--------------- QuickDiag | g3n-h@ckm@n | V3_31.01.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 24/02/2017 14:20:32

Updated 31/01/2017 | 13.00 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Anony8 (Administrator)] - [ANONY8-PC] (S-1-5-21-2259841950-3012193897-852833659-1000)

System: Microsoft Windows 7 Édition Intégrale - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Édition Intégrale |C:\Windows|\Device\Harddisk1\Partition2
Boot : Normal boot
PC: MS-7A12 - MSI - IdNumber: Default string - UUID: 00000000-0000-0000-0000-4CCC6A4C1F73
Processor : X64 - 4008 Mhz - Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
BIOS Date: 05/12/16 09:39:10 Ver: V1.30 - - American Megatrends Inc. - S/N: Default string - 1.30 - _ASUS_ - 1072009
CoreTemp : 29.8 Celsius

----------| Quick


---------- | SoundDevice

NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0071&SUBSYS_10DE1116&REV_1001\5&C17426E&0&0001
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0900&SUBSYS_1462DA12&REV_1000\4&2A7CEEA5&0&0001

---------- | Video

NVIDIA GeForce GTX 970 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_13C2&SUBSYS_111610DE&REV_A1\4&305862BD&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 970 - DriverVersion: 21.21.13.7633 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Intel[R] Ethernet Connection [2] I219-V : SENT:0 bytes/sec / RECVD:0 bytes/sec
Belkin USB Wireless Adaptor : SENT:0 bytes/sec / RECVD:0 bytes/sec
Microsoft Virtual WiFi Miniport Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{0BEEAB4A-2E76-466A-85F7-76884342E585} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{8B84A5A8-EECF-48A3-A96E-16C9FCBCA1A9} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{9A51D718-BCE8-4ACE-9C24-34C4E35E0455} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{410F30CC-B449-496A-A592-8038D194F6ED} : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{7E577C90-11D4-4F79-A36E-54667B3142F2} : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:0 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Belkin USB Wireless Adaptor - Ethernet 802.3 - Belkin International, Inc. - Status: - PnPID : USB\VID_050D&PID_845A\00E04C000001
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
RAS Async Adapter - - - Status: - PnPID : 
Intel(R) Ethernet Connection (2) I219-V - Ethernet 802.3 - Intel - Status: - PnPID : PCI\VEN_8086&DEV_15B8&SUBSYS_7A121462&REV_31\3&11583659&0&FE
TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0001
Microsoft Virtual WiFi Miniport Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\7&251D025A&0&01
TeamViewer VPN Adapter - Ethernet 802.3 - TeamViewer GmbH - Status: - PnPID : ROOT\NET\0000
Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
Carte Microsoft ISATAP #3 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Carte Microsoft ISATAP #4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0003
Carte Microsoft ISATAP #5 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0004

---------- | Memory

RAM = Total (MB) : 16736 | Free (MB) : 13950
Pagefile = Total (MB) : 24926 | Free (MB) : 21751
Virtual = Total (MB) : 4194 | Free (MB) : 4024

Physical Memory 0 : Capacity: 8589934592 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: 0420 - PartNumber: F4-3200C16-8GTZB    - S/N: 00000000
Physical Memory 2 : Capacity: 8589934592 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: 0420 - PartNumber: F4-3200C16-8GTZB    - S/N: 00000000

---------- | SID Users

Administrateur : [S-1-5-21-2259841950-3012193897-852833659-500]
Anony8 : [S-1-5-21-2259841950-3012193897-852833659-1000]
Invité : [S-1-5-21-2259841950-3012193897-852833659-501]
Administrateurs : [S-1-5-32-544]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Disque 1 Principal:] | Total : 931.41 Go | Free : 629.59 Go -> NTFS [SATA]
E:\ -> [Fixed] | [disque dur 2 - Photo & Logociel] | Total : 931.5 Go | Free : 917.72 Go -> NTFS [SATA]
G:\ -> [Fixed] | [disque - Gaming -] | Total : 917.62 Go | Free : 793.14 Go -> NTFS [SATA]

Disk Usage Information [2 total Physical Disks]

Physical Drive #1 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #0 [G:, E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKWDC_WD10EADS-65M2B0_____________________01.00A01\5&8376F5E&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKWDC_WD20EARS-00MVWB0____________________51.0AB51\5&714892F&0&4.0.0

---------- | Windows updates

Last detection : 2017-02-23 19:34:39
Downloaded last ones : 2017-02-22 05:15:18
Installed last ones : 2017-02-22 06:47:58
Next search : 2017-02-24 13:44:45

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.17840     (© Microsoft Corporation. Tous droits réservés.)
FF : 51.0.1.6234     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"

---------- | FlashPlayer


---------- | Security

AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

364 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23392) = C:\Windows\System32\smss.exe     [22/02/2017 06:12:45]    CPU Usage:0 %
656 | [Owner :  | Parent : 572() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [14/07/2009 00:52:37]    CPU Usage:0 %
716 | [Owner :  | Parent : 668() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [20/02/2017 19:36:42]    CPU Usage:0 %
780 | [Owner :  | Parent : 656(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [20/02/2017 19:30:54]    CPU Usage:0 %
788 | [Owner :  | Parent : 656(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23452) = C:\Windows\System32\lsass.exe     [22/02/2017 06:06:57]    CPU Usage:0 %
796 | [Owner :  | Parent : 656(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [08/10/2016 22:43:37]    CPU Usage:0 %
896 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
960 | [Owner :  | Parent : 780(services.exe) | ?????] - (.ESET - ESET Service.) - (9.0.407.1) = C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe     [17/11/2016 17:19:07]    CPU Usage:0 %
988 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
576 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
860 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
528 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1060 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1260 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1404 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1816 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe     [08/10/2016 22:43:33]    CPU Usage:0 %
1868 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1980 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.1354) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [19/12/2016 22:38:14]    CPU Usage:0 %
1056 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1384 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Intel Corporation - Intel® PROSet Monitoring Service.) - (20.7.57.0) = C:\Windows\System32\IPROSetMonitor.exe     [15/01/2016 17:00:32]    CPU Usage:0 %
1220 | [Owner :  | Parent : 780(services.exe) | ?????] - (.MSI -.) - (3.0.0.7) = C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe     [23/12/2016 00:14:37]    CPU Usage:0 %
1140 | [Owner :  | Parent : 780(services.exe) | ?????] - (.MSI - Super Charger Service.) - (1.3.0.1) = C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe     [08/10/2016 20:46:15]    CPU Usage:0 %
1592 | [Owner :  | Parent : 780(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2153.4955) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe     [12/10/2016 19:34:16]    CPU Usage:0 %
1424 | [Owner :  | Parent : 780(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [21/10/2016 19:34:03]    CPU Usage:0 %
1784 | [Owner :  | Parent : 780(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2148.3182) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe     [25/01/2017 14:59:26]    CPU Usage:0 %
2108 | [Owner :  | Parent : 1424(NVDisplay.Container.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7633) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe     [08/10/2016 21:59:46]    CPU Usage:0 %
2600 | [Owner :  | Parent : 780(services.exe) | ?????] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.6829.0) = E:\Logiciel\teamviewer\teamviewer\TeamViewer_Service.exe     [11/10/2016 17:28:05]    CPU Usage:0 %
2948 | [Owner :  | Parent : 780(services.exe) | ?????] - (.CyberGhost S.R.L - CyberGhost Service.) - (6.0.5.2405) = C:\Program Files\CyberGhost 6\CyberGhost.Service.exe     [12/10/2016 19:23:36]    CPU Usage:0 %
3236 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
3900 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.4.1186) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe     [16/03/2016 00:55:58]    CPU Usage:0 %
3928 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.4.1186) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe     [16/03/2016 00:54:30]    CPU Usage:0 %
4032 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe     [22/02/2017 06:14:05]    CPU Usage:0 %
3592 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Intel(R) Corporation - XtuService.) - (6.0.2.102) = C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe     [06/10/2015 08:51:56]    CPU Usage:0 %
996 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Intel Corporation - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS.) - (2.0.0.0) = C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe     [08/10/2016 20:53:45]    CPU Usage:0 %
920 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:31:13]    CPU Usage:0 %
1300 | [Owner : Anony8 | Parent : 780(services.exe) | 5.35 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [10/02/2017 19:21:03]    CPU Usage:0 %
3056 | [Owner : Anony8 | Parent : 1592(nvcontainer.exe) | 15.64 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.2153.4955) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe     [12/10/2016 19:34:16]    CPU Usage:0 %
972 | [Owner : Anony8 | Parent : 960(ekrn.exe) | 19.96 Mo] - (.ESET - ESET Main GUI.) - (9.0.407.0) = C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe     [17/11/2016 17:19:07]    CPU Usage:0 %
3504 | [Owner : Anony8 | Parent : 860(svchost.exe) | 58.96 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [14/07/2009 00:37:38]    CPU Usage:0 %
2432 | [Owner : Anony8 | Parent : 2576() | 41.59 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe     [22/02/2017 06:12:31]    CPU Usage:0 %
1276 | [Owner : Anony8 | Parent : 2432(explorer.exe) | 2.3 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.561.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe     [09/10/2016 09:26:55]    CPU Usage:0 %
2200 | [Owner : Anony8 | Parent : 1136() | 1.03 Mo] - (.Intel Corporation - iusb3mon.) - (4.0.0.36) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe     [08/10/2016 20:36:00]    CPU Usage:0 %
3272 | [Owner : Anony8 | Parent : 896(svchost.exe) | 5.55 Mo] - (.NVIDIA Corporation - NVIDIA Capture Server.) - (3.2.2.49) = C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe     [12/10/2016 19:35:34]    CPU Usage:0 %
3748 | [Owner : Anony8 | Parent : 3272(nvspcaps64.exe) | 20.96 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (55.2883.1519.2) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe     [12/10/2016 19:35:18]    CPU Usage:0 %
3144 | [Owner : Anony8 | Parent : 3748(NVIDIA Share.exe) | 14.67 Mo] - (.NVIDIA Corporation - NVIDIA Share.) - (55.2883.1519.2) = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe     [12/10/2016 19:35:18]    CPU Usage:0 %
2784 | [Owner : Anony8 | Parent : 3288() | 19.43 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.7.0.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe     [12/10/2016 19:34:58]    CPU Usage:0 %
3796 | [Owner : Anony8 | Parent : 676(csrss.exe) | 0.39 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23392) = C:\Windows\System32\conhost.exe     [22/02/2017 06:12:46]    CPU Usage:0 %
4136 | [Owner : Anony8 | Parent : 2108(nvxdsync.exe) | 7.23 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.7633) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe     [08/10/2016 21:59:46]    CPU Usage:0 %
4776 | [Owner : Anony8 | Parent : 1060(svchost.exe) | 1.98 Mo] - (.Microsoft Corporation - Windows Update.) - (7.6.7601.19161) = C:\Windows\System32\wuauclt.exe     [22/02/2017 06:14:54]    CPU Usage:0 %
5956 | [Owner : Anony8 | Parent : 5960() | 122.61 Mo] - (.Electronic Arts - Origin.) - (10.4.3.15631) = C:\Program Files (x86)\Origin\Origin.exe     [14/12/2016 21:14:49]    CPU Usage:0 %
3620 | [Owner : Anony8 | Parent : 5956(Origin.exe) | 4.18 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Origin\QtWebEngineProcess.exe     [14/12/2016 21:15:08]    CPU Usage:0 %
4188 | [Owner : Anony8 | Parent : 5956(Origin.exe) | 100.04 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Origin\QtWebEngineProcess.exe     [14/12/2016 21:15:08]    CPU Usage:0 %
4972 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe     [08/10/2016 22:43:20]    CPU Usage:0 %
4988 | [Owner :  | Parent : 4032(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe     [22/02/2017 06:14:04]    CPU Usage:0 %
3916 | [Owner : Système | Parent : 4032(SearchIndexer.exe) | 10.16 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe     [22/02/2017 06:14:04]    CPU Usage:0 %
5332 | [Owner :  | Parent : 576(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe     [08/10/2016 22:43:01]    CPU Usage:0 %
1364 | [Owner : Anony8 | Parent : 2432(explorer.exe) | 26.72 Mo] - (.SosVirus - QuickDiag.) - (31.1.17.1) = C:\Users\Anony8\Desktop\QuickDiag.exe     [24/02/2017 14:12:11]    CPU Usage:0 %
5748 | [Owner :  | Parent : 1060(svchost.exe) | ?????] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe     [08/10/2016 22:43:39]    CPU Usage:0 %
4752 | [Owner : Anony8 | Parent : 1060(svchost.exe) | 7.26 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe     [08/10/2016 22:43:39]    CPU Usage:0 %
4236 | [Owner :  | Parent : 780(services.exe) | ?????] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [08/10/2016 22:42:57]    CPU Usage:0 %

---------- | MD5

[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [22/02/2017 06:12:31] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3154 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [08/10/2016 22:43:35] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 00:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.B46D03BABD31B23E6FCB226CB22D4D6B] - [22/02/2017 06:12:48] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll
[MD5.C8A7F80DB5C193DD67747A1BA4B1782E] - [22/02/2017 06:06:57] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23452) : C:\Windows\System32\lsass.exe
[MD5.622C96AFB07BB82C8650B47172137AC4] - [22/02/2017 06:13:04] - (.© Microsoft Corporation. - Distributed COM Services.) - [499.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll
[MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 00:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [20/02/2017 19:30:54] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.FE70103391A64039A921DBFFF9C7AB1B] - [08/10/2016 22:43:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [984.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [08/10/2016 22:42:56] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 00:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [20/02/2017 19:36:42] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.9A4A1EEE802BF2F878EE8EAB407B21B7] - [20/02/2017 19:30:52] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [486 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 00:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [20/02/2017 19:30:49] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 00:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [08/10/2016 22:42:45] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - [08/10/2016 22:42:46] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [100 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [08/10/2016 22:42:45] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 00:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 01:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.10112D850C844606419C79EE24EE6016] - [22/02/2017 06:06:58] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23452) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.F7309F42555F8AAB7144A51A1F2585B0] - [20/02/2017 19:31:16] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.E47D571FEC2C76E867935109AB2A770C] - [20/02/2017 19:31:34] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.47B2D0B31BDC3EBE6090228E2BA3764D] - [20/02/2017 19:32:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1644.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 01:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [08/10/2016 22:43:21] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.1B6163C503398B23FF8B939C67747683] - [08/10/2016 22:42:51] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [162 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 01:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.B2875D7ABB82867DC3AA03D991940201] - [20/02/2017 19:30:31] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1851.73 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.AA77EB517D2F07A947294F260E3ACA83] - [20/02/2017 19:30:52] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.5 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [08/10/2016 22:43:31] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (16.4.0.0) -- C:\Program Files\7-Zip\7-zip.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.526) -- C:\Windows\system32\RltkAPO64.dll
(.Nahimic Inc.-.Nahimic APO lfx dll.) - (6.3.9600.17246) -- C:\Windows\system32\NAHIMICV2apo.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

 - ( [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: AUTORITE NT\Système
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
 - ( [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Anony8\AppData\Roaming   [08/10/2016 20:10:50]
"Local AppData"=C:\Users\Anony8\AppData\Local   [08/10/2016 20:10:50]
"My Video"=C:\Users\Anony8\Videos   [08/10/2016 20:10:50]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Libraries   [08/10/2016 20:11:07]
"My Pictures"=C:\Users\Anony8\Pictures   [08/10/2016 20:10:50]
"Desktop"=C:\Users\Anony8\Desktop   [08/10/2016 20:10:50]
"History"=C:\Users\Anony8\AppData\Local\Microsoft\Windows\History   [08/10/2016 20:10:50]
"NetHood"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [08/10/2016 20:10:50]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Anony8\Contacts   [08/10/2016 20:10:58]
"Cookies"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Cookies   [08/10/2016 20:10:50]
"Favorites"=C:\Users\Anony8\Favorites   [08/10/2016 20:10:50]
"SendTo"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\SendTo   [08/10/2016 20:10:50]
"Start Menu"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu   [08/10/2016 20:10:50]
"My Music"=C:\Users\Anony8\Music   [08/10/2016 20:10:50]
"Programs"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [08/10/2016 20:10:50]
"Recent"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Recent   [08/10/2016 20:10:50]
"CD Burning"=C:\Users\Anony8\AppData\Local\Microsoft\Windows\Burn\Burn1   [13/10/2016 04:25:04]
"PrintHood"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [08/10/2016 20:10:50]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Anony8\Searches   [08/10/2016 20:11:07]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Anony8\Downloads   [08/10/2016 20:10:50]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Anony8\AppData\LocalLow   [08/10/2016 20:10:51]
"Startup"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [08/10/2016 20:11:07]
"Administrative Tools"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [08/10/2016 20:11:07]
"Personal"=C:\Users\Anony8\Documents   [08/10/2016 20:10:50]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Anony8\Links   [08/10/2016 20:10:50]
"Cache"=C:\Users\Anony8\AppData\Local\Microsoft\Windows\Temporary Internet Files   [08/10/2016 20:10:50]
"Templates"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Templates   [08/10/2016 20:10:50]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Anony8\Saved Games   [08/10/2016 20:10:50]
"Fonts"=C:\Windows\Fonts   [14/07/2009 04:20:09]

