--------------- QuickDiag | g3n-h@ckm@n | V5_14.10.19.2 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 18/10/2019 11:38:54

Updated 14/10/2019 | 16:45 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+00:00) Dublin, Édimbourg, Lisbonne, Londres
[Salah Eddine Tiar (Administrator)] - [SALAH-PC] (S-1-5-21-4207456607-1934371375-1503238163-1001)

System: Microsoft Windows 10 Professionnel - - (10.0.18362) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1903)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: 20F2S1DS00 - LENOVO - IdNumber: MP14Y5VN - UUID: 19F8744C-314D-11B2-A85C-EBF831865DD8
Processor : X64 - 2496 Mhz - Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz
N1HET86W (v1.50) - en-US - LENOVO - S/N: MP14Y5VN - N1HET86W (1.50) - LENOVO - 0
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0293&SUBSYS_17AA222C&REV_1000\4&7AED7AB&0&0001
Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&7AED7AB&0&0201

---------- | Video

Intel(R) HD Graphics 520 - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igdumdim64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igd10iumd64.dll,C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igd12umd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_1916&SUBSYS_222C17AA&REV_07\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 520 - DriverVersion: 26.20.100.6913 - SpecificationVersion: 1025

---------- | Codecs

C:\WINDOWS\system32\MSYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSG711.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 26056 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\IMAADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 36920 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSVIDC32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 39424 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSADP32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34808 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\TSBYUV.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\MSRLE32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\IYUV_32.DLL - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
C:\WINDOWS\system32\L3CODECA.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 92672 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
C:\WINDOWS\system32\MSGSM32.ACM - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42600 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:25 %
CPU #2 value:6 %
CPU #3 value:12 %
CPU #4 value:6 %
Total Overall CPU Usage value:12 %

---------- | Memory

RAM = Total (MB) : 8160 | Free (MB) : 4371
Pagefile = Total (MB) : 9471 | Free (MB) : 5577
Virtual = Total (MB) : 4194 | Free (MB) : 3901


---------- | SID Users

Administrateur : [S-1-5-21-4207456607-1934371375-1503238163-500]
DefaultAccount : [S-1-5-21-4207456607-1934371375-1503238163-503]
Invité : [S-1-5-21-4207456607-1934371375-1503238163-501]
Salah Eddine Tiar : [S-1-5-21-4207456607-1934371375-1503238163-1001]
WDAGUtilityAccount : [S-1-5-21-4207456607-1934371375-1503238163-504]
Administrateurs : [S-1-5-32-544]
Administrateurs Hyper-V : [S-1-5-32-578]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
Propriétaires d'appareils : [S-1-5-32-583]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | Drives

C:\ -> [Fixed] | [] | Total : 237.13 Go | Free : 91.83 Go -> NTFS (SSD) [SATA]
E:\ -> [Fixed] | [Life 1] | Total : 931.51 Go | Free : 213.78 Go -> NTFS [USB]
G:\ -> [Fixed] | [0557-000-370] | Total : 931.51 Go | Free : 253.07 Go -> NTFS [USB]

Disk Usage Information [3 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:251,465 bytes/sec Max Read:0 bytes/sec, Max Write:251,465 bytes/sec 
Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:251,465 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_MZ7TY256HDHP-000\4&13C26CE&0&000000
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SEAGATE&PROD_FREEAGENT_GOFLEX&REV_SA17\NA0CMZLJ&0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_TOSHIBA&PROD_MQ01ABD100&REV_AX10\1410210011223899&0

---------- | Windows updates - Activation - License


W.A.T : :)

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated

Volume License


---------- | Browsers

GC : 77.0.3865.120     (Copyright 2019 Google LLC.)

---------- | FlashPlayer

FlashPlayer ActiveX : 32.0.0.255

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

424 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.18362.329) = C:\Windows\System32\smss.exe     [17/09/2019 23:13:09]    CPU Usage:0 %
592 | [Owner : Système | Parent : 508() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe     [19/03/2019 05:44:35]    CPU Usage:0 %
676 | [Owner : Système | Parent : 508() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.18362.387) = C:\Windows\System32\wininit.exe     [14/10/2019 23:07:18]    CPU Usage:0 %
684 | [Owner : Système | Parent : 668() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.18362.1) = C:\Windows\System32\csrss.exe     [19/03/2019 05:44:35]    CPU Usage:0 %
748 | [Owner : Système | Parent : 676(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.18362.387) = C:\Windows\System32\services.exe     [14/10/2019 23:07:20]    CPU Usage:0 %
756 | [Owner : Système | Parent : 676(wininit.exe) | 23.4 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.18362.1) = C:\Windows\System32\lsass.exe     [19/03/2019 05:44:36]    CPU Usage:0 %
872 | [Owner : Système | Parent : 748(services.exe) | 4.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
904 | [Owner : Système | Parent : 748(services.exe) | 27.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
920 | [Owner : UMFD-0 | Parent : 676(wininit.exe) | 3.6 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe     [17/09/2019 23:13:09]    CPU Usage:0 %
964 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 5.62 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.18362.1) = C:\Windows\System32\WUDFHost.exe     [19/03/2019 05:44:53]    CPU Usage:0 %
76 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 15.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
528 | [Owner : Système | Parent : 748(services.exe) | 8.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1036 | [Owner : Système | Parent : 668() | 11.28 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.18362.356) = C:\Windows\System32\winlogon.exe     [17/09/2019 23:13:09]    CPU Usage:0 %
1092 | [Owner : UMFD-1 | Parent : 1036(winlogon.exe) | 7.49 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.18362.356) = C:\Windows\System32\fontdrvhost.exe     [17/09/2019 23:13:09]    CPU Usage:0 %
1164 | [Owner : DWM-1 | Parent : 1036(winlogon.exe) | 63.06 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.18362.387) = C:\Windows\System32\dwm.exe     [14/10/2019 23:07:15]    CPU Usage:2 %
1252 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 13.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1260 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1268 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1376 | [Owner : Système | Parent : 748(services.exe) | 10.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1448 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 12.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1476 | [Owner : Système | Parent : 748(services.exe) | 16.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1488 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 21.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1600 | [Owner : Système | Parent : 748(services.exe) | 13.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1620 | [Owner : Système | Parent : 748(services.exe) | 8.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1728 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1752 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1804 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1892 | [Owner : Système | Parent : 748(services.exe) | 9.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1908 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2068 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.82 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.18362.1) = C:\Windows\System32\WUDFHost.exe     [19/03/2019 05:44:53]    CPU Usage:0 %
2104 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 12.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2132 | [Owner : Système | Parent : 748(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2140 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2168 | [Owner : Système | Parent : 748(services.exe) | 7.76 Mo] - (.Lenovo. - Lenovo Power Management Service.) - (1.67.16.20) = C:\Windows\System32\ibmpmsvc.exe     [12/04/2019 12:28:29]    CPU Usage:0 %
2192 | [Owner : Système | Parent : 748(services.exe) | 8.69 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2200 | [Owner : Système | Parent : 748(services.exe) | 17.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2356 | [Owner : Système | Parent : 748(services.exe) | 13.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2368 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2376 | [Owner : Système | Parent : 748(services.exe) | 5.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2564 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 8.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2612 | [Owner : Système | Parent : 748(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2640 | [Owner : SERVICE LOCAL | Parent : 2132(svchost.exe) | 5 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.18362.1) = C:\Windows\System32\dasHost.exe     [19/03/2019 05:44:18]    CPU Usage:0 %
2712 | [Owner : Système | Parent : 748(services.exe) | 8.14 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.100.6913) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxCUIService.exe     [14/08/2019 18:59:15]    CPU Usage:0 %
2780 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2788 | [Owner : Système | Parent : 748(services.exe) | 7.85 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2796 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 8.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3020 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 18.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2844 | [Owner : Système | Parent : 748(services.exe) | 7.18 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.89) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe     [11/10/2019 23:31:17]    CPU Usage:0 %
3128 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3272 | [Owner : Système | Parent : 748(services.exe) | 13.45 Mo] - (.Arcai.com - Arp Intelligent Protection Service.) - (1.0.0.1) = C:\Program Files (x86)\arcai.com\aips.exe     [02/11/2018 22:10:21]    CPU Usage:0 %
3300 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 6.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3308 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 10.17 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3416 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3484 | [Owner : Système | Parent : 748(services.exe) | 20.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3572 | [Owner : Système | Parent : 748(services.exe) | 12.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3636 | [Owner : Système | Parent : 748(services.exe) | 15.3 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.387) = C:\Windows\System32\spoolsv.exe     [14/10/2019 23:07:00]    CPU Usage:0 %
3660 | [Owner : Système | Parent : 3484(svchost.exe) | 13.46 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (10.0.18362.1) = C:\Windows\System32\wlanext.exe     [19/03/2019 05:43:55]    CPU Usage:0 %
3672 | [Owner : Système | Parent : 3660(wlanext.exe) | 10.31 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe     [19/03/2019 05:44:30]    CPU Usage:0 %
3712 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 19.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3760 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 8.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3884 | [Owner : Système | Parent : 748(services.exe) | 6.89 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.16.6751) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [14/12/2015 08:48:02]    CPU Usage:0 %
3892 | [Owner : Système | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
3904 | [Owner : Système | Parent : 748(services.exe) | 8.36 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe     [11/05/2018 12:50:52]    CPU Usage:0 %
3912 | [Owner : Système | Parent : 748(services.exe) | 12.08 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (5.0.0.950) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe     [11/05/2018 12:50:54]    CPU Usage:0 %
3924 | [Owner : Système | Parent : 748(services.exe) | 5.48 Mo] - (.ALPSALPINE CO., LTD. - HidMonit.exe.) - (8.1.0.28) = C:\Program Files\Apoint2K\HidMonitorSvc.exe     [12/04/2019 12:32:19]    CPU Usage:0 %
3944 | [Owner : Système | Parent : 748(services.exe) | 6.84 Mo] - (.Intel Corporation - Intel HD Graphics Drivers for Windows(R).) - (25.20.100.6913) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\IntelCpHDCPSvc.exe     [14/08/2019 18:59:17]    CPU Usage:0 %
3952 | [Owner : Système | Parent : 748(services.exe) | 50.37 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11001.20073) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe     [09/11/2018 00:51:25]    CPU Usage:0 %
3976 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 12.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4020 | [Owner : Système | Parent : 748(services.exe) | 31.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4056 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 22.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4084 | [Owner : Système | Parent : 748(services.exe) | 16.96 Mo] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (21.30.2.0) = C:\Program Files\Intel\WiFi\bin\EvtEng.exe     [24/06/2019 19:39:22]    CPU Usage:0 %
3184 | [Owner : Système | Parent : 748(services.exe) | 4.47 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (20.60.0.4) = C:\Windows\System32\ibtsiva.exe     [10/05/2018 21:37:52]    CPU Usage:0 %
2740 | [Owner : Système | Parent : 748(services.exe) | 61.58 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
3872 | [Owner : Système | Parent : 748(services.exe) | 20.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4124 | [Owner : Système | Parent : 748(services.exe) | 3.92 Mo] - (.BayHubTech/O2Micro International - O2 Flash Memory Service.) - (1.0.0.3) = C:\Windows\System32\drivers\o2flash.exe     [03/11/2018 14:18:45]    CPU Usage:0 %
4136 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 9.54 Mo] - (.Lenovo Group Limited - Lenovo EasyResume Program.) - (10.0.1.0) = C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe     [12/02/2019 19:13:00]    CPU Usage:0 %
4172 | [Owner : Système | Parent : 748(services.exe) | 8.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4192 | [Owner : Système | Parent : 748(services.exe) | 8.94 Mo] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (21.30.2.0) = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe     [24/06/2019 19:39:04]    CPU Usage:0 %
4200 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 6.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4228 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 8.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4280 | [Owner : Système | Parent : 748(services.exe) | 5.61 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4300 | [Owner : Système | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1909.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MsMpEng.exe     [02/10/2019 01:41:03]    CPU Usage:10 %
4328 | [Owner : Système | Parent : 748(services.exe) | 24.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4352 | [Owner : Système | Parent : 748(services.exe) | 16.78 Mo] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Service.) - (21.30.2.0) = C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe     [24/06/2019 19:39:48]    CPU Usage:0 %
4460 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 5.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4496 | [Owner : Système | Parent : 748(services.exe) | 13.51 Mo] - (.Lenovo Group Limited - ThinkPad Message Client Loader.) - (9.1.0.0) = C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_e845ba1c40f55909\driver\tphkload.exe     [14/08/2019 18:58:12]    CPU Usage:0 %
4504 | [Owner : Système | Parent : 748(services.exe) | 38.31 Mo] - (.Lenovo Group Ltd. - LenovoVantageService.) - (2.5.47.0) = C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe     [12/10/2019 15:02:15]    CPU Usage:0 %
4512 | [Owner : Système | Parent : 748(services.exe) | 12.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4760 | [Owner : Système | Parent : 748(services.exe) | 6.32 Mo] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.1.1.1117) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\IntelCpHeciSvc.exe     [14/08/2019 18:59:17]    CPU Usage:0 %
4788 | [Owner : Système | Parent : 748(services.exe) | 13.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
5596 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 7.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
5688 | [Owner : Système | Parent : 904(svchost.exe) | 7.16 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.18362.1) = C:\Windows\System32\wbem\unsecapp.exe     [19/03/2019 05:43:54]    CPU Usage:0 %
5860 | [Owner : Système | Parent : 904(svchost.exe) | 12.69 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe     [19/03/2019 05:44:00]    CPU Usage:0 %
6056 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1228 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.18.1909.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\NisSrv.exe     [02/10/2019 01:41:03]    CPU Usage:0 %
6436 | [Owner : Système | Parent : 3272(aips.exe) | 14.38 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\arcai.com\netcut_windows.exe     [02/11/2018 22:10:21]    CPU Usage:0 %
6444 | [Owner : Système | Parent : 6436(netcut_windows.exe) | 12.45 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe     [19/03/2019 05:44:30]    CPU Usage:0 %
6496 | [Owner : SERVICE LOCAL | Parent : 3416(svchost.exe) | 7.36 Mo] - (.Microsoft Corporation - HTTP Auto Proxy Detection Worker Process.) - (10.0.18362.387) = C:\Windows\System32\pacjsworker.exe     [14/10/2019 23:07:18]    CPU Usage:0 %
6264 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 23.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
6240 | [Owner : Système | Parent : 748(services.exe) | 43.85 Mo] - (.Dolby Laboratories, Inc. - DolbyDAX2API.) - (0.8.8.88) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe     [21/01/2019 21:03:50]    CPU Usage:0 %
5776 | [Owner : Système | Parent : 5796() | 0.43 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.35.301) = C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe     [02/10/2019 17:52:33]    CPU Usage:0 %
5680 | [Owner : Système | Parent : 5796() | 0.38 Mo] - (.Google LLC - Google Crash Handler.) - (1.3.35.301) = C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe     [02/10/2019 17:52:33]    CPU Usage:0 %
696 | [Owner : Système | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe     [19/03/2019 05:45:32]    CPU Usage:0 %
5252 | [Owner : Système | Parent : 748(services.exe) | 16.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1932 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2544 | [Owner : Système | Parent : 748(services.exe) | 45.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
2176 | [Owner : Système | Parent : 748(services.exe) | 44.31 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.329) = C:\Windows\System32\SearchIndexer.exe     [17/09/2019 23:12:59]    CPU Usage:0 %
6680 | [Owner : SERVICE RÉSEAU | Parent : 904(svchost.exe) | 31.81 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\System32\wbem\WmiPrvSE.exe     [19/03/2019 05:44:00]    CPU Usage:0 %
2836 | [Owner : Système | Parent : 2844(RtkAudioService64.exe) | 14.16 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [11/10/2019 23:31:14]    CPU Usage:0 %
3736 | [Owner : Salah Eddine Tiar | Parent : 1892(svchost.exe) | 24.12 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe     [19/03/2019 05:44:12]    CPU Usage:0 %
3984 | [Owner : Salah Eddine Tiar | Parent : 748(services.exe) | 21.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4076 | [Owner : Salah Eddine Tiar | Parent : 748(services.exe) | 8.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4220 | [Owner : Salah Eddine Tiar | Parent : 4496(tphkload.exe) | 9.5 Mo] - (.Lenovo Group Limited - NumLock on screen display for ThinkPad.) - (2.2.1.0) = C:\Windows\System32\DriverStore\FileRepository\FN8DAD~1.INF\driver\tpnumlkd.exe     [14/08/2019 18:58:12]    CPU Usage:0 %
4268 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 18.93 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9135) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe     [17/09/2019 23:02:59]    CPU Usage:0 %
4416 | [Owner : Salah Eddine Tiar | Parent : 748(services.exe) | 34.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4568 | [Owner : Salah Eddine Tiar | Parent : 4496(tphkload.exe) | 14.64 Mo] - (.Lenovo Group Limited - On screen display drawer.) - (8.9.0.0) = C:\Windows\System32\DriverStore\FileRepository\FN8DAD~1.INF\driver\tposd.exe     [14/08/2019 18:58:12]    CPU Usage:0 %
1396 | [Owner : Salah Eddine Tiar | Parent : 1476(svchost.exe) | 18.97 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe     [14/10/2019 23:07:16]    CPU Usage:0 %
1372 | [Owner : Système | Parent : 4496(tphkload.exe) | 10.21 Mo] - (.Lenovo Group Limited - ThinkPad Message Receiver for Shortcut Hot Keys.) - (3.7.5.0) = C:\Windows\System32\DriverStore\FileRepository\FN8DAD~1.INF\driver\shtctky.exe     [14/08/2019 18:58:12]    CPU Usage:0 %
6852 | [Owner : Système | Parent : 748(services.exe) | 13.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
6924 | [Owner : Système | Parent : 748(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4620 | [Owner : Salah Eddine Tiar | Parent : 6924(svchost.exe) | 15.69 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1940 | [Owner : Salah Eddine Tiar | Parent : 3924(HidMonitorSvc.exe) | 14.45 Mo] - (.ALPSALPINE CO., LTD. - AlpsAlpine Pointing-device Driver.) - (8.1.1601.161) = C:\Program Files\Apoint2K\Apoint.exe     [12/04/2019 12:32:19]    CPU Usage:0 %
5788 | [Owner : Système | Parent : 748(services.exe) | 10.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
5908 | [Owner : Salah Eddine Tiar | Parent : 2712(igfxCUIService.exe) | 27.48 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.100.6913) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxEM.exe     [14/08/2019 18:59:15]    CPU Usage:0 %
7300 | [Owner : Salah Eddine Tiar | Parent : 7260() | 184.7 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.387) = C:\Windows\explorer.exe     [14/10/2019 23:07:02]    CPU Usage:2 %
7584 | [Owner : Salah Eddine Tiar | Parent : 748(services.exe) | 32.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
7688 | [Owner : Système | Parent : 748(services.exe) | 6.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
7844 | [Owner : Salah Eddine Tiar | Parent : 1940(Apoint.exe) | 5.42 Mo] - (.ALPSALPINE CO., LTD. - ApMsgFwd.) - (8.1.1600.22) = C:\Program Files\Apoint2K\ApMsgFwd.exe     [12/04/2019 12:32:19]    CPU Usage:0 %
8116 | [Owner : Salah Eddine Tiar | Parent : 8024() | 6.82 Mo] - (.ALPSALPINE CO., LTD. - AlpsAlpine Pointing-device Driver for Windows.) - (8.1.1601.33) = C:\Program Files\Apoint2K\ApntEx.exe     [12/04/2019 12:32:19]    CPU Usage:0 %
8148 | [Owner : Salah Eddine Tiar | Parent : 8116(ApntEx.exe) | 12.41 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe     [19/03/2019 05:44:30]    CPU Usage:0 %
7600 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 72.49 Mo] - (.-.) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe     [17/09/2019 23:13:02]    CPU Usage:0 %
2504 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 25.1 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe     [19/03/2019 05:44:06]    CPU Usage:0 %
8296 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 117.92 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.18362.387) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [14/10/2019 23:07:23]    CPU Usage:0 %
8436 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 18.05 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe     [19/03/2019 05:44:06]    CPU Usage:0 %
8684 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 20.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
8772 | [Owner : Salah Eddine Tiar | Parent : 1476(svchost.exe) | 3.63 Mo] - (.Lenovo - Lenovo Power Manager Host.) - (10.0.88.0) = C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe     [12/02/2019 19:13:06]    CPU Usage:0 %
8948 | [Owner : Système | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
9196 | [Owner : Système | Parent : 748(services.exe) | 15.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
7908 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 17.93 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe     [19/03/2019 05:44:06]    CPU Usage:0 %
2256 | [Owner : Salah Eddine Tiar | Parent : 7300(explorer.exe) | 263.52 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
8040 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 57.14 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
9280 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 206.9 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
9504 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 120.86 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
5712 | [Owner : Salah Eddine Tiar | Parent : 7300(explorer.exe) | 8.32 Mo] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.18362.1) = C:\Windows\System32\SecurityHealthSystray.exe     [19/03/2019 05:44:23]    CPU Usage:0 %
4580 | [Owner : Système | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe     [17/09/2019 23:13:09]    CPU Usage:0 %
10688 | [Owner : Salah Eddine Tiar | Parent : 7300(explorer.exe) | 30.38 Mo] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.35.5.2) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe     [20/09/2019 20:47:06]    CPU Usage:2 %
10764 | [Owner : Salah Eddine Tiar | Parent : 10688(IDMan.exe) | 9.57 Mo] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.22.1.1) = C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe     [20/09/2019 20:47:06]    CPU Usage:0 %
10828 | [Owner : Salah Eddine Tiar | Parent : 2740(Lenovo.Modern.ImController.exe) | 42.34 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
10900 | [Owner : Salah Eddine Tiar | Parent : 2740(Lenovo.Modern.ImController.exe) | 88 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
11116 | [Owner : Salah Eddine Tiar | Parent : 1476(svchost.exe) | 1.07 Mo] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.18362.1) = C:\Windows\System32\LocationNotificationWindows.exe     [19/03/2019 05:45:45]    CPU Usage:0 %
10480 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 167.04 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
10540 | [Owner : Salah Eddine Tiar | Parent : 1476(svchost.exe) | 2.44 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [11/10/2019 23:31:14]    CPU Usage:0 %
8856 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 173.72 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
10968 | [Owner : Salah Eddine Tiar | Parent : 10488() | 3.33 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1129) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe     [11/10/2019 23:31:14]    CPU Usage:0 %
7412 | [Owner : Système | Parent : 748(services.exe) | 5.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
11364 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 113.23 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
12168 | [Owner : Salah Eddine Tiar | Parent : 2256(firefox.exe) | 132.9 Mo] - (.Mozilla Corporation - Firefox.) - (69.0.3.7221) = C:\Program Files\Mozilla Firefox\firefox.exe     [10/10/2019 22:29:02]    CPU Usage:0 %
6740 | [Owner : Système | Parent : 748(services.exe) | 13.37 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
11784 | [Owner : Salah Eddine Tiar | Parent : 748(services.exe) | 13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
7320 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 35.4 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe     [19/03/2019 05:44:23]    CPU Usage:0 %
12160 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 2.09 Mo] - (.-.) - (10.19072.1201.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe     [12/10/2019 14:42:53]    CPU Usage:0 %
9024 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 9.63 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe     [19/03/2019 05:44:06]    CPU Usage:0 %
10924 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 2.54 Mo] - (.Microsoft Corporation - Paramètres.) - (10.0.18362.387) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe     [14/10/2019 23:08:00]    CPU Usage:0 %
4048 | [Owner : Système | Parent : 748(services.exe) | 12.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
6168 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 4.69 Mo] - (.Microsoft Corporation - Store.) - (11910.1001.4.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe     [12/10/2019 16:50:37]    CPU Usage:0 %
7696 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 22.88 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe     [19/03/2019 05:44:06]    CPU Usage:0 %
9068 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | 14.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
4276 | [Owner : Système | Parent : 748(services.exe) | 27.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
12004 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 2.87 Mo] - (.-.) - (10.1908.0.0) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1908.0.0_x64__8wekyb3d8bbwe\Calculator.exe     [12/10/2019 15:00:17]    CPU Usage:0 %
10076 | [Owner : Salah Eddine Tiar | Parent : 2740(Lenovo.Modern.ImController.exe) | 48.74 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
1200 | [Owner : Salah Eddine Tiar | Parent : 2740(Lenovo.Modern.ImController.exe) | 40.98 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
9012 | [Owner : Système | Parent : 2740(Lenovo.Modern.ImController.exe) | 48.56 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
11492 | [Owner : Système | Parent : 2740(Lenovo.Modern.ImController.exe) | 62.82 Mo] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe     [07/11/2018 00:02:11]    CPU Usage:0 %
4980 | [Owner : SERVICE RÉSEAU | Parent : 700() | 7.9 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.18.1909.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MpCmdRun.exe     [02/10/2019 01:41:03]    CPU Usage:0 %
8864 | [Owner : Système | Parent : 4300(MsMpEng.exe) | 10.1 Mo] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.18.1909.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MpCmdRun.exe     [02/10/2019 01:41:03]    CPU Usage:0 %
11904 | [Owner : Système | Parent : 8864(MpCmdRun.exe) | 12.93 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe     [19/03/2019 05:44:30]    CPU Usage:0 %
1320 | [Owner : SERVICE RÉSEAU | Parent : 748(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
10088 | [Owner : Système | Parent : 748(services.exe) | 7.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
6396 | [Owner : Système | Parent : 748(services.exe) | 10.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
12912 | [Owner : SERVICE LOCAL | Parent : 748(services.exe) | 7.11 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe     [19/03/2019 05:44:33]    CPU Usage:0 %
1884 | [Owner : SERVICE LOCAL | Parent : 3020(svchost.exe) | 16.34 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.18362.387) = C:\Windows\System32\audiodg.exe     [14/10/2019 23:06:59]    CPU Usage:0 %
8564 | [Owner : Salah Eddine Tiar | Parent : 904(svchost.exe) | 47.59 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.18362.329) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe     [17/09/2019 23:13:04]    CPU Usage:0 %
12984 | [Owner : Salah Eddine Tiar | Parent : 7300(explorer.exe) | 63.25 Mo] - (.SosVirus - QuickDiag.) - (14.10.19.2) = C:\Users\Salah Eddine Tiar\Desktop\QuickDiag.exe     [18/10/2019 11:37:08]    CPU Usage:0 %
4936 | [Owner : SERVICE RÉSEAU | Parent : 904(svchost.exe) | 10 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.18362.1) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [19/03/2019 05:45:12]    CPU Usage:0 %

