects.) - [1010.08 Ko] - (4.81.22.0) - C:\WINDOWS\System32\CX64BP22.dll
[MD5.5FCABDE89AC62A8818C803646FCEE23E] - |A| - [22/06/2017 15:22:20] - (.© Conexant Systems Inc. - Conexant Audio Message Service.) - [220.21 Ko] - (1.16.0.0) - C:\WINDOWS\System32\CxAudMsg64.exe
[MD5.2373C94C040B83D6592C11E24CA32D09] - |A| - [20/03/2017 14:26:54] - (.Conexant Systems Inc. - Conexant PageMaster.) - [58.78 Ko] - (1.1.0.0) - C:\WINDOWS\System32\CxPageMaster64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [399 Ko] - C:\WINDOWS\System32\da-DK
[MD5.48E51DAA9278C41213957795D439A274] - |A| - [19/11/2018 16:02:55] - (.-.) - [138 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [217.6 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [453 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:06] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [12/04/2018 01:34:04] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [12/04/2018 01:38:27] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/11/2018 16:04:22] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [12/04/2018 01:34:17] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [946 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.12ACC91FA93C8BF82D4EF3FB779ECEF8] - |A| - [12/04/2018 01:34:24] - (.-.) - [80.27 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [9781.07 Ko] - C:\WINDOWS\System32\Dism
[MD5.254D1F4D191CE37B4A0FE4E042AF59F6] - |A| - [05/05/2019 22:48:38] - (.-.) - [811.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:37:59] - [102757.38 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\DriverState
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [3052634.07 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [161.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [12/04/2018 01:34:04] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [12/04/2018 01:34:04] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [12/04/2018 01:34:04] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.10C38E1CA0D664F58E8B9F3645885E1D] - |A| - [24/02/2019 16:47:08] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [451.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.20B85E58713F59664314438F3E10755A] - |A| - [20/06/2012 10:16:38] - (.Copyright (C) eMPIA Technology 2002-2012 - USB 28xx BDA Prop Page.) - [116.5 Ko] - (5.2012.620.0) - C:\WINDOWS\System32\emPRP64.ax
[MD5.C38B51CDDD8D6CA489FEB4FA3FE09840] - |A| - [09/12/2017 12:20:34] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2139.03 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [433.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [358.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [318.5 Ko] - C:\WINDOWS\System32\et-EE
[MD5.4DBB768C8F7E49566670FF10A61726A3] - |A| - [12/07/2018 10:05:45] - (.-.) - [1278 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.F5A3997555DA1A4F7036D4E8B2FCB386] - |A| - [12/07/2018 10:05:11] - (.-.) - [530.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.BB0137476B1EC8B10CE944BF023C91F6] - |A| - [12/04/2018 01:34:04] - (.-.) - [1317.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [12/04/2018 01:34:41] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [12/04/2018 01:33:53] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [404.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [01/12/2016 23:20:22] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.054476C027EE2974C1F5984BBE3CD4F8] - |A| - [20/03/2017 14:26:54] - (.(c)Conexant Systems Inc. - Microphone Effects Property Page.) - [107.7 Ko] - (1.7.0.0) - C:\WINDOWS\System32\FMPropPageExt64.dll
[MD5.5FEE7C87292C4A23641598A94B3C6E83] - |A| - [05/06/2018 16:28:46] - (.-.) - [350.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:38] - [3403 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [369 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45668.33 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [12/04/2018 01:34:39] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [01/12/2016 23:20:22] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/06/2017 15:17:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [327.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png
[MD5.D6906D226393F94E7D8B3B2AC1E41D94] - |A| - [12/04/2018 01:34:10] - (.-.) - [247.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.7A319F10718AB67B8600BD5CED29BCF0] - |A| - [21/07/2016 21:05:08] - (.© 2015 HPDC LP - DeviceCoInstaller.) - [320.68 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkcoiCC11.dll
[MD5.14B44F60077B01C873F01F5AC1B7DF69] - |A| - [21/07/2016 21:05:14] - (.© 2015 HPDC LP - hpinkins.exe.) - [2883.68 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkinsCC11.exe
[MD5.3359D87DC51B6D9564A7DB37E1E2904A] - |A| - [21/07/2016 21:05:22] - (.© 2015 HPDC LP - Print Status Language Monitor.) - [384.18 Ko] - (40.2.1065.64451) - C:\WINDOWS\System32\hpinkstsCC11LM.dll
[MD5.53D8BBB236513133915E8206CC8E419F] - |A| - [07/05/2008 19:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [34 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZ3LLHN.DLL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.E1712E7E7F912EC72EEDA318C3B25E25] - |A| - [12/04/2018 01:33:54] - (.-.) - [31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:23:20] - [160.64 Ko] - C:\WINDOWS\System32\hydrogen
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.CD591279F103D5E02F84ABD7ED450E57] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1848 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.4185EE055F39FD2D726A91E6A8A1A093] - |RA| - [12/04/2018 01:34:12] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1311.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [01/12/2016 23:20:22] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.9F63B714A933FD4D4E3C613211AD98D6] - |A| - [06/05/2019 02:02:06] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.87 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.BC0EF9B1AA166D06897793D5609A8470] - |A| - [05/05/2019 23:02:00] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.71 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.EB5AD9A2DE80B701316E224A2E5D232D] - |A| - [06/05/2019 02:02:08] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.88 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.39CDEFCA280721A52FC2AB2F179F83E8] - |A| - [05/05/2019 23:02:00] - (.-.) - [267.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.422ADA69DF0C91E3811FE57C0B1BFC2D] - |A| - [05/05/2019 23:02:02] - (.-.) - [101.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.6DD5C6A6E60B5DFA3DD7E0891829A705] - |A| - [05/05/2019 23:02:02] - (.-.) - [83.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.135C9667D13E7E4CFD6692D9D6CD88B8] - |A| - [05/05/2019 23:02:02] - (.-.) - [93.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.CE16F09952F187AFA56462421270E317] - |A| - [05/05/2019 23:02:04] - (.-.) - [28.7 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.2BA013342BD1DF3DAADACA5123187980] - |A| - [05/05/2019 23:02:04] - (.-.) - [28.73 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.FAAD447A9C7A81B2003D641BCFCEC362] - |A| - [05/05/2019 23:02:04] - (.-.) - [27.21 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.C562E2218D126BE18F480138BD911154] - |A| - [05/05/2019 23:02:06] - (.-.) - [27.23 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.A749F3730D0B1B87D810817687B950BB] - |A| - [05/05/2019 23:02:08] - (.-.) - [22.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.847C4E75626D0545344734FF87A70EC1] - |A| - [05/05/2019 23:02:08] - (.-.) - [22.2 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.FAF4A7388FFD70816551666DD584D5D5] - |A| - [05/05/2019 23:02:08] - (.-.) - [996.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.0C0C6605C35C04D78A6CDADDB2742217] - |A| - [05/05/2019 23:02:08] - (.-.) - [98.5 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.85204D473EBE306A50CE988F6DB83CA6] - |A| - [05/05/2019 23:02:10] - (.-.) - [109 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.95B1D26DD3556EDAB0704FD14245569C] - |A| - [02/12/2016 07:32:42] - (.-.) - [389.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.8AC373F4A5A8E34E97F0C2B54E227574] - |A| - [05/05/2019 22:48:42] - (.-.) - [1344 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.AB07C2EDD36510773CCB2CDE86961461] - |A| - [05/05/2019 22:48:42] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.4E967268EC80FF454D7391D598BA5E10] - |A| - [05/05/2019 22:48:42] - (.-.) - [43.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.5F8C37E8469B67AC76C2AD6050AE6513] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.2A8578240F878F098205E1DC75DF4834] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.6485A3A7D87E7D49D55E3E814290BA26] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.392AF7118598E658B41C4716642B7D4B] - |A| - [05/05/2019 22:48:42] - (.-.) - [41.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.828CF0AA3495A32D1DADF9CB56BFCDEA] - |A| - [05/05/2019 22:48:42] - (.-.) - [42.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.F137925ECD8957A40C4151738D1D4284] - |A| - [05/05/2019 22:48:42] - (.-.) - [4.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.67B646C256190F118619C9D10AAE4B5C] - |A| - [12/04/2018 01:34:04] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [01/12/2016 23:20:24] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [25221.12 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.BB1480586B5C174900A1051CEB2B462F] - |A| - [12/04/2018 01:34:12] - (.-.) - [480.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6671.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png