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files   
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"CD Burning"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Burn\Burn1   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Lexmark E352dn XL,winspool,Ne02:   
"UserSelectedDefault"=1   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   
"ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 04:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 04:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 04:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 04:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 04:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 04:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 06:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 04:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 04:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 04:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 04:20:08]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"   
"Command Center"=C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe   [23/12/2016 00:14:38]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 04:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 04:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 04:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 04:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 04:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 04:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 06:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 04:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 04:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 04:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 04:20:08]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Wininit.ini : 

[rename]
NUL=E:\spybot\Spybot - Search & Destroy 2\av\smartdb-ntfs.db


---------- | Win.ini : 



---------- | System.ini : 



---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi] : "E:\avg pc uneup\Framework\Common\avguirna.exe" /lps=fmw  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Command Center] : C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe  [23/12/2016 00:14:38]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CyberGhost] : "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NahimicMSIUILauncher] : C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe /noUI  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf] : C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] : "G:\plateforme jeux\steam\Steam\steam.exe" -silent  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Super Charger] : C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe  [08/10/2016 20:46:15]

---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=3dc901a9-8834-458e-ae02-699a9cd   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *

sdnclean64.exe   
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"SetupExecute"=   

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN  NUMPROC=8   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=788   
"SecureBoot"=1   
"ProductType"=1   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   


---------- | .LNK

c:\$recycle.bin\s-1-5-21-2259841950-3012193897-852833659-1000\$rpncz87.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=0   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"PaintDesktopVersion"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=1   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=0   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [08/10/2016 20:10:58]
"SCRNSAVE.EXE"=C:\Windows\system32\Mystify.scr   [08/10/2016 22:42:50]
"ScreenSaveTimeOut"=599940   
"ScreenSaverIsSecure"=0   
"Pattern Upgrade"=TRUE   
"WallpaperDF"=C:\Users\Anony8\AppData\Local\DisplayFusion\Wallpaper_1   [13/12/2016 22:02:06]
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"link"=0x1D000000   
"Browse For Folder Width"=347   
"Browse For Folder Height"=350   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"TaskbarSizeMove"=0   
"DisablePreviewDesktop"=1   
"TaskbarSmallIcons"=1   
"TaskbarGlomLevel"=0   
"Start_PowerButtonAction"=2097168   
"WAUStartUpgrade"=0xB0759FBE5D22D201   
"WAUEndUpgrade"=0xE0BAC1075F22D201   
"StartMenuInit"=4   
""=0   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x080000000700000006000000040000000200000005000000030000000100000000000000FFFFFFFF   
"0"=0x6D00730063006F006E006600690068000000   
"1"=0x2E006A00700067000000   
"3"=0x62006C006F006E00640065000000   
"5"=0x6C006F00630061006C000000   
"2"=0x2E006100760069000000   
"4"=0x61006400770063006C00650061006E00650072000000   
"6"=0x7200610069006E006D0065007400650072000000   
"7"=0x65006C0065006D0065006E000000   
"8"=0x68006400770061006C006C00700061007000650072000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=21   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=33   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=2147483687   
"AutoAdminLogon"=0   
"DefaultUserName"=Anony8   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=userinit.exe   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/02/2017 19:24:00]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/02/2017 19:24:00]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=4858C8 setup.exe"=1
"SIGN.MEDIA=15B48BA DVDSetup.exe"=1
"SIGN.MEDIA=44356FE OtherDriver\Intel ME Driver\SetupME.exe"=1
"SIGN.MEDIA=65AEAE OtherDriver\ASMedia USB Driver\setup.exe"=1
"SIGN.MEDIA=27EAAC Utility\MSI\Super Charger\Super Charger.exe"=1
"SIGN.MEDIA=14C7064 Utility\MSI\Command Center\Command Center.exe"=1
"SIGN.MEDIA=23E8F90 Utility\Intel Extreme Tuning Utility\XTU-Setup.exe"=1
"C:\Users\Anony8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EIKT1WDM\Firefox%20Setup%20Stub%2049.0.1[1].exe"=1
"C:\Users\Anony8\Downloads\Logiciel installer\373.06-desktop-win8-win7-64bit-international-whql.exe"=1
"C:\Users\Anony8\Downloads\SteamSetup.exe"=1
"C:\Users\Anony8\Downloads\eset_nod32_antivirus_live_installer_.exe"=1
"C:\Users\Anony8\Downloads\OriginThinSetup.exe"=1
"C:\Users\Anony8\Downloads\DriversCloud_Win.exe"=1
"C:\pilote son realtek high audio driver\hd WIN7_6.0.1.7910\Setup.exe"=1
"G:\plateforme jeux\origin\OriginThinSetup.exe"=1
"E:\Logiciel\teamviewer\TeamViewer_Setup_fr.exe"=1
"E:\Logiciel\jdownloader\Install JDownloader.exe"=1
"E:\Logiciel\avg pc tuneup 2011\avg tuneup 2011 win7 winxp winvista\avg_pct_stf_all_2011.exe"=1
"E:\Logiciel\Cyberghost\CyberGhost_6.0.2.1985.exe"=1
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=1
"SIGN.MEDIA=117C8B0 daemon tools\DAEMON Tools Pro Advanced 5  By Life is a crack 3.0\Setup.exe"=1
"SIGN.MEDIA=FCFA1F10 setup.exe"=1
"C:\Users\Anony8\Downloads\Age.of.Mythology.Extended.Edition-RELOADED\setup.exe"=1
"E:\Logiciel\teamspeak\TeamSpeak3-Client-win64-3.0.19.4.exe"=1
"G:\plateforme jeux\steam\synchro with six avec arma\SyncSetup.exe"=1
"C:\Users\Anony8\AppData\Local\Sync\Update.exe"=1
"C:\Users\Anony8\AppData\Local\Temp\831846a1-ba17-470e-b61d-f56caa22dfc1\setup.exe"=1
"E:\Logiciel installer\format factory\FFSetup3-9-5-0.exe"=1
"C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=512
"C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=1
"C:\Users\Anony8\Downloads\Setup_Downloader_3.6.0_stable.exe"=1
"C:\Users\Anony8\Downloads\Rainmeter-3.3.2.exe"=1
"E:\Logiciel\separer 2 fond ecran page acceuil\DisplayFusionSetup-8.1.1.exe"=1
"C:\Users\Anony8\Downloads\hwmonitor_1.30.exe"=1
"C:\Users\Anony8\Downloads\setup_galaxy_1.1.25.13.exe"=1
"G:\Games\The_Witcher_3_Wild_Hunt-FLT\jeu sans patch\setup_the_witcher_3_wild_hunt_2.0.0.52.exe"=1
"G:\Games\The_Witcher_3_Wild_Hunt-FLT\setup_the_witcher3_dlc1-16_2.0.0.52.exe"=1
"C:\Users\Anony8\Downloads\setup_the_witcher3_dlc1-16_2.0.0.52.exe"=1
"C:\Users\Anony8\Downloads\AVG_Performance_709.exe"=1
"E:\acrobat reader pdf\readerdc_fr_xa_install.exe"=1
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe"=1
"E:\winrar hack mdpasse 2\rar-password-recovery-magic-5118-jetelecharge.exe"=1
"E:\adobe photoshp element 14\PhotoshopElements_14_LS28_win64.exe"=1
"SIGN.MEDIA=50986A English\P2P ID Finder Software\IPCam ActiveX.exe"=1
"SIGN.MEDIA=BF4691 English\CMS DeviceViewer\Windows\DeviceViewer.exe"=1
"C:\Users\Anony8\Downloads\DoctorStrange2016TRUEFRENCHMDDVDSCRXviD-LMPSwwwtelecharger-filmsnetavi (14 GB).exe"=1
"C:\Users\Anony8\Downloads\avg-anti-spyware_avg_anti-spyware_7.5.1.36_francais_27645.exe"=1
"C:\Users\Anony8\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6J1Q91P\Firefox%20Setup%20Stub%2051.0.1[1].exe"=1
"C:\Users\Anony8\Downloads\spybot-2.4.exe"=1


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x2B01C4F69221D201

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
[15644] More lines

---------- | Ping

Envoi d'une requ?te 'ping' sur google.fr [2a00:1450:400c:c06::5e] avec 32 octets de donn?es?:
R?ponse de 2a00:1450:400c:c06::5e?: temps=31 ms 
R?ponse de 2a00:1450:400c:c06::5e?: temps=34 ms 
R?ponse de 2a00:1450:400c:c06::5e?: temps=32 ms 
R?ponse de 2a00:1450:400c:c06::5e?: temps=32 ms 

Statistiques Ping pour 2a00:1450:400c:c06::5e:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 31ms, Maximum = 34ms, Moyenne = 32ms

---------- | @

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://www.google.fr/
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEA000000390100000A04000091030000
"Start Page Redirect Cache"=http://www.msn.com/fr-fr/?ocid=iehp
"Start Page Redirect Cache_TIMESTAMP"=0x078A6C529E21D201
"Start Page Redirect Cache AcceptLangs"=fr
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0x10827A86C483D201
"IE8TourShown"=1
"IE8TourShownTime"=0x4A44AE709E21D201
"AlwaysShowMenus"=1
"NotifyDownloadComplete"=yes
"Check_Associations"=no
"DisableScriptDebuggerIE"=yes
"OperationalData"=5
"ImageStoreRandomFolder"=aw9aivc
"DoNotTrack"=1
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x50BB8EBFE28AD201
"IE10TourShown"=1
"IE10TourShownTime"=0x605391BFE28AD201
"DefSpellLang"=fr-FR

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x11BE5C3CDC83D201
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"GlobalUserOffline"=0
"EnableAutodial"=0
"NoNetAutodial"=0
"ProxyHttp1.1"=1
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts


[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf]
"Progid"=JDownloader2 2
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dlc]
"Progid"=JDownloader2
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jdc]
"Progid"=JDownloader2 1
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.metalink]
"Progid"=JDownloader2 4
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsdf]
"Progid"=JDownloader2 3





---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   


---------- | Toolbar

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=21   
"ITBar7Height64"=0   

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DownloadRetries"=0   
"DefaultPackCorrection"=1   
"KnownProvidersUpgradeTime"=0x90BD3DB5E28AD201   
"Version"=4   
"UpgradeTime"=0xB06582BCE28AD201   


---------- | Extensions


---------- | SearchScopes

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects


---------- | Chrome


[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]

---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{410F30CC-B449-496A-A592-8038D194F6ED}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{410F30CC-B449-496A-A592-8038D194F6ED}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{410F30CC-B449-496A-A592-8038D194F6ED}]
"DhcpNameServer"=192.168.1.254

---------- | Applications

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"RPCSS"=RpcEptMapper
RpcSs
"defragsvc"=defragsvc
"LocalSystemNetworkRestricted"=UxSms
WdiSystemHost
Netman
trkwks
AudioEndpointBuilder
WUDFSvc
IPBusEnum
hidserv
dot3svc
irmon
sysmain
PcaSvc
homegrouplistener
WPDBusEnum
wlansvc
TabletInputService
CscService
UmRdpService
"LocalService"=nsi
WdiServiceHost
w32time
EventSystem
RemoteRegistry
WinHttpAutoProxySvc
sppuinotify
THREADORDER
netprofm
lltdsvc
fdphost
SstpSvc
WebClient
FontCache
"netsvcs"=AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
winmgmt
SessionEnv
browser
EapHost
schedule
hkmsvc
wercplsupport
ProfSvc
Themes
BDESVC
AppMgmt
"WerSvcGroup"=wersvc
"LocalServiceNoNetwork"=DPS
PLA
BFE
mpssvc
WwanSvc
"termsvcs"=TermService
"swprv"=swprv
"LocalServiceNetworkRestricted"=DHCP
eventlog
AudioSrv
BthHFSrv
LmHosts
wscsvc
homegroupprovider
WPCSvc
"LocalServicePeerNet"=PNRPSvc
p2pimsvc
p2psvc
PnrpAutoReg
"NetworkServiceAndNoImpersonation"=KtmRm
"regsvc"=RemoteRegistry
"LocalServiceAndNoImpersonation"=SSDPSRV
upnphost
SCardSvr
fdrespub
AppIDSvc
QWAVE
wcncsvc
SensrSvc
Mcx2Svc
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"NetworkServiceNetworkRestricted"=PolicyAgent
"NetworkService"=CryptSvc
DHCP
TermService
DNSCache
lanmanworkstation
NapAgent
nlasvc
WinRM
WECSVC
Tapisrv
"sdrsvc"=sdrsvc
"WbioSvcGroup"=WbioSrvc
"imgsvc"=StiSvc
"wcssvc"=WcsPlugInService
"AxInstSVGroup"=AxInstSV
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc
"utcsvc"=DiagTrack
"GPSvcGroup"=GPSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
msiscsi
schedule
SessionEnv
winmgmt
AppMgmt
"LocalService"=RemoteRegistry
WinHttpAutoProxySvc
sppuinotify
netprofm
WebClient
"LocalSystemNetworkRestricted"=Netman
AudioEndpointBuilder
dot3svc
WPDBusEnum
wlansvc
"LocalServiceNoNetwork"=PLA
"rpcss"=RpcSs
"LocalServiceNetworkRestricted"=AudioSrv
BthHFSrv
LmHosts
wscsvc
WPCSvc
"LocalServiceAndNoImpersonation"=SSDPSRV
upnphost
SCardSvr
QWAVE
wcncsvc
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"NetworkService"=CryptSvc
DHCP
TermService
DNSCache
NapAgent
nlasvc
WinRM
WECSVC
Tapisrv
"imgsvc"=StiSvc
"wcssvc"=WcsPlugInService


---------- | SvcHost - Netsvcs (Whitelisted)

Term -  : 

---------- | Software

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\7-Zip]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Adobe]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\antiufo]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\AppDataLow]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\AVG]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Belkin]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Bitdefender]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\BitTorrent]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Chromium]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Clients]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Common]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\CyberGhost]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Disc Soft]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\DT Soft]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\ej-technologies]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Electronic Arts]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\ESET]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\FreeTime]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\GOG.com]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Lexmark]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Macromedia]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\MainConcept]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\MainConcept (Consumer)]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Mozilla]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Nahimic]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Netscape]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\NVIDIA Corporation]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Overwolf]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Policies]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\QtProject]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Realtek]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Safer Networking Limited]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\sysinternals]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\TeamViewer]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\TechSmith]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Trolltech]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Valve]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\WinRAR]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Wow6432Node]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\ZHP]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\7-Zip]
[HKLM\Software\AdsFix]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Bitdefender]
[HKLM\Software\Caphyon]
[HKLM\Software\Clients]
[HKLM\Software\CPUID]
[HKLM\Software\cybelsoft]
[HKLM\Software\CyberGhost]
[HKLM\Software\Disc Soft]
[HKLM\Software\Dolby]
[HKLM\Software\EA Games]
[HKLM\Software\ej-technologies]
[HKLM\Software\ESET]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Lexmark]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Software]
[HKLM\Software\Sonic]
[HKLM\Software\Sysinternals]
[HKLM\Software\TAP-Windows]
[HKLM\Software\TeamSpeak 3 Client]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AdwCleaner]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\AVG]
[HKLM\Software\WOW6432Node\Belkin]
[HKLM\Software\WOW6432Node\bohemia interactive]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\DT Soft]
[HKLM\Software\WOW6432Node\EA Games]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\ESET]
[HKLM\Software\WOW6432Node\GOG.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Licenses]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\Overwolf]
[HKLM\Software\WOW6432Node\Rainmeter]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\RtWLan]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\TechSmith]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


E:


G:


---------- | C:

[23/02/2017 05:12:02] - |SHD| - [421913] - C:\$RECYCLE.BIN
[09/10/2016 19:39:47] - |D| - [1409587] - C:\63acc52e8366724b4b48e43d
[09/10/2016 21:28:14] - |D| - [1521899] - C:\854f609ccc2f7ca789ac9fdbb322
[21/02/2017 22:31:48] - |D| - [418614008] - C:\AdsFix
[MD5.B3E5ECC9E25C2CCD3104685D2C135DF1] - [21/02/2017 22:34:46] - |A| - (.-.) - [11239] - (0.0.0.0) - C:\AdsFix_22_02_2017_01_35_19.txt
[MD5.18C349105274C6C514D46C19DF352E68] - [22/02/2017 20:36:22] - |A| - (.-.) - [14830] - (0.0.0.0) - C:\AdsFix_23_02_2017_01_27_25.txt
[09/10/2016 20:06:00] - |D| - [1568298648] - C:\AdwCleaner
[14/07/2009 06:08:56] - |SHD| - [0] - C:\Documents and Settings
[23/12/2016 15:45:43] - |D| - [29957817259] - C:\GOG Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/02/2017 01:27:25] - |ASH| - (.-.) - [12853198848] - (0.0.0.0) - C:\hiberfil.sys
[08/10/2016 21:49:16] - |D| - [0] - C:\Lexmark
[08/10/2016 20:35:39] - |D| - [45079031] - C:\MSI
[08/10/2016 21:41:03] - |D| - [906328856] - C:\NVIDIA
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/10/2016 19:34:16] - |ASH| - (.-.) - [8388608000] - (0.0.0.0) - C:\pagefile.sys
[09/10/2016 09:23:25] - |D| - [918641428] - C:\pilote son realtek high audio driver
[14/07/2009 04:20:08] - |RD| - [3081982041] - C:\Program Files
[14/07/2009 04:20:08] - |RD| - [60707787322] - C:\Program Files (x86)
[14/07/2009 04:20:08] - |HD| - [50666933069] - C:\ProgramData
[24/02/2017 14:12:37] - |D| - [362050] - C:\QuickDiag
[MD5.C013F3C2B796AC1938611D11C554F41B] - [24/02/2017 14:20:32] - |A| - (.-.) - [114952] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.08FE0F54B5B44FE8BCFA74518AFE8D62] - [24/02/2017 14:19:57] - |RA| - (.-.) - [91189] - (0.0.0.0) - C:\QuickDiag_24_02_2017_14_19_57.txt
[08/10/2016 20:10:45] - |SHD| - [173147937] - C:\Recovery
[MD5.4703713FCE4642DDD7A528755BEE83E5] - [08/10/2016 20:38:09] - |A| - (.-.) - [2765] - (0.0.0.0) - C:\RHDSetup.log
[08/10/2016 19:34:15] - |SHD| - [0] - C:\System Volume Information
[14/07/2009 04:20:08] - |RD| - [540648665212] - C:\Users
[14/07/2009 04:20:08] - |D| - [31363077320] - C:\Windows

---------- | C:\Windows

[14/07/2009 06:32:38] - |D| - [802] - C:\Windows\addins
[14/07/2009 04:20:08] - |D| - [12664321] - C:\Windows\AppCompat
[14/07/2009 04:20:08] - |D| - [11345648] - C:\Windows\AppPatch
[14/07/2009 04:20:08] - |RSD| - [1718912024] - C:\Windows\assembly
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [08/10/2016 22:42:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[09/10/2016 19:51:07] - |SHD| - [553227] - C:\Windows\BitLockerDiscoveryVolumeContents
[14/07/2009 04:20:09] - |D| - [29267294] - C:\Windows\Boot
[MD5.7DF4EC76C0025925052240F29CEE1AA7] - [14/07/2009 06:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 04:20:09] - |D| - [4057600] - C:\Windows\Branding
[09/10/2016 19:51:07] - |D| - [0] - C:\Windows\CSC
[14/07/2009 04:20:09] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 05:45:54] - |D| - [1044] - C:\Windows\debug
[14/07/2009 06:32:38] - |D| - [3337627] - C:\Windows\diagnostics
[14/07/2009 06:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 06:32:38] - |D| - [0] - C:\Windows\Downloaded Program Files
[14/07/2009 16:35:13] - |D| - [119519773] - C:\Windows\ehome
[14/07/2009 06:37:46] - |D| - [1024] - C:\Windows\en-US
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [22/02/2017 06:12:31] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe
[14/07/2009 04:20:09] - |RSD| - [362680079] - C:\Windows\Fonts
[14/07/2009 16:24:08] - |D| - [142336] - C:\Windows\fr-FR
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 00:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 04:20:09] - |D| - [21741460] - C:\Windows\Globalization
[14/07/2009 04:20:09] - |D| - [207962138] - C:\Windows\Help
[MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 01:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 01:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [14/07/2009 16:35:58] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml
[14/07/2009 04:20:09] - |D| - [143551340] - C:\Windows\IME
[14/07/2009 04:20:10] - |D| - [142401611] - C:\Windows\inf
[08/10/2016 20:16:37] - |SHD| - [1223444214] - C:\Windows\Installer
[10/02/2017 19:41:32] - |D| - [89088] - C:\Windows\ja-JP
[14/07/2009 04:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[14/07/2009 04:20:10] - |D| - [0] - C:\Windows\LiveKernelReports
[14/07/2009 04:20:10] - |D| - [122074815] - C:\Windows\Logs
[14/07/2009 04:20:10] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 04:20:10] - |D| - [1200134197] - C:\Windows\Microsoft.NET
[08/10/2016 21:45:03] - |D| - [3907] - C:\Windows\Migration
[14/07/2009 04:20:10] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [20/02/2017 19:31:27] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [12/10/2016 19:34:31] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [25/01/2017 14:59:27] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat
[14/07/2009 06:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[10/02/2017 19:46:32] - |D| - [162896] - C:\Windows\Panther
[14/07/2009 06:32:38] - |D| - [62947231] - C:\Windows\Performance
[MD5.6CEA22F0E2E8D88AD4292BADB7F13DB1] - [22/02/2017 01:36:29] - |A| - (.-.) - [3044] - (0.0.0.0) - C:\Windows\PFRO.log
[14/07/2009 04:20:10] - |D| - [1529832] - C:\Windows\PLA
[14/07/2009 04:20:10] - |D| - [10211792] - C:\Windows\PolicyDefinitions
[08/10/2016 19:34:51] - |D| - [37707587] - C:\Windows\Prefetch
[09/10/2016 21:07:11] - |D| - [46752] - C:\Windows\pss
[MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 00:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 04:20:10] - |D| - [22588] - C:\Windows\Registration
[09/10/2016 19:51:07] - |D| - [0] - C:\Windows\RemotePackages
[14/07/2009 04:20:10] - |D| - [17362772] - C:\Windows\rescache
[14/07/2009 04:20:10] - |D| - [1928486] - C:\Windows\Resources
[MD5.51254CE041C5D011944C3E11D5A00608] - [09/10/2016 00:20:50] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2838232] - (1.0.6.8) - C:\Windows\RtlExUpd.dll
[14/07/2009 04:20:10] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 04:20:10] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 04:20:10] - |D| - [5281068] - C:\Windows\security
[14/07/2009 05:45:47] - |D| - [45542367] - C:\Windows\ServiceProfiles
[14/07/2009 04:20:10] - |D| - [127905088] - C:\Windows\servicing
[14/07/2009 05:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.640DAD2C12AB9C0D0D3070666B6CCF80] - [20/02/2017 18:49:37] - |A| - (.-.) - [224] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [20/02/2017 18:49:37] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[08/10/2016 20:10:43] - |D| - [2380989649] - C:\Windows\SoftwareDistribution
[14/07/2009 04:20:10] - |D| - [181563661] - C:\Windows\Speech
[MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [08/10/2016 22:43:24] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[14/07/2009 04:20:10] - |D| - [0] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[14/07/2009 04:20:10] - |D| - [7306045882] - C:\Windows\System32
[14/07/2009 04:20:14] - |D| - [1481956718] - C:\Windows\SysWOW64
[14/07/2009 04:20:14] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 04:20:14] - |D| - [18322] - C:\Windows\Tasks
[14/07/2009 04:20:14] - |D| - [2563026] - C:\Windows\Temp
[14/07/2009 04:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 06:32:38] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [08/10/2016 22:42:50] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.BE9ABBA239905C914B050195978E4D02] - [09/10/2016 19:50:21] - |A| - (.-.) - [51867] - (0.0.0.0) - C:\Windows\Ultimate.xml
[14/07/2009 04:20:14] - |D| - [12420] - C:\Windows\Vss
[MD5.1CEE64CCB9E5F017C1EE178C77982D99] - [09/10/2016 19:39:47] - |A| - (.-.) - [1414933] - (0.0.0.0) - C:\Windows\wat.MSU
[14/07/2009 04:20:14] - |D| - [42084464] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 03:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.7D1A8F8C5DD94DC7E309D9CCB2C55B6D] - [08/10/2016 20:10:43] - |A| - (.-.) - [1063220] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[MD5.7642BA60D4EF76A803ED8CC9D99523BA] - [21/02/2017 22:33:20] - |A| - (.-.) - [72] - (0.0.0.0) - C:\Windows\wininit.ini
[14/07/2009 04:20:14] - |D| - [14305273796] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 21:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 00:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe
[10/02/2017 19:40:09] - |D| - [92672] - C:\Windows\zh-CN
[08/10/2016 20:16:36] - |D| - [3865478] - C:\Windows\{113016FE-E013-4FAF-85FB-8649DEED76B2}