---------- | Locked Applications


---------- | Policy Restrictions


---------- | Explorer.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll
(.www.startisback.com.-.OldNewExplorer shell enhancements.) - (1.1.8.5) -- C:\Users\Salah Eddine Tiar\Downloads\Compressed\oldnewexplorer_1-1-8-2_fr_434245\OldNewExplorer64.dll
(.Lenovo Group Ltd..-.Lenovo Vantage - Battery Gauge.) - (1.0.117.43) -- C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\VirtualMonitorManager.dll
(..-..) - (0.0.0.0) -- C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX64.dll
(.Tonec Inc..-.Internet Download Manager module.) - (6.32.12.24) -- C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
(.Tonec Inc..-.Internet Download Manager Network Monitor.) - (6.35.5.187) -- C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.DLL
(..-..) - (16.0.11001.20033) -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1036\GrooveIntlResource.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (26.20.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igd10iumd64.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (26.20.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igdgmm64.dll
(.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (26.20.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igc64.dll
(.ALPSALPINE CO., LTD..-.AlpsAlpine Pointing-device Driver.) - (8.1.1601.164) -- C:\Program Files\Apoint2K\Apoint.DLL
(.ALPSALPINE CO., LTD..-.Vxdif.) - (8.1.1601.45) -- C:\WINDOWS\SYSTEM32\Vxdif.dll
(.www.startisback.com.-.StartIsBack++ brains and soul.) - (5.6.2.2703) -- C:\Program Files (x86)\StartIsBack\StartIsBack64.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellExperiences\TileControl.dll
(..-..) - (0.0.0.0) -- C:\Windows\ShellComponents\TaskFlowUI.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.100.6913) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fa6e911eb18d4baa\igfxDI.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (19.0.0.0) -- C:\Program Files\7-Zip\7-zip.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.79) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Florian Heidenreich.-.Shell Extension Mp3tag - the universal Tag editor.) - (2.84.4.0) -- C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
(.Adobe Systems Inc..-.Adobe Acrobat Context Menu.) - (15.7.20033.2203) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll
(.Adobe Systems Inc..-.Adobe Acrobat Context Menu.) - (15.7.20033.2203) -- C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\fr_fr\Acrobat Elements\ContextMenuShim64.fra
(.VS Revo Group.-.Revo Uninstaller Pro Extension.) - (1.0.0.5) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll

---------- | Winlogon.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll

---------- | svchost.exe Modules (Microsoft Files Whitelisted)

(..-..) - (0.0.0.0) -- C:\WINDOWS\System32\UMPDC.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.25.3.0) -- c:\windows\system32\winsqlite3.dll
(..-..) - (0.0.0.0) -- C:\Windows\System32\usocoreps.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
IDMan - (C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\...\Run]) - User: SALAH-PC\Salah Eddine Tiar
SecurityHealth - (%windir%\system32\SecurityHealthSystray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"IDMan"=0x020000000000000000000000   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Adobe PDF,winspool,Ne02:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%windir%\system32\SecurityHealthSystray.exe   
"AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x060000000000000000000000   
"AdobeAAMUpdater-1.0"=0x020000000000000000000000   
"AdobeGCInvoker-1.0"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D582DBB8D95BCA   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
AdobeGCInvoker-1.0-SALAH-PC-Salah Eddine Tiar
ASUS Live Update1
ASUS Live Update2
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Lenovo Power Management Driver PnP Task
OneDrive Standalone Update Task-S-1-5-21-4207456607-1934371375-1503238163-1001
RtHDVBg_Dolby
RTKCPL

---------- | Startings up registry ¦ Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=DeviceInstall
UsoSvc
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=2000   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=2   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [01/11/2018 22:34:23]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaCfgFlagsDefault"=0   
"LsaPid"=756   
"ProductType"=6   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SecureBoot"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"GlobalFlag2"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=150   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"InstanceID"=543755f8-d29b-43e8-9830-d08c585   
"GlassSessionId"=1   


---------- | .LNK with Arguments

C:\Users\Salah Eddine Tiar\Desktop\AdsFix_Donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/paypalme2/genhackman) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretTimeout"=5000   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"WallPaper"=C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows Photo Viewer\Papier peint de la Visionneuse de photos Windows.jpg   [21/09/2019 15:38:17]
"WallpaperStyle"=10   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E1E078012000000   
"MaxVirtualDesktopDimension"=1366   
"MaxMonitorDimension"=1366   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100F6D000005605000078020000319AC8348A70D50143003A005C00550073006500720073005C00530061006C0061006800200045006400640069006E006500200054006900610072005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073002000500068006F0074006F0020005600690065007700650072005C0050006100700069006500720020007000650069006E00740020006400650020006C006100200056006900730069006F006E006E0065007500730065002000640065002000700068006F0074006F0073002000570069006E0064006F00770073002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=2000   
"HungAppTimeout"=2000   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"EdgeDesktopShortcutCreated"=1   
"ShellState"=0x240000003520000000000000000000000000000001000000130000000000000022000000   
"ShowFrequent"=0   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"SlowContextMenuEntries"=0x0CE25163FA35E34B98FB4CABF1363E121D0300006078A409B011A54DAFA526D86198A780F6060000D15C59A677BF0A43A45218696685F7C7651100005D54A9A2C2A0B4429708A0B2BADD77C9B90300005D54A9A2C2A0B4429708A0B2BADD77C8B9030000   
"TelemetrySalt"=6   
"GlobalAssocChangedCounter"=177   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"PostAppInstallTasksCompleted"=1   
"link"=0x16000000   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=0   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=0   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=0   
"StoreAppsOnTaskbar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"LaunchTo"=1   
"Start_TrackDocs"=1   
"Start_TrackProgs"=1   
"StartMenuInit"=13   
"TaskbarStateLastRun"=0x3F60A65D00000000   
"ReindexedProfile"=1   
"TaskbarGlomLevel"=2   
"Start_SearchPrograms"=1   
"Start_PowerButtonAction"=2   
"TaskbarSizeMove"=0   
"ShowEncryptCompressedColor"=1   
"PersistBrowsers"=1   
"NavPaneShowAllFolders"=0   
"NavPaneExpandToCurrentFolder"=0   
"ShowPreviewHandlers"=0   
"SharingWizardOn"=0   
"ShowTaskViewButton"=1   
"ShellViewReentered"=1   
"ShowCortanaButton"=0   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x09000000200000001F0000001E0000001D0000001C0000001B000000000000001A00000019000000180000001700000016000000150000001400000013000000120000000B00000010000000110000000F0000000E0000000D000000040000000C0000000A00000008000000070000000600000005000000030000000200000001000000FFFFFFFF   
"1"=0x6100720072006900620061000000   
"2"=0x6200720075006900730065000000   
"3"=0x6B006D0073000000   
"5"=0x72006F00620065007200740020006D0069006C00650073000000   
"6"=0x6F0072006900670069000000   
"7"=0x2A002E007700650062006D000000   
"8"=0x34003A0034003A0034003A000000   
"10"=0x70006F00730065000000   
"12"=0x6C006500670065006E006400610072000000   
"4"=0x67006C006F00620061006C000000   
"13"=0x730074006100740069006F006E000000   
"14"=0x6700740073000000   
"15"=0x2A006D00700034000000   
"17"=0x6B0069006E006400610069006300680069000000   
"16"=0x6E0061006B0061006D007500720061000000   
"11"=0x670061006C0061006300740069000000   
"18"=0x7300650063007200650074000000   
"19"=0x70006F006B0065006D006F006E000000   
"20"=0x63006100760065000000   
"21"=0x4B00410052002D003200330031000000   
"22"=0x700061007200650069006C000000   
"23"=0x720065006D0069000000   
"24"=0x640065006D006F006E000000   
"25"=0x6C0061006200790072000000   
"26"=0x6A0065007300730065000000   
"0"=0x2A002E006D00700034000000   
"27"=0x62006C006F0077000000   
"28"=0x7300750063006B000000   
"29"=0x61007200610062000000   
"30"=0x69006F006200690074000000   
"31"=0x640061006E00690065006C000000   
"32"=0x6D0075006E006900630068000000   
"9"=0x2A002E006100760069000000   

[HKLM\Software\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=0   

[HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"SmartScreenEnabled"=Off   
"GlobalAssocChangedCounter"=9   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=0   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"authenticodeenabled"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"GlobalAssocChangedCounter"=6   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"PUUActive"=0xCC727E61020003003E00D900831B07009F7408009F740800D2000000020011004ED1510AF0572600916E1300DD180400872303008FF50000000000000000000001D30900039400007605000000000000478B503A9E85D501841B0700A175200063450000F3640700BA4700007A190000BDEFC90000000000   
"BuildNumber"=18362   
"FirstLogon"=0   
"DP"=0xD200E8004C0003003F000000CC727E610CC00A0000000000478B503A9E85D501349962969C85D501000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F8051010000F100805122E810D122E9100D730080A143040CA143052DFB0000C0C8027400C862740190610000995040589951607869B300C00352104043521040E481008028484040394840411FFB008000D5110018D59110E0F500C08C0862208C187A21581601800E1108000E110B12F91A0000005D0400205DAC058D1701C06A4092046A5BB705   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=167187627733   
"ShutdownFlags"=2147483815   
"Userinit"=C:\Windows\system32\userinit.exe,   
"AutoRestartShell"=1   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-4207456607-1934371375-1503238163-1001   
"LastUsedUsername"=Salah Eddine Tiar   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   
"AutoRestartShell"=1   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"AppUserModelID"=Microsoft.Windows.Explorer   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"AppUserModelID"=Microsoft.Windows.Explorer   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"=


---------- | AppcompatFlags

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files (x86)\InstallShield Installation Information\{D8102684-7BA1-4948-88B9-535F84E6E588}\setup.exe"=33
"C:\Program Files (x86)\Lenovo\Thinkpad USB Ethernet Adapter Driver\RTINSTALLER64.EXE"=1

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000B8720900F32E0A0001000000000000000000010600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000100000000000000000000000000000003F941603000000000B0100000B010000
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"=0x5341435001000000000000000700000028000000B87E1C00AC041D0001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D5D5B00B000000009800000098000000
"C:\Program Files (x86)\StartIsBack\StartIsBackCfg.exe"=0x534143500100000000000000070000002800000000E82200768F230001000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000053500000000000000400000004000000
"C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x5341435001000000000000000700000028000000F0BD0C00390E0D0001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F40E0000000000000100000001000000
"C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000B83D1E000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000005000000000000000000000000000000000000000000000000000000062C7000400000000100200006D010000000000000000004000000000000000000000000000000000A6F80700000000000300000000000000
"C:\Program Files\Apoint2K\ApProperties.exe"=0x534143500100000000000000070000002800000060B6020003C6020001000000000000000000000A73220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000FD240000000000000200000002000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000585E2A005F612A0001000000000000000000000A00210000BFA2139DEDD1D301000000000000000002000000280000000000000000000000000000000000000000000000000000007C850000000000000100000001000000
"C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x5341435001000000000000000700000028000000001435000000000001000000000000000000000A61200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FBA23700000000008400000084000000
"SIGN.MEDIA=1D1300 HiSuiteDownLoader.exe"=0x5341435001000000000000000700000028000000C8DA1D009C1D1E0001000000000000000000000A71220000BFA2139DEDD1D3010000000000000000
"C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe"=0x5341435001000000000000000700000028000000C8510C0060F00C0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000AAA6B40200000000C400000004000000000000000000004000000000000000000000000000000000F68EE002000000002000000000000000
"C:\Program Files\TechSmith\Camtasia 9\CamtasiaStudio.exe"=0x5341435001000000000000000700000028000000380207006CB8070001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000A88335010000000071000000570000000000000000000040000000000000000000000000000000006B820400000000000100000000000000
"C:\Program Files (x86)\FormatFactory\FormatFactory.exe"=0x534143500100000000000000070000002800000060C7430036AD440001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000B840F00200000000B8000000B8000000
"C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090E31600E5CC170001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000041CD3500000000002900000029000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000206B7001B22E710101000000000000000000000A00210000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000094F3A901000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x534143500100000000000000070000002800000028011E0036071E0001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Program Files\Lenovo\HOTKEY\micmutes.exe"=0x5341435001000000000000000700000028000000006D0100F537020001000000000000000000000A73200000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000D03B0000000000000200000002000000
"C:\Program Files\TAP-Windows\Uninstall.exe"=0x5341435001000000000000000700000028000000634701005C9604000100000000000000000001060001000067077CBAC54CD401000000000000000002000000500000000000000000000040000000000000000000000000000000009C0D0000000000000200000002000000000000000000000000000000000000000000000000000000E10C0000000000000200000000000000
"C:\Program Files (x86)\OpenVPN\Uninstall.exe"=0x5341435001000000000000000700000028000000D2D00100EE6F1B000100000000000000000001060001000067077CBAC54CD401000000000000000002000000500000000000000000000040000000000000000000000000000000002A470000000000000200000002000000000000000000000000000000000000000000000000000000101A0000000000000100000000000000
"C:\Users\Salah Eddine Tiar\Downloads\Compressed\oldnewexplorer_1-1-8-2_fr_434245\OldNewExplorerCfg.exe"=0x5341435001000000000000000700000028000000006609000000000001000000000000000000000A71220000BFA2139DEDD1D301000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000000000000000000000000000000000C9500000000000002000000010000000000000000000040000000000000000000000000000000003F7D0000000000000600000000000000
"C:\Program Files (x86)\Mp3tag\Mp3tag.exe"=0x534143500100000000000000070000002800000078DA7A008CB77B0001000000000000000000000A0021000067077CBAC54CD4010000000000000000020000002800000000000000000000000000000000000000000000000000000059CC0000000000000400000004000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x534143500100000000000000070000002800000050D41C001DF51C0001000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000180F9D02AFDB9D0201000000000000000000000A00210000BFA2139DEDD1D3010000000100000000
"C:\ProgramData\KMSAutoS\bin\KMSSS.exe"=0x534143500100000000000000070000002800000000980400785C050001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000090100000000000001000000010000000000000000000000000000000000000000000000000000009D000000000000000100000000000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe"=0x5341435001000000000000000700000028000000187B6B010FB86B0101000000000000000000000A71200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000100000000000000000000000000000000008450000000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconv.exe"=0x534143500100000000000000070000002800000020B194005021950001000000000000000000000A71220000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000EA000000000000000100000001000000
"C:\Users\Salah Eddine Tiar\Desktop\bzr\Retro\Mesen_0.9.6\Mesen.exe"=0x5341435001000000000000000700000028000000008897000000000001000000000000000000000A00210000BFA2139DEDD1D30100000000000000000200000028000000000000000000000000000000000000000000000000000000F2651300000000000500000005000000
"SIGN.MEDIA=31CAFB Launcher.exe"=0x5341435001000000000000000700000028000000009001000000000001000000000000000000020671000000BFA2139DEDD1D30100000000000000000200000028000000000000008000000000100000000000000000000000000000FAF40100000000000300000003000000
"SIGN.MEDIA=31CAFB InstallDotNetWin8.exe"=0x5341435001000000000000000700000028000000085300007620010001000000000000000000020675220000BFA2139DEDD1D30100000000000000000200000050000000000000000000004000000000000000000000000000000000480100000000000001000000010000000000000000000000000000000000000000000000000000007A030000000000000200000000000000
"SIGN.MEDIA=31CAFB Ez-DicomCDViewer-9x.exe"=0x5341435001000000000000000700000028000000F2303D000000000001000000000000000000010571000000BFA2139DEDD1D30100000000000000000200000050000000000000000000000000140000000000000000000000000000F18C3400000000000200000001000000000000000000004000000000000000000000000000000000C0020000000000000200000000000000
"SIGN.MEDIA=31CAFB Ez-DicomCDViewer.exe"=0x53414350010000000000000007000000280000003FC945000000000001000000000000000000020671200000BFA2139DEDD1D3010000000000000000020000005000000000000000000000400000000000000000000000000000000081290000000000000100000001000000000000000000000000100000000000000000000000000000F0260000000000000100000000000000
"SIGN.MEDIA=31CAFB EzDicomCDViewer.exe"=0x5341435001000000000000000700000028000000700E1601ADD3160101000000000000000000000A71220000BFA2139DEDD1D3010000000000000000020000002800000000000000000000000000000000000000000000000000000047160000000000000100000001000000
"C:\Program Files (x86)\Demonstar by www.mavioyun.org\ds.exe"=0x534143500100000000000000070000002800000000A006000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000005000000000000000000000401000000000000000000000000000000058C52A00000000000F0000000E000000000000000000000000000000000000000000000000000000B4D51600000000000100000000000000
"C:\Program Files (x86)\DemonStarSM1\ds.exe"=0x5341435001000000000000000700000028000000006007000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000002800000000000000000000400000000000000000000000000000000054B50700000000000200000002000000
"C:\DemonStarSM2\ds.exe"=0x534143500100000000000000070000002800000000E006000000000001000000000000000000010571200000BFA2139DEDD1D3010000000000000000020000005000000000000000000000400000000000000000000000000000000021D4120000000000010000000100000000000000000000000000000000000000000000000000000010E21100000000000100000000000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x534143500100000000000000070000002800000020C5CB012EB1CC0101000000000000000000000A0021000067077CBAC54CD4010000009100000000
"C:\Program Files\Apoint2K\ApMsgFwd.exe"=0x534143500100000000000000070000002800000018610100A3D5010001000000000000000000000A73220000631F6E6F0EDED40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000B8C8F506000000003500000035000000
"C:\Users\Salah Eddine Tiar\Desktop\Salah\Back to the Emulation futur\PSP (New)\PPSSPPWindows64.exe"=0x53414350010000000000000007000000280000000008E4000000000001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000651C790000000000C7000000C7000000
"C:\Users\Salah Eddine Tiar\Documents\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe"=0x5341435001000000000000000700000028000000F8766A0064B46A0001000000000000000000000A75220000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000000B371B00000000000300000003000000
"C:\Users\Salah Eddine Tiar\Desktop\Salah\Back to the Emulation futur\PSP (New)\PPSSPPWindows.exe"=0x53414350010000000000000007000000280000000022BC000000000001000000000000000000000A7122000067077CBAC54CD4010000000000000000020000002800000000000000000000001000000000000000000000000000000001A01200000000000300000003000000
"C:\Users\Salah Eddine Tiar\Desktop\Salah\Back to the Emulation futur\Mame (avec Savestates (FBA))\fba64.exe"=0x53414350010000000000000007000000280000000060DD010000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000006A20800000000000200000002000000
"C:\Users\Salah Eddine Tiar\AppData\Local\Video Thumbnails Maker\VideoThumbnailsMaker.exe"=0x5341435001000000000000000700000028000000008E36000000000001000000000000000000000A71220000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000000387A100000000000B0000000B000000
"C:\Program Files\Lenovo\HOTKEY\kbdmgrc.exe"=0x5341435001000000000000000700000028000000B80A06007981060001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000061020000000000008500000085000000
"C:\Program Files\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C80A0F00C3970F0001000000000000000000000600010000631F6E6F0EDED401000000000000000002000000280000000000000000000000100000000000000000000000000000004F445506000000001A0200001A020000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000209A5A0143F55A0101000000000000000000000A0021000067077CBAC54CD401000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000200000002000000
"C:\Users\Salah Eddine Tiar\AppData\Local\WhatsApp\Update.exe"=0x5341435001000000000000000700000028000000B0612200367C220001000000000000000000000A0021000067077CBAC54CD40100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E5010000000000000100000001000000
"C:\Program Files (x86)\Betternet\Betternet.exe"=0x534143500100000000000000070000002800000000061600CB06160001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E6FE1F04000000001E0000001E000000
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"=0x534143500100000000000000070000002800000010095A000B9A5A0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000B26F00000000000006000000050000000000000000000040000000000000000000000000000000001A5F1000000000000100000000000000
"C:\Program Files\7-Zip\7zFM.exe"=0x5341435001000000000000000700000028000000003E0D000000000001000000000000000000000A00210000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000001AE41300000000006800000068000000
"C:\Users\Salah Eddine Tiar\Desktop\CCleaner Professional Plus 5.61 [FileCR]\CCleanerBundle-561-Setup.exe"=0x534143500100000000000000070000002800000000E5BA01FC71BB0101000000000000000000010600010000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000061960400000000000200000002000000
"C:\Users\Salah Eddine Tiar\Desktop\Malwarebytes Anti-Malware Premium 3.7.1.2839 - Repack elchupacabra [4REALTORRENTZ.COM]\Malwarebytes Anti-Malware 3.7.1.2839.exe"=0x5341435001000000000000000700000028000000CE0CD0030000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000044B80000000000000100000001000000
"C:\Program Files (x86)\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000305C83000655840001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000050000000000000000000000000000000000000000000000000000000BD4A050000000000020000000200000000000000000000400000000000000000000000000000000069230600000000000100000000000000
"C:\Program Files (x86)\Malwarebytes\Anti-Malware\MbamPt.exe"=0x5341435001000000000000000700000028000000001800000000000001000000000000000000000A73220000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000010000000000000000100000001000000
"H:\MAME\mamepuiXT_x86.exe"=0x534143500100000000000000070000002800000000AAD70360C6D70301000000000000000000010671200000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000021310A00000000000200000002000000
"C:\Users\Salah Eddine Tiar\Desktop\Salah\Back to the Emulation futur\Neo Geo\neoragex.exe"=0x534143500100000000000000070000002800000000F404000000000001000000000000000000010561200000631F6E6F0EDED40100000000000000000200000050000000000000000080002000000040000000000000000000000000D5B12C0000000000210000002100000000000000000000000000004000000000000000000000000023D3160000000000010000000000000006000000080000000000004000000000
"C:\Users\Salah Eddine Tiar\Desktop\fightcade-win32-v042.2\FightCade\FightCade.exe"=0x5341435001000000000000000700000028000000F2D5BF000000000001000000000000000000020671000000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000079241F00000000000100000001000000
"C:\Users\Salah Eddine Tiar\Desktop\Salah\Back to the Emulation futur\FightCade\FightCade.exe"=0x5341435001000000000000000700000028000000F2D5BF000000000001000000000000000000020671000000631F6E6F0EDED401000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000001002000000000000000000000000004E0D2100000000000600000001000000000000000000004000000000000000000000000000000000946F1000000000000100000000000000
"C:\Users\Salah Eddine Tiar\AppData\Local\Microsoft\OneDrive\19.152.0801.0009\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000789C05007343060001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Program Files\Cave Story FR\nx.exe"=0x5341435001000000000000000700000028000000009A0B000000000001000000000000000000000A73220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000C5591B00000000000100000001000000
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe"=0x534143500100000000000000070000002800000038F60200F2F8020003000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000013EF2100000000000100000001000000
"C:\Program Files\Mozilla Firefox\firefox.exe"=0x534143500100000000000000070000002800000020CA0800DD1C090001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe"=0x534143500100000000000000070000002800000038703E002A7D3E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000D8E2DB01000000000200000002000000
"C:\Program Files\WhoCrashed\WhoCrashedEx.exe"=0x5341435001000000000000000700000028000000F02992009C7A920001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000F8C40600000000000100000001000000
"C:\Users\Salah Eddine Tiar\AppData\Local\Packages\E046963F.LenovoCompanion_k1h2ywk1493x8\Dependency\8271bf1f-0dd8-46e3-8842-dbe687247ea8\VantageDependency.exe"=0x5341435001000000000000000700000028000000B846CF01EE95CF0101000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000063210000000000000100000001000000
"C:\Users\Salah Eddine Tiar\AppData\Local\Microsoft\OneDrive\19.152.0927.0012\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000809C05005ADD050001000000000000000000000A00210000631F6E6F0EDED4010000000100000000
"C:\Users\Salah Eddine Tiar\Desktop\Malwarebytes PREMIUM 3.7.1.2839-Repack  [Win FR]\Malwarebytes Anti-Malware 3.7.1.2839.exe"=0x5341435001000000000000000700000028000000CE0CD0030000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000400000000000000000000000000000000031940000000000000100000001000000
"C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\MEGAsync.exe"=0x5341435001000000000000000700000028000000F8D2C500E3EBC50001000000000000000000000A71200000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000AA5C1300000000000100000001000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000F0DB1900F3301A0001000000000000000000000A00210000631F6E6F0EDED4010000000000000000
"C:\Users\Salah Eddine Tiar\AppData\Local\WhatsApp\WhatsApp.exe"=0x5341435001000000000000000700000028000000B03B0A00D2300B0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000005F0B3700000000000100000001000000
"C:\Windows\SysWOW64\explorer.exe"=0x5341435001000000000000000700000028000000987C3C00F91B3D0001000000010000000000000A61220000631F6E6F0EDED4010000000000000000
"C:\Users\Salah Eddine Tiar\Downloads\Programs\AdsFix.exe"=0x534143500100000000000000070000002800000098115E0057855E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E44A0000000000000100000001000000
"C:\Users\Salah Eddine Tiar\Desktop\AdsFix.exe"=0x534143500100000000000000070000002800000098115E0057855E0001000000000000000000000A00210000631F6E6F0EDED40100000000000000000200000028000000000000000000004000000000000000000000000000000000E2B85F00000000000500000005000000
"C:\Users\Salah Eddine Tiar\Downloads\Programs\mb3-setup-consumer-3.8.3.2965-1.0.629-1.0.12941.exe"=0x534143500100000000000000070000002800000010E1FB03A4ECFB0301000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000042000900000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000C83E86008740860001000000000000000000000A71220000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000C9BB0100000000000100000001000000
"C:\Users\Salah Eddine Tiar\Desktop\bzr\cavestory\Doukutsu.exe"=0x534143500100000000000000070000002800000000E016000000000001000000000000000000010571000000631F6E6F0EDED4010000000000000000020000005000000000000000008000200000000000000000000000000000000049D40300000000000100000001000000000000000000000000000040000000000000000000000000FE290000000000000100000000000000
"C:\Users\Salah Eddine Tiar\Desktop\bzr\cavestory\DoConfig.exe"=0x5341435001000000000000000700000028000000008001000000000001000000000000000000010571000000631F6E6F0EDED40100000000000000000200000028000000000000000000000000000000000000000000000000000000FF070000000000000100000001000000
"C:\Users\Salah Eddine Tiar\Downloads\JDownloader2_Clean_Installer.exe"=0x5341435001000000000000000700000028000000D82A01001747010001000000000000000000020671000000631F6E6F0EDED401000000000000000002000000280000000000000000080040000000000000000000000000000000008DD20B00000000000500000005000000
"C:\Users\Salah Eddine Tiar\Downloads\Compressed\orbox-c-free\Orbox-C_free.exe"=0x534143500100000000000000070000002800000000FE0100B90F010001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000000000000000000000000000000000000003D290B00000000000100000001000000
"C:\Users\Salah Eddine Tiar\Desktop\bzr\JDownloader2_Clean_Installer.exe"=0x5341435001000000000000000700000028000000D82A01001747010001000000000000000000020671000000631F6E6F0EDED4010000000000000000
"C:\Users\Salah Eddine Tiar\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000980F4F00932E4F0001000000000000000000000A00210000631F6E6F0EDED401000000000000000002000000280000000000000000000040000000000000000000000000000000006D2F0000000000000100000001000000


