--------------- QuickDiag | g3n-h@ckm@n | V3_01.06.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 20/06/2017 09:34:06

Updated 01/06/2017 | 06.50 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Utilisateur (Administrator)] - [DESKTOP-CJSUH9G] (S-1-5-21-533811266-1534692092-1485993985-1002)

System: Microsoft Windows 10 Pro Insider Preview - - (10.0.16215) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Pro Insider Preview|C:\WINDOWS|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: P870KM_KM1                     - Notebook                        - IdNumber: Not Applicable   - UUID: 425BFA80-F5B1-0000-0000-000000000000
Processor : X64 - 4200 Mhz - Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
5.12 - en|US|iso8859-1 - American Megatrends Inc. - S/N: Not Applicable                  - 5.12 - ALASKA - 1072009
CoreTemp : 59 Celsius

----------| Quick


---------- | SoundDevice

NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0083&SUBSYS_15580876&REV_1001\5&3872BDF0&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0899&SUBSYS_15580875&REV_1000\4&3280AA1B&0&0001

---------- | Video

NVIDIA GeForce GTX 1080 - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController1 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1BE0&SUBSYS_08761558&REV_A1\4&17EE2FD8&0&0009 - AdapterCompatibility: NVIDIA - RAM: -1048576
NVIDIA GeForce GTX 1080 - Resolution: 3840x2160 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_1BE0&SUBSYS_08761558&REV_A1\4&28CC61F8&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 1080 - DriverVersion: 22.21.13.8233 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 21232 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\xvidvfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 251392 -  Manufacturer: - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 30008 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38312 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31584 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:33 %
CPU #2 value:9 %
CPU #3 value:21 %
CPU #4 value:9 %
CPU #5 value:3 %
CPU #6 value:15 %
CPU #7 value:9 %
CPU #8 value:3 %
Total Overall CPU Usage value:13 %

---------- | Network

Killer E2500 Gigabit Ethernet Controller : SENT:2,554,443 bytes/sec / RECVD:2,554,443 bytes/sec
Killer E2500 Gigabit Ethernet Controller _2 : SENT:0 bytes/sec / RECVD:0 bytes/sec
VPN Client Adapter - VPN : SENT:0 bytes/sec / RECVD:0 bytes/sec
Killer Wireless-n_a_ac 1535 Wireless Network Adapter _2 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:2,554,443 bytes/sec,  /  RECEIVE Maximum:2,554,443 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
VPN Client Adapter - VPN - Ethernet 802.3 - PureVPN - Status: - PnPID : ROOT\NET\0000
Killer E2500 Gigabit Ethernet Controller - Ethernet 802.3 - Rivet Networks - Status: - PnPID : PCI\VEN_1969&DEV_E0B1&SUBSYS_08751558&REV_10\4&8FE74D0&0&00E0
Killer Wireless-n/a/ac 1535 Wireless Network Adapter #2 - Ethernet 802.3 - Qualcomm Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_003E&SUBSYS_15351A56&REV_32\4&103032B1&0&00ED
Killer E2500 Gigabit Ethernet Controller #2 - Ethernet 802.3 - Rivet Networks - Status: - PnPID : PCI\VEN_1969&DEV_E0B1&SUBSYS_08751558&REV_10\4&C70D3A3&0&00E1
Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&223DC3A8&0&0
Microsoft Wi-Fi Direct Virtual Adapter #5 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&367804E0&0&13
Bluetooth Device (Personal Area Network) #3 - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&223DC3A8&0&3
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 67025 | Free (MB) : 60721
Pagefile = Total (MB) : 76986 | Free (MB) : 69142
Virtual = Total (MB) : 4194 | Free (MB) : 3860