[MD5.2FA94E7C11618BBF7607EEFDAE5929E7] - |A| - [05/05/2019 23:02:10] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [435.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.CD5103513C1B423576F1786C3A14B842] - |A| - [05/05/2019 23:02:18] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.5 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [432.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [319.56 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [297 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/11/2018 16:04:49] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [12/04/2018 01:34:04] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/07/2019 21:42:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\last.dump
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [33 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.4F5120E44845A78D5920D2F0BDE0340F] - |A| - [12/04/2018 18:22:53] - (.-.) - [1953 Ko] - (2.6.4.0) - C:\WINDOWS\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [559.86 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4852.45 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [333 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [331.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [30096.04 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.3DCF07F29FFC6A20F14E05C20D3621F7] - |A| - [13/03/2019 17:45:35] - (.-.) - [791.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [12/04/2018 01:34:04] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.D225B2044789A6059344503C1AE33347] - |A| - [12/04/2018 01:34:29] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:28:51] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4196.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [34.35 Ko] - C:\WINDOWS\System32\my-mm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [393.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.755CB19547091C00749BCC2948CE22D1] - |A| - [09/12/2017 11:56:40] - (.-.) - [73.76 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [12/04/2018 01:34:39] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.B71AD74A91E472CC8B283B8A7D2C9677] - |A| - [15/05/2017 09:17:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json
[MD5.6C29B9074C1B5F1EBE3B0718A4A53007] - |A| - [22/06/2017 15:21:19] - (.-.) - [7663.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.3ABC3E46A92F82ECEA031312B0EE3EE1] - |A| - [15/05/2017 09:17:12] - (.-.) - [41.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.1F8E72D18D9DF680D0E0E5AA10ECA760] - |A| - [12/04/2018 01:38:28] - (.-.) - [16.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15788.37 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:54] - [3834.5 Ko] - C:\WINDOWS\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [12/04/2018 01:34:04] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.874B0871DA3EC061D1BF30423C1E165B] - |A| - [12/04/2018 01:34:43] - (.-.) - [48.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerceptionSimulationInput.exe
[MD5.82E7332ED265B31F803CAC793439BF7C] - |A| - [12/04/2018 01:40:29] - (.-.) - [122.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.93BA8C0BC40F5A636009C36F32B12E2A] - |A| - [12/04/2018 18:18:42] - (.-.) - [138.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [12/04/2018 01:40:29] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [12/04/2018 18:18:42] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.D3502EF912725EEB9E3B4891D2CAB6DA] - |A| - [12/04/2018 01:40:29] - (.-.) - [649.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.65A89EE4647CA2729B84D3095949789D] - |A| - [12/04/2018 18:18:42] - (.-.) - [736.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.43F3521765362487E504B76CA9908F01] - |A| - [05/06/2018 16:51:51] - (.-.) - [1637.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [12/04/2018 01:34:02] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [420 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [682 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [420.74 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [12/04/2018 01:34:40] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [422 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [417.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.5BBEA6A833CAE2CAB5E400D757998BBF] - |A| - [05/06/2018 17:15:33] - (.-.) - [1907.5 Ko] - (1.0.1802.7001) - C:\WINDOWS\System32\rdpnano.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [445846.27 Ko] - C:\WINDOWS\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [12/04/2018 01:34:43] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [12/04/2018 01:34:43] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [342 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [412 Ko] - C:\WINDOWS\System32\ru-RU
[MD5.BA34CA469FE48B13922CD7A07A4A904A] - |A| - [18/10/2018 15:28:53] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [12/04/2018 01:35:22] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [12/04/2018 01:34:39] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [2246 Ko] - C:\WINDOWS\System32\ShellExperiences
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [53.2 Ko] - C:\WINDOWS\System32\si-lk
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [339 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [335.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [05/06/2018 16:28:53] - [88436.94 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [12/04/2018 01:34:04] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:33] - [13385.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [12/04/2018 01:33:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [12/04/2018 01:34:02] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png
[MD5.3C238A27DD48D63F21CBB8AE6E4210BD] - |A| - [12/04/2018 01:34:41] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7505.4 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [12221.17 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [112941.71 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5916.52 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [337 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 17:15:48] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.4FD560E994EDF0353835F3F9F506A62C] - |A| - [12/07/2018 10:04:56] - (.-.) - [57.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [22/06/2017 15:21:59] - [3161.65 Ko] - C:\WINDOWS\System32\SRSLabs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9816 Ko] - C:\WINDOWS\System32\sru
[MD5.8A02EF186BDC952CA75EFA689EC4F275] - |A| - [12/04/2018 01:34:04] - (.-.) - [434 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [401.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:37] - [1402.26 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [923.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44.73 Ko] - C:\WINDOWS\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk
[MD5.9CD66B93520B6DD13C71EAEF487D7899] - |A| - [12/04/2018 01:34:16] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [580.74 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [523.65 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.AD6EA34C17105785BE012B0685835BD2] - |A| - [17/07/2019 12:08:09] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcbres.wim
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [12/04/2018 01:34:33] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [308.5 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA
[MD5.43E499635DCDFCEC8CD88DE61E55A4E6] - |A| - [20/03/2017 14:27:04] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [832.16 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tosasfapo64.dll
[MD5.815528CBA609B6EB5E595059287314AF] - |A| - [20/03/2017 14:27:04] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.7 Ko] - (2.1.0.0) - C:\WINDOWS\System32\toseaeapo64.dll
[MD5.11493D68091CC4F42E7003F83ADE1ED4] - |A| - [20/03/2017 14:27:10] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.29 Ko] - (2.1.1.0) - C:\WINDOWS\System32\tossaeapo64.dll
[MD5.A5AD41EA67E9F14CA73F4763E3562A63] - |A| - [20/03/2017 14:27:12] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [590.62 Ko] - (1.1.2.0) - C:\WINDOWS\System32\tossaemaxapo64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [392.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [12/04/2018 01:34:44] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [12/04/2018 01:34:44] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.3DB14AD20B4F30239DF20F2C922DF494] - |A| - [20/03/2017 14:26:52] - (.Copyright© Conexant Systems, Inc. 2013 - Conexant Unified x64 Device CoInstaller.) - [4675.37 Ko] - (7.102.0.0) - C:\WINDOWS\System32\UCI64A102.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [334.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [2716.43 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.5B0D59652F66ABB715DC53C312B26BD0] - |A| - [12/04/2018 01:34:14] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll
[MD5.4E8F2BB3A5A87E75C35533723B50E685] - |A| - [22/06/2017 16:44:25] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\user_gensett.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [09/09/2016 20:25:10] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1-1-0-26-0.dll
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [22/06/2017 15:26:05] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [09/09/2016 20:24:38] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-26-0.exe
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [22/06/2017 15:26:05] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [85298.72 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [68409.49 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [12/04/2018 01:34:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [44134.66 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.9FB33FC28587B322B6563F73A8F0CBBD] - |A| - [12/04/2018 01:34:10] - (.-.) - [123 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [9747.49 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [180404 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.42 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [12/04/2018 01:34:42] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.A853BF78DA5ED707FC4430FBEA74CC15] - |A| - [12/04/2018 01:34:02] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.DE198ABE13B6E663E60E006E17CF68B1] - |A| - [12/04/2018 01:34:06] - (.-.) - [79.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [286.99 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [251.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\System32\zu-ZA
[MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [22/06/2017 15:17:18] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [22/06/2017 15:17:18] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [12/04/2018 01:34:48] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [12/04/2018 01:34:59] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [12/04/2018 01:34:49] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 23:04:41] - [1900.9 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [326.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [324 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [320.5 Ko] - C:\WINDOWS\SysWOW64\com
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [12/04/2018 01:34:46] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [205 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [7790.46 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.5F0291F743A717E5E90D5FCAA65F323B] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - API of PoINT CD/DVD Audio/Video SDK.) - [741.38 Ko] - (11.0.0.226) - C:\WINDOWS\SysWOW64\DLLAV32.dll
[MD5.B28BCDE12EF536157B0836F0E35BF0EE] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [153.38 Ko] - (4.0.0.167) - C:\WINDOWS\SysWOW64\DLLCPY32.dll
[MD5.46805CB8BCBB94C6AF09F2EB63D2F4E4] - |A| - [10/07/2012 11:43:08] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [221.38 Ko] - (4.0.0.306) - C:\WINDOWS\SysWOW64\DLLDEV32.dll
[MD5.2608C6004950BAA4C1AB2508AC637AB5] - |A| - [27/04/2007 10:43:58] - (.-.) - [117.38 Ko] - (3.7.0.12) - C:\WINDOWS\SysWOW64\DLLDEV32i.dll
[MD5.2E7B44A102611318AC9A6627A4A2FBF4] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [213.38 Ko] - (4.0.0.393) - C:\WINDOWS\SysWOW64\DLLDRV32.dll
[MD5.75D9D1AF69F397737150089723EDFA7A] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [97.38 Ko] - (3.1.0.109) - C:\WINDOWS\SysWOW64\DLLIO32.dll
[MD5.D621B9F4C9F0647BFBCE84D7C0F68E27] - |A| - [10/07/2012 11:43:06] - (.Copyright © PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [81.38 Ko] - (3.3.0.59) - C:\WINDOWS\SysWOW64\DLLPNT32.dll
[MD5.FAC8907FE85FB1C43E6E81D45D507278] - |A| - [10/07/2012 11:43:06] - (.© PoINT Software & Systems GmbH 1994-2010 - PoINT Shared DLL.) - [93.38 Ko] - (3.1.0.40) - C:\WINDOWS\SysWOW64\DLLPRF32.dll
[MD5.C77A763D688D9D4C25D4D899F5491CBD] - |A| - [10/07/2012 11:43:04] - (.PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [297.38 Ko] - (3.3.0.217) - C:\WINDOWS\SysWOW64\DLLRES32.dll
[MD5.B6B66E2F8A99C5274C5901739B40DF09] - |A| - [20/06/2012 10:06:32] - (.Copyright (C) eMPIA Technology 2002-2012 - USB 28xx BDA Prop Page.) - [111.5 Ko] - (5.2012.620.0) - C:\WINDOWS\SysWOW64\emPRP.ax
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:39] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [304 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1556.03 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [411.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [336.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [299.5 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [12/04/2018 01:38:21] - [13011.15 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [383 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [346 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [37130.47 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES
[MD5.1E91815C329345AD54FE08BF7A98F749] - |A| - [12/04/2018 18:19:16] - (.Copyright (C) 2017 - Gracenote SDK component.) - [4073.5 Ko] - (3.10.5.5585) - C:\WINDOWS\SysWOW64\gnsdk_fp.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [309.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.B4242227EAA6B910E3D0B985816DB2E7] - |A| - [12/04/2018 01:34:45] - (.-.) - [218 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [389.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.17F5D3282D520EB2EA7C488AA6C57438] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1594 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.A456E020684366A0DB0714ABFB1B5A2A] - |RA| - [12/04/2018 01:34:47] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1134 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.9DDE110E76DD3D7FAA7282361069528E] - |A| - [12/04/2018 01:34:47] - (.-.) - [355.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [215.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.3BF7D3E5ED0D1983A12E7F83F4E305C7] - |A| - [05/05/2019 23:02:18] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.5 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [410.5 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [288 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.9EA3CD2CB18622637DD032743D7750C9] - |A| - [15/05/2017 09:17:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [12/04/2018 01:34:02] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [678.8 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [397.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [420.74 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [400.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [395.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [321 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [391 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\rw-RW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [4133.4 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8940.62 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [1309.47 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [316.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.2E00E08420875FAE0B173C6A34C2A575] - |A| - [05/06/2018 17:16:06] - (.-.) - [18.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.DC2DB04CA829CAD7910CE71263F68C90] - |A| - [12/04/2018 01:34:45] - (.-.) - [321.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.D89190BEDE191ACEFA833CC0FA0DA3C5] - |A| - [10/07/2012 11:43:04] - (.© PoINT Software & Systems GmbH 1994-2012 - PoINT Shared DLL.) - [69.38 Ko] - (3.0.0.24) - C:\WINDOWS\SysWOW64\STRING32.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [381.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [289.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [372.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [314 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [09/09/2016 20:25:58] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-26-0.dll
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [22/06/2017 15:26:05] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [09/09/2016 20:25:28] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-26-0.exe
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [22/06/2017 15:26:05] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [15720.71 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.F8A04B2ADF9693ADF0D70B966CA4498E] - |A| - [12/04/2018 01:34:45] - (.-.) - [109 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [8910.7 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [5569.41 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:18:40] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.62236256C14EBAB96F24E4F1D7049CA8] - |A| - [12/04/2018 01:34:45] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [29.5 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [245.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 01:38:21] - [240.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 18:22:49] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | [Personnel]