---------- | C:\Windows\System32\GroupPolicy

[MD5.4E0FBB269C78ECFF6292477EA5F67ADD] - [09/10/2016 21:18:22] - |A| - (.-.) - [205] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[09/10/2016 21:18:22] - |D| - [156] - C:\Windows\System32\GroupPolicy\Machine
[09/10/2016 21:18:22] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[16/03/2016 00:59:42] - C:\Windows\Installer\16970.msi : (Intel(R) ME UninstallLegacy - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/03/2016 01:01:38] - C:\Windows\Installer\16975.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/03/2016 01:01:56] - C:\Windows\Installer\1697a.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2016 19:19:56] - C:\Windows\Installer\1697f.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/10/2016 20:45:06] - C:\Windows\Installer\16987.msi : (Asmedia USB Host Controller Driver - Asmedia Technology)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/10/2015 08:53:04] - C:\Windows\Installer\169a2.msi : (MSI(R) Intel(R) Extreme Tuning Utility - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/10/2016 20:42:21] - C:\Windows\Installer\1a7713db.msi : (Mumble 1.2.17 - Thorvald Natvig)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/09/2016 09:42:24] - C:\Windows\Installer\1e10664.msi : (Hardware Detection DriversCloud.com - Cybelsoft)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/10/2016 20:16:36] - C:\Windows\Installer\23ba1f.msi : (Blank Project Template - InstallShield Software Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/10/2016 23:39:17] - C:\Windows\Installer\56a1ef.msi : (ESET NOD32 Antivirus - ESET, spol. s r.o.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/01/2017 15:30:35] - C:\Windows\Installer\582a5e.msi : (Visual Studio 2012 x64 Redistributables - AVG Technologies)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/01/2017 15:30:38] - C:\Windows\Installer\582a62.msi : (Visual Studio 2012 x86 Redistributables - AVG Technologies CZ, s.r.o.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/01/2017 16:03:07] - C:\Windows\Installer\75c869.msi : (7-Zip (x64 edition) Package - Igor Pavlov)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 09:41:29] - C:\Windows\Installer\9414b08.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2015 12:51:48] - C:\Windows\Installer\e95fc.msi : (Intel(R) Chipset Device Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/01/2016 11:34:54] - C:\Windows\Installer\e9601.msi : (Intel(R) Network Connections - Intel)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:32:48] - C:\Windows\Installer\e9606.msi : (CheckDevicesConfigurator - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:36:44] - C:\Windows\Installer\e960b.msi : (UIInstallUpgrade - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:36:38] - C:\Windows\Installer\e9610.msi : (NahimicSettingsConfigurator - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:36:58] - C:\Windows\Installer\e9615.msi : (LauncherSetup - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:37:24] - C:\Windows\Installer\e961a.msi : (ProductDaemonSetup - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/12/2015 08:36:52] - C:\Windows\Installer\e961f.msi : (AudioFXSetup - Nahimic)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/01/2017 17:54:54] - C:\Windows\Installer\fec837e.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 05:57:09] - [73] - C:\Windows\System32\desktop.ini
[10/02/2017 19:24:00] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 06:13:15] - [2692862] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 22:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[10/02/2017 19:24:02] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[14/07/2009 05:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[08/10/2016 20:35:32] - [2654786] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.F81CACE1E836C417C01D9B94CB5E54B2] - |A| - [20/02/2017 19:35:57] - (.-.) - [122.26 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.17F7A01392B9082EA58DC8ECDBB8428F] - |A| - [09/10/2016 21:07:11] - (.-.) - [24 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup
[MD5.067B0799E401EBCC97D873F26062AA12] - |ASH| - [09/10/2016 21:07:11] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [09/10/2016 21:07:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG1
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [09/10/2016 21:07:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG2
[MD5.AEE61C7129FD0642177FD76022907514] - |A| - [30/12/2016 12:04:46] - (.-.) - [0.66 Ko] - (0.0.0.0) - C:\Windows\PSS\Rainmeter.lnk.Startup
[MD5.CC71DEB24B2136E618C3E666E854E7EF] - |A| - [23/02/2017 01:29:59] - (.-.) - [4.97 Ko] - (0.0.0.0) - C:\Windows\Temp\lpksetup-20170223-012959-0.log
[MD5.AE7D35E4835BF3E87C0FF7356A16F8C0] - |A| - [23/02/2017 03:06:43] - (.-.) - [2.81 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [10/02/2017 19:40:41] - [0 Ko] - C:\Windows\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:06] - [0 Ko] - C:\Windows\System32\040C
[MD5.00000000000000000000000000000000] - |D| - [10/02/2017 19:41:16] - [0 Ko] - C:\Windows\System32\0411
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:45:49] - (.-.) - [35.22 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 05:45:49] - (.-.) - [35.22 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.B1F8619723EAA0A7FD4D416FC13736B5] - |A| - [09/10/2016 09:25:41] - (.-.) - [115.81 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.0ED080D9D51C64D6BE6B7EEC1B1F5ED6] - |A| - [09/10/2016 09:25:42] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [2807.23 Ko] - C:\Windows\System32\Boot
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 02:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 01:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.2F75C840664F1CBBCDE6275EE33A700F] - |A| - [09/10/2016 09:25:46] - (.(c) Conexant Systems, Inc. - CAFAPI.) - [109.86 Ko] - (1.0.0.4) - C:\Windows\System32\Caf64api.dll
[MD5.16CB0FA28583142C3C06CA90E1558F4F] - |A| - [09/10/2016 09:25:46] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [428.41 Ko] - (2.34.0.0) - C:\Windows\System32\CAF64APO2.dll
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 00:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [93580.28 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [46170.51 Ko] - C:\Windows\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [8038.83 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [367 Ko] - C:\Windows\System32\com
[MD5.00000000000000000000000000000000] - |SD| - [22/02/2017 20:23:35] - [4945.69 Ko] - C:\Windows\System32\CompatTel
[MD5.6E4CDADCF402A603F0A0AF3D1D2BA633] - |A| - [09/10/2016 09:25:46] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [347665.78 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.739F0F11C62C946AC86B146D0413A136] - |A| - [09/10/2016 09:25:47] - (.©Conexant Systems Inc. - Conexant APO.) - [1569.47 Ko] - (1.59.0.0) - C:\Windows\System32\CX64APO.dll
[MD5.E8F46CB4914D141E835C9C7DEC6A9986] - |A| - [09/10/2016 09:25:49] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\Windows\System32\CX64Proxy.dll
[MD5.2B4C3D9F114EE40FEAD6A86395F2FC89] - |A| - [09/10/2016 09:25:49] - (.-.) - [5.47 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.lncs
[MD5.2619F745E44D4DF9D271657F7EE99F1B] - |A| - [09/10/2016 09:25:49] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [08/10/2016 20:39:13] - [10260.68 Ko] - C:\Windows\System32\DAX2
[MD5.D59E6867ECF2FCC90109C2E3BA22BA16] - |A| - [09/10/2016 09:25:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\Windows\System32\DDPA64.dll
[MD5.F602195BEF26DE38EA1564EF628DAA82] - |A| - [09/10/2016 09:25:51] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.15 Ko] - (7.6.7.2) - C:\Windows\System32\DDPA64F3.dll
[MD5.63F71CB5A998BBF57509DDE6C8610C13] - |A| - [09/10/2016 09:25:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\Windows\System32\DDPD64A.dll
[MD5.3B7AE7BC95801CD0D3DA3E90CAE92F3F] - |A| - [09/10/2016 09:25:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\Windows\System32\DDPD64AF3.dll
[MD5.A55D758097C84CA6AA0D4B6C5F1DC87F] - |A| - [09/10/2016 09:25:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.78 Ko] - (7.6.5.1) - C:\Windows\System32\DDPO64A.dll
[MD5.8A69DAD003DB2FBC518BA9CF6D140948] - |A| - [09/10/2016 09:25:52] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.57 Ko] - (7.6.7.2) - C:\Windows\System32\DDPO64AF3.dll
[MD5.1BC706948AD7B4431B83D4EAF4A14DC9] - |A| - [09/10/2016 09:25:52] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\Windows\System32\DDPP64A.dll
[MD5.574784C0C7C62E62DA769FD115CE61F8] - |A| - [09/10/2016 09:25:54] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\Windows\System32\DDPP64AF3.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 05:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [5646.5 Ko] - C:\Windows\System32\Dism
[MD5.EB5F8DCE4D5A383DF85A1AF8601DC9D1] - |A| - [09/10/2016 09:25:55] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1089.01 Ko] - (0.7.2.31) - C:\Windows\System32\DolbyDAX2APOProp.dll
[MD5.1ECF37AEFACF3B918A28D652CD18AF41] - |A| - [09/10/2016 09:25:56] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2381.88 Ko] - (0.7.2.31) - C:\Windows\System32\DolbyDAX2APOv201.dll
[MD5.D363C467991C1F79DF4524B8A3F2C697] - |A| - [09/10/2016 09:25:56] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5216.16 Ko] - (0.7.2.31) - C:\Windows\System32\DolbyDAX2APOv211.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:10] - [84638.3 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [3980557.42 Ko] - C:\Windows\System32\DriverStore
[MD5.78C55803176ED006DBA9235148EA590B] - |A| - [09/10/2016 09:25:56] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll
[MD5.D4851D5F95D82311AED0D1D9A96B927B] - |A| - [09/10/2016 09:25:56] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll
[MD5.DF70B26EB8BC77C9355AC6C2128D09FF] - |A| - [09/10/2016 09:25:57] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll
[MD5.1201866EB12F221ECD7A4F8187B706BE] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll
[MD5.E2AADD23D377D8D6A950D984033CFC43] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll
[MD5.9267DB1D5D8C4D9150BAECDF4AB5707D] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS LFX APO.) - [247.91 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll
[MD5.C482D138B900976BE067EDE961F1E09A] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.96 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll
[MD5.225411FB3C5F7D233CA0399C44CAD3B1] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll
[MD5.1CA561199EDAAF6A3CB8D42F31FACEDC] - |A| - [09/10/2016 09:26:00] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll
[MD5.7A2F503EC03E12DB8CB75E12F5D45BB8] - |A| - [09/10/2016 09:26:01] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll
[MD5.5C156A1C4FB93F974690EA31477A821F] - |A| - [09/10/2016 09:26:01] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll
[MD5.79AE67E00048AD667495EE803FB7D8FB] - |A| - [09/10/2016 09:26:01] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll
[MD5.B82CF4D143834B0E2D9A999E77866562] - |A| - [09/10/2016 09:26:01] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll
[MD5.7BDC1737BA7A728164EEDBBB17BF2661] - |A| - [09/10/2016 09:26:02] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll
[MD5.B77A595819F1F8B6E7DF1D58ACCC679A] - |A| - [09/10/2016 09:26:02] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.71 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll
[MD5.0BAE91BDCCF7CF47F8AC02D96A135D4C] - |A| - [08/10/2016 20:37:00] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\Windows\System32\e1d62x64.din
[MD5.92791BA75CC241AEC9CFE40AC0941BE6] - |A| - [20/01/2017 21:36:15] - (.-.) - [274.55 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:06] - [1840 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [42580.95 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 21:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.27AFC893A03B7A6569A39FE3F893C746] - |A| - [18/11/2006 05:00:52] - (.-.) - [397.5 Ko] - (0.0.0.0) - C:\Windows\System32\gencoin.dll
[MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 04:20:11] - [0.35 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.8FA3FF500A22D9B072FC87CB4F6ED7F9] - |A| - [09/10/2016 09:26:07] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.75 Ko] - (1.2.0.0) - C:\Windows\System32\HarmanAudioInterface.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL
[MD5.8448AAEEF1426EBECA795281C5890931] - |A| - [09/10/2016 09:26:13] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [364.01 Ko] - (0.7.2.60) - C:\Windows\System32\HiFiDAX2API.dll
[MD5.E989D84A808DD46EDB3FACC6482D9A2E] - |A| - [09/10/2016 09:26:13] - (.© Harman. - Audio by Harman APO.) - [351.91 Ko] - (1.4.0.0) - C:\Windows\System32\HMClariFi.dll
[MD5.D06AD646A70F8770C67830E00298A0E1] - |A| - [09/10/2016 09:26:13] - (.© Harman. - Audio by Harman APO.) - [186.46 Ko] - (1.4.0.0) - C:\Windows\System32\HMEQ.dll
[MD5.548467F9A7340EF4DB3FE8D9B5FB4D2A] - |A| - [09/10/2016 09:26:13] - (.© Harman. - Audio by Harman APO.) - [186.46 Ko] - (1.4.0.0) - C:\Windows\System32\HMEQ_Voice.dll
[MD5.432E26E224F4841D880A6958656F0B87] - |A| - [09/10/2016 09:26:13] - (.© Harman. - Audio by Harman APO.) - [199.07 Ko] - (1.4.0.0) - C:\Windows\System32\HMHVS.dll
[MD5.909FA4187AB36B67877CDA8111FF04C0] - |A| - [09/10/2016 09:26:13] - (.© Harman. - Audio by Harman APO.) - [175.39 Ko] - (1.4.0.0) - C:\Windows\System32\HMLimiter.dll
[MD5.222DFFE263889A43DE743DBBC295CC2C] - |A| - [09/10/2016 09:26:13] - (.?Harman. - Audio by Harman APO UI.) - [406.75 Ko] - (1.4.0.0) - C:\Windows\System32\HMUI.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [434.5 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.FE7B26832F41A32246A9E7121F794225] - |A| - [09/10/2016 09:26:13] - (.Copyright (c) 2016, ICEpower a/s - ICEpower ICEsound audio effects.) - [461.24 Ko] - (1.0.0.20) - C:\Windows\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [36875.44 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.9302E6EC847941ADC0492EBBEA048368] - |A| - [09/10/2016 09:26:17] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 03:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [10.25 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 21:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore
[MD5.7D28377726AAC34626C5C7CDBF020319] - |A| - [09/10/2016 09:26:20] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll
[MD5.A074BFC53C73985F08CC34F038774FE3] - |A| - [09/10/2016 09:26:20] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.29 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll
[MD5.9792AEB100CA715B39DBF6545EE2C7A0] - |A| - [09/10/2016 09:26:21] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1138.83 Ko] - (4.5.8.0) - C:\Windows\System32\MaxxAudioAPO4064.dll
[MD5.37D600A2A69C6F834A8E221C217BE6BC] - |A| - [09/10/2016 09:26:21] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1185.22 Ko] - (5.6.5.0) - C:\Windows\System32\MaxxAudioAPO5064.dll
[MD5.06858BEBDB4999DB86164F7D20BC0F3F] - |A| - [09/10/2016 09:26:23] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1389.58 Ko] - (6.1.17.0) - C:\Windows\System32\MaxxAudioAPO6064.dll
[MD5.A7EAFD5763E8590305B84B2DBAA2B021] - |A| - [09/10/2016 09:26:24] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2758.89 Ko] - (7.0.10.0) - C:\Windows\System32\MaxxAudioAPO7064.dll
[MD5.57AB8BB2A14EB81CC01A421FAC688667] - |A| - [09/10/2016 09:26:25] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll
[MD5.1A19E683EE95013959548D1480E04541] - |A| - [09/10/2016 09:26:26] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [16970.2 Ko] - (4.1.24.0) - C:\Windows\System32\MaxxAudioCapture64.dll
[MD5.31F3301574367DD5B55EBADAA8130911] - |A| - [09/10/2016 09:26:29] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll
[MD5.F93247A5907D44CED7D3D9F0694BFFD6] - |A| - [09/10/2016 09:26:29] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\Windows\System32\MaxxAudioRealtek64.dll
[MD5.946D3867379620889E930427DADC1930] - |A| - [09/10/2016 09:26:31] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23753.23 Ko] - (7.1.44.0) - C:\Windows\System32\MaxxAudioRender64.dll
[MD5.EEC380711E78CE0687B4F5FA54BA8052] - |A| - [09/10/2016 09:26:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [23842.54 Ko] - (7.1.44.0) - C:\Windows\System32\MaxxAudioRenderAVX64.dll
[MD5.F51C150D2E5B06C7501A2AFC0DFF085E] - |A| - [09/10/2016 09:26:33] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.11 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll
[MD5.C7AED848FF7526AB6E092A51C1554364] - |A| - [09/10/2016 09:26:33] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [976.42 Ko] - (2.6.2.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll
[MD5.6669242F3E01D6A4983F167DD1E06CBE] - |A| - [09/10/2016 09:26:38] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12815.02 Ko] - (3.1.14.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll
[MD5.911E298A291F5F7D0562E5EBC199A09B] - |A| - [09/10/2016 09:26:39] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12683.94 Ko] - (4.0.19.0) - C:\Windows\System32\MaxxVoiceAPO4064.dll
[MD5.2B936660ACFD620E449D6607BBCF0DBD] - |A| - [09/10/2016 09:26:40] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 05:45:42] - [3.75 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [3480.43 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [37968.7 Ko] - C:\Windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 05:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.A9CF6471A71DEFFA17E315C971BA2F66] - |A| - [09/10/2016 09:26:44] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5462.52 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICAPOlfx.dll
[MD5.F2C8359B0EF3C8662280A5308F0E9581] - |A| - [09/10/2016 09:26:44] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\Windows\System32\NahimicAPONSControl.dll
[MD5.B46D0B05144ABE687DE0EAB3789294F8] - |A| - [09/10/2016 09:26:44] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5657.74 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV2apo.dll
[MD5.7649429BB08C8C3364D01EFBD67B09BE] - |A| - [09/10/2016 09:26:44] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [6209.52 Ko] - (6.3.9600.17246) - C:\Windows\System32\NAHIMICV3apo.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 23:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.F158978B71F1EECB0371AA763E6628F5] - |A| - [30/01/2017 22:04:51] - (.-.) - [610.62 Ko] - (1.0.28.16) - C:\Windows\System32\NetUtils2016.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 03:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.B71AD74A91E472CC8B283B8A7D2C9677] - |A| - [21/10/2016 19:32:21] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json
[MD5.163AD3B429613B592AF14718C1F2B985] - |A| - [08/10/2016 21:59:46] - (.-.) - [7460.56 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin
[MD5.F514C56E60B97D50FA06FF1BD1C302D9] - |A| - [07/06/2016 01:13:56] - (.-.) - [40.37 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb
[MD5.3F191346F281C9DC94DC264951184350] - |A| - [12/10/2016 19:35:38] - (.-.) - [119.05 Ko] - (0.0.0.0) - C:\Windows\System32\NvRtmpStreamer64.dll
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 21:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [15153.92 Ko] - C:\Windows\System32\oobe
[MD5.BD4E1C0EEE77191E7C5BCA4123F5877A] - |A| - [14/07/2009 03:36:59] - (.-.) - [119.26 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.73B8076823D66E3EE91006A3DDF6DD2B] - |A| - [14/07/2009 16:24:17] - (.-.) - [146.65 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B49A96AB983E988F4211D47659B822AA] - |A| - [10/02/2017 19:49:47] - (.-.) - [119.22 Ko] - (0.0.0.0) - C:\Windows\System32\perfc011.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 21:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 03:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [14/07/2009 16:24:17] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [10/02/2017 19:49:47] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd011.dat
[MD5.14B92BDD48FF1BBEC8BA8F6694E64B46] - |A| - [14/07/2009 03:36:59] - (.-.) - [638.92 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.4FB6F97AB2DE205E3465E0E823D943FD] - |A| - [14/07/2009 16:24:17] - (.-.) - [730.12 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.4A5334649BFA24A5CB3D7F469A99BFED] - |A| - [10/02/2017 19:49:47] - (.-.) - [399.12 Ko] - (0.0.0.0) - C:\Windows\System32\perfh011.dat
[MD5.59AD91E110E35F2468B54336729A33A6] - |A| - [14/07/2009 06:13:15] - (.-.) - [2629.75 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.FC902869E8D521FF65F4A7ED76641565] - |A| - [10/02/2017 19:49:43] - (.-.) - [116.77 Ko] - (0.0.0.0) - C:\Windows\System32\prfc0804.dat
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [10/02/2017 19:49:43] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\prfd0804.dat
[MD5.6A51ABBCE45E606E955029E2A3330CF6] - |A| - [10/02/2017 19:49:43] - (.-.) - [364.34 Ko] - (0.0.0.0) - C:\Windows\System32\prfh0804.dat
[MD5.3A6AE335F598733BA114414BACF8B163] - |A| - [10/02/2017 19:49:47] - (.-.) - [108.7 Ko] - (0.0.0.0) - C:\Windows\System32\prfi0804.dat
[MD5.E0CC2789C9BDED18253C0FD624840056] - |A| - [14/07/2009 01:40:54] - (.Copyright (C) 2001 - Application PrintBrm.) - [70 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:06] - [1228.48 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.F402FF3003DA1536C38F331B9968A6CE] - |A| - [09/10/2016 09:26:44] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.05 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEA64A.dll
[MD5.DDF171611785F95FC34B4A8CE0D33B3C] - |A| - [09/10/2016 09:26:44] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll
[MD5.F69E780BC20E3240902C50B3AEB8A7F8] - |A| - [09/10/2016 09:26:44] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.63 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEG64A.dll
[MD5.6FE74F4A05721EB87A21584046017EED] - |A| - [09/10/2016 09:26:44] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEL64A.dll
[MD5.343827BF24377FABEE8DC32B3D7D28CB] - |A| - [09/10/2016 09:26:44] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.53FDA4AF81E7C4895357A50E848B7CFE] - |A| - [08/10/2016 22:43:55] - (.Copyright (C) 2009 - RemoteFX Helper.) - [93.5 Ko] - (1.1.0.0) - C:\Windows\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:11] - [0.78 Ko] - C:\Windows\System32\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.D116B25AAE45CE0ECD8D2438555196F2] - |A| - [09/10/2016 09:26:51] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.A16AE49B3C6A118FD5241571553CF64D] - |A| - [09/10/2016 09:26:51] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.3DCEE896E622243041B2D0FFC584CE27] - |A| - [09/10/2016 09:26:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.2D79115E991CB48E9842D5F48A1F78DF] - |A| - [09/10/2016 09:26:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.B6E5F60D4EBA8E73FFBD94B522AE0B75] - |A| - [09/10/2016 09:26:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.74CBF2A89FDB5EC82B69AFC1DA642380] - |A| - [09/10/2016 09:26:54] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [08/10/2016 22:42:46] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |N| - [08/10/2016 20:37:39] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\Windows\System32\SetupBD.din
[MD5.4658C5B7A988BE07010AE14B76704B28] - |A| - [09/10/2016 09:26:56] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.25 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll
[MD5.EC0BF21672EAF37C66484B468924C329] - |A| - [09/10/2016 09:26:56] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll
[MD5.7ED72FFFC8845DC0EA8C729B0B2A4DB3] - |A| - [09/10/2016 09:26:57] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll
[MD5.61887B40C313FBC1E271CE3B5B03DBD8] - |A| - [09/10/2016 09:26:57] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [1017.33 Ko] - (3.5.12.0) - C:\Windows\System32\sl3apo64.dll
[MD5.43EA709D7AE76E69496FDCA72E51EB37] - |A| - [09/10/2016 09:26:57] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [2152.1 Ko] - (3.5.12.0) - C:\Windows\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:06] - [94.15 Ko] - C:\Windows\System32\slmgr
[MD5.C039673D9B94CB532A971DE88A26C4DB] - |A| - [09/10/2016 09:26:57] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [252.8 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll
[MD5.B7381BE4A2A1914A52843BEB7FD65D5A] - |A| - [09/10/2016 09:26:57] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [2643.42 Ko] - (3.5.12.0) - C:\Windows\System32\sltech64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [13954.02 Ko] - C:\Windows\System32\SMI
[MD5.62D575DBD6B9EA27C648A69C119BDE18] - |A| - [18/11/2006 05:01:40] - (.-.) - [791 Ko] - (0.0.0.0) - C:\Windows\System32\softcoin.dll
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 22:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [31912.5 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [42289.83 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [1843.23 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [09/10/2016 00:03:07] - [1775.5 Ko] - C:\Windows\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.5EF1DA20ABA96C0AF4E209FB6341F54F] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.21 Ko] - (4.0.0.59) - C:\Windows\System32\SRAPO64.dll
[MD5.AC4EF62CA64F6919D70245A4E254B564] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM.dll
[MD5.B23B7370056CA157E548AEE6CBF16A60] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM64.dll
[MD5.DF468EB6C16B528FC2A5999484C1FE50] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\Windows\System32\SRRPTR64.dll
[MD5.F0C04D1C582976637CC5EE135D26F8D4] - |A| - [09/10/2016 09:26:58] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll
[MD5.6D562919CB23F76007140BBB2C778570] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll
[MD5.C7BA145B5FC9827FA9A2E8230960F92C] - |A| - [09/10/2016 09:26:58] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.6748EF80562C4334B7EA19D3C87B17A7] - |A| - [09/10/2016 09:26:58] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [30/01/2017 22:04:52] - [0 Ko] - C:\Windows\System32\sstmp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [144 Ko] - C:\Windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [08/10/2016 22:43:46] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 22:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.088CC16443199E08AEE2B1AA25724FA6] - |A| - [18/01/2017 21:30:58] - (.-.) - [1.42 Ko] - (0.0.0.0) - C:\Windows\System32\TeamViewer12_Hooks.log
[MD5.8B14B0A583CBE68D39BE88176521AAA1] - |A| - [30/01/2017 22:04:52] - (.-.) - [10.41 Ko] - (0.0.0.0) - C:\Windows\System32\tmplog.log
[MD5.2388B23DC0B651E438C0DD4C79BFB2C5] - |A| - [09/10/2016 09:26:58] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Audio Source Filtering APO.) - [939.58 Ko] - (2.1.0.0) - C:\Windows\System32\tosasfapo64.dll
[MD5.5A9F4F20D0F951A10C95D4F0EE09E27B] - |A| - [09/10/2016 09:26:58] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Earphone Audio Enhancement APO.) - [436.7 Ko] - (2.1.0.0) - C:\Windows\System32\toseaeapo64.dll
[MD5.275D92AC5757C348B1E648FC03D20A5D] - |A| - [09/10/2016 09:26:59] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement APO.) - [1306.29 Ko] - (2.1.1.0) - C:\Windows\System32\tossaeapo64.dll
[MD5.4533377B5A45E8FA7F8D75C44D2DE121] - |A| - [09/10/2016 09:26:59] - (.Copyright © 2016 Toshiba Client Solutions Co., Ltd. - TOSHIBA Speaker Audio Enhancement Maximizer.) - [587.06 Ko] - (1.1.1.1) - C:\Windows\System32\tossaemaxapo64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [424 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:13] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.B0D8E26D3CC725F0CC6D33FDBEA061F7] - |A| - [14/07/2009 05:45:37] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.E2090ABBDE0128166584C1534810D334] - |A| - [14/07/2009 05:45:37] - (.-.) - [9 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [09/09/2016 19:25:10] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\Windows\System32\vulkan-1-1-0-26-0.dll
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [14/12/2016 21:22:46] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\Windows\System32\vulkan-1.dll
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [09/09/2016 19:24:38] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo-1-1-0-26-0.exe
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [14/12/2016 21:22:46] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\Windows\System32\vulkaninfo.exe
[MD5.B31DFDDD6A5B653DA43F71B0D54B153B] - |A| - [09/10/2016 09:26:59] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [81795.71 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:06] - [286.42 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [90031.66 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 22:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [16 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [81.5 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [23312.95 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [41148 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [268.15 Ko] - C:\Windows\System32\winrm
[MD5.CC7C3A4749F0B40F1A9BE10E71C1F2AC] - |A| - [08/10/2016 20:44:23] - (.-.) - [30.6 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Gms.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [34096.44 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [447 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 03:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 05:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [3194.43 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [32872.21 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.B9966F800D2A3A1522B1825077785C40] - |A| - [08/10/2016 20:53:39] - (.Copyright (c) 2015 Micro-Star INT'L CO.,LTD. - Windows Host Process.) - [1653.16 Ko] - (1.0.0.1) - C:\Windows\SysWOW64\muachost.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [45.77 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [418 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 03:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor
[MD5.9EA3CD2CB18622637DD032743D7750C9] - |A| - [21/10/2016 19:32:21] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.F9A7EAE1905B3DEB65171EAF446B1A10] - |A| - [08/10/2016 20:35:32] - (.-.) - [2592.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [434 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [1228.48 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [431 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [433 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [24/11/2016 00:54:57] - [179 Ko] - C:\Windows\SysWOW64\QuickTime
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.AC4EF62CA64F6919D70245A4E254B564] - |A| - [09/10/2016 09:26:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\Windows\SysWOW64\SRCOM.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [421.5 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.DC052774109280E48C54738B838F5BA1] - |A| - [30/01/2017 22:04:52] - (.-.) - [568.69 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\tmplog2.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [419 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 03:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [09/09/2016 19:25:58] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\Windows\SysWOW64\vulkan-1-1-0-26-0.dll
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [14/12/2016 21:22:46] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\Windows\SysWOW64\vulkan-1.dll
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [09/09/2016 19:25:28] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [14/12/2016 21:22:46] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [11045.31 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [286.42 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 06:32:38] - [23019.61 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [268.15 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 16:24:07] - [28.97 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [10/02/2017 19:40:49] - [1632 Ko] - C:\Windows\SysWOW64\zh-CHS
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [27842.25 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [255.5 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 04:20:14] - [334 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | [Anony8]