Physical Memory 0 : Capacity: 17179869184 - ChannelA-DIMM0 - Posit.: 1 - Manufacturer: 04CD - PartNumber: F4-2400C16-16GRS    - S/N: 00000000
Physical Memory 1 : Capacity: 17179869184 - ChannelA-DIMM1 - Posit.: 1 - Manufacturer: 04CD - PartNumber: F4-2400C16-16GRS    - S/N: 00000000
Physical Memory 2 : Capacity: 17179869184 - ChannelB-DIMM0 - Posit.: 2 - Manufacturer: 04CD - PartNumber: F4-2400C16-16GRS    - S/N: 00000000
Physical Memory 3 : Capacity: 17179869184 - ChannelB-DIMM1 - Posit.: 2 - Manufacturer: 04CD - PartNumber: F4-2400C16-16GRS    - S/N: 00000000

---------- | SID Users

Administrateur : [S-1-5-21-533811266-1534692092-1485993985-500]
DefaultAccount : [S-1-5-21-533811266-1534692092-1485993985-503]
Invité : [S-1-5-21-533811266-1534692092-1485993985-501]
Utilisateur : [S-1-5-21-533811266-1534692092-1485993985-1002]
WDAGUtilityAccount : [S-1-5-21-533811266-1534692092-1485993985-504]
Administrateurs : [S-1-5-32-544]
Administrateurs Hyper-V : [S-1-5-32-578]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 930.11 Go | Free : 472.59 Go -> NTFS (SSD) [SATA]
D:\ -> [Fixed] | [Nouveau nom] | Total : 1862.89 Go | Free : 500.58 Go -> NTFS [SATA]
E:\ -> [Fixed] | [Nouveau nom] | Total : 1862.89 Go | Free : 1344.58 Go -> NTFS [SATA]

Disk Usage Information [3 total Physical Disks]

Physical Drive #0 [C:] : Read:7,340,701 bytes/sec, Written:0 bytes/sec Max Read:7,340,701 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:7,340,701 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST2000LM007-1R81\4&19DED084&0&030000
DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_INTEL&PROD_SSDSCKKW010X6\4&19DED084&0&000000
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST2000LM007-1R81\4&19DED084&0&020000

---------- | Windows updates

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated
Test 3 : Possible Fixed Windows (Notification Mode)
Test 4 : Possible Fixed Windows (Notification Mode)

---------- | Browsers

IE : 11.0.16215.1000     (© Microsoft Corporation. Tous droits réservés.)
GC : 58.0.3029.110     (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" 

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.171

---------- | Security

AS : Windows Defender Disabled
FW : Bitdefender Pare-feu Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