[09/12/2017 19:22:30] - |RD| - [298] - C:\Users\Personnel\3D Objects
[05/06/2018 16:38:28] - |HD| - [47687218412] - C:\Users\Personnel\AppData
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Application Data
[22/06/2017 12:33:04] - |RD| - [412] - C:\Users\Personnel\Contacts
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Cookies
[22/06/2017 12:32:27] - |RD| - [280832714] - C:\Users\Personnel\Desktop
[22/06/2017 12:32:27] - |RD| - [6606401095] - C:\Users\Personnel\Documents
[22/06/2017 12:32:27] - |RD| - [1253367475] - C:\Users\Personnel\Downloads
[21/08/2017 17:20:47] - |RD| - [1155588] - C:\Users\Personnel\Dropbox
[22/06/2017 12:32:27] - |RD| - [2940] - C:\Users\Personnel\Favorites
[22/06/2017 15:17:21] - |SHD| - [25308] - C:\Users\Personnel\IntelGraphicsProfiles
[22/06/2017 12:32:27] - |RD| - [2528] - C:\Users\Personnel\Links
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Local Settings
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Menu Démarrer
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Mes documents
[17/08/2018 21:10:04] - |HD| - [2631425] - C:\Users\Personnel\MicrosoftEdgeBackups
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Modèles
[22/06/2017 12:32:27] - |RD| - [449495786] - C:\Users\Personnel\Music
[05/06/2018 16:38:28] - |AH| - [3145728] - C:\Users\Personnel\ntuser.dat
[05/06/2018 16:38:28] - |ASH| - [761856] - C:\Users\Personnel\ntuser.dat.log1
[05/06/2018 16:38:28] - |ASH| - [756736] - C:\Users\Personnel\ntuser.dat.log2
[05/06/2018 16:38:28] - |ASH| - [65536] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TM.blf
[05/06/2018 16:38:28] - |ASH| - [524288] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TMContainer00000000000000000001.regtrans-ms
[05/06/2018 16:38:28] - |ASH| - [524288] - C:\Users\Personnel\NTUSER.DAT{13d7362e-68d5-11e8-90a3-c454441b39fc}.TMContainer00000000000000000002.regtrans-ms
[07/07/2019 22:08:18] - |ASH| - [65536] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TM.blf
[07/07/2019 22:08:18] - |ASH| - [524288] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TMContainer00000000000000000001.regtrans-ms
[07/07/2019 22:08:18] - |ASH| - [524288] - C:\Users\Personnel\ntuser.dat{c84b15e4-9e7a-11e9-ac9c-28e34730fc03}.TMContainer00000000000000000002.regtrans-ms
[05/06/2018 17:10:51] - |SH| - [20] - C:\Users\Personnel\ntuser.ini
[22/06/2017 12:36:42] - |RD| - [100] - C:\Users\Personnel\OneDrive
[22/06/2017 12:32:27] - |RD| - [172530994437] - C:\Users\Personnel\Pictures
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Recent
[22/06/2017 12:32:27] - |RD| - [282] - C:\Users\Personnel\Saved Games
[22/06/2017 12:33:04] - |RD| - [1879] - C:\Users\Personnel\Searches
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\SendTo
[22/06/2017 12:32:27] - |RD| - [3580493384] - C:\Users\Personnel\Videos
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Voisinage d'impression
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\Voisinage réseau
[05/06/2018 16:38:28] - |D| - [3760045902] - C:\Users\Personnel\AppData\Local
[22/06/2017 12:32:27] - |D| - [1751566] - C:\Users\Personnel\AppData\LocalLow
[05/06/2018 16:38:28] - |D| - [43925420944] - C:\Users\Personnel\AppData\Roaming
[22/06/2017 16:33:23] - |D| - [1830909] - C:\Users\Personnel\AppData\Local\Adobe
[01/11/2017 21:43:58] - |D| - [0] - C:\Users\Personnel\AppData\Local\Apple
[01/11/2017 22:04:54] - |D| - [4465793] - C:\Users\Personnel\AppData\Local\Apple Computer
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Application Data
[04/04/2018 10:03:47] - |D| - [1038021124] - C:\Users\Personnel\AppData\Local\AVAST Software
[22/06/2017 16:33:59] - |D| - [0] - C:\Users\Personnel\AppData\Local\CEF
[22/06/2017 12:50:22] - |D| - [28532740] - C:\Users\Personnel\AppData\Local\Comms
[22/06/2017 12:32:54] - |D| - [1215654] - C:\Users\Personnel\AppData\Local\ConnectedDevicesPlatform
[11/08/2017 11:08:10] - |D| - [83753312] - C:\Users\Personnel\AppData\Local\CrashDumps
[07/07/2019 20:45:21] - |D| - [137032] - C:\Users\Personnel\AppData\Local\D3DSCache
[11/08/2017 11:07:29] - |D| - [0] - C:\Users\Personnel\AppData\Local\DBG
[17/07/2019 21:35:58] - |D| - [4005498] - C:\Users\Personnel\AppData\Local\Diagnostics
[19/06/2019 17:32:45] - |D| - [2580480] - C:\Users\Personnel\AppData\Local\Downloaded Installations
[23/06/2017 18:05:27] - |D| - [906240820] - C:\Users\Personnel\AppData\Local\Google
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Historique
[04/07/2019 16:48:17] - |D| - [51379] - C:\Users\Personnel\AppData\Local\HP
[24/10/2018 20:25:36] - |AH| - [113058] - C:\Users\Personnel\AppData\Local\IconCache.db
[05/06/2018 18:35:20] - |AH| - [57772] - C:\Users\Personnel\AppData\Local\IconCache.db.backup
[18/07/2019 14:07:29] - |D| - [813864] - C:\Users\Personnel\AppData\Local\mbam
[18/07/2019 14:06:17] - |D| - [235676] - C:\Users\Personnel\AppData\Local\mbamtray
[05/06/2018 16:38:28] - |D| - [886760264] - C:\Users\Personnel\AppData\Local\Microsoft
[24/06/2017 11:48:27] - |D| - [70882] - C:\Users\Personnel\AppData\Local\MicrosoftEdge
[22/06/2017 16:34:36] - |D| - [2412] - C:\Users\Personnel\AppData\Local\Mozilla
[09/12/2017 12:03:50] - |D| - [779617875] - C:\Users\Personnel\AppData\Local\Packages
[12/06/2018 16:20:40] - |D| - [0] - C:\Users\Personnel\AppData\Local\PlaceholderTileLogoFolder
[22/06/2017 16:30:41] - |D| - [0] - C:\Users\Personnel\AppData\Local\Programs
[22/06/2017 12:33:14] - |D| - [853060] - C:\Users\Personnel\AppData\Local\Publishers
[18/07/2019 22:48:43] - |A| - [17] - C:\Users\Personnel\AppData\Local\resmon.resmoncfg
[21/08/2017 14:20:55] - |D| - [351627] - C:\Users\Personnel\AppData\Local\SConnectHost
[24/06/2017 12:13:40] - |D| - [786659] - C:\Users\Personnel\AppData\Local\SConnectIE
[05/06/2018 18:34:46] - |D| - [940] - C:\Users\Personnel\AppData\Local\speech
[05/06/2018 16:38:28] - |D| - [7658742] - C:\Users\Personnel\AppData\Local\Temp
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Local\Temporary Internet Files
[22/06/2017 12:32:55] - |D| - [11888222] - C:\Users\Personnel\AppData\Local\TileDataLayer
[22/06/2017 12:32:57] - |D| - [91] - C:\Users\Personnel\AppData\Local\VirtualStore
[22/06/2017 16:33:23] - |D| - [41984] - C:\Users\Personnel\AppData\LocalLow\Adobe
[22/06/2017 12:33:38] - |SD| - [1524076] - C:\Users\Personnel\AppData\LocalLow\Microsoft
[22/06/2017 16:36:47] - |D| - [0] - C:\Users\Personnel\AppData\LocalLow\Mozilla
[21/08/2017 14:20:58] - |D| - [168245] - C:\Users\Personnel\AppData\LocalLow\SConnect
[12/07/2017 15:20:33] - |D| - [17261] - C:\Users\Personnel\AppData\LocalLow\Sun
[22/06/2017 12:32:58] - |D| - [50310] - C:\Users\Personnel\AppData\Roaming\Adobe
[01/11/2017 22:04:54] - |D| - [43881003590] - C:\Users\Personnel\AppData\Roaming\Apple Computer
[24/06/2017 12:29:08] - |D| - [7048841] - C:\Users\Personnel\AppData\Roaming\AVAST Software
[22/06/2017 16:39:32] - |D| - [73] - C:\Users\Personnel\AppData\Roaming\Bitdefender
[29/01/2019 13:45:47] - |D| - [1721] - C:\Users\Personnel\AppData\Roaming\Canneverbe Limited
[13/12/2018 18:29:26] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\Google
[04/07/2019 16:51:27] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\HpUpdate
[24/06/2017 12:13:06] - |D| - [506] - C:\Users\Personnel\AppData\Roaming\Macromedia
[16/01/2019 16:38:34] - |D| - [1566852] - C:\Users\Personnel\AppData\Roaming\MAGIX
[05/06/2018 16:38:28] - |SD| - [4148394] - C:\Users\Personnel\AppData\Roaming\Microsoft
[22/06/2017 16:36:27] - |D| - [19016566] - C:\Users\Personnel\AppData\Roaming\Mozilla
[16/01/2019 13:47:42] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\MPC-HC
[22/06/2017 16:57:52] - |D| - [12582532] - C:\Users\Personnel\AppData\Roaming\OpenOffice
[24/06/2017 14:50:23] - |D| - [1482] - C:\Users\Personnel\AppData\Roaming\PhotoFiltre 7
[22/06/2017 16:36:28] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\QuickScan
[22/06/2017 12:39:41] - |D| - [77] - C:\Users\Personnel\AppData\Roaming\Skype
[12/07/2017 15:20:28] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\Sun
[08/08/2017 10:05:21] - |D| - [0] - C:\Users\Personnel\AppData\Roaming\Yahoo
[22/06/2017 12:33:04] - |SH| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[05/06/2018 16:38:28] - |SHD| - [0] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[22/06/2017 12:32:27] - |RD| - [28141] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[05/06/2018 16:38:28] - |RD| - [3888] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[05/06/2018 16:38:28] - |RD| - [2929] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[22/06/2017 12:33:04] - |RD| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/06/2018 16:38:28] - |SH| - [264] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[10/04/2018 16:04:22] - |D| - [2183] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImageScan_V1.06.105d4