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{02522b48-e062-11e8-84f4-e4a7a030ea9d}] : "E:\HiSuiteDownLoader.exe"      (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=132132335235677255

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"DisableAntiSpyware"=0
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallTime"=0x46ADB8CE2872D401
"InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\
"OOBEInstallTime"=0xA67788FDA86DD501
"ProductStatus"=0
"ManagedDefenderProductType"=0
"BackupLocation"=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1908.7-0
"DisableAntiVirus"=0
"LastEnabledTime"=0xE45970FAA082D501

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CBDHSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinQuic]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

127.0.0.1 activation.cloud.techsmith.com
127.0.0.1 oscount.techsmith.com
127.0.0.1 65.52.240.48
127.0.0.1 69.167.144.18
127.0.0.1 157.56.8.159
127.0.0.1 69.167.144.15
127.0.0.1 updater.techsmith.com
127.0.0.1 camtasiatudi.techsmith.com
127.0.0.1 tsccloud.cloudapp.net
[55] More lines

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.19.142] avec 32 octets de donn?es?:
R?ponse de 172.217.19.142?: octets=32 temps=33 ms TTL=52
R?ponse de 172.217.19.142?: octets=32 temps=33 ms TTL=52
R?ponse de 172.217.19.142?: octets=32 temps=33 ms TTL=52
R?ponse de 172.217.19.142?: octets=32 temps=32 ms TTL=52

Statistiques Ping pour 172.217.19.142:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 32ms, Maximum = 33ms, Moyenne = 32ms

---------- | @

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\WINDOWS\System32\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=https://www.google.com/
"ImageStoreRandomFolder"=mjr1x8p

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0x6103E9F12872D401
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"LockDatabase"=132132336657892683
"EnableHttp1_1"=1
"ProxyHttp1.1"=1
"ProxyOverride"=*.local
"AutoConfigProxy"=wininet.dll
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"=0


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts


[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apk]
"Progid"=
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf]
"Progid"=JDownloader2 2
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dlc]
"Progid"=JDownloader2
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jdc]
"Progid"=JDownloader2 1
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.metalink]
"Progid"=JDownloader2 4
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsdf]
"Progid"=JDownloader2 3







---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX64.dll   [23/09/2019 20:10:57]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX64.dll   [23/09/2019 20:10:57]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX64.dll   [23/09/2019 20:10:57]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\			IDM Shell Extension] - {CDC95B92-E27C-4745-A8C5-64A52A78855D} --  C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll   [20/09/2019 20:47:05]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [09/11/2018 02:08:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [09/11/2018 02:08:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [09/11/2018 02:08:17]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [19/03/2019 05:44:47]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Pending)] - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX32.dll   [23/09/2019 20:10:53]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Synced)] - {05B38830-F4E9-4329-978B-1DD28605D202} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX32.dll   [23/09/2019 20:10:53]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 MEGA (Syncing)] - {0596C850-7BDD-4C9D-AFDF-873BE6890637} --  C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync\ShellExtX32.dll   [23/09/2019 20:10:53]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7] - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL   [09/11/2018 02:32:38]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL   [09/11/2018 02:32:38]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL   [09/11/2018 02:32:38]

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []

---------- | SearchScopes

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}] - (Ad-Aware SecureSearch) - http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10438__181102&q={searchTerms} : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [20/09/2019 20:47:05]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] -> () : C:\Users\Salah Eddine Tiar\Downloads\Compressed\oldnewexplorer_1-1-8-2_fr_434245\OldNewExplorer32.dll  [13/11/2018 20:37:56]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll  [09/11/2018 02:32:50]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL  [09/11/2018 02:32:38]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] -> (IDM integration (IDMIEHlprObj Class)) : C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll  [20/09/2019 20:47:05]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27DD0F8B-3E0E-4ADC-A78A-66047E71ADC5}] -> () : C:\Users\Salah Eddine Tiar\Downloads\Compressed\oldnewexplorer_1-1-8-2_fr_434245\OldNewExplorer32.dll  [13/11/2018 20:37:56]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll  [09/11/2018 02:32:50]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL  [09/11/2018 02:32:38]

---------- | Chrome

C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Salah Eddine Tiar\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\mozilla\Firefox\Extensions]
"mozilla_cc3@internetdownloadmanager.com"=C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8] - (VLC Multimedia Plugin) : C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Acrobat] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


C:\Users\Salah Eddine Tiar\AppData\Roaming\Mozilla\Firefox\Profiles\69apg4wp.default-1565961066503\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20191009172106");
user_pref("browser.startup.homepage_override.mstone", "69.0.3");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.lastModified", "Wed, 16 Oct 2019 14:24:08 GMT");
user_pref("extensions.blocklist.pingCountTotal", 58);
user_pref("extensions.blocklist.pingCountVersion", 9);
user_pref("extensions.databaseSchema", 31);
user_pref("extensions.etp_search_volume_study.channel_cohort_prefix", "c");
user_pref("extensions.getAddons.cache.lastUpdate", 1571354191);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppBuildId", "20191009172106");
user_pref("extensions.lastAppVersion", "69.0.3");
user_pref("extensions.lastPlatformVersion", "69.0.3");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.privatebrowsing.notification", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{4739c973-77bf-41ce-8106-303a58ceb896}\",\"addons\":{\"doh-rollout@mozilla.org\":{\"version\":\"1.0.0\"}}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.doh-rollout@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-93WyvpgvxzGATw@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-OY8Xu5BsKZQa6A@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.mozilla_cc3@internetdownloadmanager.com", true);
user_pref("extensions.webextensions.uuids", "{\"formautofill@mozilla.org\":\"fc395e19-8108-4d58-a43f-33c2f723c480\",\"fxmonitor@mozilla.org\":\"234bf507-0be3-4829-86eb-18c709514a2e\",\"screenshots@mozilla.org\":\"2a18312a-8eb0-40d7-816b-ed08838396cb\",\"webcompat-reporter@mozilla.org\":\"f2fde14e-425b-4fb5-a4e4-7bdeec2ce45e\",\"webcompat@mozilla.org\":\"90162a55-5bc5-408c-8c80-09cb1edbd684\",\"mozilla_cc3@internetdownloadmanager.com\":\"cf6d7c26-adbb-4af2-aead-82544e78ed42\",\"default-theme@mozilla.org\":\"d4673e21-9569-439f-a29a-b3d129439a99\",\"google@search.mozilla.org\":\"b7bfa18a-f065-4039-941f-5101ef699b44\",\"bing@search.mozilla.org\":\"cda0f38a-d215-4fdc-9f02-022855b4412b\",\"amazon@search.mozilla.org\":\"4b45b94c-596c-432b-8b68-ca3f7544428d\",\"ddg@search.mozilla.org\":\"316bcce8-7b64-4352-b9e1-c2c0e7b8d535\",\"ebay@search.mozilla.org\":\"922e55fb-9306-41fd-be9e-40cf8dcfdb1a\",\"qwant@search.mozilla.org\":\"4f00d824-d841-4df7-b8fd-2a47f7a0fed3\",\"wikipedia@search.mozilla.org\":\"57c5a4ac-a759-41e3-9887-3acde6e99c16\",\"jid1-OY8Xu5BsKZQa6A@jetpack\":\"e1d731c3-174b-4812-81e2-75885cc704dc\",\"jid1-93WyvpgvxzGATw@jetpack\":\"c46c84df-e5bf-4635-96df-d21710a0265f\",\"doh-rollout@mozilla.org\":\"61288332-9aea-46c3-9d7e-8fb6b85eb4b2\"}");

C:\Users\Salah Eddine Tiar\AppData\Roaming\Mozilla\Firefox\Profiles\69apg4wp.default-1565961066503

[Profile0] - Name=default -> Profiles/69apg4wp.default-1565961066503

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5d46e576-0a99-46f0-a485-27c9041de66d}]
"DhcpNameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{76035b76-f24d-41d1-8c38-0cb78a73ab66}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5d46e576-0a99-46f0-a485-27c9041de66d}]
"DhcpNameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{76035b76-f24d-41d1-8c38-0cb78a73ab66}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Classes\Applications\7zFM.exe] : "C:\Program Files\7-Zip\7zFM.exe" "%1"
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Classes\Applications\CamtasiaStudio.exe] : "C:\Program Files\TechSmith\Camtasia 9\CamtasiaStudio.exe" "%1"
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1"
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files (x86)\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
SystemEventsBroker
DeviceInstall
"rdxgroup"=RetailDemo
"Camera"=FrameS
"LocalServiceNoNetworkFirewall"=BFE
mpssvc
"diagnostics"=DiagSvc
"AarSvcGroup"=AarSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"wusvcs"=WaaSMedicSvc
"BcastDVRUserService"=BcastDVRUserService
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"autoTimeSvc"=autoTimeSvc
"ClipboardSvcGroup"=cbdhsvc
"BthAppGroup"=BluetoothUserService
"smbsvcs"=lanmanserver
"DevicesFlow"=DeviceAssociationBrokerSvc
DevicesFlowUserSvc
DevicePickerUserSvc
ConsentUxUserSvc
"PeerDist"=PeerDistSvc
"AssignedAccessManagerSvc"=AssignedAccessManagerSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"DevicesFlow"=DeviceAssociationBrokerSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\3delite]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\7-Zip]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Adobe]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Alps]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\AppDataLow]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Ashampoo]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\AvastAdSDK]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Betternet]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\BugSplat]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Clients]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\CyberGhost]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Cygwin]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Disc Soft]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Dolby]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\DownloadManager]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\ej-technologies]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Emulators]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\ESET]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\ExpressVPN]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\FreeTime]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\GetFLV]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Google]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\IM Providers]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Intel]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\JavaSoft]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Kolor]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Lenovo]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Licenses]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\MainConcept]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Malwarebytes]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Mirage]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Mountain King Studios]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Mozilla]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Netscape]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\ODBC]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\PhotoFiltre 7]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Policies]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\QtProject]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Realtek]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Resplendence Sp]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\SHAREit Technologies]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\StartIsBack]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Sunplus SPUVCb]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\SUU Design]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Sysinternals]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\TechSmith]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Tihiy]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Trolltech]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\uTorrentPlus]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\VideoLAN]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\WinRAR]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\WixSharp]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Wondershare]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Wow6432Node]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\ZHP]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Accessibility]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Active Setup]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\ActiveMovie]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\ActiveSync]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\AppV]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Assistance]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\AuthCookies]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Avalon.Graphics]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\CalendarRT]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Clipboard]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\ColorFiltering]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\CommsAPHost]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Connection Manager]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\ContactsRT]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\CTF]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\DirectInput]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\DusmSvc]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\EventSystem]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Exchange]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\F12]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\FamilyStore]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Fax]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Feeds]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\FTP]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\GameBar]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\GameBarApi]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\GFNet]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\IdentityCRL]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\IME]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\IMEMIP]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Input]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\InputMethod]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\InputPersonalization]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Installer]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Connection Wizard]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Explorer]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Internet Mail and News]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\LanguageOverlay]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Lptr]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MediaPlayer]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Messaging]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Microsoft Management Console]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MicrosoftEdge]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MobilePC]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MPEG2Demultiplexer]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MS Design Tools]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\MSF]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Multimedia]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Narrator]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\NGC]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Notepad]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Office]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\OfficeCompat]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\OneDrive]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Osk]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Payment]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\PeerNet]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Personalization]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Phone]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Pim]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Poom]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\PowerShell]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\RAS AutoDial]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\RAS Phonebook]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Remote Assistance]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\ScreenMagnifier]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Sensors]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Shared]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Shared Tools]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\SkyDrive]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Speech]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Speech Virtual]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Speech_OneCore]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Spelling]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\SQMClient]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\StorageLibrary]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\SystemCertificates]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\TabletTip]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\TPG]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\UCCPlatform]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\UEV]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Unified Store]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Unistore]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\UserData]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\VBA]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\WAB]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\WcmSvc]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\wfs]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Defender Security Center]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Live]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows NT]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Photo Viewer]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Script Host]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Search]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Windows Security Health]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\Wisp]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\XAML]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\SOFTWARE\Microsoft\XboxLive]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-4207456607-1934371375-1503238163-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\7-Zip]
[HKLM\Software\Adobe]
[HKLM\Software\AdsFix]
[HKLM\Software\Alps]
[HKLM\Software\Betternet]
[HKLM\Software\Clients]
[HKLM\Software\CVSM]
[HKLM\Software\CyberGhost]
[HKLM\Software\DefaultUserEnvironment]
[HKLM\Software\Dell]
[HKLM\Software\Disc Soft]
[HKLM\Software\Dolby]
[HKLM\Software\ej-technologies]
[HKLM\Software\ESET]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IBM]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Lenovo]
[HKLM\Software\Macromedia]
[HKLM\Software\ManageableUpdatePackage]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Software]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\TAP-Windows]
[HKLM\Software\TechSmith]
[HKLM\Software\VideoLAN]
[HKLM\Software\Windows]
[HKLM\Software\WOW6432Node]
[HKLM\SOFTWARE\Microsoft\.NETFramework]
[HKLM\SOFTWARE\Microsoft\AccountsControl]
[HKLM\SOFTWARE\Microsoft\Active Setup]
[HKLM\SOFTWARE\Microsoft\ActiveSync]
[HKLM\SOFTWARE\Microsoft\ADs]
[HKLM\SOFTWARE\Microsoft\Advanced INF Setup]
[HKLM\SOFTWARE\Microsoft\ALG]
[HKLM\SOFTWARE\Microsoft\AllUserInstallAgent]
[HKLM\SOFTWARE\Microsoft\AMSI]
[HKLM\SOFTWARE\Microsoft\Analog]
[HKLM\SOFTWARE\Microsoft\AppServiceProtocols]
[HKLM\SOFTWARE\Microsoft\AppV]
[HKLM\SOFTWARE\Microsoft\AppVISV]
[HKLM\SOFTWARE\Microsoft\ASP.NET]
[HKLM\SOFTWARE\Microsoft\Assistance]
[HKLM\SOFTWARE\Microsoft\AuthHost]
[HKLM\SOFTWARE\Microsoft\BidInterface]
[HKLM\SOFTWARE\Microsoft\BitLockerCsp]
[HKLM\SOFTWARE\Microsoft\CallAndMessagingEnhancement]
[HKLM\SOFTWARE\Microsoft\Cellular]
[HKLM\SOFTWARE\Microsoft\Chkdsk]
[HKLM\SOFTWARE\Microsoft\Clipboard]
[HKLM\SOFTWARE\Microsoft\ClipboardServer]
[HKLM\SOFTWARE\Microsoft\COM3]
[HKLM\SOFTWARE\Microsoft\Command Processor]
[HKLM\SOFTWARE\Microsoft\CommsAPHost]
[HKLM\SOFTWARE\Microsoft\Composition]
[HKLM\SOFTWARE\Microsoft\CoreShell]
[HKLM\SOFTWARE\Microsoft\Cryptography]
[HKLM\SOFTWARE\Microsoft\CTF]
[HKLM\SOFTWARE\Microsoft\DataAccess]
[HKLM\SOFTWARE\Microsoft\DataCollection]
[HKLM\SOFTWARE\Microsoft\DataMarketplace]
[HKLM\SOFTWARE\Microsoft\DataSharing]
[HKLM\SOFTWARE\Microsoft\DDDS]
[HKLM\SOFTWARE\Microsoft\DevDiv]
[HKLM\SOFTWARE\Microsoft\Device Association Framework]
[HKLM\SOFTWARE\Microsoft\DeviceReg]
[HKLM\SOFTWARE\Microsoft\Dfrg]
[HKLM\SOFTWARE\Microsoft\DFS]
[HKLM\SOFTWARE\Microsoft\DiagnosticLogCSP]
[HKLM\SOFTWARE\Microsoft\DirectDraw]
[HKLM\SOFTWARE\Microsoft\DirectInput]
[HKLM\SOFTWARE\Microsoft\DirectMusic]
[HKLM\SOFTWARE\Microsoft\DirectPlay8]
[HKLM\SOFTWARE\Microsoft\DirectPlayNATHelp]
[HKLM\SOFTWARE\Microsoft\DirectShow]
[HKLM\SOFTWARE\Microsoft\DirectX]
[HKLM\SOFTWARE\Microsoft\dot3svc]
[HKLM\SOFTWARE\Microsoft\DownloadManager]
[HKLM\SOFTWARE\Microsoft\Driver Signing]
[HKLM\SOFTWARE\Microsoft\DRM]
[HKLM\SOFTWARE\Microsoft\DusmSvc]
[HKLM\SOFTWARE\Microsoft\DVDNavigator]
[HKLM\SOFTWARE\Microsoft\DVR]
[HKLM\SOFTWARE\Microsoft\DXP]
[HKLM\SOFTWARE\Microsoft\EAPSIMMethods]
[HKLM\SOFTWARE\Microsoft\Enrollment]
[HKLM\SOFTWARE\Microsoft\Enrollments]
[HKLM\SOFTWARE\Microsoft\EnterpriseCertificates]
[HKLM\SOFTWARE\Microsoft\EnterpriseDataProtection]
[HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager]
[HKLM\SOFTWARE\Microsoft\EventSounds]
[HKLM\SOFTWARE\Microsoft\EventSystem]
[HKLM\SOFTWARE\Microsoft\F12]
[HKLM\SOFTWARE\Microsoft\FamilyStore]
[HKLM\SOFTWARE\Microsoft\Fax]
[HKLM\SOFTWARE\Microsoft\FaxServer]
[HKLM\SOFTWARE\Microsoft\Feeds]
[HKLM\SOFTWARE\Microsoft\FilePicker]
[HKLM\SOFTWARE\Microsoft\FilterDS]
[HKLM\SOFTWARE\Microsoft\FingerKB]
[HKLM\SOFTWARE\Microsoft\FTH]
[HKLM\SOFTWARE\Microsoft\Function Discovery]
[HKLM\SOFTWARE\Microsoft\Fusion]
[HKLM\SOFTWARE\Microsoft\FuzzyDS]
[HKLM\SOFTWARE\Microsoft\GameOverlay]
[HKLM\SOFTWARE\Microsoft\HTMLHelp]
[HKLM\SOFTWARE\Microsoft\Hub]
[HKLM\SOFTWARE\Microsoft\Hvsi]
[HKLM\SOFTWARE\Microsoft\IdentityCRL]
[HKLM\SOFTWARE\Microsoft\IdentityStore]
[HKLM\SOFTWARE\Microsoft\IHDS]
[HKLM\SOFTWARE\Microsoft\IMAPI]
[HKLM\SOFTWARE\Microsoft\IME]
[HKLM\SOFTWARE\Microsoft\IMEJP]
[HKLM\SOFTWARE\Microsoft\IMEKR]
[HKLM\SOFTWARE\Microsoft\IMETC]
[HKLM\SOFTWARE\Microsoft\InProcLogger]
[HKLM\SOFTWARE\Microsoft\Input]
[HKLM\SOFTWARE\Microsoft\InputMethod]
[HKLM\SOFTWARE\Microsoft\InputPersonalization]
[HKLM\SOFTWARE\Microsoft\Internet Account Manager]
[HKLM\SOFTWARE\Microsoft\Internet Domains]
[HKLM\SOFTWARE\Microsoft\Internet Explorer]
[HKLM\SOFTWARE\Microsoft\IsoBurn]
[HKLM\SOFTWARE\Microsoft\KGL]
[HKLM\SOFTWARE\Microsoft\LanguageOverlay]
[HKLM\SOFTWARE\Microsoft\LexiconUpdate]
[HKLM\SOFTWARE\Microsoft\Managed Desktop]
[HKLM\SOFTWARE\Microsoft\MdmCommon]
[HKLM\SOFTWARE\Microsoft\MdmDiagnostics]
[HKLM\SOFTWARE\Microsoft\MediaEngine]
[HKLM\SOFTWARE\Microsoft\MediaPlayer]
[HKLM\SOFTWARE\Microsoft\MemoryDiagnostic]
[HKLM\SOFTWARE\Microsoft\Messaging]
[HKLM\SOFTWARE\Microsoft\MessengerService]
[HKLM\SOFTWARE\Microsoft\Microsoft Camera Codec Pack]
[HKLM\SOFTWARE\Microsoft\MiracastReceiver]
[HKLM\SOFTWARE\Microsoft\MMC]
[HKLM\SOFTWARE\Microsoft\Mobile]
[HKLM\SOFTWARE\Microsoft\MpSigStub]
[HKLM\SOFTWARE\Microsoft\MSBuild]
[HKLM\SOFTWARE\Microsoft\MSDE]
[HKLM\SOFTWARE\Microsoft\MSDRM]
[HKLM\SOFTWARE\Microsoft\MSDTC]
[HKLM\SOFTWARE\Microsoft\MSF]
[HKLM\SOFTWARE\Microsoft\MSIME]
[HKLM\SOFTWARE\Microsoft\MSLicensing]
[HKLM\SOFTWARE\Microsoft\MSMQ]
[HKLM\SOFTWARE\Microsoft\MSN Apps]
[HKLM\SOFTWARE\Microsoft\MTF]
[HKLM\SOFTWARE\Microsoft\MTFFuzzyFactors]
[HKLM\SOFTWARE\Microsoft\MTFInputType]
[HKLM\SOFTWARE\Microsoft\MTFKeyboardMappings]
[HKLM\SOFTWARE\Microsoft\Multimedia]
[HKLM\SOFTWARE\Microsoft\Multivariant]
[HKLM\SOFTWARE\Microsoft\NET Framework Setup]
[HKLM\SOFTWARE\Microsoft\NetSh]
[HKLM\SOFTWARE\Microsoft\Network]
[HKLM\SOFTWARE\Microsoft\Non-Driver Signing]
[HKLM\SOFTWARE\Microsoft\Notepad]
[HKLM\SOFTWARE\Microsoft\ODBC]
[HKLM\SOFTWARE\Microsoft\OEM]
[HKLM\SOFTWARE\Microsoft\Office]
[HKLM\SOFTWARE\Microsoft\OfficeCSP]
[HKLM\SOFTWARE\Microsoft\Ole]
[HKLM\SOFTWARE\Microsoft\OnlineProviders]
[HKLM\SOFTWARE\Microsoft\Outlook Express]
[HKLM\SOFTWARE\Microsoft\Palm]
[HKLM\SOFTWARE\Microsoft\Phone]
[HKLM\SOFTWARE\Microsoft\Photos]
[HKLM\SOFTWARE\Microsoft\PIM]
[HKLM\SOFTWARE\Microsoft\PLA]
[HKLM\SOFTWARE\Microsoft\PlayToReceiver]
[HKLM\SOFTWARE\Microsoft\PointOfService]
[HKLM\SOFTWARE\Microsoft\Policies]
[HKLM\SOFTWARE\Microsoft\PolicyManager]
[HKLM\SOFTWARE\Microsoft\Poom]
[HKLM\SOFTWARE\Microsoft\PowerShell]
[HKLM\SOFTWARE\Microsoft\Print]
[HKLM\SOFTWARE\Microsoft\Provisioning]
[HKLM\SOFTWARE\Microsoft\PushRouter]
[HKLM\SOFTWARE\Microsoft\RADAR]
[HKLM\SOFTWARE\Microsoft\Ras]
[HKLM\SOFTWARE\Microsoft\RAS AutoDial]
[HKLM\SOFTWARE\Microsoft\RcsPresence]
[HKLM\SOFTWARE\Microsoft\Reliability Analysis]
[HKLM\SOFTWARE\Microsoft\Remediation]
[HKLM\SOFTWARE\Microsoft\RemovalTools]
[HKLM\SOFTWARE\Microsoft\rempl]
[HKLM\SOFTWARE\Microsoft\RendezvousApps]
[HKLM\SOFTWARE\Microsoft\Router]
[HKLM\SOFTWARE\Microsoft\Rpc]
[HKLM\SOFTWARE\Microsoft\SchedulingAgent]
[HKLM\SOFTWARE\Microsoft\Schema Library]
[HKLM\SOFTWARE\Microsoft\Security Center]
[HKLM\SOFTWARE\Microsoft\SecurityManager]
[HKLM\SOFTWARE\Microsoft\SEMgr]
[HKLM\SOFTWARE\Microsoft\Sensors]
[HKLM\SOFTWARE\Microsoft\Shared Tools]
[HKLM\SOFTWARE\Microsoft\Shared Tools Location]
[HKLM\SOFTWARE\Microsoft\Shell]
[HKLM\SOFTWARE\Microsoft\sih]
[HKLM\SOFTWARE\Microsoft\Siuf]
[HKLM\SOFTWARE\Microsoft\SoftGrid]
[HKLM\SOFTWARE\Microsoft\Software]
[HKLM\SOFTWARE\Microsoft\Speech]
[HKLM\SOFTWARE\Microsoft\Speech_OneCore]
[HKLM\SOFTWARE\Microsoft\SQMClient]
[HKLM\SOFTWARE\Microsoft\StrongName]
[HKLM\SOFTWARE\Microsoft\Sync Framework]
[HKLM\SOFTWARE\Microsoft\Sysprep]
[HKLM\SOFTWARE\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Microsoft\SystemSettings]
[HKLM\SOFTWARE\Microsoft\TableTextService]
[HKLM\SOFTWARE\Microsoft\TabletTip]
[HKLM\SOFTWARE\Microsoft\TaskFlowDataEngine]
[HKLM\SOFTWARE\Microsoft\Tcpip]
[HKLM\SOFTWARE\Microsoft\TelemetryClient]
[HKLM\SOFTWARE\Microsoft\Terminal Server Client]
[HKLM\SOFTWARE\Microsoft\TermServLicensing]
[HKLM\SOFTWARE\Microsoft\TouchPrediction]
[HKLM\SOFTWARE\Microsoft\TPG]
[HKLM\SOFTWARE\Microsoft\Tpm]
[HKLM\SOFTWARE\Microsoft\Tracing]
[HKLM\SOFTWARE\Microsoft\Transaction Server]
[HKLM\SOFTWARE\Microsoft\TV System Services]
[HKLM\SOFTWARE\Microsoft\uDRM]
[HKLM\SOFTWARE\Microsoft\UEV]
[HKLM\SOFTWARE\Microsoft\Unified Store]
[HKLM\SOFTWARE\Microsoft\Unistore]
[HKLM\SOFTWARE\Microsoft\UNP]
[HKLM\SOFTWARE\Microsoft\UPnP Control Point]
[HKLM\SOFTWARE\Microsoft\UPnP Device Host]
[HKLM\SOFTWARE\Microsoft\UserData]
[HKLM\SOFTWARE\Microsoft\UserManager]
[HKLM\SOFTWARE\Microsoft\Virtual Machine]
[HKLM\SOFTWARE\Microsoft\VisualStudio]
[HKLM\SOFTWARE\Microsoft\WAB]
[HKLM\SOFTWARE\Microsoft\Wallet]
[HKLM\SOFTWARE\Microsoft\Wbem]
[HKLM\SOFTWARE\Microsoft\WcmSvc]
[HKLM\SOFTWARE\Microsoft\WIMMount]
[HKLM\SOFTWARE\Microsoft\Windows]
[HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection]
[HKLM\SOFTWARE\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Microsoft\Windows Defender Security Center]
[HKLM\SOFTWARE\Microsoft\Windows Desktop Search]
[HKLM\SOFTWARE\Microsoft\Windows Embedded]
[HKLM\SOFTWARE\Microsoft\Windows Mail]
[HKLM\SOFTWARE\Microsoft\Windows Media Device Manager]
[HKLM\SOFTWARE\Microsoft\Windows Media Foundation]
[HKLM\SOFTWARE\Microsoft\Windows Media Player NSS]
[HKLM\SOFTWARE\Microsoft\Windows Messaging Subsystem]
[HKLM\SOFTWARE\Microsoft\Windows NT]
[HKLM\SOFTWARE\Microsoft\Windows Photo Viewer]
[HKLM\SOFTWARE\Microsoft\Windows Portable Devices]
[HKLM\SOFTWARE\Microsoft\Windows Script Host]
[HKLM\SOFTWARE\Microsoft\Windows Search]
[HKLM\SOFTWARE\Microsoft\Windows Security Health]
[HKLM\SOFTWARE\Microsoft\WindowsRuntime]
[HKLM\SOFTWARE\Microsoft\WindowsSelfHost]
[HKLM\SOFTWARE\Microsoft\WindowsUpdate]
[HKLM\SOFTWARE\Microsoft\Wisp]
[HKLM\SOFTWARE\Microsoft\WlanSvc]
[HKLM\SOFTWARE\Microsoft\Wlpasvc]
[HKLM\SOFTWARE\Microsoft\Wow64]
[HKLM\SOFTWARE\Microsoft\WSDAPI]
[HKLM\SOFTWARE\Microsoft\WwanSvc]
[HKLM\SOFTWARE\Microsoft\XAML]
[HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKLM\Software\Microsoft\Windows\AssignedAccessCsp]
[HKLM\Software\Microsoft\Windows\Autopilot]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\Notepad]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\UpdateApi]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AarSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\autotimesvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BcastDVRUserService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\btagservice]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\BthAppGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ClipboardSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Betternet]
[HKLM\Software\WOW6432Node\Datahjaelp]
[HKLM\Software\WOW6432Node\Florian Heidenreich]
[HKLM\Software\WOW6432Node\g3n-h@ckm@n]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\GuidGuid13]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Internet Download Manager]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lavasoft]
[HKLM\Software\WOW6432Node\Lenovo]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\MAXSOFT-OCRON]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenVPN]
[HKLM\Software\WOW6432Node\PCSX2]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Rockstar Games]
[HKLM\Software\WOW6432Node\ScanSoft]
[HKLM\Software\WOW6432Node\SHAREit Technologies]
[HKLM\Software\WOW6432Node\SyncIntegrationClients]
[HKLM\Software\WOW6432Node\sysinternals]
[HKLM\Software\WOW6432Node\TdkTool]
[HKLM\Software\WOW6432Node\TechSmith]
[HKLM\Software\WOW6432Node\WafCX]
[HKLM\Software\WOW6432Node\WinPcap]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\Wondershare]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\.NETFramework]
[HKLM\Software\WOW6432Node\Microsoft\Active Setup]
[HKLM\Software\WOW6432Node\Microsoft\ADs]
[HKLM\Software\WOW6432Node\Microsoft\Advanced INF Setup]
[HKLM\Software\WOW6432Node\Microsoft\AMSI]
[HKLM\Software\WOW6432Node\Microsoft\AppServiceProtocols]
[HKLM\Software\WOW6432Node\Microsoft\AppV]
[HKLM\Software\WOW6432Node\Microsoft\ASP.NET]
[HKLM\Software\WOW6432Node\Microsoft\Assistance]
[HKLM\Software\WOW6432Node\Microsoft\AuthHost]
[HKLM\Software\WOW6432Node\Microsoft\BidInterface]
[HKLM\Software\WOW6432Node\Microsoft\BitLockerCsp]
[HKLM\Software\WOW6432Node\Microsoft\ClipboardServer]
[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
[HKLM\Software\WOW6432Node\Microsoft\Cryptography]
[HKLM\Software\WOW6432Node\Microsoft\CTF]
[HKLM\Software\WOW6432Node\Microsoft\DataAccess]
[HKLM\Software\WOW6432Node\Microsoft\DevDiv]
[HKLM\Software\WOW6432Node\Microsoft\Device Association Framework]
[HKLM\Software\WOW6432Node\Microsoft\Direct3D]
[HKLM\Software\WOW6432Node\Microsoft\DirectDraw]
[HKLM\Software\WOW6432Node\Microsoft\DirectInput]
[HKLM\Software\WOW6432Node\Microsoft\DirectMusic]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlay8]
[HKLM\Software\WOW6432Node\Microsoft\DirectPlayNATHelp]
[HKLM\Software\WOW6432Node\Microsoft\DirectShow]
[HKLM\Software\WOW6432Node\Microsoft\DirectX]
[HKLM\Software\WOW6432Node\Microsoft\DownloadManager]
[HKLM\Software\WOW6432Node\Microsoft\DRM]
[HKLM\Software\WOW6432Node\Microsoft\DVDNavigator]
[HKLM\Software\WOW6432Node\Microsoft\DVR]
[HKLM\Software\WOW6432Node\Microsoft\EAPSIMMethods]
[HKLM\Software\WOW6432Node\Microsoft\ENROLLMENTS]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Exchange]
[HKLM\Software\WOW6432Node\Microsoft\F12]
[HKLM\Software\WOW6432Node\Microsoft\Fax]
[HKLM\Software\WOW6432Node\Microsoft\Feeds]
[HKLM\Software\WOW6432Node\Microsoft\FilePicker]
[HKLM\Software\WOW6432Node\Microsoft\Function Discovery]
[HKLM\Software\WOW6432Node\Microsoft\Fusion]
[HKLM\Software\WOW6432Node\Microsoft\GameOverlay]
[HKLM\Software\WOW6432Node\Microsoft\HTMLHelp]
[HKLM\Software\WOW6432Node\Microsoft\IdentityCRL]
[HKLM\Software\WOW6432Node\Microsoft\IdentityStore]
[HKLM\Software\WOW6432Node\Microsoft\IMAPI]
[HKLM\Software\WOW6432Node\Microsoft\IME]
[HKLM\Software\WOW6432Node\Microsoft\IMEJP]
[HKLM\Software\WOW6432Node\Microsoft\IMEKR]
[HKLM\Software\WOW6432Node\Microsoft\IMETC]
[HKLM\Software\WOW6432Node\Microsoft\InputMethod]
[HKLM\Software\WOW6432Node\Microsoft\Internet Account Manager]
[HKLM\Software\WOW6432Node\Microsoft\Internet Domains]
[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer]
[HKLM\Software\WOW6432Node\Microsoft\IsoBurn]
[HKLM\Software\WOW6432Node\Microsoft\Jet]
[HKLM\Software\WOW6432Node\Microsoft\Lptr]
[HKLM\Software\WOW6432Node\Microsoft\MediaEngine]
[HKLM\Software\WOW6432Node\Microsoft\MessengerService]
[HKLM\Software\WOW6432Node\Microsoft\Microsoft Camera Codec Pack]
[HKLM\Software\WOW6432Node\Microsoft\MiracastReceiver]
[HKLM\Software\WOW6432Node\Microsoft\MMC]
[HKLM\Software\WOW6432Node\Microsoft\MSBuild]
[HKLM\Software\WOW6432Node\Microsoft\MSDE]
[HKLM\Software\WOW6432Node\Microsoft\MSDRM]
[HKLM\Software\WOW6432Node\Microsoft\MSDTC]
[HKLM\Software\WOW6432Node\Microsoft\MSF]
[HKLM\Software\WOW6432Node\Microsoft\MSLicensing]
[HKLM\Software\WOW6432Node\Microsoft\MSN Apps]
[HKLM\Software\WOW6432Node\Microsoft\MTF]
[HKLM\Software\WOW6432Node\Microsoft\Multimedia]
[HKLM\Software\WOW6432Node\Microsoft\NET Framework Setup]
[HKLM\Software\WOW6432Node\Microsoft\NetSh]
[HKLM\Software\WOW6432Node\Microsoft\Network]
[HKLM\Software\WOW6432Node\Microsoft\Notepad]
[HKLM\Software\WOW6432Node\Microsoft\ODBC]
[HKLM\Software\WOW6432Node\Microsoft\OEM]
[HKLM\Software\WOW6432Node\Microsoft\Office]
[HKLM\Software\WOW6432Node\Microsoft\Office Server]
[HKLM\Software\WOW6432Node\Microsoft\OnlineProviders]
[HKLM\Software\WOW6432Node\Microsoft\Outlook Express]
[HKLM\Software\WOW6432Node\Microsoft\Palm]
[HKLM\Software\WOW6432Node\Microsoft\Photos]
[HKLM\Software\WOW6432Node\Microsoft\PLA]
[HKLM\Software\WOW6432Node\Microsoft\Policies]
[HKLM\Software\WOW6432Node\Microsoft\PowerShell]
[HKLM\Software\WOW6432Node\Microsoft\Print]
[HKLM\Software\WOW6432Node\Microsoft\Provisioning]
[HKLM\Software\WOW6432Node\Microsoft\RADAR]
[HKLM\Software\WOW6432Node\Microsoft\RendezvousApps]
[HKLM\Software\WOW6432Node\Microsoft\SchedulingAgent]
[HKLM\Software\WOW6432Node\Microsoft\Schema Library]
[HKLM\Software\WOW6432Node\Microsoft\Security Center]
[HKLM\Software\WOW6432Node\Microsoft\Sensors]
[HKLM\Software\WOW6432Node\Microsoft\Shared]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools]
[HKLM\Software\WOW6432Node\Microsoft\Shared Tools Location]
[HKLM\Software\WOW6432Node\Microsoft\SoftGrid]
[HKLM\Software\WOW6432Node\Microsoft\Software]
[HKLM\Software\WOW6432Node\Microsoft\SPEECH]
[HKLM\Software\WOW6432Node\Microsoft\Speech_OneCore]
[HKLM\Software\WOW6432Node\Microsoft\SQMClient]
[HKLM\Software\WOW6432Node\Microsoft\Sync Framework]
[HKLM\Software\WOW6432Node\Microsoft\SystemSettings]
[HKLM\Software\WOW6432Node\Microsoft\TableTextService]
[HKLM\Software\WOW6432Node\Microsoft\TabletTip]
[HKLM\Software\WOW6432Node\Microsoft\Tcpip]
[HKLM\Software\WOW6432Node\Microsoft\Terminal Server Client]
[HKLM\Software\WOW6432Node\Microsoft\TouchPrediction]
[HKLM\Software\WOW6432Node\Microsoft\TPG]
[HKLM\Software\WOW6432Node\Microsoft\Tpm]
[HKLM\Software\WOW6432Node\Microsoft\Tracing]
[HKLM\Software\WOW6432Node\Microsoft\TV System Services]
[HKLM\Software\WOW6432Node\Microsoft\uDRM]
[HKLM\Software\WOW6432Node\Microsoft\UEV]
[HKLM\Software\WOW6432Node\Microsoft\Updates]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Control Point]
[HKLM\Software\WOW6432Node\Microsoft\UPnP Device Host]
[HKLM\Software\WOW6432Node\Microsoft\Visio]
[HKLM\Software\WOW6432Node\Microsoft\VisualStudio]
[HKLM\Software\WOW6432Node\Microsoft\VSTA Runtime Setup]
[HKLM\Software\WOW6432Node\Microsoft\VSTO Runtime Setup]
[HKLM\Software\WOW6432Node\Microsoft\WAB]
[HKLM\Software\WOW6432Node\Microsoft\WBEM]
[HKLM\Software\WOW6432Node\Microsoft\WIMMount]
[HKLM\Software\WOW6432Node\Microsoft\Windows]
[HKLM\Software\WOW6432Node\Microsoft\Windows Desktop Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows Live]
[HKLM\Software\WOW6432Node\Microsoft\Windows Mail]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Device Manager]
[HKLM\Software\WOW6432Node\Microsoft\Windows Media Foundation]
[HKLM\Software\WOW6432Node\Microsoft\Windows Messaging Subsystem]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT]
[HKLM\Software\WOW6432Node\Microsoft\Windows Photo Viewer]
[HKLM\Software\WOW6432Node\Microsoft\Windows Portable Devices]
[HKLM\Software\WOW6432Node\Microsoft\Windows Script Host]
[HKLM\Software\WOW6432Node\Microsoft\WindowsRuntime]
[HKLM\Software\WOW6432Node\Microsoft\WindowsUpdate]
[HKLM\Software\WOW6432Node\Microsoft\Wisp]
[HKLM\Software\WOW6432Node\Microsoft\WlanSvc]
[HKLM\Software\WOW6432Node\Microsoft\WSDAPI]
[HKLM\Software\WOW6432Node\Microsoft\Cellular]
[HKLM\Software\WOW6432Node\Microsoft\COM3]
[HKLM\Software\WOW6432Node\Microsoft\DeviceReg]
[HKLM\Software\WOW6432Node\Microsoft\DFS]
[HKLM\Software\WOW6432Node\Microsoft\Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\EnterpriseCertificates]
[HKLM\Software\WOW6432Node\Microsoft\EventSystem]
[HKLM\Software\WOW6432Node\Microsoft\FingerKB]
[HKLM\Software\WOW6432Node\Microsoft\FuzzyDS]
[HKLM\Software\WOW6432Node\Microsoft\Input]
[HKLM\Software\WOW6432Node\Microsoft\LanguageOverlay]
[HKLM\Software\WOW6432Node\Microsoft\Messaging]
[HKLM\Software\WOW6432Node\Microsoft\MSMQ]
[HKLM\Software\WOW6432Node\Microsoft\MTFFuzzyFactors]
[HKLM\Software\WOW6432Node\Microsoft\MTFInputType]
[HKLM\Software\WOW6432Node\Microsoft\MTFKeyboardMappings]
[HKLM\Software\WOW6432Node\Microsoft\Non-Driver Signing]
[HKLM\Software\WOW6432Node\Microsoft\Ole]
[HKLM\Software\WOW6432Node\Microsoft\Phone]
[HKLM\Software\WOW6432Node\Microsoft\Pim]
[HKLM\Software\WOW6432Node\Microsoft\Poom]
[HKLM\Software\WOW6432Node\Microsoft\Ras]
[HKLM\Software\WOW6432Node\Microsoft\Rpc]
[HKLM\Software\WOW6432Node\Microsoft\SecurityManager]
[HKLM\Software\WOW6432Node\Microsoft\Semgr]
[HKLM\Software\WOW6432Node\Microsoft\Shell]
[HKLM\Software\WOW6432Node\Microsoft\SystemCertificates]
[HKLM\Software\WOW6432Node\Microsoft\TermServLicensing]
[HKLM\Software\WOW6432Node\Microsoft\Transaction Server]
[HKLM\Software\WOW6432Node\Microsoft\Unified Store]
[HKLM\Software\WOW6432Node\Microsoft\UserData]
[HKLM\Software\WOW6432Node\Microsoft\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\XAML]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\UpdateApi]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wusvcs]