404 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16215.1000) = C:\Windows\System32\smss.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
732 | [Owner : Système | Parent : 720(svchost.exe) | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16215.1000) = C:\Windows\System32\csrss.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
828 | [Owner : Système | Parent : 720(svchost.exe) | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.16215.1000) = C:\Windows\System32\wininit.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
836 | [Owner : Système | Parent : 820() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.16215.1000) = C:\Windows\System32\csrss.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
904 | [Owner : Système | Parent : 828(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.16215.1000) = C:\Windows\System32\services.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
920 | [Owner : Système | Parent : 828(wininit.exe) | 18.92 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16215.1000) = C:\Windows\System32\lsass.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1000 | [Owner : Système | Parent : 820() | 12.31 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.16215.1000) = C:\Windows\System32\winlogon.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
576 | [Owner : Système | Parent : 904(services.exe) | 3.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
8 | [Owner : UMFD-1 | Parent : 1000(winlogon.exe) | 8.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16215.1000) = C:\Windows\System32\fontdrvhost.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
760 | [Owner : UMFD-0 | Parent : 828(wininit.exe) | 4.86 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16215.1000) = C:\Windows\System32\fontdrvhost.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
720 | [Owner : Système | Parent : 904(services.exe) | 27.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1088 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 12.36 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16215.1000) = C:\Windows\System32\WUDFHost.exe     [04/06/2017 12:10:16]    CPU Usage:0 %
1136 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 13.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1188 | [Owner : Système | Parent : 904(services.exe) | 9.97 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1280 | [Owner : DWM-1 | Parent : 1000(winlogon.exe) | 151.41 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.16215.1000) = C:\Windows\System32\dwm.exe     [04/06/2017 12:09:55]    CPU Usage:0 %
1296 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1332 | [Owner : Système | Parent : 904(services.exe) | 8.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1400 | [Owner : Système | Parent : 904(services.exe) | 10.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1476 | [Owner : Système | Parent : 904(services.exe) | 6.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1564 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 11.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1572 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 11.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1656 | [Owner : Système | Parent : 904(services.exe) | 16.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1700 | [Owner : Système | Parent : 904(services.exe) | 11.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1752 | [Owner : Système | Parent : 904(services.exe) | 271.34 Mo] - (.Bitdefender - Bitdefender Security Service.) - (21.0.25.92) = C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe     [02/06/2017 13:11:15]    CPU Usage:1 %
1824 | [Owner : Système | Parent : 904(services.exe) | 9.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1996 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 24.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2020 | [Owner : Système | Parent : 904(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2060 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 23.98 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2112 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 10.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2124 | [Owner : Système | Parent : 904(services.exe) | 7.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2188 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 7.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2236 | [Owner : Système | Parent : 904(services.exe) | 8.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2272 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 8.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2336 | [Owner : SERVICE LOCAL | Parent : 2236(svchost.exe) | 12.46 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.16215.1000) = C:\Windows\System32\dasHost.exe     [04/06/2017 12:09:37]    CPU Usage:0 %
2356 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 12.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2428 | [Owner : Système | Parent : 904(services.exe) | 9.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2436 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 8.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2620 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 10.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2780 | [Owner : Système | Parent : 904(services.exe) | 14.35 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [24/05/2017 23:12:41]    CPU Usage:0 %
2844 | [Owner : Système | Parent : 904(services.exe) | 28.72 Mo] - (.Bitdefender - Bitdefender Device Management Service.) - (21.0.25.89) = C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe     [12/06/2017 11:21:20]    CPU Usage:0 %
2864 | [Owner : Système | Parent : 904(services.exe) | 12.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2968 | [Owner : Système | Parent : 2780(NVDisplay.Container.exe) | 31.34 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [24/05/2017 23:12:41]    CPU Usage:0 %