[05/06/2018 16:38:28] - |D| - [170] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[12/07/2019 14:06:53] - |A| - [2417] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[22/06/2017 16:34:29] - |D| - [4692] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[22/06/2017 12:33:04] - |RD| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[05/06/2018 16:38:28] - |RD| - [3496] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[05/06/2018 16:38:28] - |RD| - [7754] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[22/06/2017 12:33:04] - |SH| - [174] - C:\Users\Personnel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[22/06/2017 12:33:04] - |RHD| - [196] - C:\Users\Public\AccountPictures
[18/03/2017 23:03:29] - |HD| - [20014] - C:\Users\Public\Desktop
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Users\Public\desktop.ini
[18/03/2017 23:03:29] - |RD| - [1686] - C:\Users\Public\Documents
[18/03/2017 23:03:29] - |RD| - [174] - C:\Users\Public\Downloads
[12/04/2018 01:38:20] - |RHD| - [1135] - C:\Users\Public\Libraries
[18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Music
[18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Pictures
[18/03/2017 23:03:29] - |RD| - [380] - C:\Users\Public\Videos

---------- | C:\ProgramData

[22/06/2017 16:26:49] - |D| - [257962628] - C:\ProgramData\Adobe
[22/06/2017 16:29:40] - |A| - [47601] - C:\ProgramData\agent.1498141774.bdinstall.bin
[24/06/2017 12:39:15] - |A| - [29891] - C:\ProgramData\agent.uninstall.1498300753.bdinstall.bin
[22/06/2017 16:32:58] - |A| - [29984] - C:\ProgramData\agent.update.1498141970.bdinstall.bin
[01/11/2017 21:01:27] - |D| - [221689302] - C:\ProgramData\Apple
[01/11/2017 21:45:12] - |D| - [159712487] - C:\ProgramData\Apple Computer
[05/06/2018 17:09:19] - |SHD| - [0] - C:\ProgramData\Application Data
[24/06/2017 12:22:33] - |D| - [211354823] - C:\ProgramData\AVAST Software
[22/06/2017 16:42:29] - |D| - [0] - C:\ProgramData\BDLogging
[22/06/2017 16:34:05] - |D| - [94] - C:\ProgramData\Bitdefender
[22/06/2017 16:29:34] - |D| - [0] - C:\ProgramData\Bitdefender Agent
[22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Bureau
[29/01/2019 13:45:58] - |D| - [0] - C:\ProgramData\Canneverbe Limited
[22/06/2017 16:44:00] - |A| - [478494] - C:\ProgramData\cl.1498142019.bdinstall.bin
[24/06/2017 12:38:56] - |A| - [216058] - C:\ProgramData\cl.uninstall.1498300313.bdinstall.bin
[22/06/2017 15:22:00] - |D| - [1855193] - C:\ProgramData\Conexant
[05/06/2018 17:09:19] - |SHD| - [0] - C:\ProgramData\Documents
[23/06/2017 10:45:54] - |D| - [15708861] - C:\ProgramData\HP
[04/07/2019 16:51:52] - |D| - [639506] - C:\ProgramData\HP Photo Creations
[19/06/2019 17:18:51] - |D| - [1965070352] - C:\ProgramData\MAGIX
[18/07/2019 14:04:55] - |D| - [27500766] - C:\ProgramData\Malwarebytes
[22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Menu Démarrer
[12/04/2018 01:38:20] - |SD| - [870732414] - C:\ProgramData\Microsoft
[06/06/2018 11:30:38] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Modèles
[22/06/2017 15:20:49] - |D| - [9802] - C:\ProgramData\NVIDIA
[22/06/2017 15:19:49] - |D| - [3469265] - C:\ProgramData\NVIDIA Corporation
[12/07/2017 15:20:00] - |D| - [72304784] - C:\ProgramData\Oracle
[21/06/2018 11:20:34] - |D| - [147456] - C:\ProgramData\Packages
[12/04/2018 01:38:20] - |D| - [999] - C:\ProgramData\regid.1991-06.com.microsoft
[12/04/2018 01:38:20] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[12/04/2018 01:38:20] - |D| - [16314] - C:\ProgramData\USOPrivate
[05/06/2018 16:33:28] - |D| - [8724480] - C:\ProgramData\USOShared
[12/04/2018 18:23:20] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[22/06/2017 12:26:56] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[12/04/2018 01:38:20] - |RD| - [109205] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[22/06/2017 15:23:05] - |A| - [1961] - C:\ProgramData\Microsoft\Windows\Start Menu\SmartAudio.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[12/04/2018 01:38:20] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[12/04/2018 01:38:20] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[23/06/2017 15:35:35] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[22/06/2017 16:29:27] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[12/04/2018 01:38:20] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[01/11/2017 21:43:55] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[16/03/2019 18:23:10] - |A| - [2088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk
[28/05/2019 22:16:32] - |D| - [5066] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater
[04/04/2018 10:05:46] - |A| - [2496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
[29/07/2017 09:58:10] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[29/01/2019 13:45:47] - |A| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[22/06/2017 16:30:53] - |D| - [11353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[22/06/2017 15:23:05] - |D| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
[12/04/2018 01:38:24] - |SH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[23/06/2017 18:07:49] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[12/04/2018 01:35:21] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[24/10/2018 20:23:13] - |D| - [4073] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[12/07/2017 15:20:21] - |D| - [6890] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[19/06/2019 17:30:51] - |D| - [1399] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[12/04/2018 01:38:20] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[18/07/2019 14:05:03] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[16/01/2019 16:57:31] - |D| - [4171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseTips
[22/06/2017 16:32:28] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
[12/04/2018 01:38:20] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[12/04/2018 01:38:20] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[22/06/2017 16:37:06] - |A| - [2573] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visionneuse Microsoft PowerPoint .lnk
[05/06/2018 16:40:52] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[12/04/2018 01:38:24] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[22/06/2017 16:29:08] - |D| - [377399015] - C:\Program Files (x86)\Adobe
[24/10/2018 20:15:23] - |D| - [4057910] - C:\Program Files (x86)\Apple Software Update
[28/05/2019 22:16:32] - |D| - [30793215] - C:\Program Files (x86)\Avast Driver Updater
[04/04/2018 10:03:47] - |D| - [478311829] - C:\Program Files (x86)\AVAST Software
[24/10/2018 20:15:28] - |D| - [631713] - C:\Program Files (x86)\Bonjour
[29/01/2019 13:45:46] - |D| - [13649061] - C:\Program Files (x86)\CDBurnerXP
[22/06/2017 16:30:46] - |AD| - [34136824] - C:\Program Files (x86)\Combined Community Codec Pack
[12/04/2018 01:38:20] - |D| - [382409925] - C:\Program Files (x86)\Common Files
[12/04/2018 01:38:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[24/06/2017 11:52:59] - |D| - [156004] - C:\Program Files (x86)\Gemalto
[23/06/2017 18:05:28] - |D| - [482364086] - C:\Program Files (x86)\Google
[04/07/2019 16:50:39] - |D| - [487529] - C:\Program Files (x86)\HP
[04/07/2019 16:51:52] - |D| - [1263] - C:\Program Files (x86)\HP Photo Creations
[10/04/2018 16:04:22] - |D| - [26312118] - C:\Program Files (x86)\ImageScan_V1.06.105d4
[22/06/2017 15:17:40] - |D| - [6404080] - C:\Program Files (x86)\Intel
[12/04/2018 01:38:20] - |D| - [1996783] - C:\Program Files (x86)\Internet Explorer
[12/07/2017 15:19:52] - |D| - [533783250] - C:\Program Files (x86)\Java
[19/06/2019 17:18:51] - |D| - [614852241] - C:\Program Files (x86)\MAGIX
[22/06/2017 16:36:47] - |D| - [34205731] - C:\Program Files (x86)\Microsoft Office
[12/04/2018 01:38:20] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[22/06/2017 16:36:33] - |D| - [66546585] - C:\Program Files (x86)\MSECache
[19/06/2019 17:18:31] - |D| - [154033] - C:\Program Files (x86)\MSXML 4.0
[16/01/2019 16:57:31] - |D| - [2589633] - C:\Program Files (x86)\MuseTips
[22/06/2017 15:19:40] - |D| - [773952] - C:\Program Files (x86)\NVIDIA Corporation
[22/06/2017 16:31:45] - |AD| - [326647949] - C:\Program Files (x86)\OpenOffice 4
[22/06/2017 16:34:25] - |D| - [8329088] - C:\Program Files (x86)\PhotoFiltre 7
[09/12/2017 12:00:04] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[22/06/2017 15:26:05] - |D| - [846194] - C:\Program Files (x86)\VulkanRT
[12/04/2018 01:38:20] - |D| - [1780344] - C:\Program Files (x86)\Windows Defender
[12/04/2018 01:38:20] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[12/04/2018 18:19:21] - |D| - [3255239] - C:\Program Files (x86)\Windows Media Player
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7556440] - C:\Program Files (x86)\windows nt
[12/04/2018 01:38:20] - |D| - [5370120] - C:\Program Files (x86)\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [40328] - C:\Program Files (x86)\Windows Portable Devices
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[12/04/2018 01:38:20] - |D| - [2251159] - C:\Program Files (x86)\WindowsPowerShell
[08/08/2017 10:04:38] - |D| - [0] - C:\Program Files (x86)\Yahoo!