[08/10/2016 20:10:50] - |D| - [17808171061] - C:\Users\Anony8\AppData\Local
[08/10/2016 20:10:51] - |D| - [5367616] - C:\Users\Anony8\AppData\LocalLow
[08/10/2016 20:10:50] - |D| - [510815409] - C:\Users\Anony8\AppData\Roaming
[25/01/2017 10:49:47] - |D| - [3444765] - C:\Users\Anony8\AppData\Local\Adobe
[06/02/2017 19:26:17] - |D| - [26] - C:\Users\Anony8\AppData\Local\AdvinstAnalytics
[08/10/2016 20:10:51] - |SHD| - [16297203247] - C:\Users\Anony8\AppData\Local\Application Data
[13/10/2016 19:47:32] - |D| - [125570682] - C:\Users\Anony8\AppData\Local\Arma 3
[13/10/2016 19:40:22] - |D| - [1468246] - C:\Users\Anony8\AppData\Local\Arma 3 Launcher
[20/01/2017 15:29:13] - |D| - [32231798] - C:\Users\Anony8\AppData\Local\Avg
[20/01/2017 15:29:13] - |D| - [12920341] - C:\Users\Anony8\AppData\Local\AvgSetupLog
[13/10/2016 19:40:28] - |D| - [3290] - C:\Users\Anony8\AppData\Local\Bohemia_Interactive
[08/10/2016 23:01:06] - |D| - [5984542] - C:\Users\Anony8\AppData\Local\CEF
[23/02/2017 05:12:04] - |D| - [40] - C:\Users\Anony8\AppData\Local\Chromium
[05/02/2017 16:23:15] - |D| - [61266735] - C:\Users\Anony8\AppData\Local\CrashDumps
[12/10/2016 19:37:28] - |D| - [98226] - C:\Users\Anony8\AppData\Local\CyberGhost
[24/11/2016 18:33:52] - |A| - [8192] - C:\Users\Anony8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/02/2017 18:03:01] - |D| - [102476] - C:\Users\Anony8\AppData\Local\Diagnostics
[13/12/2016 21:48:43] - |D| - [13090112] - C:\Users\Anony8\AppData\Local\DisplayFusion
[08/10/2016 20:59:46] - |D| - [0] - C:\Users\Anony8\AppData\Local\ElevatedDiagnostics
[11/10/2016 19:12:36] - |D| - [19516594] - C:\Users\Anony8\AppData\Local\ESET
[03/12/2016 22:00:12] - |D| - [1247404] - C:\Users\Anony8\AppData\Local\fontconfig
[08/10/2016 21:57:46] - |A| - [60840] - C:\Users\Anony8\AppData\Local\GDIPFONTCACHEV1.DAT
[11/12/2016 23:29:44] - |D| - [1624785] - C:\Users\Anony8\AppData\Local\GOG.com
[08/10/2016 20:10:51] - |SHD| - [580] - C:\Users\Anony8\AppData\Local\Historique
[22/01/2017 21:18:23] - |AH| - [2570263] - C:\Users\Anony8\AppData\Local\IconCache.db
[06/11/2016 00:03:56] - |D| - [3399] - C:\Users\Anony8\AppData\Local\IsolatedStorage
[08/10/2016 20:10:50] - |D| - [52801402] - C:\Users\Anony8\AppData\Local\Microsoft
[08/10/2016 21:02:00] - |D| - [25091297] - C:\Users\Anony8\AppData\Local\Mozilla
[08/10/2016 22:45:20] - |D| - [2444] - C:\Users\Anony8\AppData\Local\NahimicMSI1.2.12
[08/10/2016 22:21:53] - |D| - [184890049] - C:\Users\Anony8\AppData\Local\NVIDIA
[08/10/2016 22:28:05] - |D| - [213771490] - C:\Users\Anony8\AppData\Local\NVIDIA Corporation
[21/11/2016 18:51:48] - |D| - [380441514] - C:\Users\Anony8\AppData\Local\Origin
[17/10/2016 20:45:25] - |D| - [28631020] - C:\Users\Anony8\AppData\Local\Overwolf
[08/10/2016 20:55:22] - |D| - [0] - C:\Users\Anony8\AppData\Local\Programs
[11/10/2016 18:50:10] - |D| - [21972713] - C:\Users\Anony8\AppData\Local\Songr
[18/10/2016 18:32:24] - |D| - [16228] - C:\Users\Anony8\AppData\Local\SquirrelTemp
[08/10/2016 23:01:06] - |D| - [72077762] - C:\Users\Anony8\AppData\Local\Steam
[18/10/2016 18:32:25] - |D| - [1601537] - C:\Users\Anony8\AppData\Local\Sync
[24/11/2016 00:56:28] - |D| - [0] - C:\Users\Anony8\AppData\Local\TechSmith
[08/10/2016 20:10:50] - |D| - [244210442] - C:\Users\Anony8\AppData\Local\Temp
[08/10/2016 20:10:51] - |SHD| - [4245556] - C:\Users\Anony8\AppData\Local\Temporary Internet Files
[08/10/2016 20:10:57] - |D| - [1024] - C:\Users\Anony8\AppData\Local\VirtualStore
[25/01/2017 10:56:27] - |D| - [41984] - C:\Users\Anony8\AppData\LocalLow\Adobe
[08/10/2016 20:39:41] - |SD| - [5325632] - C:\Users\Anony8\AppData\LocalLow\Microsoft
[23/11/2016 15:41:52] - |D| - [0] - C:\Users\Anony8\AppData\LocalLow\Mozilla
[09/10/2016 10:45:09] - |SD| - [0] - C:\Users\Anony8\AppData\LocalLow\Temp
[24/11/2016 00:55:07] - |D| - [9867] - C:\Users\Anony8\AppData\Roaming\Adobe
[30/11/2016 22:22:12] - |D| - [317801540] - C:\Users\Anony8\AppData\Roaming\AVG
[13/12/2016 21:48:46] - |SHD| - [352] - C:\Users\Anony8\AppData\Roaming\Common
[13/10/2016 19:41:35] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\DAEMON Tools iSCSI Target
[13/10/2016 04:23:41] - |D| - [2515463] - C:\Users\Anony8\AppData\Roaming\DAEMON Tools Pro
[08/10/2016 20:10:59] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\Identities
[30/01/2017 18:29:39] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\ipcamax
[26/01/2017 23:17:23] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\Macromedia
[08/10/2016 20:10:50] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\Media Center Programs
[08/10/2016 20:10:50] - |SD| - [83341710] - C:\Users\Anony8\AppData\Roaming\Microsoft
[08/10/2016 21:02:00] - |D| - [90347741] - C:\Users\Anony8\AppData\Roaming\Mozilla
[12/10/2016 19:43:00] - |D| - [5053] - C:\Users\Anony8\AppData\Roaming\NVIDIA
[08/10/2016 23:39:45] - |D| - [42942] - C:\Users\Anony8\AppData\Roaming\Origin
[30/01/2017 18:20:59] - |D| - [18] - C:\Users\Anony8\AppData\Roaming\P2P ID Finder
[12/12/2016 19:00:44] - |D| - [186317] - C:\Users\Anony8\AppData\Roaming\Rainmeter
[18/10/2016 18:35:19] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\Sync withSIX
[11/10/2016 17:28:06] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\TeamViewer
[26/12/2016 21:08:20] - |D| - [31752] - C:\Users\Anony8\AppData\Roaming\TS3Client
[09/10/2016 10:44:27] - |D| - [11541705] - C:\Users\Anony8\AppData\Roaming\uTorrent
[10/10/2016 19:18:44] - |D| - [12] - C:\Users\Anony8\AppData\Roaming\WinRAR
[08/02/2017 18:53:42] - |D| - [4990937] - C:\Users\Anony8\AppData\Roaming\ZHP
[08/10/2016 20:11:07] - |ASH| - [174] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[08/10/2016 20:10:51] - |SHD| - [28355] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[08/10/2016 20:10:50] - |RD| - [28355] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[25/01/2017 19:45:40] - |A| - [838] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\RAR Password Recovery Magic.lnk
[09/10/2016 10:44:49] - |A| - [2606] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
[08/10/2016 20:10:50] - |RD| - [14658] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[08/10/2016 20:11:07] - |RD| - [174] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[08/10/2016 20:11:07] - |ASH| - [476] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[14/01/2017 17:14:17] - |D| - [3349] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[08/10/2016 20:11:08] - |A| - [1448] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[08/10/2016 20:10:50] - |RD| - [580] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[17/10/2016 20:47:05] - |D| - [2263] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
[18/10/2016 18:32:35] - |D| - [0] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIX Networks GmbH
[11/10/2016 18:51:20] - |A| - [1056] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Songr.lnk
[08/10/2016 20:11:07] - |RD| - [174] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[10/10/2016 19:09:34] - |D| - [4177] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[08/10/2016 20:11:07] - |ASH| - [174] - C:\Users\Anony8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[25/01/2017 10:51:18] - |D| - [270813382] - C:\ProgramData\Adobe
[08/10/2016 21:50:27] - |D| - [0] - C:\ProgramData\APP
[14/07/2009 06:08:56] - |SHD| - [46388122147] - C:\ProgramData\Application Data
[20/01/2017 15:29:13] - |D| - [2269525] - C:\ProgramData\Avg
[13/12/2016 21:48:40] - |D| - [0] - C:\ProgramData\Binary Fortress Software
[13/10/2016 19:47:32] - |D| - [0] - C:\ProgramData\Bohemia Interactive
[08/10/2016 20:10:45] - |SHD| - [21424] - C:\ProgramData\Bureau
[20/01/2017 15:29:13] - |HD| - [96] - C:\ProgramData\Common Files
[13/10/2016 04:23:37] - |D| - [2268] - C:\ProgramData\DAEMON Tools Pro
[14/07/2009 06:08:56] - |SHD| - [21424] - C:\ProgramData\Desktop
[14/07/2009 06:08:56] - |SHD| - [37431520] - C:\ProgramData\Documents
[08/10/2016 20:39:17] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[09/10/2016 09:11:11] - |D| - [1895798] - C:\ProgramData\DriversCloud.com
[12/10/2016 19:43:52] - |D| - [3666] - C:\ProgramData\Electronic Arts
[08/10/2016 23:39:38] - |D| - [458403544] - C:\ProgramData\ESET
[08/10/2016 20:10:45] - |SHD| - [0] - C:\ProgramData\Favoris
[14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[07/02/2017 21:00:30] - |D| - [4096] - C:\ProgramData\Grisoft
[08/10/2016 20:44:16] - |D| - [51061076] - C:\ProgramData\Intel
[08/10/2016 21:49:06] - |D| - [0] - C:\ProgramData\Lexmark Package Logs
[08/10/2016 20:10:45] - |SHD| - [325604] - C:\ProgramData\Menu Démarrer
[14/07/2009 04:20:08] - |SD| - [432144250] - C:\ProgramData\Microsoft
[08/10/2016 20:10:45] - |SHD| - [0] - C:\ProgramData\Modèles
[09/10/2016 21:22:19] - |RASH| - [438] - C:\ProgramData\ntuser.pol
[08/10/2016 22:00:44] - |D| - [2806204] - C:\ProgramData\NVIDIA
[08/10/2016 21:59:35] - |D| - [1839180011] - C:\ProgramData\NVIDIA Corporation
[08/10/2016 23:10:20] - |D| - [330842476] - C:\ProgramData\Origin
[17/10/2016 20:46:20] - |D| - [566815237] - C:\ProgramData\Overwolf
[08/10/2016 20:36:22] - |D| - [81966085] - C:\ProgramData\Package Cache
[08/10/2016 21:49:16] - |D| - [782] - C:\ProgramData\Printer Install Logs
[26/01/2017 23:31:30] - |D| - [1718] - C:\ProgramData\regid.1986-12.com.adobe
[14/07/2009 06:08:56] - |SHD| - [325604] - C:\ProgramData\Start Menu
[24/11/2016 00:54:39] - |D| - [202604624] - C:\ProgramData\TechSmith
[30/11/2016 22:18:27] - |AD| - [0] - C:\ProgramData\TEMP
[14/07/2009 06:08:56] - |SHD| - [0] - C:\ProgramData\Templates