3000 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3068 | [Owner : Système | Parent : 904(services.exe) | 6.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2144 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2568 | [Owner : Système | Parent : 904(services.exe) | 9.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2708 | [Owner : Système | Parent : 904(services.exe) | 8.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
2712 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3212 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 13.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3308 | [Owner : Système | Parent : 904(services.exe) | 13.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3428 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3512 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 6.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3520 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 13.25 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3608 | [Owner : Système | Parent : 904(services.exe) | 16.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3676 | [Owner : Système | Parent : 904(services.exe) | 12.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3744 | [Owner : Système | Parent : 904(services.exe) | 19.67 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16215.1000) = C:\Windows\System32\spoolsv.exe     [04/06/2017 12:10:47]    CPU Usage:0 %
3752 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3908 | [Owner : SERVICE LOCAL | Parent : 3212(svchost.exe) | 18.95 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.16215.1000) = C:\Windows\System32\audiodg.exe     [04/06/2017 12:09:21]    CPU Usage:0 %
3976 | [Owner : Système | Parent : 904(services.exe) | 7.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3984 | [Owner : Système | Parent : 904(services.exe) | 8.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3992 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 7.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4092 | [Owner : Système | Parent : 904(services.exe) | 23.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:2 %
3092 | [Owner : Système | Parent : 904(services.exe) | 48.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3128 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 18.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3232 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 15.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3268 | [Owner : Système | Parent : 904(services.exe) | 7.14 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe     [12/08/2015 17:03:42]    CPU Usage:0 %
3344 | [Owner : Système | Parent : 904(services.exe) | 3.66 Mo] - (.Intel Corporation -.) - (1.0.1.620) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe     [18/03/2016 11:03:10]    CPU Usage:0 %
3368 | [Owner : Système | Parent : 904(services.exe) | 7.15 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.22.5037) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [25/04/2017 09:12:12]    CPU Usage:0 %
3388 | [Owner : Système | Parent : 904(services.exe) | 26.41 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe     [24/09/2016 00:03:49]    CPU Usage:0 %
3396 | [Owner : Système | Parent : 904(services.exe) | 9.91 Mo] - (.Rivet Networks - Killer Network Service.) - (1.1.59.1701) = C:\Program Files\Killer Networking\Network Manager\KillerService.exe     [15/04/2016 09:47:18]    CPU Usage:0 %
3352 | [Owner : Système | Parent : 904(services.exe) | 8.64 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.1.7600.16385) = C:\Windows\System32\AdminService.exe     [11/07/2016 10:19:50]    CPU Usage:0 %
2612 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 17.9 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe     [21/12/2016 15:28:30]    CPU Usage:0 %
3740 | [Owner : Système | Parent : 904(services.exe) | 13.74 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.374.913.2) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe     [03/04/2017 08:52:02]    CPU Usage:0 %
3900 | [Owner : Système | Parent : 904(services.exe) | 14.1 Mo] - (.Microsoft Corporation -.) - (8.0.14194.286) = C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe     [15/10/2014 18:28:42]    CPU Usage:0 %
4140 | [Owner : Système | Parent : 904(services.exe) | 59.83 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8201.2102) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe     [05/02/2016 18:15:20]    CPU Usage:0 %
4200 | [Owner : Système | Parent : 904(services.exe) | 13.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4208 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 7.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4216 | [Owner : Système | Parent : 904(services.exe) | 4.19 Mo] - (.Insyde Software Corp. - HotKey Filter Clipboard Service.) - (1.0.0.13) = C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe     [31/08/2016 14:09:43]    CPU Usage:0 %
4292 | [Owner : Système | Parent : 904(services.exe) | 23.46 Mo] - (.CLEVO CO. - HotkeyService.) - (1.4.5.66) = C:\Program Files (x86)\Hotkey\HotkeyService.exe     [31/08/2016 14:09:29]    CPU Usage:0 %
4344 | [Owner : Système | Parent : 904(services.exe) | 16.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4388 | [Owner : Système | Parent : 904(services.exe) | 14.96 Mo] - (.- DedicarzService.) - (1.4.10.1418) = C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe     [15/09/2014 11:01:40]    CPU Usage:0 %
4408 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16215.1000) = C:\Windows\System32\SecurityHealthService.exe     [04/06/2017 12:10:50]    CPU Usage:0 %
4420 | [Owner : Système | Parent : 904(services.exe) | 22.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4428 | [Owner : Système | Parent : 904(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4472 | [Owner : Système | Parent : 904(services.exe) | 9.84 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.4.66) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [25/01/2017 22:21:44]    CPU Usage:0 %