---------- | C:\Program Files

[24/06/2017 12:23:35] - |D| - [1379543924] - C:\Program Files\AVAST Software
[24/10/2018 20:15:28] - |D| - [615066] - C:\Program Files\Bonjour
[29/07/2017 09:58:04] - |AD| - [46602304] - C:\Program Files\CCleaner
[12/04/2018 01:38:20] - |D| - [222010186] - C:\Program Files\Common Files
[22/06/2017 15:21:59] - |D| - [127965525] - C:\Program Files\CONEXANT
[12/04/2018 01:38:23] - |ASH| - [174] - C:\Program Files\desktop.ini
[22/06/2017 15:18:08] - |D| - [78077945] - C:\Program Files\Elantech
[22/06/2017 12:26:56] - |SHD| - [0] - C:\Program Files\Fichiers communs
[04/07/2019 16:50:38] - |D| - [9507301] - C:\Program Files\HP
[22/06/2017 15:17:09] - |D| - [46181465] - C:\Program Files\Intel
[12/04/2018 01:38:20] - |D| - [2628602] - C:\Program Files\internet explorer
[24/10/2018 20:23:02] - |D| - [4266299] - C:\Program Files\iPod
[24/10/2018 20:21:08] - |D| - [396554287] - C:\Program Files\iTunes
[18/07/2019 14:04:55] - |D| - [170764668] - C:\Program Files\Malwarebytes
[22/06/2017 15:19:40] - |D| - [922801997] - C:\Program Files\NVIDIA Corporation
[19/11/2018 18:44:31] - |D| - [28153489] - C:\Program Files\rempl
[22/06/2017 12:21:18] - |HD| - [0] - C:\Program Files\Uninstall Information
[20/06/2019 13:22:32] - |D| - [5752922] - C:\Program Files\UNP
[12/04/2018 01:38:20] - |RD| - [19299507] - C:\Program Files\Windows Defender
[12/04/2018 01:38:20] - |D| - [635392] - C:\Program Files\Windows Mail
[12/04/2018 18:19:21] - |D| - [4784107] - C:\Program Files\Windows Media Player
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Multimedia Platform
[12/04/2018 01:38:20] - |D| - [7823192] - C:\Program Files\windows nt
[12/04/2018 01:38:20] - |D| - [6170376] - C:\Program Files\Windows Photo Viewer
[12/04/2018 01:38:20] - |D| - [46576] - C:\Program Files\Windows Portable Devices
[12/04/2018 01:38:20] - |D| - [106165] - C:\Program Files\Windows Security
[12/04/2018 01:38:20] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[12/04/2018 01:38:20] - |HD| - [3004847127] - C:\Program Files\WindowsApps
[12/04/2018 01:38:20] - |D| - [2501953] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[22/06/2017 16:29:08] - |AD| - [23594804] - C:\Program Files (x86)\Common Files\Adobe
[01/11/2017 21:01:27] - |D| - [146201825] - C:\Program Files (x86)\Common Files\Apple
[22/06/2017 15:17:03] - |D| - [68077283] - C:\Program Files (x86)\Common Files\Intel
[18/03/2019 12:06:35] - |D| - [1975280] - C:\Program Files (x86)\Common Files\Java
[19/06/2019 17:18:51] - |D| - [7909412] - C:\Program Files (x86)\Common Files\MAGIX Services
[12/04/2018 01:38:20] - |D| - [123725520] - C:\Program Files (x86)\Common Files\microsoft shared
[18/03/2019 12:06:00] - |D| - [1371344] - C:\Program Files (x86)\Common Files\Oracle
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[12/04/2018 01:38:20] - |D| - [9551755] - C:\Program Files (x86)\Common Files\system

---------- | C:\Program Files\Common files

[01/11/2017 21:42:57] - |D| - [168740638] - C:\Program Files\Common files\Apple
[22/06/2017 15:39:18] - |D| - [633] - C:\Program Files\Common files\Atheros
[09/12/2017 19:31:18] - |D| - [6271240] - C:\Program Files\Common files\Avast Software
[12/04/2018 01:38:20] - |D| - [36729490] - C:\Program Files\Common files\microsoft shared
[12/04/2018 01:38:20] - |D| - [2702] - C:\Program Files\Common files\Services
[12/04/2018 01:38:20] - |D| - [10265483] - C:\Program Files\Common files\system

---------- | Tasks

[MD5.367CF33343F709333696908C7348CCE3] - [28/05/2019 22:17:29] - |A| - [522] - C:\WINDOWS\Tasks\Avast Driver Updater Startup.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [05/06/2018 17:08:17] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.E74F16504225A55AAF9FD40B1ABB4B88] - [05/06/2018 17:08:16] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.00000000000000000000000000000000] - [24/10/2018 20:15:26] - |D| - [3510] - C:\WINDOWS\System32\Tasks\Apple
[MD5.DCBF10141928B987DC9CAD6B900F6E33] - [28/05/2019 22:17:29] - |A| - [3028] - C:\WINDOWS\System32\Tasks\Avast Driver Updater Startup         :   C:\Program Files (x86)\Avast Driver Updater\Avast Driver Updater.exe
[MD5.E08FD775B8EE72127E427D31B4528BE9] - [05/06/2018 17:08:16] - |A| - [4264] - C:\WINDOWS\System32\Tasks\Avast Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.B75C83EB6FF80491CAB4638A07778316] - [16/04/2019 23:07:17] - |A| - [3856] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)         :   C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
[MD5.B7F45D11A051E9ED91976F4E32AB6634] - [16/04/2019 23:07:17] - |A| - [3272] - C:\WINDOWS\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)         :   C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
[MD5.00000000000000000000000000000000] - [05/06/2018 17:08:16] - |D| - [4086] - C:\WINDOWS\System32\Tasks\Avast Software
[MD5.291EE5F1A16377B996EB8585ACFB9F3E] - [05/06/2018 17:08:16] - |A| - [3332] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.5C9FBD44B3E4B25955122C456E285F6A] - [05/06/2018 17:08:16] - |A| - [3556] - C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.FF3E7D11FB26A1683327B50BCF0B10A8] - [05/06/2018 17:08:16] - |A| - [4210] - C:\WINDOWS\System32\Tasks\CCleaner Update         :   C:\Program Files\CCleaner\CCUpdate.exe
[MD5.A3DAA20C3DC8E89E6E513417C43BCF5B] - [05/06/2018 17:08:16] - |A| - [2220] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.6CFEDB68FEA6FF5E29EEE6556F2A65EC] - [05/06/2018 17:08:16] - |A| - [3292] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.D314B5885C9ACF9CDDFD7EBDC42BEC71] - [05/06/2018 17:08:16] - |A| - [3516] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [542272] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.FF0B0A07B23FB1949D30C5A7D522665D] - [05/06/2018 17:08:17] - |A| - [3388] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3016070864-3641507875-3210199050-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.00000000000000000000000000000000] - [18/07/2019 12:38:23] - |D| - [3392] - C:\WINDOWS\System32\Tasks\S-1-5-21-3016070864-3641507875-3210199050-1001
[MD5.00000000000000000000000000000000] - [12/04/2018 01:38:21] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"{D60D558C-BF5A-4221-AE8D-8A9D7691DE04}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140|
"{B4C40AF6-79AD-4135-B2B0-F9A1421FCEBA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140|
"{A57279F1-3E81-4ED9-B7D5-42D031304B7A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140|
"{1B163A33-31B5-43C2-9B76-2A7AD12E57F1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-151|Desc=@ipnathlp.dll,-10149|EmbedCtxt=@ipnathlp.dll,-140|
"{33813907-5871-4844-B9C4-29B1FA731500}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-145|Desc=@ipnathlp.dll,-10144|EmbedCtxt=@ipnathlp.dll,-140|
"{C3702A0E-8FBA-4745-8C34-82BC44B6AE74}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={AED4FDC3-225B-45B3-86D1-05A75A349B33}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@ipnathlp.dll,-144|Desc=@ipnathlp.dll,-10143|EmbedCtxt=@ipnathlp.dll,-140|
"{A5C501F5-D5E2-4DE5-AAB1-EB64BF654C43}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{E9EC4D4C-EC83-44AC-A78E-8BF16E4C3E3E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{A59AD725-21ED-4816-A46A-1CA0E825F978}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
"{154933A6-17BB-4329-954F-1BF5EDBC817E}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|
"{03B746AD-4708-4716-B048-4C728190B359}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Win32WebViewHost|Desc=Win32WebViewHost|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1310292540-1029022339-4008023048-2190398717-53961996-4257829345-603366646|EmbedCtxt=Win32WebViewHost|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{283CAFF4-10AD-4998-8430-9DD84A348D3C}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"{48091DB9-4385-4B7B-9C7F-7599B3F7013F}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{7F6610E1-7BCD-4EC6-B778-9383494B7C7A}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe|Name=Apple Push Service|Edge=TRUE|