---------- | Drives


E:


G:


---------- | C:

[12/04/2018 00:38:20] - |SHD| - [599832767] - C:\$Recycle.Bin
[17/10/2019 20:07:36] - |D| - [575963536] - C:\AdsFix
[MD5.B0AE384C786AB8F3604AE7AF4FD3545B] - [17/10/2019 20:19:38] - |A| - (.-.) - [39513] - (0.0.0.0) - C:\AdsFix_17_10_2019_22_03_07.txt
[15/03/2019 00:47:46] - |D| - [23330801] - C:\DemonStarSM2
[01/11/2018 22:23:17] - |SHD| - [0] - C:\Documents and Settings
[03/11/2018 22:40:39] - |D| - [149318652] - C:\DRIVERS
[17/06/2019 17:50:06] - |D| - [0] - C:\Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/04/2019 20:57:51] - |ASH| - (.-.) - [3342409728] - (0.0.0.0) - C:\hiberfil.sys
[02/11/2018 00:26:46] - |D| - [94819871] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/03/2019 03:54:32] - |ASH| - (.-.) - [1342177280] - (0.0.0.0) - C:\pagefile.sys
[19/03/2019 05:52:43] - |D| - [0] - C:\PerfLogs
[19/03/2019 05:52:43] - |RD| - [3498157081] - C:\Program Files
[19/03/2019 05:52:44] - |RD| - [6550914173] - C:\Program Files (x86)
[19/03/2019 05:52:44] - |HD| - [2698663916] - C:\ProgramData
[18/10/2019 11:38:26] - |D| - [68686] - C:\QuickDiag
[MD5.1B35B74A0AD1D9ECC8438AEC88F40A18] - [18/10/2019 11:38:54] - |A| - (.-.) - [204979] - (0.0.0.0) - C:\QuickDiag.txt
[17/09/2019 23:38:46] - |SHD| - [0] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2018 22:21:00] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[03/11/2018 22:40:25] - |D| - [27365888] - C:\SWTOOLS
[01/11/2018 22:20:59] - |SHD| - [0] - C:\System Volume Information
[19/03/2019 05:37:22] - |RD| - [115854618265] - C:\Users
[19/03/2019 05:37:22] - |D| - [26551270398] - C:\Windows

---------- | C:\WINDOWS

[19/03/2019 05:52:44] - |D| - [802] - C:\WINDOWS\addins
[19/03/2019 05:52:44] - |D| - [9970777] - C:\WINDOWS\appcompat
[19/03/2019 05:52:44] - |D| - [8769344] - C:\WINDOWS\apppatch
[19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\AppReadiness
[17/09/2019 23:06:42] - |D| - [48128] - C:\WINDOWS\ar-SA
[19/03/2019 05:52:43] - |RD| - [1258433029] - C:\WINDOWS\assembly
[19/03/2019 05:52:44] - |D| - [785153] - C:\WINDOWS\bcastdvr
[MD5.B75D52E7DBEEF44A2C3324A2CE0272C9] - [19/03/2019 05:43:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [73216] - (10.0.18362.1) - C:\WINDOWS\bfsvc.exe
[19/03/2019 13:04:01] - |SHD| - [578755] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[19/03/2019 05:52:44] - |D| - [39550009] - C:\WINDOWS\Boot
[MD5.2F811C4F1D82E3F9C8E9D1793A8EDFD5] - [17/09/2019 23:18:09] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[19/03/2019 05:52:44] - |D| - [2467832] - C:\WINDOWS\Branding
[19/03/2019 05:37:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.A3B5FFC36ED7792DD3C25FA6534ED262] - [17/09/2019 23:35:03] - |A| - (.-.) - [762] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[19/03/2019 05:52:44] - |D| - [92784419] - C:\WINDOWS\Containers
[01/11/2018 22:25:19] - |D| - [0] - C:\WINDOWS\CSC
[19/03/2019 05:52:44] - |D| - [11501377] - C:\WINDOWS\Cursors
[19/03/2019 05:52:44] - |D| - [3442629] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [17/09/2019 23:38:31] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[19/03/2019 05:52:44] - |D| - [4521366] - C:\WINDOWS\diagnostics
[19/03/2019 05:52:44] - |D| - [2074128] - C:\WINDOWS\DiagTrack
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [17/09/2019 23:38:31] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[19/03/2019 13:01:27] - |D| - [0] - C:\WINDOWS\DigitalLocker
[02/11/2018 13:48:04] - |D| - [185643520] - C:\WINDOWS\Downloaded Installations
[19/03/2019 05:52:44] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.4343DA7CAD04382506D88E2472C544C7] - [21/09/2019 19:49:48] - |A| - (.-.) - [25934] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.9BA3629DA25EA41969AEBBD9B8E54655] - [19/03/2019 05:55:49] - |A| - (.-.) - [776] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[19/03/2019 05:52:44] - |HD| - [67408] - C:\WINDOWS\ELAMBKUP
[19/03/2019 13:01:27] - |D| - [97792] - C:\WINDOWS\en-US
[MD5.D7874DD30BA935AAED6F730A0ED84610] - [14/10/2019 23:07:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4612520] - (10.0.18362.387) - C:\WINDOWS\explorer.exe
[19/03/2019 05:52:44] - |RSD| - [383160394] - C:\WINDOWS\Fonts
[19/03/2019 13:01:27] - |D| - [110592] - C:\WINDOWS\fr-FR
[19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[19/03/2019 05:52:44] - |D| - [84516980] - C:\WINDOWS\Globalization
[19/03/2019 05:52:44] - |D| - [2086790] - C:\WINDOWS\Help
[MD5.7FE51A1679579DB427447CE8DFD8D47F] - [17/09/2019 23:13:24] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1059840] - (10.0.18362.267) - C:\WINDOWS\HelpPane.exe
[MD5.DF73D52FDCE65F90A2E49EFB5248C77C] - [19/03/2019 05:45:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.18362.1) - C:\WINDOWS\hh.exe
[19/03/2019 05:52:44] - |D| - [29869] - C:\WINDOWS\IdentityCRL
[19/03/2019 05:52:44] - |D| - [28827070] - C:\WINDOWS\IME
[19/03/2019 05:52:44] - |RD| - [9279202] - C:\WINDOWS\ImmersiveControlPanel
[19/03/2019 05:50:07] - |D| - [84879964] - C:\WINDOWS\INF
[12/04/2018 00:38:21] - |D| - [0] - C:\WINDOWS\InfusedApps
[19/03/2019 05:52:44] - |D| - [38126462] - C:\WINDOWS\InputMethod
[19/03/2019 05:52:44] - |SHD| - [1445764057] - C:\WINDOWS\Installer
[19/03/2019 05:52:44] - |D| - [94304] - C:\WINDOWS\L2Schemas
[19/03/2019 05:52:44] - |HD| - [0] - C:\WINDOWS\LanguageOverlayCache
[19/03/2019 05:52:44] - |D| - [1166811188] - C:\WINDOWS\LiveKernelReports
[19/03/2019 05:52:44] - |D| - [23088882] - C:\WINDOWS\Logs
[19/03/2019 05:52:44] - |RSD| - [20740855] - C:\WINDOWS\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [19/03/2019 05:44:30] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[19/03/2019 05:52:43] - |RD| - [936351166] - C:\WINDOWS\Microsoft.NET
[19/03/2019 05:52:44] - |D| - [3323] - C:\WINDOWS\Migration
[19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.F1139811BBF61362915958806AD30211] - [19/03/2019 05:45:00] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [181248] - (10.0.18362.1) - C:\WINDOWS\notepad.exe
[01/11/2018 22:19:23] - |D| - [9751374] - C:\WINDOWS\Nyrhu
[19/03/2019 13:03:09] - |D| - [933052] - C:\WINDOWS\OCR
[19/03/2019 05:52:44] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[17/09/2019 00:09:10] - |DC| - [440707225] - C:\WINDOWS\Panther
[19/03/2019 05:52:44] - |D| - [375799] - C:\WINDOWS\Performance
[MD5.CFB00CA33527ADB6713994B23614BFB2] - [01/11/2018 22:59:00] - |A| - (.-.) - [88506] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[19/03/2019 05:52:44] - |D| - [1346490] - C:\WINDOWS\PLA
[19/03/2019 05:52:44] - |D| - [10241381] - C:\WINDOWS\PolicyDefinitions
[17/09/2019 23:22:01] - |D| - [4926284] - C:\WINDOWS\Prefetch
[19/03/2019 05:52:44] - |RD| - [1997298] - C:\WINDOWS\PrintDialog
[MD5.AD5867D2A8665FFB20B0651AFC12114B] - [19/03/2019 13:04:34] - |A| - (.-.) - [34925] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[19/03/2019 05:52:44] - |D| - [5913305] - C:\WINDOWS\Provisioning
[MD5.29409008DF22243BB320333F9FD5C060] - [19/03/2019 05:45:47] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [358400] - (10.0.18362.1) - C:\WINDOWS\regedit.exe
[19/03/2019 05:52:44] - |D| - [22588] - C:\WINDOWS\Registration
[19/03/2019 13:04:01] - |D| - [0] - C:\WINDOWS\RemotePackages
[19/03/2019 05:52:44] - |D| - [6311296] - C:\WINDOWS\rescache
[19/03/2019 05:52:44] - |D| - [3490331] - C:\WINDOWS\Resources
[19/03/2019 05:52:44] - |D| - [0] - C:\WINDOWS\SchCache
[19/03/2019 05:52:44] - |D| - [190773] - C:\WINDOWS\schemas
[19/03/2019 05:52:44] - |D| - [6336077] - C:\WINDOWS\security
[17/09/2019 23:17:23] - |D| - [93910999] - C:\WINDOWS\ServiceProfiles
[19/03/2019 05:52:44] - |D| - [29422] - C:\WINDOWS\ServiceState
[19/03/2019 05:37:22] - |D| - [655825078] - C:\WINDOWS\servicing
[19/03/2019 05:56:38] - |D| - [86673] - C:\WINDOWS\Setup
[MD5.B12380D4F420315B7DB7CFEACCA4C5FE] - [17/09/2019 23:22:35] - |A| - (.-.) - [21467] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/09/2019 23:22:35] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[19/03/2019 05:52:44] - |D| - [7052288] - C:\WINDOWS\ShellComponents
[19/03/2019 05:52:44] - |D| - [56039936] - C:\WINDOWS\ShellExperiences
[19/03/2019 05:52:44] - |D| - [7442912] - C:\WINDOWS\SKB
[01/11/2018 22:23:25] - |D| - [441137248] - C:\WINDOWS\SoftwareDistribution
[19/03/2019 05:52:44] - |D| - [178380218] - C:\WINDOWS\Speech
[19/03/2019 05:52:44] - |D| - [122521409] - C:\WINDOWS\Speech_OneCore
[MD5.7FE20527607797A8DADE19838B8B1573] - [14/10/2019 23:07:00] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [132096] - (10.0.18362.387) - C:\WINDOWS\splwow64.exe
[19/03/2019 05:52:44] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [12/04/2018 00:38:24] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[19/03/2019 05:37:22] - |D| - [6077943780] - C:\WINDOWS\System32
[19/03/2019 05:52:45] - |D| - [212818264] - C:\WINDOWS\SystemApps
[19/03/2019 05:52:46] - |D| - [182396413] - C:\WINDOWS\SystemResources
[19/03/2019 05:52:46] - |D| - [1263746694] - C:\WINDOWS\SysWOW64
[19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\TAPI
[12/04/2018 00:38:21] - |D| - [6] - C:\WINDOWS\Tasks
[19/03/2019 05:52:46] - |D| - [180959] - C:\WINDOWS\Temp
[19/03/2019 05:52:46] - |D| - [13786112] - C:\WINDOWS\TextInput
[19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\tracing
[MD5.56D2F61D23F00D502DA666B496CE7827] - [25/12/2016 22:35:06] - |A| - (.-.) - [14519] - (0.0.0.0) - C:\WINDOWS\TWAINSP_Integrated_Camera.ini
[MD5.3106DDC33C612019864AFD630B597A4C] - [25/12/2016 22:35:06] - |A| - (.-.) - [7408] - (0.0.0.0) - C:\WINDOWS\TWAINSP_Integrated_Camera.src
[19/03/2019 05:52:46] - |D| - [162872] - C:\WINDOWS\twain_32
[MD5.BC67755EBD59B2523C943F0D1A9982EF] - [19/03/2019 05:46:01] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [64512] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[19/03/2019 05:52:46] - |D| - [12420] - C:\WINDOWS\Vss
[19/03/2019 05:52:46] - |D| - [33146] - C:\WINDOWS\WaaS
[19/03/2019 05:52:46] - |D| - [16568315] - C:\WINDOWS\Web
[MD5.DA396A905E0D79329297EF130F2825BA] - [12/04/2018 00:38:24] - |A| - (.-.) - [76] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [19/03/2019 05:44:30] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [01/09/2019 19:36:51] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.CAA192BFDFB5F2A131EBD649B7062DE3] - [19/03/2019 05:46:01] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [11776] - (10.0.18362.1) - C:\WINDOWS\winhlp32.exe
[19/03/2019 05:37:22] - |D| - [10876851783] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [19/03/2019 05:58:10] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.1D27F61CC5D659247D2E0C111C5386DE] - [19/03/2019 05:45:54] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.18362.1) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy

[MD5.EC3584F3DB838942EC3669DB02DC908E] - [28/09/2019 19:12:56] - |A| - (.-.) - [11] - (0.0.0.0) - C:\WINDOWS\System32\GroupPolicy\gpt.ini
[28/09/2019 19:12:56] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine
[28/09/2019 19:12:56] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[11/05/2016 11:39:08] - C:\WINDOWS\Installer\1287eba.msi : (Blank Project Template - InstallShield)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/05/2016 11:39:08] - C:\WINDOWS\Installer\1287ebf.msi : (Blank Project Template - InstallShield)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/02/2016 15:45:44] - C:\WINDOWS\Installer\13c7cb.msi : (Installers - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2018 11:53:26] - C:\WINDOWS\Installer\18e09ca2.msi : (Intel(R) Trusted Connect Service Client x64 - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2018 11:45:58] - C:\WINDOWS\Installer\18e09ca7.msi : (Intel(R) Trusted Connect Service Client x86 - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/05/2015 11:12:04] - C:\WINDOWS\Installer\1d8320.msi : (O2Micro Flash Memory Card Windows Driver - O2Micro International LTD.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215a9.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215b0.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215b8.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215bd.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215c2.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/11/2018 20:09:10] - C:\WINDOWS\Installer\2215c9.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/09/2019 22:54:12] - C:\WINDOWS\Installer\3092d4.msi : (Betternet - CyberSpace)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/09/2019 18:32:30] - C:\WINDOWS\Installer\36e762.msi : (Betternet for Windows - Betternet Technologies Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/11/2018 13:47:28] - C:\WINDOWS\Installer\3be13e.msi : (Active Protection System - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:03:46] - C:\WINDOWS\Installer\4bc7bc7.msi : (Intel(R) Management Engine Driver - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:02:32] - C:\WINDOWS\Installer\4bc7bcf.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:02:36] - C:\WINDOWS\Installer\4bc7bd4.msi : (Intel(R) Wireless Manageability Driver Extension - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:02:38] - C:\WINDOWS\Installer\4bc7bd9.msi : (Intel(R) Wireless Manageability Driver - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:00:14] - C:\WINDOWS\Installer\4bc7c18.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:00:46] - C:\WINDOWS\Installer\4bc7c3a.msi : (Microsoft VC++ redistributables repacked. - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/04/2019 16:00:56] - C:\WINDOWS\Installer\4bc7c5c.msi : (Microsoft VC++ redistributables repacked. - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/01/2019 21:06:16] - C:\WINDOWS\Installer\5015651.msi : (Dolby Audio X2 Windows API SDK - Dolby Laboratories, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/07/2018 17:50:14] - C:\WINDOWS\Installer\5015658.msi : (Dolby Audio X2 Windows APP - Dolby Laboratories, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/10/2019 17:52:26] - C:\WINDOWS\Installer\a2a02c5.msi : (Google Update Helper - Google LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2bd.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2c5.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2ce.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2d4.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2da.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/07/2019 21:32:42] - C:\WINDOWS\Installer\a2e2.msi : ( - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/10/2019 20:34:51] - C:\WINDOWS\Installer\fa07d2.msi : (NextUp.com-ScanSoft Daniel British Voice - NextUp.com)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/07/2019 02:25:48] - C:\WINDOWS\Installer\ff036ee.msi : (Intel® WiFi - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/06/2019 05:15:38] - C:\WINDOWS\Installer\ff03708.msi : (Intel® WiFi - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/01/2011 20:10:36] - [3991040] - (.().-. - ()) - C:\WINDOWS\Installer\1ea4bee7.msp