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 06:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 05:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[08/10/2016 20:10:45] - |SHD| - [161307] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009 04:20:08] - |D| - [161307] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 05:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[20/01/2017 16:03:11] - |D| - [1675] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[14/07/2009 04:20:08] - |RD| - [43638] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[25/01/2017 10:52:18] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 06:32:38] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[11/10/2016 19:16:09] - |D| - [1020] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[24/11/2016 00:54:49] - |D| - [12829] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[08/10/2016 20:55:23] - |D| - [4740] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[12/10/2016 19:23:40] - |D| - [2642] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
[13/10/2016 04:25:07] - |D| - [1305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[14/07/2009 05:54:23] - |ASH| - [964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/12/2016 21:48:37] - |D| - [54] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
[09/10/2016 09:11:11] - |D| - [2715] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
[08/10/2016 23:39:38] - |D| - [9224] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[14/07/2009 06:32:38] - |RD| - [6562] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[24/12/2016 01:04:08] - |D| - [3946] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[14/07/2009 04:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[08/10/2016 19:37:10] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[10/02/2017 18:51:03] - |A| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[08/10/2016 20:35:39] - |D| - [6798] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[08/10/2016 20:55:14] - |D| - [2687] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI(R) Intel(R) Extreme Tuning Utility
[17/10/2016 20:47:48] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[08/10/2016 20:40:24] - |D| - [2291] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic for MSI
[08/10/2016 22:27:27] - |D| - [11231] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[21/11/2016 18:53:14] - |D| - [3229] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[12/12/2016 19:00:42] - |A| - [672] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
[14/07/2009 05:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[14/07/2009 04:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[10/10/2016 19:55:58] - |D| - [829] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[18/01/2017 21:30:12] - |A| - [827] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[08/10/2016 19:36:55] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 05:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 05:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[10/10/2016 19:09:34] - |D| - [4105] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[14/07/2009 05:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 05:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[25/01/2017 10:51:46] - |D| - [221230223] - C:\Program Files (x86)\Adobe
[08/10/2016 20:45:15] - |D| - [5409248] - C:\Program Files (x86)\ASM104xUSB3
[08/10/2016 20:17:00] - |D| - [1210989] - C:\Program Files (x86)\Belkin
[14/07/2009 04:20:08] - |D| - [173253162] - C:\Program Files (x86)\Common Files
[14/07/2009 05:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[08/10/2016 20:17:01] - |HD| - [14531692] - C:\Program Files (x86)\InstallShield Installation Information
[08/10/2016 20:35:52] - |D| - [94343549] - C:\Program Files (x86)\Intel
[14/07/2009 04:20:08] - |D| - [10959423] - C:\Program Files (x86)\Internet Explorer
[08/10/2016 20:54:22] - |D| - [3242367] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[08/10/2016 20:54:23] - |D| - [343335] - C:\Program Files (x86)\Microsoft Synchronization Services
[08/10/2016 20:34:35] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[10/02/2017 18:50:57] - |D| - [97261123] - C:\Program Files (x86)\Mozilla Firefox
[10/02/2017 18:50:59] - |D| - [262595] - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 06:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[08/10/2016 20:46:15] - |D| - [67722969] - C:\Program Files (x86)\MSI
[08/10/2016 21:59:33] - |D| - [417908993] - C:\Program Files (x86)\NVIDIA Corporation
[21/11/2016 18:52:57] - |D| - [323907613] - C:\Program Files (x86)\Origin
[08/10/2016 23:40:24] - |D| - [56117110195] - C:\Program Files (x86)\Origin Games
[17/10/2016 20:46:29] - |D| - [570570445] - C:\Program Files (x86)\Overwolf
[09/10/2016 00:20:54] - |D| - [3563065] - C:\Program Files (x86)\Realtek
[14/07/2009 06:32:38] - |D| - [43495169] - C:\Program Files (x86)\Reference Assemblies
[08/10/2016 22:57:52] - |D| - [2502846247] - C:\Program Files (x86)\Steam
[08/10/2016 20:38:10] - |HD| - [0] - C:\Program Files (x86)\Temp
[14/07/2009 05:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[14/12/2016 21:22:46] - |D| - [846194] - C:\Program Files (x86)\VulkanRT
[14/07/2009 06:32:38] - |D| - [579584] - C:\Program Files (x86)\Windows Defender
[14/07/2009 04:20:08] - |D| - [6935552] - C:\Program Files (x86)\Windows Mail
[14/07/2009 06:32:38] - |D| - [5152017] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 04:20:08] - |D| - [12530868] - C:\Program Files (x86)\Windows NT
[14/07/2009 06:32:38] - |D| - [4491016] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 06:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 06:32:38] - |D| - [7839871] - C:\Program Files (x86)\Windows Sidebar

---------- | C:\Program Files

[20/01/2017 16:03:11] - |D| - [4975890] - C:\Program Files\7-Zip
[14/07/2009 04:20:08] - |D| - [103372660] - C:\Program Files\Common Files
[14/02/2017 18:54:41] - |HD| - [1022902] - C:\Program Files\Common FilesEAInstaller
[08/10/2016 20:55:23] - |D| - [8879579] - C:\Program Files\CPUID
[12/10/2016 19:23:36] - |D| - [64341867] - C:\Program Files\CyberGhost 6
[14/07/2009 05:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[09/10/2016 09:11:11] - |D| - [15214739] - C:\Program Files\DriversCloud.com
[14/07/2009 06:32:38] - |D| - [90355732] - C:\Program Files\DVD Maker
[08/10/2016 23:39:37] - |D| - [127887969] - C:\Program Files\ESET
[08/10/2016 20:10:45] - |SHD| - [103372660] - C:\Program Files\Fichiers communs
[08/10/2016 20:36:26] - |D| - [27883043] - C:\Program Files\Intel
[14/07/2009 04:20:08] - |D| - [31024858] - C:\Program Files\Internet Explorer
[14/07/2009 06:32:38] - |D| - [150094898] - C:\Program Files\Microsoft Games
[08/10/2016 20:54:32] - |D| - [4421503] - C:\Program Files\Microsoft SQL Server Compact Edition
[08/10/2016 20:54:32] - |D| - [343335] - C:\Program Files\Microsoft Synchronization Services
[14/07/2009 06:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[08/10/2016 20:40:14] - |D| - [8467697] - C:\Program Files\Nahimic
[08/10/2016 21:59:33] - |D| - [2197205029] - C:\Program Files\NVIDIA Corporation
[08/10/2016 20:39:12] - |D| - [48217984] - C:\Program Files\Realtek
[14/07/2009 06:32:38] - |D| - [41154217] - C:\Program Files\Reference Assemblies
[12/10/2016 19:36:27] - |D| - [272409] - C:\Program Files\TAP-Windows
[14/07/2009 06:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2009 06:32:38] - |D| - [4154880] - C:\Program Files\Windows Defender
[14/07/2009 04:20:08] - |D| - [7421952] - C:\Program Files\Windows Mail
[14/07/2009 06:32:38] - |D| - [7871405] - C:\Program Files\Windows Media Player
[14/07/2009 04:20:08] - |D| - [12960948] - C:\Program Files\Windows NT
[14/07/2009 06:32:38] - |D| - [5589272] - C:\Program Files\Windows Photo Viewer
[14/07/2009 06:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 06:32:38] - |D| - [8892324] - C:\Program Files\Windows Sidebar
[10/10/2016 19:09:31] - |D| - [6311622] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[25/01/2017 10:51:46] - |D| - [9748657] - C:\Program Files (x86)\Common Files\Adobe
[13/10/2016 19:47:26] - |D| - [2912272] - C:\Program Files (x86)\Common Files\BattlEye
[11/10/2016 20:23:56] - |HD| - [1769704] - C:\Program Files (x86)\Common Files\EAInstaller
[14/07/2009 04:20:08] - |D| - [44622545] - C:\Program Files (x86)\Common Files\microsoft shared
[17/10/2016 20:46:29] - |D| - [545328] - C:\Program Files (x86)\Common Files\Overwolf
[08/10/2016 20:44:20] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent
[26/01/2017 23:25:22] - |D| - [4820376] - C:\Program Files (x86)\Common Files\PX Storage Engine
[14/07/2009 04:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[14/07/2009 04:20:08] - |D| - [91907371] - C:\Program Files (x86)\Common Files\SpeechEngines
[08/10/2016 22:57:52] - |D| - [3476032] - C:\Program Files (x86)\Common Files\Steam
[14/07/2009 04:20:08] - |D| - [10617843] - C:\Program Files (x86)\Common Files\System
[24/11/2016 00:54:44] - |D| - [2625536] - C:\Program Files (x86)\Common Files\TechSmith Shared

---------- | C:\Program Files\Common files

[20/10/2016 21:18:33] - |HD| - [1021254] - C:\Program Files\Common files\EAInstaller
[14/07/2009 04:20:08] - |D| - [88330669] - C:\Program Files\Common files\Microsoft Shared
[14/07/2009 04:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[14/07/2009 04:20:08] - |D| - [1463808] - C:\Program Files\Common files\SpeechEngines
[14/07/2009 04:20:08] - |D| - [12554227] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 06:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.229389A07DA4011FE8D5A03BDC92E353] - [14/07/2009 06:08:49] - |A| - [18316] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.00000000000000000000000000000000] - [08/10/2016 20:54:43] - |D| - [4072] - C:\Windows\System32\Tasks\Intel
[MD5.DF6DB7D88C5CF5EE31753491CAC92923] - [08/10/2016 20:44:52] - |A| - [3646] - C:\Windows\System32\Tasks\Intel PTT EK Recertification         :   "C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe"
[MD5.00000000000000000000000000000000] - [14/07/2009 04:20:13] - |D| - [278788] - C:\Windows\System32\Tasks\Microsoft
[MD5.8C58EE156139F55A8827226A4C4DD9FD] - [08/10/2016 20:55:54] - |A| - [3130] - C:\Windows\System32\Tasks\NahimicMSIsvc32Run         :   "C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe"
[MD5.3617021E12E62931904E957E0D28B603] - [08/10/2016 20:55:54] - |A| - [3138] - C:\Windows\System32\Tasks\NahimicMSIsvc64Run         :   "C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe"
[MD5.46206A607E121DD1D65CF60FE5760E64] - [08/10/2016 20:40:20] - |A| - [3140] - C:\Windows\System32\Tasks\NahimicMSIUILauncherRun         :   "C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe"
[MD5.1FEE8B337B503353F1AA01C47F55C3A8] - [25/01/2017 14:59:41] - |A| - [4146] - C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
[MD5.826527C43469424AF3EE38AFF0329FBD] - [12/10/2016 19:35:29] - |A| - [3742] - C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
[MD5.13146D04D18C17D68B5BFF8A94FC90BB] - [12/10/2016 19:34:23] - |A| - [3738] - C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.8C70F48179F211F0163FB1D1491FD41B] - [12/10/2016 19:34:17] - |A| - [3494] - C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.4D656907EC768BDF92B5706DEE3CB6C4] - [12/10/2016 19:34:24] - |A| - [3730] - C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
[MD5.94B283B7B2AF25D3803D3151C2E712E3] - [12/10/2016 19:34:29] - |A| - [3554] - C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
[MD5.DBF463E961D16BD114A08BA8E573E2F7] - [12/10/2016 19:34:26] - |A| - [3738] - C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
[MD5.7AF01AD63A687726514200671AD642CE] - [17/10/2016 20:47:13] - |A| - [3730] - C:\Windows\System32\Tasks\Overwolf Updater Task         :   C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
[MD5.00000000000000000000000000000000] - [20/02/2017 19:07:36] - |D| - [0] - C:\Windows\System32\Tasks\Safer-Networking
[MD5.00000000000000000000000000000000] - [14/07/2009 06:09:57] - |D| - [4480] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [14/07/2009 04:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{17EFACF3-8E07-4CBC-99F7-5B963EC4F501}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{1FD61D7E-98EA-43A7-BB51-3E4DA859F7EF}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
"{616BE256-0EC2-4B10-BD46-29C22DF18D4C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud|
"{C22C7334-86BF-43C4-9753-82E2FF246442}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\DriversCloud.com\DriversCloud.exe|Name=DriversCloud|
"{DACC179F-55AD-44B1-90A2-B39B1DC280DD}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (Anony8)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{8701160D-08C5-4FAD-8566-D3593EDCF526}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (Anony8)|Desc=Allow µTorrent network traffic|
"{030C2663-55B6-49B3-B116-5986CD3C400D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (Anony8)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{5384682F-9D61-4C78-936C-FEAD2583B501}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Anony8)|
"{BB570DF2-4248-443B-B451-0417B2965F56}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Anony8)|
"{30238A83-780F-49B8-9679-A0ACCB3E2D66}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (Anony8)|Desc=Allow µTorrent network traffic|
"TCP Query User{12BEF500-7768-4858-B7D9-6DDB29E77704}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User|
"UDP Query User{3C8A163C-90AB-4B2B-84F7-3FD0E0735EDE}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User|
"TCP Query User{CD442D55-AF17-4820-915A-AAC8F33755AE}G:\plateforme jeux\steam\steam\steamapps\common\arma 3\arma3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=G:\plateforme jeux\steam\steam\steamapps\common\arma 3\arma3.exe|Name=Arma 3|Desc=Arma 3|Defer=User|
"UDP Query User{EE7F4FA9-0B41-4CCD-903D-174ADC1BE713}G:\plateforme jeux\steam\steam\steamapps\common\arma 3\arma3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=G:\plateforme jeux\steam\steam\steamapps\common\arma 3\arma3.exe|Name=Arma 3|Desc=Arma 3|Defer=User|
"{25EA881A-5A06-4248-86A7-C73D1A395C99}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=E:\Logiciel installer\format factory\format factory\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader|
"{C1E0642C-EFDA-4E8A-817C-0DE6DC17237A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=E:\Logiciel installer\format factory\format factory\FormatFactory\FormatFactory.exe|Name=Format Factory|
"{DF9F7C1A-9D37-4070-8E68-88ECE61BA9FA}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=E:\Logiciel installer\format factory\format factory\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader|
"{031A3E0C-AEBE-4BDE-B26B-8BA3C8B1AED9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=E:\Logiciel installer\format factory\format factory\FormatFactory\FormatFactory.exe|Name=Format Factory|
"{8DF139C9-B53B-42F0-B20D-AC48F7AE12A5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\Logiciel\teamviewer\teamviewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{07E80F6D-2A71-4C6C-86CC-22B9D469BBD9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\Logiciel\teamviewer\teamviewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{FB399E22-7C7A-4B29-B314-7CA54F8309B6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\Logiciel\teamviewer\teamviewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{3EB37921-7FFA-4AF7-B320-96A4A8C3573C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\Logiciel\teamviewer\teamviewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{571532D7-D9C8-4102-9F9B-86A57A8EE15A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)|
"{485A2722-5780-49E7-B2E2-F34B34D0DB9A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming SSAS UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAS (mDNS)|
"{026C5203-DD07-4C37-AB85-77DE8DE4EAE5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)|
"{51AEEEBE-30BA-45AF-B6C4-89077AF09484}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)|
"{2BBFED34-6B5B-4878-8AE7-B414193DF16C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)|
"TCP Query User{8E66CA84-2292-49FC-AA31-E9237626CA28}D:\english\p2p id finder software\p2p id finder.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=D:\english\p2p id finder software\p2p id finder.exe|Name=P2P ID Finder|Desc=P2P ID Finder|Defer=User|
"UDP Query User{C562468A-6A7B-4D78-835F-DA5A15C1D8F1}D:\english\p2p id finder software\p2p id finder.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=D:\english\p2p id finder software\p2p id finder.exe|Name=P2P ID Finder|Desc=P2P ID Finder|Defer=User|
"{34636510-EF74-465E-8D00-D77C9DC37CDC}"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\english\p2p id finder software\p2p id finder.exe|Name=P2P ID Finder|Desc=P2P ID Finder|
"{78FE6995-95D0-49B0-A502-2938BE1C8978}"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\english\p2p id finder software\p2p id finder.exe|Name=P2P ID Finder|Desc=P2P ID Finder|
"TCP Query User{A1DB8304-F2B4-49A6-8C7A-718E5D7E2DA2}E:\jdownloader\jdownloader\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\jdownloader\jdownloader\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"UDP Query User{FD82ECDF-1E25-430E-9F28-4B77D64F7BD6}E:\jdownloader\jdownloader\jdownloader v2.0\jdownloader2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\jdownloader\jdownloader\jdownloader v2.0\jdownloader2.exe|Name=JDownloader 2 Launcher|Desc=JDownloader 2 Launcher|Defer=User|
"{895C4D38-D61C-4399-A903-F44C41F3116E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=G:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)|
"{0FA66F2B-CF1A-4767-BEA5-0BE9558D92B8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=G:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe|Name=Battlefield™ 1 Trial (x64)|
"{9B67C4F7-A147-4D9F-B36D-46B2642C5487}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=G:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)|
"{D3682F57-6565-4FF8-91BC-111395DA85D5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=G:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe|Name=Battlefield™ 1 (x64)|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[26/01/2017 23:25:23] - (3.1.1.0) - (Corel Corporation - Px Engine Device Driver for 64-bit (x86-64) Windows) - C:\Windows\System32\drivers\PxHlpa64.sys
[13/10/2016 04:24:38] - (5.0.1.282) - (DT Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys
[23/06/2016 13:31:52] - (9.0.405.0) - (ESET - Amon monitor) - C:\Windows\system32\DRIVERS\eamonm.sys
[08/10/2016 23:39:58] - (0.0.0.0) - ( -) - C:\Program Files\ESET\ESET NOD32 Antivirus\em015_64.dat
[23/06/2016 13:31:52] - (9.0.405.0) - (ESET - ESET Helper driver) - C:\Windows\system32\DRIVERS\ehdrv.sys
[08/10/2016 23:39:58] - (0.0.0.0) - ( -) - C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
[08/10/2016 23:39:58] - (0.0.0.0) - ( -) - C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
[30/01/2017 22:04:51] - (1.0.28.16) - ( -) - C:\Windows\system32\drivers\NetUtils2016.sys
[14/12/2016 21:20:06] - (21.21.13.7633) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 376.33) - C:\Windows\system32\DRIVERS\nvlddmkm.sys
[17/09/2015 17:07:36] - (1.16.28.1) - (ASMedia Technology Inc - ASMEDIA XHCI Host Controller Driver) - C:\Windows\system32\DRIVERS\asmtxhci.sys
[11/10/2016 17:28:05] - (9.0.0.3) - (TeamViewer GmbH - TeamViewerVPN Network Adapter) - C:\Windows\system32\DRIVERS\teamviewervpn.sys
[21/04/2016 10:10:04] - (9.0.0.21) - (The OpenVPN Project - TAP-Windows Virtual Network Driver (NDIS 6.0)) - C:\Windows\system32\DRIVERS\tap0901.sys
[13/10/2016 19:28:14] - (5.28.0.0) - (Disc Soft Ltd - DAEMON Tools Pro Virtual SCSI Bus Driver) - C:\Windows\system32\DRIVERS\dtproscsibus.sys
[25/01/2017 14:58:43] - (3.51.2.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys
[25/01/2017 14:58:43] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\Windows\system32\DRIVERS\nvvhci.sys
[21/10/2016 19:32:22] - (1.3.34.17) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys
[17/09/2015 17:07:32] - (1.16.28.1) - (ASMedia Technology Inc - ASMedia USB3 Hub Driver) - C:\Windows\system32\DRIVERS\asmthub3.sys
[20/02/2017 19:37:04] - (5.1.2.245) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL
[23/06/2016 13:31:52] - (9.0.405.0) - (ESET - ESET Personal Firewall driver) - C:\Windows\system32\DRIVERS\epfwwfpr.sys
[08/10/2016 20:46:15] - (1.0.0.0) - (MSI - NTIOLib) - C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - PxHlpa64 (PxHlpa64) -> System32\drivers\PxHlpa64.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - dtsoftbus01 (DAEMON Tools Virtual Bus Driver) -> system32\DRIVERS\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - eamonm (eamonm) -> system32\DRIVERS\eamonm.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ehdrv (ehdrv) -> system32\DRIVERS\ehdrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetUtils2016 (NetUtils2016) -> \??\C:\Windows\system32\drivers\NetUtils2016.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - epfwwfpr (epfwwfpr) -> \SystemRoot\system32\DRIVERS\epfwwfpr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - iocbios2 (iocbios2) -> \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft Files whitelisted)