"{0204507A-72F1-470C-B451-02F01E90D373}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{6B49E7CA-6E5C-4974-B183-1436FCAFAC03}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{E03BE767-E540-44A5-A336-D1FACEFE6D16}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{ED007B3E-3E94-477F-A5AA-33049332742C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{C953D747-4F30-4664-9358-B1FFEAA9AE35}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{A6019013-BFC7-4C9D-9C84-92AE5C28ADE9}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|
"{81073A54-D7F4-4079-A77F-B0280A7D5E07}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|
"{29425DE9-C4AE-4507-8473-582DF7CEAB8B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Messenger|Desc=Messenger|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1345574982-3131358661-52681180-1453525950-1322691609-2529609693-64475048|EmbedCtxt=Messenger|Platform=2:6:2|Platform2=GTEQ|
"{50601D06-29CE-4380-96BD-24C2513DEC3B}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{D3069074-80F3-4F92-97B6-DE2C72E0E3BE}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{744AAB60-E527-4A8F-82BC-4AE248A9C5B5}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox gaming overlay|Desc=Xbox gaming overlay|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1714399563-1326177402-2048222277-143663168-2151391019-765408921-4098702777|EmbedCtxt=Xbox gaming overlay|Platform=2:6:2|Platform2=GTEQ|
"{EFEA74EC-1E12-4FA7-BB6C-E39D326EB098}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ|
"{168D8F66-4767-4909-B3B0-25A5D8F019F8}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{4DF54A63-5FDE-4564-AB5E-2DC38A5BB30E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{FD8EB264-6C79-422E-A999-19AB3CC611BF}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=Règle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser|
"{10C3C42B-2531-480D-9868-1CEE5E641893}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{F1A6A002-5D16-4CE0-837B-DADFBF7614E6}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{F1D3122A-8372-4E1A-95E5-C2ABD83602F4}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|
"{0E19D51F-EBE1-4104-B5C0-7522AA3BD60B}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{6DEE11A6-6896-4695-9E8C-5CEA5AD1720A}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ|
"{06BAD92B-D430-425A-BE91-E84322209F9E}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Keeper - Password Manager & Secure File Storage|Desc=Keeper - Password Manager & Secure File Storage|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1693445186-3345176799-2248129915-4000651515-812732840-1010160964-1868342332|EmbedCtxt=Keeper - Password Manager & Secure File Storage|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{BC7A2454-A569-4CAC-A434-74B9BB4276FB}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game Bar Plugin|Desc=Xbox Game Bar Plugin|LUOwn=S-1-5-21-3016070864-3641507875-3210199050-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game Bar Plugin|Platform=2:6:2|Platform2=GTEQ|
"{DCD66C4E-D710-4496-B195-8DEED07E02AD}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4532C9EB-FEF9-43AC-83DA-D5DE1F9A2BFF}] : (nvpciflt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem29.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[03/08/2016 07:08:04] - (2.1.0.1) - (Toshiba Client Solutions Co., Ltd. - TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - C:\WINDOWS\System32\drivers\TVALZ_O.SYS
[15/05/2017 12:44:08] - (21.21.13.7719) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 377.19) - C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
[15/05/2017 12:43:48] - (21.21.13.7719) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 377.19) - C:\WINDOWS\System32\DriverStore\FileRepository\nvtd.inf_amd64_c34aa07807f46c95\nvlddmkm.sys
[12/04/2018 01:33:45] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys
[12/04/2018 01:33:48] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[25/09/2015 19:58:06] - (15.7.8.23) - (ELAN Microelectronics Corp. - ELAN KMDF Driver) - C:\WINDOWS\system32\DRIVERS\ETD.sys
[26/09/2016 05:56:08] - (10.16.813.0) - (Toshiba Client Solutions Co., Ltd. - TOSHIBA Bluetooth ACPI Driver) - C:\WINDOWS\System32\drivers\tosrfec.sys
[28/05/2015 03:13:18] - (5.0.0.0) - (TOSHIBA - Generic IO & Memory Access) - C:\WINDOWS\System32\drivers\QIOMem.sys
[03/08/2016 00:30:16] - (9.2.0.1) - (Toshiba Client Solutions Co., Ltd. - Toshiba Hotkey Driver) - C:\WINDOWS\System32\drivers\Thotkey.sys
[20/03/2017 14:26:48] - (8.66.43.0) - (Conexant Systems Inc. - 64-bit High Definition Audio Function Driver) - C:\WINDOWS\system32\drivers\CHDRT64.sys
[27/07/2015 04:04:48] - (10.0.1.1) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - aswArDisk (aswArDisk) -> system32\drivers\aswArDisk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsh.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswElam (aswElam) -> system32\drivers\aswElam.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - nvpciflt () -> system32\DRIVERS\nvpciflt.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - TVALZ (@oem16.inf,%TVALZ.SvcDesc%;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) -> System32\drivers\TVALZ_O.SYS - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdriver.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswKbd (aswKbd) -> system32\drivers\aswKbd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SConnectHost] : (SConnect Host.-.Gemalto) -> C:\Users\Personnel\AppData\Local\SConnectHost\uninstall_sconnect.exe
[HKU\S-1-5-21-3016070864-3641507875-3210199050-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SConnectIE] : (SConnect IE.-.Gemalto) -> C:\Users\Personnel\AppData\Local\SConnectIE\uninstall_sconnect.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0CB84A7D-9697-4526-A819-60FB050E8F05}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{0CB84A7D-9697-4526-A819-60FB050E8F05}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{31A0B634-BCF4-4D3F-8336-87FEACFEE142}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3DB40A23-7291-441C-9402-EEE0AE5410BA}] : (GemPcCCID.-.Gemalto) -> MsiExec.exe /I{3DB40A23-7291-441C-9402-EEE0AE5410BA}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 377.19.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BAED9B72-BC74-4EF2-85AA-A77555F38972}] : (MAGIX Speed burnR (MSI).-.MAGIX AG) -> MsiExec.exe /I{BAED9B72-BC74-4EF2-85AA-A77555F38972}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7}] : (MAGIX Vidéo easy SOS Cassettes vidéo !.-.MAGIX AG) -> MsiExec.exe /I{FBDCB56E-2A25-4053-9E0C-C8E345DE0CA7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dropbox] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free MP3 Cutter and Editor_is1] : (Free MP3 Cutter and Editor 2.8.-.musetips.com) -> "C:\Program Files (x86)\MuseTips\Free MP3 Cutter and Editor\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ImageScan] : (ImageScan_V1.06.105d4.-.) -> C:\Program Files (x86)\ImageScan_V1.06.105d4\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180144F0}] : (Java 8 Update 144.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180144F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180191F0}] : (Java 8 Update 191.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180191F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180201F0}] : (Java 8 Update 201.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{38874054-65D0-45D0-9486-FBEFD42A2251}] : (MAGIX USB-Videowandler 2.-.Nom de votre société) -> MsiExec.exe /X{38874054-65D0-45D0-9486-FBEFD42A2251}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}] : (OpenOffice 4.1.3.-.Apache Software Foundation) -> MsiExec.exe /I{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{630C3D8E-2BEE-465F-9E59-BB069ED10761}] : (Avast Driver Updater.-.AVAST Software) -> MsiExec.exe /X{630C3D8E-2BEE-465F-9E59-BB069ED10761}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A30EA700-5515-48F0-88B0-9E99DC356B88}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{A30EA700-5515-48F0-88B0-9E99DC356B88}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824311644}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824311644}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\007AE03A51550F84880BE999CD53B688] : Apple Software Update -> C:\WINDOWS\Installer\{A30EA700-5515-48F0-88B0-9E99DC356B88}\Installer.ico