---------- | %System%\*.in*

[19/03/2019 05:45:40] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[10/05/2019 00:04:57] - [54440] - C:\WINDOWS\System32\ImController.InfInstaller.exe
[10/05/2019 00:04:55] - [17635] - C:\WINDOWS\System32\iMDriver.inf
[07/11/2018 00:07:21] - [1895] - C:\WINDOWS\System32\InstallUtil.InstallLog
[17/09/2019 23:40:55] - [1771406] - C:\WINDOWS\System32\PerfStringBackup.INI
[19/03/2019 05:45:00] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[19/03/2019 05:44:30] - [2404] - C:\WINDOWS\System32\WimBootCompress.ini
[19/03/2019 05:46:01] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[09/11/2018 15:35:57] - [302] - C:\WINDOWS\Syswow64\InstallUtil.InstallLog
[19/03/2019 05:45:19] - [2404] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:44] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
[MD5.00000000000000000000000000000000] - |D| - [17/10/2019 20:32:09] - [0 Ko] - C:\WINDOWS\Temp\55DA7F58-CDE2-42CA-8C48-BBB2DB1DCF44-Sigs
[MD5.529F1F3293E8D15840BB9482A6427748] - |A| - [17/10/2019 22:57:24] - (.-.) - [16.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:22:17] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:22:17] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:22:17] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:22:17] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/10/2019 20:44:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/10/2019 20:44:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.92499B4115D3553EE451DD731F0EE735] - |A| - [17/10/2019 20:24:09] - (.-.) - [18.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.CF377459CF52CD84CEC7CFD525273C73] - |A| - [17/10/2019 20:32:09] - (.-.) - [30.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/10/2019 22:57:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20191017225724D48).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/10/2019 11:22:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20191018112215F70).log
[MD5.B518FBD3F5A3D2727BD1257410A62F36] - |A| - [17/10/2019 20:19:41] - (.-.) - [18.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191017-2019a.log
[MD5.E412EAAB3527A3FC3B8C6EAC30EC3297] - |A| - [17/10/2019 22:57:24] - (.-.) - [21.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191017-2257.log
[MD5.10346B9A9A5C1C32A05F7E70E609D147] - |A| - [17/10/2019 23:05:19] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191017-2305.log
[MD5.3DB240DE1B049E17ABB5E27485AD7301] - |A| - [18/10/2019 11:12:43] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1112.log
[MD5.41229086708B502EA271C1970475F471] - |A| - [18/10/2019 11:15:42] - (.-.) - [8.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1115.log
[MD5.9F63F18A303934DFCD1A15D451A65FAD] - |A| - [18/10/2019 11:15:42] - (.-.) - [10.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1115a.log
[MD5.2E85323B1CEA84D622C91D60A08B385D] - |A| - [18/10/2019 11:17:49] - (.-.) - [10.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1117.log
[MD5.881FE836415BFA2B94DC789B10795578] - |A| - [18/10/2019 11:22:15] - (.-.) - [13.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1122.log
[MD5.0D6457642BA8EF0F674358FA0768402B] - |A| - [18/10/2019 11:29:31] - (.-.) - [10.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1129.log
[MD5.8EFF37F83A6A567345745E4E580B75E8] - |A| - [18/10/2019 11:32:34] - (.-.) - [14.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SALAH-PC-20191018-1132.log
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9cde1.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9cdf2.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce14.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce16.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce27.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce29.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce3b.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce4c.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce5e.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce70.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce81.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce93.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ce95.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9cea7.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ceb8.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ceca.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9cedb.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9cedd.tmp
[MD5.00000000000000000000000000000000] - |D| - [18/10/2019 11:32:36] - [0 Ko] - C:\WINDOWS\Temp\tw-2e68-534-9ceef.tmp
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:27] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.C652A5EA6545C98CE71684018E0640E7] - |A| - [19/03/2019 05:44:33] - (.-.) - [3.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AdvancedKeySettingsNotification.png
[MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 05:44:28] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AppHelpToast.png
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 05:44:28] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [19/03/2019 05:44:03] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [19/03/2019 05:44:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 05:44:47] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [19/03/2019 05:44:52] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [19/03/2019 05:45:47] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 05:45:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.79166EAF65485F1432DD72B72870026B] - |A| - [19/03/2019 05:45:32] - (.-.) - [190.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@windows-hello-V4.1.gif
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [19/03/2019 05:45:32] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 05:44:01] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [19/03/2019 05:44:12] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [19/03/2019 05:44:12] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.31A16C523B62500F83C82217F056A538] - |A| - [19/03/2019 05:44:21] - (.-.) - [8.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActiveHours.png
[MD5.0724FA8BCAF2725746F9BB4264989D96] - |A| - [19/03/2019 05:43:47] - (.-.) - [13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\agentactivationruntimestarter.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.97 Ko] - C:\WINDOWS\System32\am-et
[MD5.307727A122835D462B8FFC0F7476B408] - |A| - [12/04/2019 12:32:18] - (.Copyright (C) 2017-2019 ALPSALPINE CO., LTD - Coinstaller.) - [193.67 Ko] - (10.1.1616.15) - C:\WINDOWS\System32\ApCoInstaller.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2710.82 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 13:04:01] - [287.7 Ko] - C:\WINDOWS\System32\AppV
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:06:43] - [255 Ko] - C:\WINDOWS\System32\ar
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [17974.9 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.A3FA2DD7B000AE0964395512E9C37E41] - |A| - [19/03/2019 05:45:35] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [607 Ko] - (3.3.2.0) - C:\WINDOWS\System32\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\as-IN
[MD5.AAAC5481A733198E4DC872C6155091EA] - |A| - [14/10/2019 23:07:54] - (.-.) - [491 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AssignedAccessCsp.dll
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [19/03/2019 05:43:47] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [259 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.EBDB582C3B9CB0AD8C7C317A594EA9B6] - |A| - [03/08/2016 09:03:08] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\System32\bhtv5Icon.dll
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-black.png
[MD5.F63C615733A3337BF2BEA96C6EE9B568] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-high.png
[MD5.705628497C0012302212A46ADD463E6E] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.contrast-white.png
[MD5.DAF1DCB4AEE839A1965F4CC160C49A53] - |A| - [19/03/2019 05:43:45] - (.-.) - [8.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothPairingSystemToastIcon.png
[MD5.28ECA83D7F9D10D69E969675D1FF6725] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.contrast-white.png
[MD5.A620186FF1CDE4EE117FC4CAD648B9CC] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\BluetoothSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5890.98 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.6CC5FAF5A7B51609D0D2A90AC1202918] - |A| - [19/03/2019 05:44:29] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [182 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [96224.39 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [71214.11 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [11.19 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [375 Ko] - C:\WINDOWS\System32\Com
[MD5.535884123FABC2C15AA7DEC9834B55D4] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.contrast-white.png
[MD5.89F92266DFC6F93961DFFBB2D6C61A15] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ComputerToastIcon.png
[MD5.7C955BB1CE17AB95040888B296CAB531] - |A| - [11/10/2019 23:31:12] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.35 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [346966.91 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [120.57 Ko] - C:\WINDOWS\System32\Configuration
[MD5.FDCF1790F100879ADF8F8684018FAAC0] - |A| - [17/09/2019 23:13:01] - (.-.) - [232.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\containerdevicemanagement.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [322.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.2419907A0BB9A14F1871F0BDA7F65578] - |A| - [17/09/2019 23:13:24] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [411.5 Ko] - (7.55.1.0) - C:\WINDOWS\System32\curl.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [318.5 Ko] - C:\WINDOWS\System32\da-DK
[MD5.B3E4FEC7C8AD9291722B49D0D63E6550] - |A| - [17/09/2019 23:12:52] - (.-.) - [146 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [01/11/2018 22:38:34] - [14122.32 Ko] - C:\WINDOWS\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [10/05/2019 13:34:39] - [10395.12 Ko] - C:\WINDOWS\System32\DAX3
[MD5.DFDEA70CF91E5F33A5A699CF1E00EC5E] - |A| - [11/10/2019 23:31:12] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO Property Page.) - [1507.95 Ko] - (1.1.8.14) - C:\WINDOWS\System32\DAX3APOProp.dll
[MD5.DD036A5112D9F088FF9B4FA23C630DEA] - |A| - [11/10/2019 23:31:13] - (.© 2017 Dolby Laboratories, Inc. - Dolby DAX APO.) - [1340.12 Ko] - (1.1.8.14) - C:\WINDOWS\System32\DAX3APOv251.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [277.94 Ko] - C:\WINDOWS\System32\DDFs
[MD5.C21DC571FBF5E9085A65D65E61C4544F] - |A| - [11/10/2019 23:31:13] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [271.64 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.B64EA0276E4BB9667F72F13B750F403A] - |A| - [11/10/2019 23:31:13] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1925.05 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.23023AAE4E23D2A7D6BA7791F8602126] - |A| - [11/10/2019 23:31:13] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [325.1 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.81618242465EA42454E09B166BA92A9A] - |A| - [11/10/2019 23:31:13] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6935.2 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [363 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 05:44:03] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [19/03/2019 05:43:47] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [19/03/2019 05:49:38] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.6C22EC440786D5E1EA69E0D53C4F3B4B] - |A| - [19/03/2019 05:44:45] - (.-.) - [35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\deploymentcsphelper.exe
[MD5.851A9305E14B348CA0D9C7FB75391FDB] - |A| - [19/03/2019 05:44:21] - (.-.) - [272.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DesktopKeepOnToastImg.gif
[MD5.4A6FA3C0EFD237F104E09A22883D9388] - |A| - [19/03/2019 05:44:25] - (.-.) - [3.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DetailedReading-Default.xml
[MD5.2E4A8F4B4B71F266861613647BCE2DAE] - |A| - [19/03/2019 05:57:20] - (.-.) - [133.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DeviceUpdateCenterCsp.dll
[MD5.A4867A619BC45C7BD9D007591E3A370E] - |A| - [26/12/2016 02:39:48] - (.Copyright 2007-2015 - PCCamera Driver UI module.) - [86.56 Ko] - (2.3.3.11) - C:\WINDOWS\System32\DextUVCB_x64.ax
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [917.5 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.173D1EB779621B66784DCABEDF9AFB4F] - |A| - [19/03/2019 05:44:18] - (.-.) - [82.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [9703.6 Ko] - C:\WINDOWS\System32\Dism
[MD5.6AB2B935BF38EB13CFCB9506223FD6E7] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.contrast-white.png
[MD5.FF004E0B30E5E4EC747B3D8EF6E3B89E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplaySystemToastIcon.png
[MD5.9B73BCC9CE12303A398215748892ABC5] - |A| - [11/10/2019 23:31:13] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1131.91 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll
[MD5.24455FBDD902DCB6FDC9C47E4E6ADACB] - |A| - [11/10/2019 23:31:13] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5221.57 Ko] - (0.8.8.33) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll
[MD5.15ECA76B025C8F772482360A166A66BA] - |A| - [11/10/2019 23:31:13] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [1230.1 Ko] - (1.6.1.53) - C:\WINDOWS\System32\DolbyDAX2APOvlldp.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2420.63 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:51:55] - [173745.63 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\DriverState
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [2062376 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.C3F8294852FB20F1E03F4A0867100D4C] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth1.bin
[MD5.DC1864D247977386E3046B21B238728F] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth10.bin
[MD5.F5E7B12404FD058E87FFACC4D8ADBFF5] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth11.bin
[MD5.3B7F5ED89ED8860BE5480890010CFE48] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth12.bin
[MD5.ACA932E837044CCD3F76534E85B5E4FA] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth2.bin
[MD5.A1E025AD5275E77BE562B7FADFEF9A6D] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth3.bin
[MD5.1465663694A2FEE2631840D7D1244FB4] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth4.bin
[MD5.B616A3727148474D13AD0AC6508015CC] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth5.bin
[MD5.4E07AC9E6D18F2AF157498A6F33573B0] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth6.bin
[MD5.E13AFE8490D5272FE7D36148609390B3] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth7.bin
[MD5.25D97861D9C814B7E89A1DAF9E71C499] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth8.bin
[MD5.6944755C4B18463F32F9E9A0A9623475] - |A| - [14/10/2019 23:07:41] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DrtmAuth9.bin
[MD5.00000000000000000000000000000000] - |DC| - [01/12/2018 15:31:26] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [214.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.1394A49F087BE158119BDC01965E7E6E] - |A| - [14/10/2019 23:07:15] - (.-.) - [2529.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dwmscene.dll
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [19/03/2019 05:43:47] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [19/03/2019 05:43:47] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [19/03/2019 05:43:47] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [365.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:27] - [3455 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [243.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [43089.54 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [348 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [271 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [238 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [17004.64 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\fa-IR
[MD5.4DED57BD7ACB9B0EBBE82034EC44645A] - |A| - [19/03/2019 05:44:39] - (.-.) - [43.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastBulldogImg.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [7.11 Ko] - C:\WINDOWS\System32\ff-Adlm-SN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [322.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.163DB12521EC77B21AF2AFE01332A58D] - |A| - [11/10/2019 23:31:13] - (.Copyright (C) 2018 - Fortemedia PreProcessing DLL.) - [3325.09 Ko] - (80.16.100.132) - C:\WINDOWS\System32\FM_Speech_PP64.dll
[MD5.9484B28FD75D789CC24D6025C909395C] - |A| - [17/09/2019 23:22:03] - (.-.) - [465.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:27] - [3490.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [278.5 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [47501.78 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.3C402FA88BB488B77A73428623B7825B] - |A| - [19/03/2019 05:45:49] - (.-.) - [167 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FsNVSDeviceSource.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.41FD64AE28A0C932CA7B2A250993D675] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.contrast-white.png
[MD5.6DC77FD8B062264AF1C6DA325ABB7010] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameSystemToastIcon.png
[MD5.2E6AF4D5BF6E31E728F409984C3045D4] - |A| - [19/03/2019 05:45:50] - (.-.) - [86.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/11/2018 00:26:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |HD| - [12/04/2018 00:38:21] - [0.01 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 00:38:21] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.EA99A87E98D995DE6E280CF85CEAD413] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.contrast-white.png
[MD5.B8E586ED92DB703FFA480E254996160E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HandwritingSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [256.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6E9E9D56B192B2995493E529CFF2BBFE] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.contrast-white.png
[MD5.7F1E9502267F778F3A8139C35A352190] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadphoneSystemToastIcon.png
[MD5.202A07E4526B050E22624328E64E0470] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.contrast-white.png
[MD5.1892ACC10CAC009BCAC146AD650ABA58] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeadsetSystemToastIcon.png
[MD5.031713BFD5F30E63336D3CA5D2767BE9] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.contrast-white.png
[MD5.C1BD7976C99830E33A713D02374054EC] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HealthSystemToastIcon.png
[MD5.D6F7FB7B9386E0A029DCCD11DD84B15A] - |A| - [19/03/2019 05:44:11] - (.-.) - [260 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.5E2A1F900B95108CA0286BAA4381E746] - |A| - [11/10/2019 23:31:14] - (.© 2018 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [369.41 Ko] - (0.8.8.85) - C:\WINDOWS\System32\HiFiDAX2API.dll
[MD5.68C14E155AD651CDA014EB35CEA3DD04] - |A| - [11/10/2019 23:31:14] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [396.82 Ko] - (1.6.1.55) - C:\WINDOWS\System32\HiFiDAX2APIPCLL.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [250 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [329 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.B4DE48A0333CD63B62CDC63B516D9902] - |A| - [19/03/2019 05:45:54] - (.-.) - [37.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HvSocket.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:04:01] - [158.57 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.9341F0774525B2D495C71A8A07CA5A91] - |A| - [12/04/2019 12:28:29] - (.Copyright (C) Lenovo Japan. 2012,2013. - Twist Screen Auto Rotation.) - [101.84 Ko] - (1.67.16.20) - C:\WINDOWS\System32\ibmpmctl.exe
[MD5.262799B8B5B782D922CA930A929B71D0] - |A| - [12/04/2019 12:28:29] - (.Copyright (C) Lenovo Japan. 2000,2016. - Lenovo Power Management Service.) - [831.84 Ko] - (1.67.16.20) - C:\WINDOWS\System32\ibmpmsvc.exe
[MD5.2E977573411A099BD0213832B7442F0E] - |A| - [17/09/2019 23:13:00] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [2267 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icu.dll
[MD5.D2A4919E61E99157AD2DE994795C0F83] - |RA| - [19/03/2019 05:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24.5 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.003EEDD728E2952E23DB9F6516B9194A] - |RA| - [19/03/2019 05:44:15] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [29 Ko] - (63.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.6245791BA461A9D03AD305CB15D21FC7] - |A| - [14/08/2019 18:59:15] - (.-.) - [279.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.8CE43FCE353B86A81F67014B6EEE5143] - |A| - [19/03/2019 05:43:45] - (.-.) - [195.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.3DE7C498BC5BBFB5DE69A4B82FBD890C] - |A| - [07/11/2018 00:02:06] - (.Copyright (C) Lenovo Group Ltd. 2019 - CoInstaller for System Interface Foundation INF.) - [102.16 Ko] - (1.1.18.1) - C:\WINDOWS\System32\ImController.CoInstaller.dll
[MD5.3CDE6C6C171FB8E02639CAF48049F614] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 - ImController.InfInstaller.) - [53.16 Ko] - (1.1.18.1) - C:\WINDOWS\System32\ImController.InfInstaller.exe
[MD5.59620732AD3C9121BDB4D10AC19EA807] - |A| - [10/05/2019 00:04:55] - (.-.) - [17.22 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iMDriver.inf
[MD5.229F66E429B13AA6808A8E5A6415F26D] - |A| - [10/05/2019 00:04:56] - (.Copyright (C) Lenovo Group Limited, 2017 - UMDF Driver Helper DLL.) - [415.16 Ko] - (2.0.0.0) - C:\WINDOWS\System32\iMDriverHelper.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [25976.08 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6775 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.8DE9AE82152650C178BF1E24014E8503] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.contrast-white.png
[MD5.0B9FBD6F3ED617CD36D042D3422F1C2B] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputSystemToastIcon.png
[MD5.4258D765B5B2D1FFFB3BA4E9E52F78C4] - |A| - [07/11/2018 00:07:21] - (.-.) - [1.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InstallUtil.InstallLog
[MD5.602EA682558C59DEAB87079FCAD2F980] - |A| - [14/08/2019 18:59:17] - (.Copyright © The Khronos Group Inc 2016 - OpenCL Client DLL.) - [118.31 Ko] - (2.2.1.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [348 Ko] - C:\WINDOWS\System32\it-IT
[MD5.23AC7515B6D8A794BCC01B582F044078] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.contrast-white.png
[MD5.3DF873E16CCEA9B42857FB5FA085CB00] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\KeyboardSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [532.61 Ko] - C:\WINDOWS\System32\Keywords
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\kk-KZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\km-KH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\kn-IN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [238.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\kok-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ku-Arab-IQ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ky-KG
[MD5.9451D4436E2EA67EB33FCC764E4AABED] - |A| - [19/03/2019 05:44:21] - (.-.) - [186.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LaptopPlugInToastImg.gif
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [19/03/2019 05:43:47] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.07AAB141D48D5E66E82EC7809DF39631] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 -.) - [42.66 Ko] - (2.0.14.10) - C:\WINDOWS\System32\Lenovo.ImController.EventLogging.dll
[MD5.7A9F49E3DC9919838ABF3C54708691F2] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 - Lenovo.Modern.CoreTypes.) - [201.16 Ko] - (2.0.14.10) - C:\WINDOWS\System32\Lenovo.Modern.CoreTypes.dll
[MD5.BE2DDBA000C838AF534DA25677909E75] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 - Lenovo.Modern.ImController.ImClient.) - [95.16 Ko] - (2.0.14.10) - C:\WINDOWS\System32\Lenovo.Modern.ImController.ImClient.dll
[MD5.1BE9DD441668CD09FB14CE20BF46A1A3] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 - Lenovo.Modern.Utilities.) - [127.66 Ko] - (2.0.14.10) - C:\WINDOWS\System32\Lenovo.Modern.Utilities.dll
[MD5.157FB82D7141B18624FF2D42190C97E1] - |A| - [19/03/2019 13:02:30] - (.-.) - [1572 Ko] - (2.6.5.1) - C:\WINDOWS\System32\libcrypto.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [625.17 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [29397.4 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.6949691F1233BDC80D90B695022B1849] - |A| - [12/04/2019 12:28:29] - (.Copyright (C) Lenovo Japan. 2000,2018. - Lenovo Platform Service.) - [871.84 Ko] - (1.67.16.20) - C:\WINDOWS\System32\LPlatSvc.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [246.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [247.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [30106.02 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:03:17] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [19/03/2019 05:46:54] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.F53CAB05B340E9C28028764995BC1071] - |A| - [19/03/2019 05:45:05] - (.-.) - [836.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.F23EB28468FC8B62AF941308EC30387F] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.contrast-white.png
[MD5.6E27512E38D598E0A60F8E5ADCF032CD] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediaSystemToastIcon.png
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [19/03/2019 05:43:47] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:17:23] - [4.16 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6496.49 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [46641.32 Ko] - C:\WINDOWS\System32\migwiz
[MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 05:46:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MixedRealityRuntime.json
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ml-IN
[MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 05:49:39] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\mn-MN
[MD5.B43E43FFFDD0F06A6925C7C89594042B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.contrast-white.png
[MD5.5D2F0D3E50BF1129D260AC1405FF2A18] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MouseSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [02/11/2018 14:48:41] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [15/09/2018 08:33:50] - [4148.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [31.3 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [45.64 Ko] - C:\WINDOWS\System32\my-mm
[MD5.6B1E196C4E5CB30D6FF99CFA8F1F071D] - |A| - [19/03/2019 05:44:28] - (.-.) - [28.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NarratorControlTemplates.xml
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [311.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.01B9701AE45C83661378996FD3796194] - |A| - [23/04/2019 20:51:52] - (.-.) - [100.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [19/03/2019 05:45:50] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.2145E8D9F059A01AD670A8A0FE3B74BF] - |A| - [19/03/2019 13:04:01] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [17038.22 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:02:30] - [3554.5 Ko] - C:\WINDOWS\System32\OpenSSH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\or-IN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [3.81 Ko] - C:\WINDOWS\System32\osa-Osge-001
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [19/03/2019 05:43:47] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.899A5BF1669610CDB78D322AC8D9358B] - |A| - [01/03/2013 02:49:36] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [105.24 Ko] - (4.1.0.2980) - C:\WINDOWS\System32\Packet.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [1746.67 Ko] - C:\WINDOWS\System32\PerceptionSimulation
[MD5.43727241E3991617980B3EE844F90B57] - |A| - [19/03/2019 05:55:38] - (.-.) - [130.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.257EFECCA2E1D34D67526E77EE1DD2BB] - |A| - [19/03/2019 13:01:29] - (.-.) - [146.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [19/03/2019 05:55:38] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [19/03/2019 13:01:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.DF2A512F58487E42351692EA6EB1E690] - |A| - [19/03/2019 05:55:38] - (.-.) - [685.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.5D372CC91BE92A33229ACC0E1C3CADA1] - |A| - [19/03/2019 13:01:29] - (.-.) - [774.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.98C35524207F8E1C339ECC839CE55D7D] - |A| - [17/09/2019 23:40:55] - (.-.) - [1729.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.79D34E3B62076D4C875C748F5BE71ECA] - |A| - [19/03/2019 05:43:45] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.contrast-white.png
[MD5.4D9495349D00D9AD907F227FF51F289F] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PhoneSystemToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [342 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [456.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.77D96999819206E9208DF12819E5DBA7] - |A| - [19/03/2019 05:44:12] - (.-.) - [42.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\pospaymentsworker.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [973.95 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [19/03/2019 05:44:00] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [336 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [338.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.48FC94EA585EFBDF451B322F25DC8277] - |A| - [11/10/2019 23:31:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [136.38 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.E2DBE80A776317FB675FABF571784D81] - |A| - [11/10/2019 23:31:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [442.55 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.4870F97546983805AFD5305F0DCCA288] - |A| - [11/10/2019 23:31:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [87.95 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.99C6072B47BD2CE27E24F0689B39569B] - |A| - [11/10/2019 23:31:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [153.55 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.E646A6E53E973EEDA335B98F46F825A3] - |A| - [11/10/2019 23:31:14] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7010.12 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.2210F24EDC6E80B1D311B2C3641DE9FA] - |A| - [17/09/2019 23:13:27] - (.-.) - [1983.5 Ko] - (1.0.1907.17001) - C:\WINDOWS\System32\rdpnano.dll
[MD5.D8D02FD6073373A537FC0C1024E7C6DA] - |A| - [19/03/2019 05:43:47] - (.-.) - [60.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\rdsxvmaudio.dll
[MD5.9EB5D001B61A90672B8DA7E272545704] - |A| - [19/03/2019 05:58:49] - (.Copyright (C) 2009 - RemoteFX Helper.) - [131.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2.19 Ko] - C:\WINDOWS\System32\Recovery
[MD5.826549DF7B1333179BA8CA939B12DAD3] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.contrast-white.png
[MD5.B4DEEC96F9DF6961D5DE054F11BF9C2B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RemoteSystemToastIcon.png
[MD5.1B7341B9AAFB4925790B5C37C10F285A] - |A| - [14/10/2019 23:07:39] - (.-.) - [107.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResBParser.dll
[MD5.1FB4B6A26FEEF4A99B7D0ECD2ADDF075] - |A| - [19/03/2019 05:45:56] - (.-.) - [9.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.93915F385A4EED6C0FBEE364EA90CE56] - |A| - [19/03/2019 05:45:56] - (.-.) - [9.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageListLowCost
[MD5.39BB5D2A5EC1CBDD722CAB7BDCEC41F5] - |A| - [19/03/2019 05:45:56] - (.-.) - [8.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.39A2449AFF6ABAD80B97EA7C7CEB3F8E] - |A| - [19/03/2019 05:45:56] - (.-.) - [8.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageListLowCost
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 05:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80.png
[MD5.AE9FE55FED83149715734CB83339055A] - |A| - [19/03/2019 05:44:21] - (.-.) - [1.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-black.png
[MD5.891AD355AB777A95695FC8A8A623A614] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartTonight_80_contrast-white.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.2FD2E0CE30988B74BE0D351621BB7358] - |A| - [07/11/2018 01:13:06] - (.-.) - [16.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.AA694008D3068ED546D9DF920BF5300D] - |A| - [19/03/2019 05:44:35] - (.-.) - [57.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [19/03/2019 05:46:39] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:00:48] - [488.48 Ko] - C:\WINDOWS\System32\SDA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.1AE3308DC2C3EC1BAEFCF79ACB711122] - |A| - [20/03/2017 21:31:12] - (.Copyright (C) Lenovo. 2005,2017. - ThinkVantage Active Protection System - Shock Sensor Module.) - [41.67 Ko] - (1.82.4.4) - C:\WINDOWS\System32\Sensor64.DLL
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [19/03/2019 05:44:01] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [77.44 Ko] - C:\WINDOWS\System32\Sgrm
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [2370 Ko] - C:\WINDOWS\System32\ShellExperiences
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [23.7 Ko] - C:\WINDOWS\System32\si-lk
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [254.5 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [251.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:22:03] - [51425.28 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [98.06 Ko] - C:\WINDOWS\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [19/03/2019 05:43:47] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:37:22] - [13393.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.2B16A4D34F3823D0D62D67FA77002E2D] - |A| - [26/12/2016 02:39:56] - (.(c) SunPlusit. - Sunplusit PCCam driver coinstaller.) - [260.56 Ko] - (3.5.7.29) - C:\WINDOWS\System32\SPCoInst64.dll
[MD5.DE3EAAF17BC934C77C4FC0C626EEA03B] - |A| - [19/03/2019 05:43:45] - (.-.) - [1.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.contrast-white.png
[MD5.3308374DB8D20CFDA4D4204E2B5E559E] - |A| - [19/03/2019 05:43:45] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpeakersSystemToastIcon.png
[MD5.CEDAB194F8B9DADA895371B4560B97F0] - |A| - [19/03/2019 05:45:54] - (.-.) - [38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [7840.8 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [14096.97 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [57233.49 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [18515.19 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [253.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 05:45:56] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.763BCEE61F573235E1C60E80438AC301] - |A| - [17/09/2019 23:13:27] - (.-.) - [57.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [59608 Ko] - C:\WINDOWS\System32\sru
[MD5.EBF15D23B92DE845AC8C952AE9153492] - |A| - [19/03/2019 05:43:47] - (.-.) - [443 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [317.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [19/03/2019 05:46:24] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:43] - [1407.48 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [954.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-in
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [10.73 Ko] - C:\WINDOWS\System32\ta-lk
[MD5.5F6B04A0EC5FE46FEEEC887406F63E57] - |A| - [19/03/2019 05:45:35] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [49.5 Ko] - (3.3.2.0) - C:\WINDOWS\System32\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [680.32 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [15/09/2018 08:33:50] - [635.79 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [19/03/2019 05:45:00] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\te-IN
[MD5.364B8B76EBB95762632341E49F26144D] - |A| - [17/09/2019 23:12:59] - (.-.) - [1798 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TextInputMethodFormatter.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [232 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [5.97 Ko] - C:\WINDOWS\System32\ti-et
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\tn-ZA
[MD5.C7AB4DC814D4B54BD7AFB9D66D6B6024] - |A| - [20/03/2017 21:31:12] - (.Copyright (C) Lenovo. 2005,2017. - ThinkVantage Active Protection System - HDD Logger Module.) - [64.97 Ko] - (1.82.4.4) - C:\WINDOWS\System32\TPHDEXLG64.exe
[MD5.09016C34DFA75748C08C9ABF9851608E] - |A| - [12/09/2018 03:41:40] - (.Copyright (C) Lenovo Japan. 2000,2018. - Installer for ThinkPad PM Driver.) - [530.8 Ko] - (1.67.14.7) - C:\WINDOWS\System32\tpinspm.dll
[MD5.07060B2C1E0F98B8AB2DBBDC94321492] - |A| - [05/10/2017 16:33:00] - (.Copyright (C) Lenovo. 2005,2017. - Lenovo Active Protection System.) - [560.96 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShCPL.dll
[MD5.78A79E3E59B57DB193372B8CF8BFB86D] - |A| - [05/10/2017 16:33:02] - (.Copyright (C) Lenovo. 2005,2017. - Lenovo Active Protection System Controller.) - [145.46 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShCTL.exe
[MD5.5996FD35EFFE21A97A032607AD616620] - |A| - [05/10/2017 16:33:08] - (.Copyright (C) Lenovo. 2005,2017. - Lenovo Active Protection System.) - [315.46 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShEvUI.exe
[MD5.DBAFC6F2653E277E2A12CE4EEB975D7B] - |A| - [05/10/2017 16:33:12] - (.Copyright (C) Lenovo. 2005,2017. - Active Protection System.) - [118.96 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShHelp.exe
[MD5.8947FF43BA98F2D6C776C94AAE1B0453] - |A| - [05/10/2017 16:33:22] - (.Copyright (C) Lenovo. 2005,2017. - Active Protection System.) - [568.96 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShocks.exe
[MD5.15605EF26323EBD467345ECF66A4EDD1] - |A| - [05/10/2017 16:33:20] - (.Copyright (C) Lenovo. 2005,2017. - Active Protection System.) - [114.96 Ko] - (1.82.0.20) - C:\WINDOWS\System32\TpShUI.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [312.5 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [19/03/2019 05:43:54] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [19/03/2019 05:43:54] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [19/03/2019 05:46:26] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [19/03/2019 05:46:26] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [249 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.B9A75ED4500DD953DF172FE6F63578E8] - |A| - [19/03/2019 05:43:49] - (.-.) - [53.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\umpdc.dll
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:45] - [1917.6 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.C5051D8BC14B8A4C3C1F4F8CDA648C3F] - |A| - [14/10/2019 23:07:09] - (.-.) - [46.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UsbPmApi.dll
[MD5.BAB4BA3C107F89955FABD06688B232F0] - |A| - [17/09/2019 23:13:02] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\usocoreps.dll
[MD5.F7588533600D24CFFDB5842176B81106] - |A| - [19/03/2019 05:57:21] - (.-.) - [116 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcfgmgmt.dll
[MD5.BD456ED873EF48503EC28DC0317B505A] - |A| - [19/03/2019 05:57:21] - (.-.) - [147.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfcsp.dll
[MD5.5489D0B06F4A77C8676E3A6F0A8E2D79] - |A| - [19/03/2019 05:57:47] - (.-.) - [30 Ko] - (0.0.0.0) - C:\WINDOWS\System32\uwfservicingapi.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.59AE05A492AF9469EF1459F65C311A7C] - |A| - [26/12/2016 02:40:24] - (.-.) - [433.06 Ko] - (3.0.1.22) - C:\WINDOWS\System32\VCamPPage_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.E9A66CB07CCDB9B99F084315E04FCBC7] - |A| - [19/03/2019 05:59:03] - (.-.) - [92.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VirtualMonitorManager.dll
[MD5.92DF21ED245353CAF123D0F072B67070] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [993.31 Ko] - (1.1.101.0) - C:\WINDOWS\System32\vulkan-1-999-0-0-0.dll
[MD5.92DF21ED245353CAF123D0F072B67070] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [993.31 Ko] - (1.1.101.0) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.E9F687FE1B782D3323DDC576B28F38D2] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [289.56 Ko] - (1.1.101.0) - C:\WINDOWS\System32\vulkaninfo-1-999-0-0-0.exe
[MD5.E9F687FE1B782D3323DDC576B28F38D2] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [289.56 Ko] - (1.1.101.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.378E25837A75BB733E2129CEF30BB210] - |A| - [12/04/2019 12:32:20] - (.Copyright (C) 1999-2019 ALPSALPINE CO., LTD. - Vxdif.) - [233.03 Ko] - (8.1.1601.45) - C:\WINDOWS\System32\Vxdif.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [225602.9 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [109081.24 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [19/03/2019 05:44:30] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [49316.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.8B956E4F6378335CC19BE3296A6C9B7E] - |A| - [19/03/2019 05:44:11] - (.-.) - [122 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [11909.39 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.28E98ED0B6B08B7F1D163FFD184B28AF] - |A| - [19/03/2019 05:44:39] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsSecurityIcon.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [147288 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [6163.84 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [207.67 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |HD| - [21/09/2019 19:50:56] - [0.05 Ko] - C:\WINDOWS\System32\WLANProfiles
[MD5.A672F1CF00FA5AC3F4F59577F77D8C86] - |A| - [01/03/2013 02:49:22] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [361.74 Ko] - (4.1.0.2980) - C:\WINDOWS\System32\wpcap.dll
[MD5.1B46E2E85D401A629966A8F62D9B0775] - |A| - [19/03/2019 05:43:52] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcatltoast.png
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [19/03/2019 05:43:52] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.69FEC1494F4C454E994D27CA6750832B] - |A| - [19/03/2019 05:44:35] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.3DE7C498BC5BBFB5DE69A4B82FBD890C] - |A| - [10/05/2019 00:04:57] - (.Copyright (C) Lenovo Group Ltd. 2019 - CoInstaller for System Interface Foundation INF.) - [102.16 Ko] - (1.1.18.1) - C:\WINDOWS\System32\WudfUpdate_02000.dll
[MD5.2DE2D263D2C5739AB4A37C5616ABA671] - |A| - [19/03/2019 05:44:03] - (.-.) - [97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-black.png
[MD5.6FF92221AF9D6CDF0966C4E44C367975] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.contrast-white.png
[MD5.F7B865265606C41B0E07779D3317E0A8] - |A| - [19/03/2019 05:44:21] - (.-.) - [0.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\X_80.png
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [237.99 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:45] - [207.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\System32\zu-ZA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.D6F8DD9F561B8A67FFAC2BAD7E989770] - |A| - [19/03/2019 05:45:19] - (.-.) - [0.23 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AppHelpToast.png
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [19/03/2019 05:45:19] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [19/03/2019 05:45:22] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [19/03/2019 05:45:30] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [19/03/2019 05:45:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [1856.8 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [4002.28 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.7230E04E6BD86FFE4E1034D9B3B893A3] - |A| - [19/03/2019 05:45:59] - (.Copyright (c) libarchive authors - Windows-internal libarchive library.) - [520 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\archiveint.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [58.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.EBDB582C3B9CB0AD8C7C317A594EA9B6] - |A| - [03/08/2016 09:03:08] - (.Copyright (C) 2016, BayHubTech/O2Micro. - BayHubTech/O2Micro SD/MMC Icon.) - [1248.48 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\bhtv5Icon.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [322 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [29.16 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [120.57 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [118.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.1E02A122FE09272058FC1EF0B1B6265E] - |A| - [17/09/2019 23:13:29] - (.© 1996 - 2017 Daniel Stenberg, <daniel@haxx.se>. - The curl executable.) - [377 Ko] - (7.55.1.0) - C:\WINDOWS\SysWOW64\curl.exe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [119.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [131 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [19/03/2019 05:45:13] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.97DE88E8CE7445F1BFBC7933A68A76CE] - |A| - [26/12/2016 02:39:44] - (.Copyright 2007-2015 - PCCamera Driver UI module.) - [83.56 Ko] - (2.3.3.11) - C:\WINDOWS\SysWOW64\DextUVCB.ax
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [186 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [7675.94 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.BE7861E78B191952E4A7B42D841A09F5] - |A| - [31/07/2015 09:56:38] - (.- Microsoft® Forms DLL.) - [1251.16 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20.DLL
[MD5.21741C8E10CC665858F5DB5D67E09593] - |A| - [31/07/2015 10:00:32] - (.- Microsoft® Forms International DLL.) - [31.2 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20ENU.DLL
[MD5.42920D57AEE347A3A30EF697EB3B39AD] - |A| - [31/07/2015 10:15:14] - (.- Microsoft® Forms International DLL.) - [35.7 Ko] - (16.0.4266.1001) - C:\WINDOWS\SysWOW64\FM20FRA.DLL
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [3150 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [60.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [9453.76 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ga-IE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\gl-ES
[MD5.3DDA1F3FAA5376DD287BB93EEE8EB507] - |A| - [02/02/2019 17:53:04] - (.-.) - [874.27 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [93 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.791F8E1C60E6466F93D792D375D8F1B5] - |A| - [19/03/2019 05:45:13] - (.-.) - [203.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [55.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [123 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.659B216490380FBE2DC77DECC203E5ED] - |A| - [17/09/2019 23:13:18] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Combined Library.) - [1849.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icu.dll
[MD5.1EAD0C642EF0B2692D44A206CAD63C74] - |RA| - [19/03/2019 05:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [24 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.9D459E0C31117F3A841D2EA00F7BC99C] - |RA| - [19/03/2019 05:45:16] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [28.5 Ko] - (63.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [21339.98 Ko] - C:\WINDOWS\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [213 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.073C47874CDB6C1AC5FBD75AF53B53EA] - |A| - [09/11/2018 15:35:57] - (.-.) - [0.29 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
[MD5.B06BE23750F450F7BD38E301957FFBAE] - |A| - [14/08/2019 18:59:17] - (.Copyright © The Khronos Group Inc 2016 - OpenCL Client DLL.) - [105.81 Ko] - (2.2.1.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [125 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.C0CBBA86471E5303E2F9B80FAC8D1BBD] - |A| - [14/08/2019 18:59:17] - (.-.) - [144.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll
[MD5.D129C7EB12F36A0E705F8ABD94B93825] - |A| - [14/08/2019 18:59:17] - (.-.) - [145.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
[MD5.4AB524B332ED849218E2523061A432DC] - |A| - [14/08/2019 18:59:17] - (.-.) - [179.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [625.17 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [56.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [56 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [24632.91 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:03:17] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [2782.6 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [812.8 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.08749DCC252AE1148E3BEA32B3FFFBFC] - |A| - [19/03/2019 05:46:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MixedRealityRuntime.json
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\mk-MK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ml-IN
[MD5.C8BF077B236ED2803347BD95DE29BF68] - |A| - [19/03/2019 05:49:45] - (.-.) - [3.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mmc.exe.config
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ms-MY
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\mt-MT
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [31.3 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [116 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [122 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [19/03/2019 05:52:46] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.B3B9C8925432FDA674ACCA908FE3CFDE] - |A| - [19/03/2019 06:00:31] - (.-.) - [36.79 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\OneDrive.ico
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [758.3 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.86316BE34481C1ED5B792169312673FD] - |A| - [01/03/2013 02:49:40] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [95.74 Ko] - (4.1.0.2980) - C:\WINDOWS\SysWOW64\Packet.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [79 Ko] - C:\WINDOWS\SysWOW64\PerceptionSimulation
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [124 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [969.13 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [121.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [123 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [01/03/2013 02:47:36] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [57.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [01/11/2018 22:38:33] - [3865.9 Ko] - C:\WINDOWS\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [121.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\rw-RW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:00:48] - [488.48 Ko] - C:\WINDOWS\SysWOW64\SDA
[MD5.918FA1DECDE6B3B2453833007EB5A6F2] - |A| - [20/03/2017 21:31:12] - (.Copyright (C) Lenovo. 2005,2017. - ThinkVantage Active Protection System - Shock Sensor Module.) - [39.17 Ko] - (1.82.4.4) - C:\WINDOWS\SysWOW64\Sensor.DLL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\si-LK
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [57 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [57 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [98.06 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [4078.3 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [8883.67 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [1936.8 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [56.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.DC9450258D80F46AEF8EF063A7C629B0] - |A| - [19/03/2019 05:46:09] - (.-.) - [19.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.EC1C75518F1AFF370C27B0EB8B09E932] - |A| - [19/03/2019 05:45:07] - (.-.) - [323 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [117 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.A3487FD8447683A4F74645C99E7CB255] - |A| - [19/03/2019 05:45:59] - (.Copyright (c) libarchive authors - bsdtar archive tool.) - [42.5 Ko] - (3.3.2.0) - C:\WINDOWS\SysWOW64\tar.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.21C60C44D0511D809DD8A381C4CE4E4D] - |A| - [17/09/2019 23:13:18] - (.-.) - [1075.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [50.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [115 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [19/03/2019 05:46:31] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [57 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.6C0B99BB629982510C1DA46E47AE6F6D] - |A| - [19/03/2019 05:45:16] - (.-.) - [45.56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\umpdc.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ
[MD5.59A64C657ED2B0B3D9B80098DCC4FE5C] - |A| - [26/12/2016 02:40:20] - (.-.) - [363.56 Ko] - (3.0.1.22) - C:\WINDOWS\SysWOW64\VCamPPage.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\vi-VN
[MD5.549223D6C9FE3D7414A3ECE6F2650A15] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [860.31 Ko] - (1.1.101.0) - C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
[MD5.549223D6C9FE3D7414A3ECE6F2650A15] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Loader.) - [860.31 Ko] - (1.1.101.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.C84CB3C4BD6637F58B5B7411B6E48032] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [263.56 Ko] - (1.1.101.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
[MD5.C84CB3C4BD6637F58B5B7411B6E48032] - |A| - [14/08/2019 18:59:21] - (.Copyright (C) 2015-2019 - Vulkan Info.) - [263.56 Ko] - (1.1.101.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [22926.66 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.69E4DB68C3968DF92346FDF8477A3D1B] - |A| - [19/03/2019 05:45:13] - (.-.) - [104.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [10675.3 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 13:01:28] - [207.67 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.4633B298D57014627831CCAC89A2C50B] - |A| - [01/03/2013 02:49:08] - (.Copyright © 2010-2013 Riverbed Technology, Inc. Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [275.74 Ko] - (4.1.0.2980) - C:\WINDOWS\SysWOW64\wpcap.dll
[MD5.DA2D9B1E35C9E53D8081E106F912FB8D] - |A| - [02/02/2019 18:14:00] - (.-.) - [12.82 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\wsmand.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/02/2019 18:14:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\wsmand.log.lock
[MD5.246C62BF8A69AF9A9D1783F4548652BF] - |A| - [19/03/2019 05:45:13] - (.-.) - [62.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [18/06/2019 20:32:32] - [137.63 Ko] - C:\WINDOWS\SysWOW64\xlive
[MD5.A96108D16C92DCC2CE5C9B8856575CA7] - |A| - [28/09/2011 17:44:14] - (.-.) - [175.07 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xlive.dll.cat
[MD5.00000000000000000000000000000000] - |D| - [17/09/2019 23:03:06] - [19.81 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [19/03/2019 05:52:46] - [82 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [12/04/2018 17:23:27] - [0 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | [Public]

[01/11/2018 22:44:29] - |RHD| - [104713] - C:\Users\Public\AccountPictures
[12/04/2018 00:38:20] - |RHD| - [4354] - C:\Users\Public\Desktop
[19/03/2019 05:49:35] - |ASH| - [174] - C:\Users\Public\desktop.ini
[12/04/2018 00:38:20] - |RD| - [111932153] - C:\Users\Public\Documents
[12/04/2018 00:38:20] - |RD| - [174] - C:\Users\Public\Downloads
[19/03/2019 05:52:44] - |RHD| - [1135] - C:\Users\Public\Libraries
[12/04/2018 00:38:20] - |RD| - [380] - C:\Users\Public\Music
[12/04/2018 00:38:20] - |RD| - [380] - C:\Users\Public\Pictures
[21/09/2019 19:50:35] - |D| - [0] - C:\Users\Public\Roaming
[12/04/2018 00:38:20] - |RD| - [380] - C:\Users\Public\Videos

---------- | [Salah Eddine Tiar]