[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - [10/06/2009 21:36:24] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [479.58 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys
[MD5.597F78224EE9224EA1A13D6350CED962] - [13/07/2009 22:59:32] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [331.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys
[MD5.E109549C90F62FB570B9540C4B148E54] - [13/07/2009 22:59:33] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) - [178.58 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys
[MD5.5812713A477A3AD7363C7438CA2EE038] - [14/07/2009 00:19:47] - (.Copyright (C) Acer Laboratories Inc.  2000 - ALi mini IDE Driver.) - [15.08 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys
[MD5.1FF8B4431C353CE385C875F194924C0C] - [14/07/2009 00:19:49] - (.Copyright (C) AMD 2003 - Pilote IDE AMD.) - [15.08 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys
[MD5.6EC6D772EAE38DC17C14AED9B178D24B] - [08/10/2016 22:43:36] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [105.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.F67F933E79241ED32FF46A4F29B5120B] - [10/06/2009 21:37:35] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [189.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.1142A21DB581A84EA5597B03A26EBAA0] - [08/10/2016 22:43:14] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [26.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.C484F8CEB1717C540242531DB7845C4E] - [13/07/2009 22:59:33] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [85.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys
[MD5.019AF6924AEFE7839F61C830227FE79C] - [13/07/2009 22:59:33] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [95.56 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.9C519B210F64042CED485EC10FB0AA14] - [17/09/2015 17:07:32] - (.Copyright (C) ASMedia, MCCI. 2009-2015 - ASMedia USB3 Hub Driver.) - [145.74 Ko] - (1.16.28.1) - C:\Windows\System32\Drivers\asmthub3.sys
[MD5.187CA0C1739F9C73C35CB313A0EC1298] - [17/09/2015 17:07:36] - (.Copyright (C) ASMedia, MCCI. 2009-2015 - ASMEDIA XHCI Host Controller Driver.) - [434.23 Ko] - (1.16.28.1) - C:\Windows\System32\Drivers\asmtxhci.sys
[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - [10/06/2009 21:34:23] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [264.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60a.sys
[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - [14/07/2009 02:19:59] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [18 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys
[MD5.B114D3098E9BDB8BEA8B053685831BE6] - [14/07/2009 02:20:21] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [8.5 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys
[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - [14/07/2009 02:19:06] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [280 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys
[MD5.A6ECA2151B08A09CACECA35C07F05B42] - [14/07/2009 02:20:11] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [46 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys
[MD5.B79968002C277E869CF38BD22CD61524] - [14/07/2009 02:20:26] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [14.63 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys
[MD5.A87528880231C54E75EA7A44943B38BF] - [14/07/2009 02:20:15] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [14.38 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys
[MD5.3E5B191307609F7514148C6832BB0842] - [10/06/2009 21:34:28] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [457.5 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbda.sys
[MD5.13E531377E9BAA6E37F6471E0E8277AC] - [26/01/2017 23:25:23] - (.Corel Corporation - CDR4 64-bit CD and DVD Place Holder Driver (see PxHelp).) - [10.61 Ko] - (14.4.0.76) - C:\Windows\System32\Drivers\cdr4_xp.sys
[MD5.DAEF5180E390E56F354FE6D69D354EBC] - [26/01/2017 23:25:23] - (.Corel Corporation - CDRAL 64-bit Place Holder Driver (see PxHelp).) - [11.11 Ko] - (14.4.0.76) - C:\Windows\System32\Drivers\cdralw2k.sys
[MD5.E19D3F095812725D88F9001985B94EDD] - [14/07/2009 00:19:48] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [17.08 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys
[MD5.726E40B11612664486BB6C6105283C95] - [13/10/2016 19:28:14] - (.Copyright (C) 2000-2015 - DAEMON Tools Pro Virtual SCSI Bus Driver.) - [29.55 Ko] - (5.28.0.0) - C:\Windows\System32\Drivers\dtproscsibus.sys
[MD5.46571ED73AE84469DCA53081D33CF3C8] - [13/10/2016 04:24:38] - (.© 2000-2012 DT Soft Ltd. - DAEMON Tools Virtual Bus Driver.) - [276.56 Ko] - (5.0.1.282) - C:\Windows\System32\Drivers\dtsoftbus01.sys
[MD5.F53C67226234AEC40AB2FB6F58964623] - [08/10/2016 20:37:00] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [498.98 Ko] - (12.15.22.3) - C:\Windows\System32\Drivers\e1d62x64.sys
[MD5.E75A80FA10A247F1E104ECB813255A45] - [23/06/2016 13:31:52] - (.Copyright (c) ESET, spol. s r.o. 1992-2016. - Amon monitor.) - [256.63 Ko] - (9.0.405.0) - C:\Windows\System32\Drivers\eamonm.sys
[MD5.1A4A59712D426D752FB668342A04A0D8] - [23/06/2016 13:31:52] - (.Copyright (c) ESET, spol. s r.o. 1992-2016. - ESET Helper driver.) - [192.63 Ko] - (9.0.405.0) - C:\Windows\System32\Drivers\ehdrv.sys
[MD5.0E5DA5369A0FCAEA12456DD852545184] - [10/06/2009 21:36:49] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [518.06 Ko] - (7.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys
[MD5.BE51534D3FF12934DFC2F8B928A7285C] - [23/06/2016 13:31:52] - (.Copyright (c) ESET, spol. s r.o. 1992-2016. - ESET Personal Firewall driver.) - [177.13 Ko] - (9.0.405.0) - C:\Windows\System32\Drivers\epfwwfpr.sys
[MD5.DC5D737F51BE844D8C82C695EB17372F] - [10/06/2009 21:34:33] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3209 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbda.sys
[MD5.F2523EF6460FC42405B12248338AB2F0] - [13/07/2009 23:53:43] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [30.5 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys
[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - [08/10/2016 22:43:16] - (.Copyright (c) 2004-2010 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [76.88 Ko] - (6.12.6.64) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.7F972FA0DADB004E48D7D71A79D038C4] - [07/10/2015 18:42:42] - (.Copyright (C) 1998 - 2011 Intel Corporation. - NDIS 6.1 Advanced Networking Services..) - [163.08 Ko] - (9.8.54.0) - C:\Windows\System32\Drivers\iANSW60e.sys
[MD5.3DF4395A7CF8B7A72A5F4606366B8C2D] - [08/10/2016 22:43:09] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [400.88 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.231ADCE77616144B8E3D29707B282C82] - [23/09/2015 23:51:50] - (.Copyright 2009-2015 (c) Intel Corporation. - Intel(R) Watchdog Timer Driver (Intel(R) WDT).) - [37.77 Ko] - (11.0.0.1007) - C:\Windows\System32\Drivers\ICCWDT.sys
[MD5.5C18831C61933628F5BB0EA2675B9D21] - [13/07/2009 22:59:33] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [43.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys
[MD5.2CC65E805757CFC4F87889CDCEB546CD] - [15/01/2016 17:00:32] - (.Copyright (C) 2002-2015 Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) - [37.48 Ko] - (1.3.1.2) - C:\Windows\System32\Drivers\iqvw64e.sys
[MD5.A7A2E0D3932B1986990AC7077B1658CD] - [08/10/2016 20:35:55] - (.(C) 2010-2015 Intel Corporation - Intel(R) USB 3.0 Hub Driver.) - [394.29 Ko] - (4.0.0.36) - C:\Windows\System32\Drivers\iusb3hub.sys
[MD5.FD9C74D20E6F97EDC442091F9DBC1189] - [08/10/2016 20:35:56] - (.(C) 2010-2015 Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) - [795.29 Ko] - (4.0.0.36) - C:\Windows\System32\Drivers\iusb3xhc.sys
[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - [13/07/2009 22:59:34] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [112.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys
[MD5.1047184A9FDC8BDBFF857175875EE810] - [13/07/2009 22:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [104.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - [13/07/2009 22:59:34] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [64.06 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - [13/07/2009 22:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [113.06 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys
[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - [10/06/2009 21:37:14] - (.Copyright © LSI Corporation         - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64.) - [34.56 Ko] - (4.5.1.64) - C:\Windows\System32\Drivers\megasas.sys
[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - [13/07/2009 22:59:33] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [278.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys
[MD5.9EE21F7D46BD2B0F128E0907BABC7D28] - [30/01/2017 22:04:51] - (.-.) - [888.62 Ko] - (1.0.28.16) - C:\Windows\System32\Drivers\NetUtils2016.sys
[MD5.77889813BE4D166CDAB78DDBA990DA92] - [13/07/2009 22:59:33] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [50.06 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys
[MD5.64DA1993B1973F049C1347DA1B05185E] - [21/10/2016 19:32:22] - (.(C) NVIDIA Corporation. - NVIDIA HDMI Audio Driver.) - [207.95 Ko] - (1.3.34.17) - C:\Windows\System32\Drivers\nvhda64v.sys
[MD5.012F88A94C50DB360C68377750925A16] - [14/12/2016 21:20:06] - (.(C) 2016 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 376.33.) - [13743.55 Ko] - (21.21.13.7633) - C:\Windows\System32\Drivers\nvlddmkm.sys
[MD5.5D9FD91F3D38DC9DA01E3CB5FA89CD48] - [08/10/2016 22:43:38] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [144.88 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.F7CD50FE7139F07E77DA8AC8033D1832] - [08/10/2016 22:43:39] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.54ABC4EA39DDE92977DCE644D325213A] - [25/01/2017 14:58:43] - (.(C) NVIDIA Corporation. - NVIDIA Virtual Audio Driver.) - [46.55 Ko] - (3.51.2.0) - C:\Windows\System32\Drivers\nvvad64v.sys
[MD5.B6704EE5A17116F0723014F0C3DA1954] - [25/01/2017 14:58:43] - (.(C) 2017 NVIDIA Corporation. - Virtual USB Host Controller driver.) - [58.05 Ko] - (202.0.0.0) - C:\Windows\System32\Drivers\nvvhci.sys
[MD5.07D57B890DD5693A6AB660CBAE8F91B4] - [26/01/2017 23:25:23] - (.Copyright © Corel Corporation or its subsidiaries. - Px Engine Device Driver for 64-bit (x86-64) Windows.) - [55.02 Ko] - (3.1.1.0) - C:\Windows\System32\Drivers\PxHlpa64.sys
[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - [10/06/2009 21:37:36] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1489.08 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys
[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - [13/07/2009 22:59:34] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [125.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys
[MD5.13AD818FFE1E7524D85E1AA0531C9EA7] - [09/10/2016 09:26:56] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [5152.51 Ko] - (6.0.1.7910) - C:\Windows\System32\Drivers\RTKVHD64.sys
[MD5.A332DB1DAC07E95667A57AAEEC236C37] - [29/09/2010 06:01:46] - (.Copyright (C) 2008 Realtek Semiconductor Corporation                            - Realtek RTL8192S USB NDIS Driver.) - [679.1 Ko] - (1086.33.917.2010) - C:\Windows\System32\Drivers\RTL8192su.sys
[MD5.3EA8A16169C26AFBEB544E0E48421186] - [14/07/2009 03:36:07] - (.© 2006 Macrovision Corporation - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] - [14/07/2009 01:00:40] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Pilote Brother Série I/F (WDM).) - [92 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\serial.sys
[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - [10/06/2009 21:37:40] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [42.56 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - [13/07/2009 22:59:33] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [78.58 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.F3817967ED533D08327DC73BC4D5542A] - [13/07/2009 22:59:33] - (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) - [24.08 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.D765F43CBEA72D14C04AF3D2B9C8E54B] - [21/04/2016 10:10:04] - (.OpenVPN Technologies, Inc. - TAP-Windows Virtual Network Driver (NDIS 6.0).) - [26.5 Ko] - (9.0.0.21) - C:\Windows\System32\Drivers\tap0901.sys
[MD5.F5520DBB47C60EE83024B38720ABDA24] - [11/10/2016 17:28:05] - (.TeamViewer GmbH - TeamViewerVPN Network Adapter.) - [34.29 Ko] - (9.0.0.3) - C:\Windows\System32\Drivers\teamviewervpn.sys
[MD5.095C1BB89102A965408B8B1DDCE07FBF] - [03/02/2016 23:43:20] - (.Copyright © 2006-2015, Intel Corporation. - Intel(R) Management Engine Interface.) - [176.04 Ko] - (11.0.0.1181) - C:\Windows\System32\Drivers\TeeDriverx64.sys
[MD5.E5689D93FFE4E5D66C0178761240DD54] - [14/07/2009 00:19:50] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [17.08 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - [10/06/2009 21:37:58] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [158.08 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys

---------- | Uninstall

[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Songr] : (Songr.-.Xamasoft) -> C:\Users\Anony8\AppData\Local\Songr\Uninstall.exe
[HKU\S-1-5-21-2259841950-3012193897-852833659-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\Anony8\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID CPU-Z MSI_is1] : (CPUID CPU-Z MSI 1.76.-.CPUID, Inc.) -> "C:\Program Files\CPUID\CPU-Z MSI\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID HWMonitor_is1] : (CPUID HWMonitor 1.30.-.) -> "C:\Program Files\CPUID\HWMonitor\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CyberGhost 6_is1] : (CyberGhost 6.-.CyberGhost S.R.L.) -> "C:\Program Files\CyberGhost 6\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 20.7.67.0.-.Intel) -> MsiExec.exe /i{0F2D8891-8089-499F-ACB1-58DB79C63483} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 107410] : (Arma 3.-.Bohemia Interactive) -> "G:\plateforme jeux\steam\Steam\steam.exe" steam://uninstall/107410
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 550] : (Left 4 Dead 2.-.Valve) -> "G:\plateforme jeux\steam\Steam\steam.exe" steam://uninstall/550
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TAP-Windows] : (TAP-Windows 9.21.2.-.) -> C:\Program Files\TAP-Windows\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.26.0] : (Vulkan Run Time Libraries 1.0.26.0.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0F2D8891-8089-499F-ACB1-58DB79C63483}] : (Intel(R) Network Connections 20.7.67.0.-.Intel) -> MsiExec.exe /i{0F2D8891-8089-499F-ACB1-58DB79C63483} ARPREMOVE=1
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1FE5ADE2-823B-4E4C-A2D3-063822B3C794}] : (AudioFXSetup.-.Nahimic) -> MsiExec.exe /I{1FE5ADE2-823B-4E4C-A2D3-063822B3C794}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-1604-000001000000}] : (7-Zip 16.04 (x64 edition).-.Igor Pavlov) -> MsiExec.exe /I{23170F69-40C1-2702-1604-000001000000}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3973721B-C2ED-4505-98B6-752897ECF2F1}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{3973721B-C2ED-4505-98B6-752897ECF2F1}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{473DF930-B1A1-4654-ABD2-00E65FEE04FB}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{473DF930-B1A1-4654-ABD2-00E65FEE04FB}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{55398EAC-F58E-4F19-B553-BDF8B9EFD839}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5DA16CDD-D865-4D1C-A87D-69ACB40DBF57}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{5DA16CDD-D865-4D1C-A87D-69ACB40DBF57}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5FFC5E3A-4A2B-4201-9132-5ED5A0453797}] : (NahimicSettingsConfigurator.-.Nahimic) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{79CB3FC2-E67A-4C4F-8C24-874DCD38199A}] : (ProductDaemonSetup.-.Nahimic) -> MsiExec.exe /I{79CB3FC2-E67A-4C4F-8C24-874DCD38199A}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{85334C6B-E4CF-4A3C-8FE2-AF73D5DB9827}] : (CheckDevicesConfigurator.-.Nahimic) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}] : (Visual Studio 2012 x64 Redistributables.-.AVG Technologies) -> MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8EAF4E0A-3F78-4E31-A09D-88E8235A1FA8}] : (DriversCloud.com (64 bits).-.Cybelsoft) -> MsiExec.exe /X{8EAF4E0A-3F78-4E31-A09D-88E8235A1FA8}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{96202342-C4D5-4A2E-9B5F-9087ADECF177}] : (ESET NOD32 Antivirus.-.ESET, spol. s r.o.) -> MsiExec.exe /I{96202342-C4D5-4A2E-9B5F-9087ADECF177}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 376.33.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 376.33.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 376.33.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.2.2.49.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA Pilote du contrôleur 3D Vision 369.04.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 23.2.20.0.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA Wireless Controller Service.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA Pilote audio HD : 1.3.34.17.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NvNodejs.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NvTelemetry.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NvvHci.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.2.2.49.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 3.51.2.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DEB82682-EF4C-4D3D-AEE0-51B62FEFDD21}] : (UIInstallUpgrade.-.Nahimic) -> MsiExec.exe /I{DEB82682-EF4C-4D3D-AEE0-51B62FEFDD21}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E3949C37-F476-4A0D-8E0D-67578C515940}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{E3949C37-F476-4A0D-8E0D-67578C515940}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E9A24BF9-2AD3-46BE-A9AF-4DED8EBC124E}] : (LauncherSetup.-.Nahimic) -> MsiExec.exe /I{E9A24BF9-2AD3-46BE-A9AF-4DED8EBC124E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1207664643_is1] : (The Witcher 3 - Wild Hunt.-.GOG.com) -> "C:\GOG Games\The Witcher 3 Wild Hunt\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Pro] : (DAEMON Tools Pro.-.DT Soft Ltd) -> F:\INSTT DEAMON\DAEMON Tools Pro\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FormatFactory] : (FormatFactory 4.0.0.0.-.Free Time) -> E:\Logiciel installer\format factory\format factory\FormatFactory\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free DLC program (16 DLC)_is1] : (The Witcher 3: Wild Hunt - Free DLC program (16 DLC).-.GOG.com) -> "C:\GOG Games\The Witcher 3 Wild Hunt\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}] : (Belkin Connect Wireless USB Adapter.-.Belkin) -> "C:\Program Files (x86)\InstallShield Installation Information\{08B73C99-D071-488F-8861-5DDA897C510D}\setup.exe" -runfromtemp -l0x040c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 51.0.1 (x86 fr)] : (Mozilla Firefox 51.0.1 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Origin\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Overwolf] : (Overwolf.-.Overwolf Ltd.) -> "C:\Program Files (x86)\Overwolf\\OWUninstaller.exe" /S
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rainmeter] : (Rainmeter.-.) -> G:\rainmeter bureau\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RAR Password Recovery Magic_is1] : (RAR Password Recovery Magic v6.1.1.393.-.Password Recovery Magic Studio Ltd.) -> "E:\winrar hack mdpasse 2\install\RAR Password Recovery Magic\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> G:\plateforme jeux\steam\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) -> "E:\Logiciel\teamviewer\teamviewer\uninstall.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08B73C99-D071-488F-8861-5DDA897C510D}] : (Belkin Connect Wireless USB Adapter.-.Belkin) -> MsiExec.exe /X{08B73C99-D071-488F-8861-5DDA897C510D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0c311339-9de4-4dd7-b21d-3dcfa3a2946f}] : (Nahimic for MSI.-.Nahimic) -> "C:\ProgramData\Package Cache\{0c311339-9de4-4dd7-b21d-3dcfa3a2946f}\NahimicMSI_Setup.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall_arp
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{335B50BC-6130-4BAF-9A6A-F1561270587B}] : (Battlefield™ 1.-.Electronic Arts) -> "C:\Program Files\Common FilesEAInstaller\Battlefield 1\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{39B43BDF-F32A-4C18-894C-B642A8B53585}] : (Mumble 1.2.17.-.Thorvald Natvig) -> MsiExec.exe /I{39B43BDF-F32A-4C18-894C-B642A8B53585}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}] : (Camtasia Studio 7.-.TechSmith Corporation) -> MsiExec.exe /I{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5D85C662-99AB-4B25-A6F0-ABB9D702F552}] : (MSI(R) Intel(R) Extreme Tuning Utility.-.Intel Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1] : (MSI Super Charger.-.MSI) -> "C:\Program Files (x86)\MSI\Super Charger\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1] : (MSI Command Center.-.MSI) -> "C:\Program Files (x86)\MSI\Command Center\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}] : (Visual Studio 2012 x86 Redistributables.-.AVG Technologies CZ, s.r.o.) -> MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{bcbf202c-9746-4173-a49b-649bfd0adca6}] : (MSI(R) Intel(R) Extreme Tuning Utility.-.Intel Corporation) -> "C:\ProgramData\Package Cache\{bcbf202c-9746-4173-a49b-649bfd0adca6}\xtu-setup-exe.exe" /modify
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c7f54569-0018-439c-809a-48046a4d4ebc}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E402D891-4E45-4ce9-B41F-DD35864EF170}] : (STAR WARS™ Battlefront™.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\STAR WARS Battlefront\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}] : (Asmedia USB Host Controller Driver.-.Asmedia Technology) -> MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -runfromtemp -removeonly

---------- | Installer

[HKCR\Installer\Products\039FD3741A1B4564BA2D006EF5EE40BF] : Intel(R) Management Engine Components
[HKCR\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448] : Visual Studio 2012 x64 Redistributables
[HKCR\Installer\Products\1988D2F09808F994CA1B85BD976C4338] : -> C:\Windows\Installer\{0F2D8891-8089-499F-ACB1-58DB79C63483}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\243202695D4CE2A4B9F50978DACE1F77] : ESET NOD32 Antivirus -> C:\Windows\Installer\{96202342-C4D5-4A2E-9B5F-9087ADECF177}\Icon_Product
[HKCR\Installer\Products\266C58D5BA9952B46A0FBA9B7D205F25] : MSI(R) Intel(R) Extreme Tuning Utility -> C:\Windows\Installer\{5D85C662-99AB-4B25-A6F0-ABB9D702F552}\arp_icon.ico
[HKCR\Installer\Products\28628BEDC4FED3D4EA0E156BF2FEDD12] : UIInstallUpgrade
[HKCR\Installer\Products\2CF3BC97A76EF4C4C84278D4DC8391A9] : ProductDaemonSetup
[HKCR\Installer\Products\2EDA5EF1B328C4E42A3D6083223B7C49] : AudioFXSetup
[HKCR\Installer\Products\68AB67CA408033019195008142123145] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\73C9493E674FD0A4E8D07675C8159504] : Intel(R) Management Engine Components
[HKCR\Installer\Products\93B0BF4E199C7EE459DDA1A187753DD3] : Asmedia USB Host Controller Driver -> C:\Windows\Installer\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\96F071321C0420726140000010000000] : 7-Zip 16.04 (x64 edition)
[HKCR\Installer\Products\99C37B80170DF8848816D5AD98C715D0] : Belkin Connect Wireless USB Adapter
[HKCR\Installer\Products\9FB42A9E3DA2EB649AFAD4DEE8CB21E4] : LauncherSetup
[HKCR\Installer\Products\A0E4FAE887F313E40AD9888E32A5F18A] : DriversCloud.com (64 bits) -> C:\Windows\Installer\{8EAF4E0A-3F78-4E31-A09D-88E8235A1FA8}\maconfico
[HKCR\Installer\Products\A3E5CFF5B2A410241923E55D0A547379] : NahimicSettingsConfigurator
[HKCR\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F] : Visual Studio 2012 x86 Redistributables
[HKCR\Installer\Products\B1273793DE2C5054896B578279CE2F1F] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\B6C43358FC4EC3A4F82EFA375DBD8972] : CheckDevicesConfigurator
[HKCR\Installer\Products\CAE89355E85F91F45B35DB8F9BFE8D93] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\DDC61AD5568DC1D48AD796CA4BD0FB75] : Intel(R) ME UninstallLegacy
[HKCR\Installer\Products\F9A9AF3591C334D4DAB6ED3F564D96AB] : Camtasia Studio 7
[HKCR\Installer\Products\FDB34B93A23F81C498C46B248A5B5358] : Mumble 1.2.17 -> C:\Windows\Installer\{39B43BDF-F32A-4C18-894C-B642A8B53585}\mumble.ico

---------- | ADS

@C:\ProgramData\Temp:0B4227B4

---------- | Drives

 Disk: 0   Size=19.1T
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    940G   No    No       206,848  924,378,624
  1    1    0F-EXTEND  954G   No    No   953,521,664  953,505,280

---------- | MBR

Windows Version:		Windows 7 Ultimate Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		MSI
System Product Name:		MS-7A12
Logical Drives Mask:		0x000000dc

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Le programme AdsFix.exe version 21.2.17.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 ID de processus : 170c
 Heure de début : 01d28d42da743728
 Heure de fin : 0
 Chemin d’accès de l’application : C:\Users\Anony8\Desktop\AdsFix.exe
 ID de rapport : 

------------

Le programme NVIDIA Share.exe version 55.2883.1519.2 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 ID de processus : 118c
 Heure de début : 01d28d4251ed8821
 Heure de fin : 0
 Chemin d’accès de l’application : C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
 ID de rapport : b11ef225-f935-11e6-95e3-4ccc6a4c1f73

------------

??: Microsoft .NET Framework 4.6.1 (JPN) -- ??? 1704?  Adobe Refresh Manager ??????????????????????????????????????????????????????????????????????
------------

Le programme ZHPCleaner.exe version 2017.2.20.32 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 ID de processus : 1660
 Heure de début : 01d28ba373877149
 Heure de fin : 3
 Chemin d’accès de l’application : C:\Users\Anony8\AppData\Roaming\ZHP\ZHPCleaner.exe
 ID de rapport : 6a26b1fa-f797-11e6-a7af-4ccc6a4c1f73

------------

18:02:15 - Erreur de connexion à Internet.
18:02:15 -     Impossible de contacter le service..

------------

18:02:09 - Erreur de connexion à Internet.
18:02:09 -     Impossible de contacter le service..

------------

15:26:25 - Erreur de connexion à Internet.
15:26:25 -     Impossible de contacter le service..

------------

15:26:19 - Erreur de connexion à Internet.
15:26:19 -     Impossible de contacter le service..

------------

15:49:19 - Erreur de connexion à Internet.
15:49:19 -     Impossible de contacter le service..

------------

15:49:14 - Erreur de connexion à Internet.
15:49:14 -     Impossible de contacter le service..

------------

10:47:57 - Erreur de connexion à Internet.
10:47:57 -     Impossible de contacter le service..

------------

10:47:52 - Erreur de connexion à Internet.
10:47:52 -     Impossible de contacter le service..

------------

09:47:47 - Erreur de connexion à Internet.
09:47:47 -     Impossible de contacter le service..

------------

09:47:42 - Erreur de connexion à Internet.
09:47:42 -     Impossible de contacter le service..

------------

08:47:37 - Erreur de connexion à Internet.
08:47:37 -     Impossible de contacter le service..

------------

08:47:32 - Erreur de connexion à Internet.
08:47:32 -     Impossible de contacter le service..

------------

07:47:27 - Erreur de connexion à Internet.
07:47:27 -     Impossible de contacter le service..

------------

07:47:22 - Erreur de connexion à Internet.
07:47:22 -     Impossible de contacter le service..

------------

10:50:23 - Erreur de connexion à Internet.
10:50:23 -     Impossible de contacter le service..

------------


----------( EOF)---------- - 3479 | 14:25:32