[HKCR\Installer\Products\1F764691F11C67F458B88521DA8CB349] : MSXML 4.0 SP3 Parser
[HKCR\Installer\Products\27B9DEAB47CB2FE458AA7A57553F9827] : MAGIX Speed burnR (MSI)
[HKCR\Installer\Products\32A04BD31927C1444920EE0EEA4501AB] : GemPcCCID
[HKCR\Installer\Products\436B0A134FCBF3D4386378EFCAEF1E24] : Apple Mobile Device Support -> C:\Windows\Installer\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}\Installer.ico
[HKCR\Installer\Products\450478830D560D544968BFFE4DA22215] : MAGIX USB-Videowandler 2 -> C:\WINDOWS\Installer\{38874054-65D0-45D0-9486-FBEFD42A2251}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110190F] : Java 8 Update 191 -> C:\Program Files (x86)\Java\jre1.8.0_191\\bin\javaws.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110440F] : Java 8 Update 144 -> C:\Program Files (x86)\Java\jre1.8.0_144\\bin\javaws.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238120100F] : Java 8 Update 201 -> C:\Program Files (x86)\Java\jre1.8.0_201\\bin\javaws.exe
[HKCR\Installer\Products\68AB67CA408033019195008142136144] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824311644}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A86BF41F88196304DAD00D45CBC92919] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\A9EC7A70131135B4BBD1B5F75379D07F] : iTunes -> C:\WINDOWS\Installer\{07A7CE9A-1131-4B53-BB1D-5B7F35970DF7}\Installer.ico
[HKCR\Installer\Products\AD9761E31805AA444B2CFBE87E1E700E] : OpenOffice 4.1.3 -> C:\Windows\Installer\{3E1679DA-5081-44AA-B4C2-BF8EE7E107E0}\soffice.ico
[HKCR\Installer\Products\C8F2F80333D922B4A8C69D1CD3EB8F6C] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}\WinInstall.ico
[HKCR\Installer\Products\D7A48BC0796962548A9106BF50E0F850] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{0CB84A7D-9697-4526-A819-60FB050E8F05}\WinInstall.ico
[HKCR\Installer\Products\E65BCDBF52A23504E9C08C3E54EDC07A] : MAGIX Vidéo easy SOS Cassettes vidéo !
[HKCR\Installer\Products\E8D3C036EEB2F564E995BB60E91D7016] : Avast Driver Updater -> C:\WINDOWS\Installer\{630C3D8E-2BEE-465F-9E59-BB069ED10761}\Icon.exe
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater

---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x19c8
Heure de début de l’application défaillante : 0x01d53e13d58a1583
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : b8633e7f-0f22-456e-a069-ff0faaddd005
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x16ec
Heure de début de l’application défaillante : 0x01d53e13d23a855e
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : e51e6f95-a828-46d3-8b84-4441a9f731a7
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x918
Heure de début de l’application défaillante : 0x01d53e13cebf73bc
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : d96f5058-8cb3-4a20-8e71-6b9ef341180c
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0xbf8
Heure de début de l’application défaillante : 0x01d53e13cb9f9dc6
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 5fa29a5b-5e1a-4707-9a0a-ada8bbedfa35
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5
Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000000e5b7
ID du processus défaillant : 0x758
Heure de début de l’application défaillante : 0x01d53e13c62fef2e
Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll
ID de rapport : 685b16a8-54e4-42fd-94e0-6319a3459497
Nom complet du package défaillant : Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe
ID de l’application relative au package défaillant : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x1338
Heure de début de l’application défaillante : 0x01d53e13c891ba63
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 5008d799-2819-4fd6-89b7-fa219684fb35
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5
Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000000e5b7
ID du processus défaillant : 0x1c04
Heure de début de l’application défaillante : 0x01d53e13c5439890
Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll
ID de rapport : dae35769-cb86-466a-90e3-67cf15da7488
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x5dc
Heure de début de l’application défaillante : 0x01d53e13c467170e
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 95678ea1-4904-46de-a8a4-cd6942dcb608
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x1bb8
Heure de début de l’application défaillante : 0x01d53dff6048b20d
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 9ebdfe76-dc0e-42c7-b527-86086864369d
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x1bac
Heure de début de l’application défaillante : 0x01d53dff5d7a5fc8
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : ca48599c-38b1-4ba4-b240-3a31dee72994
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x544
Heure de début de l’application défaillante : 0x01d53dff5a874526
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 91a37252-de57-4cac-a770-47d995a3f758
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0xfb4
Heure de début de l’application défaillante : 0x01d53dff58040521
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : ec973366-f4c5-47cb-95d5-4ac513b4276c
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x236c
Heure de début de l’application défaillante : 0x01d53dff55334c66
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : e4e51b71-6dfe-49ea-b2e1-a77ce8cfa53e
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x1820
Heure de début de l’application défaillante : 0x01d53dff523adc7d
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : fd28cab6-75a1-4b0a-8063-9e53f960f7cb
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x171c
Heure de début de l’application défaillante : 0x01d53dcf744224e6
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 0ad21556-550e-4351-977a-c8fb5472bd7c
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante ShellExperienceHost.exe, version : 10.0.17134.753, horodatage : 0x5cb9a3e6
Nom du module défaillant : twinapi.appcore.dll, version : 10.0.17134.137, horodatage : 0xb5d50228
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000009cad5
ID du processus défaillant : 0x5e4
Heure de début de l’application défaillante : 0x01d53dcb8cf7bbe7
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\twinapi.appcore.dll
ID de rapport : 945752ad-ee52-4e97-a1df-329e78c664f4
Nom complet du package défaillant : Microsoft.Windows.ShellExperienceHost_10.0.17134.112_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Impossible d’ajouter le couple de modifications codé en dur « http -> http » au moteur : Non implémenté. Le vérificateur d’orthographe reste disponible.
------------

Nom de l’application défaillante SearchUI.exe, version : 10.0.17134.885, horodatage : 0x5d1d8062
Nom du module défaillant : edgehtml.dll, version : 11.0.17134.885, horodatage : 0x63786079
Code d’exception : 0x80070005
Décalage d’erreur : 0x0000000000519949
ID du processus défaillant : 0x232c
Heure de début de l’application défaillante : 0x01d53dcbb4a0e122
Chemin d’accès de l’application défaillante : C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 5429afe2-41df-4c52-9eb0-c685f21c84a0
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------

Nom de l’application défaillante backgroundTaskHost.exe, version : 10.0.17134.1, horodatage : 0xcb43d9c5
Nom du module défaillant : biwinrt.dll, version : 10.0.17134.1, horodatage : 0x695175ab
Code d’exception : 0xc000027b
Décalage d’erreur : 0x000000000000e5b7
ID du processus défaillant : 0x3cc
Heure de début de l’application défaillante : 0x01d53dcba53c83a3
Chemin d’accès de l’application défaillante : C:\WINDOWS\system32\backgroundTaskHost.exe
Chemin d’accès du module défaillant: C:\Windows\System32\biwinrt.dll
ID de rapport : a82882a9-dde8-429e-a7a9-6200a7d6a42f
Nom complet du package défaillant : Microsoft.Windows.Cortana_1.10.8.17134_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : CortanaUI
------------


----------( EOF)---------- - 3987 | 11:45:15