[04/11/2018 21:46:32] - |D| - [2442] - C:\Users\Salah Eddine Tiar\.android
[01/12/2018 15:35:26] - |D| - [165018] - C:\Users\Salah Eddine Tiar\.VirtualBox
[01/11/2018 22:44:29] - |RD| - [298] - C:\Users\Salah Eddine Tiar\3D Objects
[17/09/2019 23:32:07] - |HD| - [4092264198] - C:\Users\Salah Eddine Tiar\AppData
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Application Data
[01/11/2018 22:44:29] - |RD| - [412] - C:\Users\Salah Eddine Tiar\Contacts
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Cookies
[01/11/2018 22:34:23] - |RD| - [107243133183] - C:\Users\Salah Eddine Tiar\Desktop
[01/11/2018 22:34:23] - |RD| - [69639096] - C:\Users\Salah Eddine Tiar\Documents
[01/11/2018 22:34:23] - |RD| - [1611892402] - C:\Users\Salah Eddine Tiar\Downloads
[01/11/2018 22:34:23] - |RD| - [690] - C:\Users\Salah Eddine Tiar\Favorites
[02/11/2018 17:34:51] - |A| - [447] - C:\Users\Salah Eddine Tiar\fightcade-debug.log
[02/11/2018 17:34:51] - |A| - [0] - C:\Users\Salah Eddine Tiar\fightcade.log
[02/11/2018 17:34:53] - |A| - [1281] - C:\Users\Salah Eddine Tiar\ggpo-ng.ini
[21/09/2019 14:49:45] - |A| - [6500] - C:\Users\Salah Eddine Tiar\ggpofba-ng.bkp.ini
[02/11/2018 00:26:49] - |SHD| - [25308] - C:\Users\Salah Eddine Tiar\IntelGraphicsProfiles
[01/11/2018 22:34:23] - |RD| - [2837] - C:\Users\Salah Eddine Tiar\Links
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Local Settings
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Menu Démarrer
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Mes documents
[01/11/2018 23:10:47] - |HD| - [4731683] - C:\Users\Salah Eddine Tiar\MicrosoftEdgeBackups
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Modèles
[04/11/2018 22:30:02] - |D| - [10133964] - C:\Users\Salah Eddine Tiar\Mp3tag
[01/11/2018 22:34:23] - |RD| - [504] - C:\Users\Salah Eddine Tiar\Music
[17/09/2019 23:32:07] - |AH| - [5767168] - C:\Users\Salah Eddine Tiar\NTUSER.DAT
[17/09/2019 23:32:09] - |ASH| - [1474560] - C:\Users\Salah Eddine Tiar\ntuser.dat.LOG1
[17/09/2019 23:32:09] - |ASH| - [1048576] - C:\Users\Salah Eddine Tiar\ntuser.dat.LOG2
[18/10/2019 11:24:30] - |ASH| - [1048576] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e1-d9a1-11e9-b0bb-8de7de217dac}.TxR.0.regtrans-ms
[18/10/2019 11:24:30] - |ASH| - [1048576] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e1-d9a1-11e9-b0bb-8de7de217dac}.TxR.1.regtrans-ms
[18/10/2019 11:24:30] - |ASH| - [1048576] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e1-d9a1-11e9-b0bb-8de7de217dac}.TxR.2.regtrans-ms
[18/10/2019 11:24:30] - |ASH| - [65536] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e1-d9a1-11e9-b0bb-8de7de217dac}.TxR.blf
[17/09/2019 23:32:09] - |ASH| - [65536] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e2-d9a1-11e9-b0bb-8de7de217dac}.TM.blf
[17/09/2019 23:32:09] - |ASH| - [524288] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e2-d9a1-11e9-b0bb-8de7de217dac}.TMContainer00000000000000000001.regtrans-ms
[17/09/2019 23:32:09] - |ASH| - [524288] - C:\Users\Salah Eddine Tiar\NTUSER.DAT{efa461e2-d9a1-11e9-b0bb-8de7de217dac}.TMContainer00000000000000000002.regtrans-ms
[17/09/2019 23:38:54] - |SH| - [20] - C:\Users\Salah Eddine Tiar\ntuser.ini
[01/11/2018 23:02:32] - |RD| - [108] - C:\Users\Salah Eddine Tiar\OneDrive
[01/11/2018 22:34:23] - |RD| - [884] - C:\Users\Salah Eddine Tiar\Pictures
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Recent
[21/09/2019 19:50:35] - |D| - [0] - C:\Users\Salah Eddine Tiar\Roaming
[01/11/2018 22:34:23] - |RD| - [282] - C:\Users\Salah Eddine Tiar\Saved Games
[01/11/2018 22:44:29] - |RD| - [3972] - C:\Users\Salah Eddine Tiar\Searches
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\SendTo
[01/11/2018 22:34:23] - |RD| - [694] - C:\Users\Salah Eddine Tiar\Videos
[01/12/2018 15:45:40] - |D| - [0] - C:\Users\Salah Eddine Tiar\VirtualBox VMs
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Voisinage d'impression
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\Voisinage réseau
[17/09/2019 23:32:07] - |D| - [3029594831] - C:\Users\Salah Eddine Tiar\AppData\Local
[01/11/2018 22:34:23] - |D| - [4357667] - C:\Users\Salah Eddine Tiar\AppData\LocalLow
[17/09/2019 23:32:07] - |D| - [1058326890] - C:\Users\Salah Eddine Tiar\AppData\Roaming
[03/02/2019 00:29:16] - |D| - [3570] - C:\Users\Salah Eddine Tiar\AppData\Local\3delite
[01/11/2018 22:45:56] - |D| - [12286835] - C:\Users\Salah Eddine Tiar\AppData\Local\Adobe
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Application Data
[15/11/2018 23:09:52] - |D| - [1821172] - C:\Users\Salah Eddine Tiar\AppData\Local\ashampoo
[03/02/2019 01:00:53] - |D| - [132160] - C:\Users\Salah Eddine Tiar\AppData\Local\bunkus.org
[01/11/2018 23:41:06] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\CEF
[10/10/2019 23:33:22] - |D| - [26107896] - C:\Users\Salah Eddine Tiar\AppData\Local\com.add0n.node
[01/11/2018 23:03:32] - |D| - [21716996] - C:\Users\Salah Eddine Tiar\AppData\Local\Comms
[01/11/2018 22:44:28] - |D| - [17066168] - C:\Users\Salah Eddine Tiar\AppData\Local\ConnectedDevicesPlatform
[04/11/2018 23:59:03] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\CrashDumps
[02/11/2018 01:05:00] - |D| - [205548] - C:\Users\Salah Eddine Tiar\AppData\Local\D3DSCache
[01/11/2018 23:14:06] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\DBG
[30/11/2018 21:46:42] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Diagnostics
[12/11/2018 20:11:10] - |D| - [19467776] - C:\Users\Salah Eddine Tiar\AppData\Local\Downloaded Installations
[02/11/2018 17:14:35] - |D| - [126746968] - C:\Users\Salah Eddine Tiar\AppData\Local\ESET
[04/11/2018 22:30:12] - |D| - [2137] - C:\Users\Salah Eddine Tiar\AppData\Local\ExpressVPN
[07/11/2018 19:24:43] - |D| - [3380492] - C:\Users\Salah Eddine Tiar\AppData\Local\fontconfig
[01/11/2018 23:17:45] - |D| - [219279575] - C:\Users\Salah Eddine Tiar\AppData\Local\Google
[17/11/2018 16:26:47] - |D| - [1274873] - C:\Users\Salah Eddine Tiar\AppData\Local\GoProVRPlayer_x64
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Historique
[18/09/2019 04:49:55] - |AH| - [295320] - C:\Users\Salah Eddine Tiar\AppData\Local\IconCache.db
[06/11/2018 19:11:38] - |D| - [8941179] - C:\Users\Salah Eddine Tiar\AppData\Local\Intel
[04/11/2018 22:30:16] - |D| - [1496] - C:\Users\Salah Eddine Tiar\AppData\Local\IsolatedStorage
[07/11/2018 00:03:04] - |D| - [11808807] - C:\Users\Salah Eddine Tiar\AppData\Local\Lenovo
[18/01/2019 15:48:47] - |D| - [2649096] - C:\Users\Salah Eddine Tiar\AppData\Local\LenovoServiceBridge
[02/11/2018 13:49:24] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\LSC
[17/10/2019 22:47:42] - |D| - [813864] - C:\Users\Salah Eddine Tiar\AppData\Local\mbam
[16/08/2019 14:03:53] - |D| - [235676] - C:\Users\Salah Eddine Tiar\AppData\Local\mbamtray
[04/11/2018 22:30:49] - |D| - [337188] - C:\Users\Salah Eddine Tiar\AppData\Local\Mega Limited
[04/11/2018 22:30:33] - |D| - [73962261] - C:\Users\Salah Eddine Tiar\AppData\Local\MEGAsync
[17/09/2019 23:32:07] - |D| - [1136184485] - C:\Users\Salah Eddine Tiar\AppData\Local\Microsoft
[01/11/2018 22:47:57] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Microsoft Help
[01/11/2018 23:10:37] - |D| - [68704] - C:\Users\Salah Eddine Tiar\AppData\Local\MicrosoftEdge
[09/11/2018 13:13:58] - |D| - [275813971] - C:\Users\Salah Eddine Tiar\AppData\Local\Mozilla
[03/01/2019 20:45:47] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\OneDrive
[01/11/2018 22:44:28] - |D| - [166638902] - C:\Users\Salah Eddine Tiar\AppData\Local\Packages
[02/11/2018 14:20:03] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\PeerDistRepub
[02/11/2018 00:14:00] - |D| - [182173] - C:\Users\Salah Eddine Tiar\AppData\Local\PlaceholderTileLogoFolder
[02/11/2018 17:00:03] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Programs
[01/11/2018 23:02:50] - |D| - [690792] - C:\Users\Salah Eddine Tiar\AppData\Local\Publishers
[02/11/2018 17:00:12] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\SHAREit Technologies
[02/11/2018 14:11:36] - |D| - [940] - C:\Users\Salah Eddine Tiar\AppData\Local\speech
[02/11/2018 14:40:01] - |D| - [128838301] - C:\Users\Salah Eddine Tiar\AppData\Local\SquirrelTemp
[01/11/2018 23:01:58] - |D| - [1777727] - C:\Users\Salah Eddine Tiar\AppData\Local\StartIsBack
[04/11/2018 22:36:57] - |D| - [97805] - C:\Users\Salah Eddine Tiar\AppData\Local\TechSmith
[17/09/2019 23:32:07] - |D| - [339454] - C:\Users\Salah Eddine Tiar\AppData\Local\Temp
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Temporary Internet Files
[04/08/2019 16:08:50] - |D| - [49130575] - C:\Users\Salah Eddine Tiar\AppData\Local\Video Thumbnails Maker
[01/11/2018 22:44:29] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\VirtualStore
[05/09/2019 22:28:36] - |D| - [721087579] - C:\Users\Salah Eddine Tiar\AppData\Local\WhatsApp
[02/11/2018 17:43:20] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Local\Windows Live
[16/10/2019 22:03:57] - |D| - [241138] - C:\Users\Salah Eddine Tiar\AppData\Local\ZHP
[01/11/2018 23:41:06] - |D| - [2497101] - C:\Users\Salah Eddine Tiar\AppData\LocalLow\Adobe
[07/11/2018 02:03:27] - |D| - [1722321] - C:\Users\Salah Eddine Tiar\AppData\LocalLow\Lenovo
[01/11/2018 22:44:42] - |SD| - [138245] - C:\Users\Salah Eddine Tiar\AppData\LocalLow\Microsoft
[09/11/2018 13:13:59] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\LocalLow\Mozilla
[01/11/2018 22:44:29] - |D| - [25696] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Adobe
[29/12/2018 20:36:16] - |D| - [41962] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Anvsoft
[15/11/2018 23:10:54] - |D| - [56681] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Ashampoo
[11/10/2019 14:57:34] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Roaming\DMCache
[30/07/2019 18:45:30] - |D| - [203] - C:\Users\Salah Eddine Tiar\AppData\Roaming\dvdcss
[29/08/2019 19:33:25] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Google
[11/10/2019 14:57:34] - |D| - [1009230] - C:\Users\Salah Eddine Tiar\AppData\Roaming\IDM
[21/09/2019 19:50:41] - |D| - [1164] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Intel
[26/01/2019 03:27:44] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Roaming\KRyLack Software
[02/11/2018 01:51:34] - |D| - [0] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Macromedia
[03/02/2019 01:19:05] - |D| - [1215092] - C:\Users\Salah Eddine Tiar\AppData\Roaming\MediaInfo
[17/09/2019 23:32:07] - |SD| - [140773434] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft
[09/11/2018 13:13:58] - |D| - [90409249] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Mozilla
[13/11/2018 17:31:27] - |D| - [63537] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Mp3tag
[15/11/2018 19:52:33] - |D| - [472636] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Nero
[04/10/2019 21:18:45] - |D| - [55001] - C:\Users\Salah Eddine Tiar\AppData\Roaming\nxengine
[18/10/2019 02:11:48] - |D| - [2249] - C:\Users\Salah Eddine Tiar\AppData\Roaming\OrboxC
[04/11/2018 20:12:08] - |D| - [1950] - C:\Users\Salah Eddine Tiar\AppData\Roaming\PhotoFiltre 7
[17/02/2019 20:55:06] - |D| - [1024718] - C:\Users\Salah Eddine Tiar\AppData\Roaming\SolidDocuments
[04/11/2018 22:37:10] - |D| - [8111] - C:\Users\Salah Eddine Tiar\AppData\Roaming\TechSmith
[12/02/2019 22:44:42] - |D| - [2346790] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Tenorshare
[02/11/2018 17:01:25] - |D| - [7097] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Umeng
[02/11/2018 14:16:08] - |D| - [572702230] - C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent
[01/11/2018 23:24:59] - |D| - [222829337] - C:\Users\Salah Eddine Tiar\AppData\Roaming\vlc
[02/11/2018 14:40:11] - |D| - [21191220] - C:\Users\Salah Eddine Tiar\AppData\Roaming\WhatsApp
[01/11/2018 23:45:01] - |D| - [12] - C:\Users\Salah Eddine Tiar\AppData\Roaming\WinRAR
[16/10/2019 22:03:58] - |D| - [4092717] - C:\Users\Salah Eddine Tiar\AppData\Roaming\ZHP
[01/11/2018 22:44:29] - |SH| - [174] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[17/09/2019 23:32:09] - |SHD| - [0] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[01/11/2018 22:34:23] - |RD| - [52184] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[02/11/2018 14:19:00] - |A| - [2288] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
[17/09/2019 23:32:07] - |RD| - [3888] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[17/09/2019 23:32:07] - |RD| - [1486] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[01/11/2018 22:44:29] - |RD| - [174] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[09/03/2019 11:32:37] - |D| - [2575] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Demonstar
[17/09/2019 23:32:07] - |SH| - [264] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[07/11/2018 19:14:33] - |D| - [4189] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[11/10/2019 14:57:28] - |D| - [6897] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[17/09/2019 23:32:07] - |D| - [170] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[04/11/2018 22:30:35] - |D| - [4707] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[14/10/2019 03:56:40] - |A| - [2441] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[04/11/2018 20:12:07] - |D| - [4718] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[01/11/2018 22:44:29] - |RD| - [174] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[17/09/2019 23:32:07] - |RD| - [4913] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[12/04/2019 11:56:33] - |D| - [1046] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
[02/11/2018 14:40:13] - |D| - [2275] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
[17/09/2019 23:32:07] - |RD| - [7754] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[07/11/2018 20:23:42] - |D| - [4513] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[01/11/2018 22:44:29] - |SH| - [174] - C:\Users\Salah Eddine Tiar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[01/11/2018 22:44:57] - |D| - [693269] - C:\ProgramData\Adobe
[17/09/2019 23:38:45] - |SHD| - [0] - C:\ProgramData\Application Data
[12/11/2018 20:11:35] - |D| - [11653413] - C:\ProgramData\Betternet
[01/11/2018 22:23:17] - |SHD| - [0] - C:\ProgramData\Bureau
[17/09/2019 23:38:45] - |SHD| - [0] - C:\ProgramData\Documents
[11/10/2019 23:32:12] - |D| - [8716288] - C:\ProgramData\Dolby
[01/11/2018 22:38:36] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[11/10/2019 14:57:34] - |D| - [0] - C:\ProgramData\IDM
[06/11/2018 19:11:37] - |D| - [197998760] - C:\ProgramData\Intel
[02/11/2018 13:49:15] - |D| - [403158318] - C:\ProgramData\Lenovo
[17/10/2019 22:47:06] - |D| - [22046944] - C:\ProgramData\Malwarebytes
[01/11/2018 22:23:17] - |SHD| - [0] - C:\ProgramData\Menu Démarrer
[19/03/2019 05:52:44] - |SD| - [1186468606] - C:\ProgramData\Microsoft
[01/11/2018 22:47:57] - |D| - [16] - C:\ProgramData\Microsoft Help
[17/09/2019 23:41:19] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[02/11/2018 01:07:35] - |D| - [2684] - C:\ProgramData\Microsoft Toolkit
[01/11/2018 22:38:46] - |A| - [102] - C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
[01/11/2018 22:23:17] - |SHD| - [0] - C:\ProgramData\Modèles
[22/02/2019 20:56:49] - |D| - [13519] - C:\ProgramData\Mozilla
[02/11/2018 13:48:00] - |D| - [435952124] - C:\ProgramData\Package Cache
[01/11/2018 23:02:29] - |D| - [73728] - C:\ProgramData\Packages
[01/11/2018 23:41:06] - |D| - [0] - C:\ProgramData\regid.1986-12.com.adobe
[19/03/2019 05:52:44] - |D| - [5312] - C:\ProgramData\regid.1991-06.com.microsoft
[21/09/2019 19:50:35] - |D| - [0] - C:\ProgramData\Roaming
[19/03/2019 05:52:44] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[04/11/2018 22:34:58] - |D| - [419711588] - C:\ProgramData\TechSmith
[19/03/2019 05:52:44] - |D| - [8901] - C:\ProgramData\USOPrivate
[17/09/2019 23:25:50] - |D| - [12095488] - C:\ProgramData\USOShared
[10/09/2019 20:40:10] - |D| - [64856] - C:\ProgramData\VS Revo Group
[19/03/2019 13:04:01] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[19/03/2019 05:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[01/11/2018 22:23:17] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[19/03/2019 05:52:44] - |RD| - [155075] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[02/11/2018 17:16:10] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[09/11/2018 03:16:48] - |A| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
[19/03/2019 05:52:44] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[19/03/2019 05:52:44] - |RD| - [11586] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[19/03/2019 05:52:44] - |RD| - [25478] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[01/11/2018 22:45:44] - |A| - [2469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
[18/09/2019 18:32:39] - |D| - [2052] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc
[15/03/2019 00:42:05] - |D| - [4189] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DemonStarSM1
[15/03/2019 00:47:47] - |D| - [2172] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DemonStarSM2
[14/10/2019 23:12:17] - |ASH| - [400] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[11/10/2019 23:32:16] - |D| - [2320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
[09/11/2018 03:16:48] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
[16/08/2019 14:04:42] - |A| - [1011] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[19/09/2019 23:51:31] - |A| - [2301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[16/07/2019 21:55:21] - |D| - [6329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life 1 Anthology Steam Edition
[19/03/2019 05:46:39] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[02/02/2019 17:53:03] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[11/10/2019 14:57:28] - |D| - [6744] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[19/03/2019 05:52:44] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[16/08/2019 14:03:38] - |D| - [3912] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[17/06/2019 18:18:22] - |D| - [5596] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
[18/06/2019 20:32:30] - |D| - [1344] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[13/11/2018 17:31:20] - |D| - [3390] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[02/11/2018 22:10:22] - |D| - [1273] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut
[02/11/2018 22:10:22] - |A| - [123] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\netcut.url
[09/11/2018 03:16:49] - |A| - [2576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive Entreprise.lnk
[09/11/2018 03:16:49] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[09/11/2018 03:16:49] - |D| - [18366] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office
[09/11/2018 03:16:50] - |A| - [2475] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
[09/11/2018 03:16:50] - |A| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
[09/11/2018 03:16:50] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
[10/05/2019 13:35:13] - |D| - [2039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[09/11/2018 03:16:50] - |A| - [2588] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Entreprise.lnk
[19/03/2019 05:52:44] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[19/03/2019 05:52:44] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[18/09/2019 18:32:43] - |D| - [1993] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[04/11/2018 22:35:08] - |D| - [5198] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[04/08/2019 16:08:51] - |D| - [2787] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Thumbnails Maker
[01/11/2018 22:58:20] - |D| - [5862] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[21/04/2019 20:09:31] - |D| - [911] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[02/11/2018 22:10:26] - |D| - [892] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[07/11/2018 20:23:42] - |D| - [4441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[09/11/2018 03:16:50] - |A| - [2497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[19/03/2019 05:49:34] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[01/11/2018 22:44:57] - |D| - [1558056668] - C:\Program Files (x86)\Adobe
[02/11/2018 22:10:21] - |D| - [8713259] - C:\Program Files (x86)\arcai.com
[18/09/2019 18:25:44] - |D| - [30210021] - C:\Program Files (x86)\Betternet
[19/03/2019 05:52:44] - |D| - [640334089] - C:\Program Files (x86)\Common Files
[09/03/2019 11:32:34] - |D| - [24763102] - C:\Program Files (x86)\Demonstar by www.mavioyun.org
[15/03/2019 00:42:05] - |D| - [14254383] - C:\Program Files (x86)\DemonStarSM1
[19/03/2019 05:49:34] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[07/11/2018 19:14:21] - |D| - [222162757] - C:\Program Files (x86)\FormatFactory
[19/09/2019 23:46:10] - |D| - [473077419] - C:\Program Files (x86)\Google
[03/11/2018 14:18:45] - |HD| - [36130488] - C:\Program Files (x86)\InstallShield Installation Information
[02/11/2018 00:27:03] - |D| - [13213520] - C:\Program Files (x86)\Intel
[11/10/2019 14:57:18] - |D| - [16978492] - C:\Program Files (x86)\Internet Download Manager
[19/03/2019 05:52:44] - |D| - [1166471] - C:\Program Files (x86)\Internet Explorer
[03/11/2018 14:19:10] - |D| - [19855450] - C:\Program Files (x86)\Lenovo
[11/09/2019 22:32:40] - |D| - [0] - C:\Program Files (x86)\Malwarebytes
[18/06/2019 20:32:29] - |D| - [9356010] - C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[01/11/2018 22:47:47] - |D| - [3218040437] - C:\Program Files (x86)\Microsoft Office
[19/03/2019 05:52:44] - |D| - [8215847] - C:\Program Files (x86)\Microsoft.NET
[16/08/2019 14:04:41] - |D| - [362042] - C:\Program Files (x86)\Mozilla Maintenance Service
[13/11/2018 17:31:19] - |D| - [11039421] - C:\Program Files (x86)\Mp3tag
[17/09/2019 23:03:05] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[14/10/2019 20:35:19] - |D| - [99372893] - C:\Program Files (x86)\NextUp-ScanSoft
[03/11/2018 14:18:44] - |D| - [3184374] - C:\Program Files (x86)\O2Micro
[18/09/2019 18:32:43] - |D| - [3982361] - C:\Program Files (x86)\OpenVPN
[04/11/2018 20:12:05] - |D| - [8331623] - C:\Program Files (x86)\PhotoFiltre 7
[01/11/2018 22:38:45] - |D| - [36643328] - C:\Program Files (x86)\Realtek
[17/09/2019 23:03:05] - |D| - [39847169] - C:\Program Files (x86)\Reference Assemblies
[02/11/2018 17:00:07] - |D| - [24578352] - C:\Program Files (x86)\SHAREit Technologies
[01/11/2018 22:44:29] - |D| - [4445870] - C:\Program Files (x86)\StartIsBack
[01/11/2018 22:40:04] - |D| - [287975] - C:\Program Files (x86)\SunplusIT Integrated Camera
[18/09/2019 18:25:44] - |D| - [272409] - C:\Program Files (x86)\TAP-Windows
[03/11/2018 14:07:14] - |HD| - [0] - C:\Program Files (x86)\Temp
[29/12/2018 21:13:00] - |D| - [9991] - C:\Program Files (x86)\VulkanRT
[19/03/2019 05:52:44] - |D| - [1846288] - C:\Program Files (x86)\Windows Defender
[19/03/2019 05:52:44] - |D| - [625664] - C:\Program Files (x86)\Windows Mail
[19/03/2019 13:04:01] - |D| - [39720] - C:\Program Files (x86)\Windows Multimedia Platform
[19/03/2019 05:52:44] - |D| - [8331608] - C:\Program Files (x86)\Windows NT
[19/03/2019 13:04:01] - |D| - [5364168] - C:\Program Files (x86)\Windows Photo Viewer
[19/03/2019 13:04:01] - |D| - [39720] - C:\Program Files (x86)\Windows Portable Devices
[19/03/2019 05:52:44] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[19/03/2019 05:52:44] - |D| - [2381303] - C:\Program Files (x86)\WindowsPowerShell
[02/11/2018 22:10:25] - |D| - [240048] - C:\Program Files (x86)\WinPcap
[07/11/2018 20:23:33] - |D| - [5135296] - C:\Program Files (x86)\WinRAR

---------- | C:\Program Files

[02/11/2018 17:16:09] - |D| - [5204927] - C:\Program Files\7-Zip
[02/11/2018 00:28:25] - |D| - [24551456] - C:\Program Files\Apoint2K
[19/03/2019 05:52:43] - |D| - [136671225] - C:\Program Files\Common Files
[19/03/2019 05:49:34] - |ASH| - [174] - C:\Program Files\desktop.ini
[11/10/2019 23:32:12] - |D| - [28784053] - C:\Program Files\Dolby
[01/11/2018 22:23:17] - |SHD| - [0] - C:\Program Files\Fichiers communs
[02/11/2018 00:26:44] - |D| - [396794619] - C:\Program Files\Intel
[19/03/2019 05:52:44] - |D| - [1826154] - C:\Program Files\Internet Explorer
[02/11/2018 13:49:12] - |D| - [48271834] - C:\Program Files\Lenovo
[17/10/2019 22:47:06] - |D| - [173600887] - C:\Program Files\Malwarebytes
[03/02/2019 01:18:48] - |D| - [665868] - C:\Program Files\MediaInfo
[03/11/2018 23:22:18] - |D| - [8835664] - C:\Program Files\Microsoft Office 15
[19/03/2019 05:52:44] - |D| - [0] - C:\Program Files\ModifiableWindowsApps
[10/10/2019 22:29:02] - |D| - [200642726] - C:\Program Files\Mozilla Firefox
[17/09/2019 23:03:05] - |D| - [25757] - C:\Program Files\MSBuild
[01/11/2018 22:38:33] - |D| - [28150755] - C:\Program Files\Realtek
[17/09/2019 23:03:05] - |D| - [39038121] - C:\Program Files\Reference Assemblies
[17/11/2018 05:40:54] - |D| - [31905721] - C:\Program Files\rempl
[18/09/2019 18:32:43] - |D| - [272780] - C:\Program Files\TAP-Windows
[04/11/2018 22:34:58] - |D| - [194515507] - C:\Program Files\TechSmith
[09/11/2018 13:47:42] - |D| - [442981] - C:\Program Files\ThinkPad
[01/11/2018 22:21:16] - |HD| - [0] - C:\Program Files\Uninstall Information
[19/06/2019 01:10:33] - |D| - [13107200] - C:\Program Files\UNP
[01/11/2018 22:58:07] - |D| - [176869892] - C:\Program Files\VideoLAN
[24/08/2019 00:10:51] - |D| - [187000] - C:\Program Files\VS Revo Group
[21/04/2019 20:09:31] - |D| - [32938386] - C:\Program Files\WhoCrashed
[19/03/2019 05:52:44] - |D| - [16300154] - C:\Program Files\Windows Defender
[19/03/2019 13:04:01] - |D| - [16547616] - C:\Program Files\Windows Defender Advanced Threat Protection
[19/03/2019 05:52:44] - |D| - [636416] - C:\Program Files\Windows Mail
[19/03/2019 13:04:01] - |D| - [47720] - C:\Program Files\Windows Multimedia Platform
[19/03/2019 05:52:44] - |D| - [8667992] - C:\Program Files\Windows NT
[19/03/2019 13:04:01] - |D| - [6181528] - C:\Program Files\Windows Photo Viewer
[19/03/2019 13:04:01] - |D| - [47720] - C:\Program Files\Windows Portable Devices
[19/03/2019 05:52:44] - |D| - [110373] - C:\Program Files\Windows Security
[19/03/2019 05:52:44] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[19/03/2019 05:52:44] - |HD| - [1903605046] - C:\Program Files\WindowsApps
[19/03/2019 05:52:44] - |D| - [2708335] - C:\Program Files\WindowsPowerShell
[01/11/2018 22:44:31] - |D| - [494] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[01/11/2018 22:44:57] - |D| - [467787159] - C:\Program Files (x86)\Common Files\Adobe
[09/11/2018 03:15:38] - |D| - [23328] - C:\Program Files (x86)\Common Files\DESIGNER
[02/11/2018 00:26:42] - |D| - [107014093] - C:\Program Files (x86)\Common Files\Intel
[19/03/2019 05:52:44] - |D| - [19873928] - C:\Program Files (x86)\Common Files\Microsoft Shared
[19/03/2019 05:52:44] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[19/03/2019 05:52:44] - |D| - [10084955] - C:\Program Files (x86)\Common Files\System
[02/11/2018 17:43:05] - |D| - [35547924] - C:\Program Files (x86)\Common Files\Windows Live

---------- | C:\Program Files\Common files

[21/09/2019 19:50:17] - |D| - [2468120] - C:\Program Files\Common files\Intel
[19/03/2019 05:52:43] - |D| - [123552456] - C:\Program Files\Common files\microsoft shared
[19/03/2019 05:52:44] - |D| - [2702] - C:\Program Files\Common files\Services
[19/03/2019 05:52:44] - |D| - [10647947] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [17/09/2019 23:38:43] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.9ED3472221F98263A52B1B36921248A3] - [17/09/2019 23:38:42] - |A| - [2954] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.D733B3162CA69ADCBE63E9B2C75CAA47] - [17/09/2019 23:38:42] - |A| - [2738] - C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-SALAH-PC-Salah Eddine Tiar         :   C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
[MD5.B8E25A10ABC5D936CF8901952EFF5B07] - [18/09/2019 18:25:46] - |A| - [3606] - C:\WINDOWS\System32\Tasks\ASUS Live Update1         :   "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[MD5.168A3023BB3D38F7A1FD5B38A4D0AA7C] - [18/09/2019 18:25:45] - |A| - [3594] - C:\WINDOWS\System32\Tasks\ASUS Live Update2         :   "C:\Program Files\Google\Chrome\Application\chrome.exe"
[MD5.8F40150F5BEBC70723E47064B59592CF] - [19/09/2019 23:46:15] - |A| - [3466] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.478246BFF31E0484DE36EA26CF2CECC5] - [19/09/2019 23:46:15] - |A| - [3590] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [17/09/2019 23:38:42] - |D| - [2494] - C:\WINDOWS\System32\Tasks\Intel
[MD5.00000000000000000000000000000000] - [17/09/2019 23:38:42] - |D| - [38284] - C:\WINDOWS\System32\Tasks\Lenovo
[MD5.0E4DD413A70E512D562566DCA3360A02] - [18/10/2019 11:22:14] - |A| - [3700] - C:\WINDOWS\System32\Tasks\Lenovo Power Management Driver PnP Task         :   C:\WINDOWS\System32\ibmpmsvc.exe
[MD5.00000000000000000000000000000000] - [17/09/2019 23:38:42] - |D| - [2834] - C:\WINDOWS\System32\Tasks\MEGA
[MD5.00000000000000000000000000000000] - [19/03/2019 05:52:45] - |D| - [616272] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.E5AFFC6AD503AB2CF9226707BDA32C2B] - [14/10/2019 03:56:42] - |A| - [3390] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4207456607-1934371375-1503238163-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.BB1CA71EFEDF3153A61BF416B2EBA5CF] - [17/09/2019 23:38:43] - |A| - [3220] - C:\WINDOWS\System32\Tasks\RtHDVBg_Dolby         :   "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"
[MD5.5CC96BFD681611DFC4ED576A737E34A7] - [17/09/2019 23:38:43] - |A| - [3216] - C:\WINDOWS\System32\Tasks\RTKCPL         :   "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"
[MD5.00000000000000000000000000000000] - [17/09/2019 23:38:43] - |D| - [3294] - C:\WINDOWS\System32\Tasks\S-1-5-21-4207456607-1934371375-1503238163-1001
[MD5.00000000000000000000000000000000] - [17/09/2019 23:38:43] - |D| - [0] - C:\WINDOWS\System32\Tasks\TVT
[MD5.00000000000000000000000000000000] - [19/03/2019 05:52:46] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.30|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"UDP Query User{844EC6BB-4827-4B51-98B7-7AEA0B2244D6}C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"TCP Query User{D89105F7-B08F-4AC8-8565-6F11E62E2D25}C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"{E9555835-8EA5-4D83-A114-A3D1216EC2B3}"=v2.29|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{3CF01E85-09F4-49C5-BADF-1BB6BA329338}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{0607898E-BDDD-455A-94D6-8C600009A742}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{DD84BC64-BE00-418F-B264-4995CB080C55}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (Salah Eddine Tiar)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{7F1EC906-5008-4F69-979F-2CA9E83EDA7D}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (Salah Eddine Tiar)|Desc=Allow µTorrent network traffic|
"{8C162BCB-DE23-43B3-97A1-9AB7F53D6328}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (Salah Eddine Tiar)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{278D2291-5B6C-4907-8908-65F74C4068CC}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Salah Eddine Tiar)|
"{574B72A9-406C-4C4C-BD68-A994E182AC48}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Salah Eddine Tiar)|
"{F779E58E-580A-48FC-A89A-2BA3F2BBDA09}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Salah Eddine Tiar\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (Salah Eddine Tiar)|Desc=Allow µTorrent network traffic|
"{B43CD5E6-547B-41FB-96C3-84CDA5143E0C}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=uSHAREitApp|
"{D3D625B2-D47B-4290-BFDB-2538F21F26D0}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=uSHAREitApp|
"{7F178490-9411-4A4F-99E6-AE57819D4F4F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=SHAREit|
"{E9306310-8E60-4038-9C0C-403D88351008}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=SHAREit|
"{23B697E5-1FBF-47CC-9F23-2F8F5F1A6C85}"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=SHAREit|
"{B5474886-4191-44CB-9165-5672823655B6}"=v2.28|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe|Name=SHAREit|
"TCP Query User{0FE2EB34-1223-4773-A7D7-86E4A01E48F0}F:\programmes\emulators\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=F:\programmes\emulators\fightcade\fightcade.exe|Name=fightcade|Desc=fightcade|Defer=User|
"UDP Query User{DD375C90-2D64-4C76-8C96-7043C2CBF430}F:\programmes\emulators\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=F:\programmes\emulators\fightcade\fightcade.exe|Name=fightcade|Desc=fightcade|Defer=User|
"{537FE914-FA4B-4B8E-85C7-B60DA7B01E9F}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=8318|Name=TechSmith Camtasia 9|
"{D9A1B8FD-EF48-40E5-8AE4-5CBA45E1DCA8}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory|
"{E4807D89-8F15-49A2-BE4C-F16080D57B25}"=v2.28|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader|
"{EC45568F-0E5F-4835-9AEA-585E09BA8C78}"=v2.28|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=1688|Name=0pen Port KMS|
"TCP Query User{2C4D2708-3BA9-45D3-9DB4-502359F357D0}C:\program files (x86)\demonstar by www.mavioyun.org\ds.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\demonstar by www.mavioyun.org\ds.exe|Name=ds|Desc=ds|Defer=User|
"UDP Query User{739CDFFB-33CE-419F-95C9-74B4F66D15BE}C:\program files (x86)\demonstar by www.mavioyun.org\ds.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\demonstar by www.mavioyun.org\ds.exe|Name=ds|Desc=ds|Defer=User|
"{C3389797-685C-4AB7-9976-D75C75186B87}"=v2.28|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{2A9BE1F6-420B-4AE3-B7DE-6753F929B832}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{E38A7B17-884B-4F51-9A8C-047330A5577C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{1881542B-63D8-4A62-ADAE-E72CDBB8776A}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{FBC0E6D1-62C1-4A17-85F9-184DD6D1690C}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{D5EE1488-8FB9-4F06-8096-BC6438A6C630}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{AB59B0E0-804E-4525-AAEE-3C425C2B94CF}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
"{F356BB40-B70E-40E9-9AAA-704BE59C2255}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{14D1EE49-6E12-4A59-A333-2CC7A7EBBAA7}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{3DADA729-7FBD-482D-A2E6-8B8F4EC48BE6}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{E0AD64A1-2B41-4297-B6E2-0DDEC1ADD54F}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{36557A9D-76CD-49E4-AB3D-4F2905CFCD15}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"UDP Query User{D978F4C6-CC46-4AFA-8387-9D56F43486FC}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"TCP Query User{FB4B2B29-6472-4487-A48F-4AB5875E8D02}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba.exe|Name=ggpofba.exe|Desc=ggpofba.exe|Defer=User|
"UDP Query User{B25C37E9-8D9B-482E-803A-EBFE6AEA6A40}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba.exe|Name=ggpofba.exe|Desc=ggpofba.exe|Defer=User|
"TCP Query User{A7F48B02-C302-4559-A298-2B1AC1732F07}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba-ng.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba-ng.exe|Name=ggpofba-ng.exe|Desc=ggpofba-ng.exe|Defer=User|
"UDP Query User{4B4F6043-FB49-4DE0-BB0C-E19489DBD17E}C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba-ng.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\fightcade-win32-v042.2\fightcade\ggpofba-ng.exe|Name=ggpofba-ng.exe|Desc=ggpofba-ng.exe|Defer=User|
"TCP Query User{23F818EA-8048-45E8-AB86-820AB829C0B3}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"UDP Query User{D1F22017-6A9C-47F5-90EF-C36085E95309}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"TCP Query User{F24C2E51-6A6A-43A6-BD9D-52998C2C9F9A}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba.exe|Name=ggpofba.exe|Desc=ggpofba.exe|Defer=User|
"UDP Query User{AD7625F2-A645-43D3-ADCC-739243B990EA}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba.exe|Name=ggpofba.exe|Desc=ggpofba.exe|Defer=User|
"TCP Query User{FD052B77-5A26-49C3-8C3C-627436C36726}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba-ng.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba-ng.exe|Name=ggpofba-ng.exe|Desc=ggpofba-ng.exe|Defer=User|
"UDP Query User{DB1F5F16-748A-4757-A35F-96246A121ECF}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba-ng.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\ggpofba-ng.exe|Name=ggpofba-ng.exe|Desc=ggpofba-ng.exe|Defer=User|
"{3533C6A8-F7D6-4473-BF9B-E6A1B704C4D5}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=GNews|Desc=GNews|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-1991111780-3868235990-910786226-3388829603-3134404328-933209620-3332497794|EmbedCtxt=GNews|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{4D7E4B9F-6A13-42D5-932A-A137F8736DA8}C:\program files\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User|
"UDP Query User{92A1A481-0601-44FB-9F65-FA65767D5B8B}C:\program files\videolan\vlc\vlc.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\videolan\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|Defer=User|
"{74FC6A63-A5CA-4517-BBDD-A1A6494AA484}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{3FC363E4-98C1-4174-8840-24B4D984852B}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Lenovo Vantage|Desc=Lenovo Vantage|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=Lenovo Vantage|Platform=2:6:2|Platform2=GTEQ|
"{4490A3F6-BDA5-41FD-B6C8-ED806E953A00}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ|
"{05B1C1A7-94D4-441C-A692-F7531F2C1D08}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Dolby Access|Desc=Dolby Access|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-864892550-682355956-3667821578-694357232-3878941086-3291980491-2900429266|EmbedCtxt=Dolby Access|Platform=2:6:2|Platform2=GTEQ|
"{C477160E-6E2D-421A-8D50-B90841ED86BA}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-4207456607-1934371375-1503238163-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{872A5958-AE25-429A-BB5E-C15D50A82939}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"UDP Query User{1A9C34F8-ACC4-4B44-8FF1-6BC7E397646D}C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\salah eddine tiar\desktop\salah\back to the emulation futur\fightcade\fightcade.exe|Name=fightcade.exe|Desc=fightcade.exe|Defer=User|
"TCP Query User{ADA9D5D4-F623-4787-9D9E-763463600B99}C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"UDP Query User{3C9804EF-8660-439E-B760-7EAB5D13ABA5}C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\salah eddine tiar\appdata\local\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"{6687BE52-676E-408E-8819-80380F5A4260}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\arcai.com\aips.exe|Svc=myservicename|Name=inaips.exe|Desc=Allow incoming network traffic to myservice|EmbedCtxt=Sample Rule Group|
"{02DD4A3D-BF26-45A5-A8F1-CA80E38C4725}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Program Files (x86)\arcai.com\aips.exe|Svc=myservicename|Name=outaips.exe|Desc=Allow incoming network traffic to myservice|EmbedCtxt=Sample Rule Group|
"{06E65968-5EB0-4431-8170-04C3D2661A68}"=v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\arcai.com\netcut_windows.exe|Svc=myservicename|Name=innetcut_windows.exe|Desc=Allow incoming network traffic to myservice|EmbedCtxt=Sample Rule Group|
"{AC99C566-F0B1-4F29-BC8B-B254B553D25D}"=v2.30|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|App=C:\Program Files (x86)\arcai.com\netcut_windows.exe|Svc=myservicename|Name=outnetcut_windows.exe|Desc=Allow incoming network traffic to myservice|EmbedCtxt=Sample Rule Group|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ee986ed-9d81-43b3-b9ea-30686e6f4219}] : (PSM) [] -> @oem53.inf,%ClassName%;Intel® Power Sharing Manager
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{277AA08A-A1FF-48C4-8A7A-198426E98B87}] : (PMDRVS) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem44.inf,%ClassName%;Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @c_media.inf,%ClassDesc%;Sound, video and game controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b2728d24-ac56-42db-9e02-8edaf5db652f}] : (RDCamera) [] -> @rdcameradriver.inf,%ClassName%;Remote Desktop Camera devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e6f1aa1c-7f3b-4473-b2e8-c97d8ac71d53}] : (UCM) [] -> @c_ucm.inf,%ClassDesc%;USB Connector Managers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[12/04/2019 12:28:29] - (1.67.16.20) - (Lenovo. - Lenovo Power Management Driver) - C:\WINDOWS\System32\drivers\pmdrvs.sys
[20/03/2017 21:31:12] - (1.82.4.4) - (Lenovo. - ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver) - C:\WINDOWS\System32\DRIVERS\ApsHM64.sys
[20/03/2017 21:31:12] - (1.82.4.4) - (Lenovo. - Shockproof Disk Driver) - C:\WINDOWS\System32\DRIVERS\Apsx64.sys
[12/02/2019 19:13:12] - (1.1.2.0) - (Lenovo Group Limited - Power Manager) - C:\WINDOWS\System32\drivers\Tppwr64v.sys
[21/04/2016 10:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\WINDOWS\System32\drivers\tap0901.sys
[03/08/2016 09:03:08] - (1.1.1.1013) - (BayHubTech/O2Micro - BayHubTech/O2Micro SD Reader Driver) - C:\WINDOWS\System32\drivers\bhtpcrdr.sys
[12/04/2019 12:28:29] - (1.67.16.20) - (Lenovo. - Lenovo Power Management Driver) - C:\WINDOWS\System32\drivers\ibmpmdrv.sys
[12/04/2019 12:32:18] - (8.1.1616.532) - (ALPSALPINE CO., LTD. - AlpsAlpine Touch Pad Driver) - C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
[26/12/2016 02:40:16] - (6.0.0.79) - (Sunplus Innovation Technology Inc. - SunplusIT Camera Driver) - C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
[20/09/2019 20:47:05] - (6.32.3.80) - (Tonec Inc. - Internet Download Manager WFP Driver) - C:\WINDOWS\system32\DRIVERS\idmwfp.sys
[01/03/2013 02:49:12] - (4.1.0.2980) - (Riverbed Technology, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\WINDOWS\system32\drivers\npf.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - amdkmpfd (@oem21.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter) -> System32\drivers\amdkmpfd.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorAC (@oem54.inf,%iaStorAC.DeviceDesc%;Intel(R) Chipset SATA/PCIe  RST Premium Controller) -> System32\drivers\iaStorAC.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAVC (@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller) -> System32\drivers\iaStorAVC.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - ItSas35i () -> System32\drivers\ItSas35i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - MbamElam (MbamElam) -> system32\DRIVERS\MbamElam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas35i () -> System32\drivers\megasas35i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - PMDRVS () -> System32\drivers\pmdrvs.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SgrmAgent (@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001) -> system32\drivers\SgrmAgent.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Shockprf (Shockprf) -> System32\DRIVERS\Apsx64.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SmartSAMD () -> System32\drivers\SmartSAMD.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - TPDIGIMN (TPDIGIMN) -> System32\DRIVERS\ApsHM64.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - afunix (afunix) -> \SystemRoot\system32\drivers\afunix.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_307898c750ba9e44\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ba2a8de08ea0d469\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - MpKsle1927fe4 () -> \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{421CD4AB-4038-4E23-A567-5141B748CEB6}\MpKsle1927fe4.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (@oem3.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TPPWRIF () -> System32\drivers\Tppwr64v.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - IDMWFP (IDMWFP) -> \SystemRoot\system32\DRIVERS\idmwfp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - NPF (NetGroup Packet Filter Driver) -> system32\drivers\npf.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Pro] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\jdownloader2] : (JDownloader 2.-.AppWork GmbH) -> "C:\Users\Salah Eddine Tiar\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{00176A23-1A4E-4429-817E-44B40D9EF692}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{00176A23-1A4E-4429-817E-44B40D9EF692}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0854C811-6DAD-441D-AB36-2F73631A04A1}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{0854C811-6DAD-441D-AB36-2F73631A04A1}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0859D400-7865-4657-90B2-85C84B45B41B}] : (Intel(R) Wireless Manageability Driver.-.Intel Corporation) -> MsiExec.exe /I{0859D400-7865-4657-90B2-85C84B45B41B}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1535E647-D354-4775-9EE8-FD9E8ED0701A}] : (Intel(R) Management Engine Driver.-.Intel Corporation) -> MsiExec.exe /I{1535E647-D354-4775-9EE8-FD9E8ED0701A}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2FAF2A80-5906-467E-8AD2-B83C94383600}] : (Microsoft VC++ redistributables repacked..-.Intel Corporation) -> MsiExec.exe /I{2FAF2A80-5906-467E-8AD2-B83C94383600}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{32A03EF3-57C8-4191-908E-F259389431F5}] : (Intel® PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec.exe /I{32A03EF3-57C8-4191-908E-F259389431F5}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}] : (Lenovo Active Protection System.-.Lenovo) -> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{a1f501b4-425e-463f-a3f5-094f5d1a3d13}] : (Intel(R) PRO/Wireless Driver.-.Intel Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}] : (O2Micro Flash Memory Card Windows Driver.-.O2Micro International LTD.) -> MsiExec.exe /X{A6668863-B0A3-4812-AAF2-E47749ECFE0E}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}] : (Camtasia 9.-.TechSmith Corporation) -> MsiExec.exe /I{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BBC1E59D-8BF9-4AED-8B02-DC54DDE462D0}] : (Intel(R) Wireless Manageability Driver Extension.-.Intel Corporation) -> MsiExec.exe /I{BBC1E59D-8BF9-4AED-8B02-DC54DDE462D0}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C9552825-7BF2-4344-BA91-D3CD46F4C442}] : (Intel(R) Trusted Connect Service Client x64.-.Intel Corporation) -> MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C442}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}] : (Dolby Audio X2 Windows API SDK.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{F290F786-5F69-48D4-B20B-D21C7DE56EF0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F9828CBB-EC5F-4CFE-AB2B-59EB6D375730}] : (Dolby Audio X2 Windows APP.-.Dolby Laboratories, Inc.) -> MsiExec.exe /X{F9828CBB-EC5F-4CFE-AB2B-59EB6D375730}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Demonstar by www.mavioyun.org] : (Demonstar by www.mavioyun.org.-.) -> C:\Program Files (x86)\Demonstar by www.mavioyun.org\Uninstal.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DemonStar Secret Missions 1_is1] : (DemonStar Secret Missions 1.-.Mountain King Studios) -> "C:\Program Files (x86)\DemonStarSM1\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DemonStar Secret Missions 2_is1] : (DemonStar Secret Missions 2.-.Mountain King Studios) -> c:\DemonStarSM2\unins000.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video Thumbnails Maker] : (Video Thumbnails Maker by Scorp (remove only).-.) -> "C:\Users\Salah Eddine Tiar\AppData\Local\Video Thumbnails Maker\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\www.ushareit.com_is1] : (SHAREit.-.SHAREit Technologies Co.Ltd) -> "C:\Program Files (x86)\SHAREit Technologies\SHAREit\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E77104D-96E1-4A9C-86F2-C7CF4C703830}] : (Betternet for Windows.-.Betternet Technologies Inc.) -> MsiExec.exe /X{2E77104D-96E1-4A9C-86F2-C7CF4C703830}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google LLC) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6BE5152F-0885-4AA5-8385-4AD2D8472C71}_is1] : (netcut version 3.5.4.-.arcai.com) -> "C:\Program Files (x86)\arcai.com\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{74E7D0FD-0D78-4942-BD38-354ED12780D4}] : (Betternet.-.CyberSpace) -> MsiExec.exe /I{74E7D0FD-0D78-4942-BD38-354ED12780D4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-0C0F074E4100}] : (Adobe Acrobat DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-1033-FFFF-7760-0C0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BE916006-E144-44CF-B467-F733D0F86200}] : (NextUp-ScanSoft Daniel British Voice.-.NextUp.com) -> MsiExec.exe /I{BE916006-E144-44CF-B467-F733D0F86200}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C9552825-7BF2-4344-BA91-D3CD46F4C441}] : (Intel(R) Trusted Connect Service Client x86.-.Intel Corporation) -> MsiExec.exe /I{C9552825-7BF2-4344-BA91-D3CD46F4C441}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}] : (Microsoft VC++ redistributables repacked..-.Intel Corporation) -> MsiExec.exe /I{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C80090400000000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration
[HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\004D958056877564092B588CB4544BB1] : Intel(R) Wireless Manageability Driver
[HKCR\Installer\Products\118C4580DAD6D144BA63F23736A1401A] : Intel(R) Management Engine Components
[HKCR\Installer\Products\32A67100E4A1924418E7444BD0E96F29] : Intel(R) Management Engine Components
[HKCR\Installer\Products\32BD33F51DD39AF4394025B30870CE4F] : Runtime x86 for Power Manager -> C:\Windows\Installer\{5F33DB23-3DD1-4FA9-9304-523B8007ECF4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3688666A3A0B2184AA2F4E7794CEEFE0] : O2Micro Flash Memory Card Windows Driver -> C:\Windows\Installer\{A6668863-B0A3-4812-AAF2-E47749ECFE0E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3FE30A238C75191409E82F958349135F] : Intel® PROSet/Wireless WiFi Software -> C:\WINDOWS\Installer\{32A03EF3-57C8-4191-908E-F259389431F5}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\49648A64CE950F8469C4E7679E8F2ADE] : Lenovo Active Protection System
[HKCR\Installer\Products\4B105F1AE524F3643A5F90F4D5A1D331] : Intel(R) PRO/Wireless Driver -> C:\WINDOWS\Installer\{A1F501B4-425E-463F-A3F5-094F5D1A3D13}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5282559C2FB74434AB193DDC644F4C14] : Intel(R) Trusted Connect Service Client x86
[HKCR\Installer\Products\5282559C2FB74434AB193DDC644F4C24] : Intel(R) Trusted Connect Service Client x64
[HKCR\Installer\Products\55352E2BE42CD7E4A83D54D595188083] : Update for Windows 10 for x64-based Systems (KB4023057)
[HKCR\Installer\Products\600619EB441EFC444B767F330D8F2600] : NextUp-ScanSoft Daniel British Voice
[HKCR\Installer\Products\687F092F96F54D842BB02DC1D75EE60F] : Dolby Audio X2 Windows API SDK -> C:\WINDOWS\Installer\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}\DolbyBlue.exe
[HKCR\Installer\Products\68AB67CA3301FFFF7706C0F070E41400] : Adobe Acrobat DC -> C:\Windows\Installer\{AC76BA86-1033-FFFF-7760-0C0F074E4100}\_SC_Acrobat.ico
[HKCR\Installer\Products\746E5351453D5774E98EDFE9E80D07A1] : Intel(R) Management Engine Driver
[HKCR\Installer\Products\94A442ECEA62A3D4CB457DB6FCDFEB2A] : Runtime x64 for Power Manager
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\BBC8289FF5CEEFC4BAB295BED6737503] : Dolby Audio X2 Windows APP -> C:\WINDOWS\Installer\{F9828CBB-EC5F-4CFE-AB2B-59EB6D375730}\DolbyBlue.exe
[HKCR\Installer\Products\D40177E21E69C9A4682F7CFCC4078303] : Betternet for Windows -> C:\WINDOWS\Installer\{2E77104D-96E1-4A9C-86F2-C7CF4C703830}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D95E1CBB9FB8DEA4B820CD45DD4E260D] : Intel(R) Wireless Manageability Driver Extension
[HKCR\Installer\Products\DF0D7E4787D02494DB8353E41D72084D] : Betternet -> C:\WINDOWS\Installer\{74E7D0FD-0D78-4942-BD38-354ED12780D4}\BetternetVPNPro5.0.5SilentActivatedLava.exe
[HKCR\Installer\Products\E7BC4A8BB5F7F4841A724E340100DEEC] : Camtasia 9 -> C:\Windows\Installer\{B8A4CB7E-7F5B-484F-A127-E4431000EDCE}\CamStudio.ico

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Échec de l’inscription du certificat SCEP pour WORKGROUP\SALAH-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Fri, 18 Oct 2019 10:22:43 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 038c6ea1-b9cb-4a47-8a67-0b883fa26a61
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Méthode : POST(9469ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

svchost (11628,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (7160,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (11816,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (12096,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (10592,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (7400,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (7540,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (1336,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (2512,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (1172,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (6876,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (4068,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\SALAH-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Thu, 17 Oct 2019 21:58:00 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: b03641fb-eee5-4036-ab8c-05baa6bef0fb
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Méthode : POST(3172ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\SALAH-PC$ via https://IFX-KeyId-97e5d1cd8b0497c04b4655a869c8f30efa89388d.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
Submit(Request): Bad Request
{"Message":"Attestation statement cannot be verified, rejecting request. TPM firmware needs update."}
HTTP/1.1 400 Bad Request
Cache-Control: no-cache
Date: Thu, 17 Oct 2019 21:57:52 GMT
Pragma: no-cache
Content-Length: 101
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: c7bd26a5-e5b2-43fe-8f84-f6e29a618512
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff

Méthode : POST(5062ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

svchost (12736,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (6016,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (12052,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------

svchost (4944,R,98) TILEREPOSITORYS-1-5-18: L’erreur -1023 (0xfffffc01) s’est produite lors de l’ouverture d’un fichier journal C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
------------


----------( EOF)---------- - 4643 | 11:44:35