4480 | [Owner : Système | Parent : 904(services.exe) | 18.79 Mo] - (.Bitdefender - Bitdefender Update Service.) - (21.0.25.76) = C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe     [02/06/2017 13:11:15]    CPU Usage:0 %
4488 | [Owner : Système | Parent : 904(services.exe) | 8.35 Mo] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2014.120.2000.8) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe     [21/02/2014 05:25:30]    CPU Usage:0 %
4508 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Bitdefender - Bitdefender ASMI Protected Service.) - (1.0.1.37) = C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe     [02/06/2017 13:11:15]    CPU Usage:0 %
4552 | [Owner : Système | Parent : 904(services.exe) | 25.36 Mo] - (.Razer Inc. - RzWizardService.) - (1.0.6.1000) = C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe     [23/03/2016 04:50:54]    CPU Usage:0 %
4576 | [Owner : Système | Parent : 904(services.exe) | 16.98 Mo] - (.Bitdefender - Bitdefender Agent.) - (21.0.24.40) = C:\Program Files\Bitdefender Agent\ProductAgentService.exe     [02/06/2017 12:03:18]    CPU Usage:0 %
4612 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 15.16 Mo] - (.Electronic Arts - OriginWebHelperService.) - (10.4.12.59996) = C:\Program Files (x86)\Origin\OriginWebHelperService.exe     [25/09/2016 22:06:32]    CPU Usage:0 %
4728 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 5.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4908 | [Owner : Système | Parent : 904(services.exe) | 14.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4920 | [Owner : Système | Parent : 904(services.exe) | 12.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
5636 | [Owner : Système | Parent : 720(svchost.exe) | 11.03 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16215.1000) = C:\Windows\System32\dllhost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6372 | [Owner : Système | Parent : 904(services.exe) | 8.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6504 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 9.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6736 | [Owner : Système | Parent : 904(services.exe) | 15.23 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6804 | [Owner : Système | Parent : 904(services.exe) | 18.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6888 | [Owner : SERVICE RÉSEAU | Parent : 720(svchost.exe) | 21.16 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16215.1000) = C:\Windows\System32\wbem\WmiPrvSE.exe     [04/06/2017 12:10:42]    CPU Usage:0 %
6936 | [Owner : Système | Parent : 904(services.exe) | 27.97 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16215.1000) = C:\Windows\System32\SearchIndexer.exe     [04/06/2017 12:09:29]    CPU Usage:0 %
5628 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 24.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1680 | [Owner : Utilisateur | Parent : 4472(SynTPEnhService.exe) | 23.48 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.4.66) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [25/01/2017 22:21:42]    CPU Usage:0 %
2184 | [Owner : Utilisateur | Parent : 3388(nvcontainer.exe) | 38.62 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.4.2206.1309) = C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe     [24/09/2016 00:03:49]    CPU Usage:0 %
2412 | [Owner : Système | Parent : 904(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3436 | [Owner : Utilisateur | Parent : 1824(svchost.exe) | 27.94 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16215.1000) = C:\Windows\System32\sihost.exe     [04/06/2017 12:09:25]    CPU Usage:0 %
3784 | [Owner : Utilisateur | Parent : 904(services.exe) | 25.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6648 | [Owner : Utilisateur | Parent : 904(services.exe) | 34.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
6720 | [Owner : Utilisateur | Parent : 1656(svchost.exe) | 18.5 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16215.1000) = C:\Windows\System32\taskhostw.exe     [04/06/2017 12:10:35]    CPU Usage:0 %
6712 | [Owner : Système | Parent : 904(services.exe) | 18.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3224 | [Owner : Système | Parent : 904(services.exe) | 8.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
3620 | [Owner : Système | Parent : 904(services.exe) | 6.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4036 | [Owner : Utilisateur | Parent : 3440() | 143.75 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16215.1000) = C:\Windows\explorer.exe     [04/06/2017 12:10:49]    CPU Usage:0 %
3952 | [Owner : Utilisateur | Parent : 3224(svchost.exe) | 15.42 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16215.1000) = C:\Windows\System32\ctfmon.exe     [04/06/2017 12:10:36]    CPU Usage:0 %
6516 | [Owner : Utilisateur | Parent : 5728() | 5.04 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.4.66) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [25/01/2017 22:21:48]    CPU Usage:0 %
7084 | [Owner : Système | Parent : 904(services.exe) | 10.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
5336 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 45.69 Mo] - (.Microsoft Corporation - WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe.) - (10.0.16215.1000) = C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe     [04/06/2017 12:09:47]    CPU Usage:0 %
7512 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 84.73 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16215.1000) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [04/06/2017 12:09:09]    CPU Usage:0 %
8316 | [Owner : Système | Parent : 904(services.exe) | 23.21 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
8484 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 115.16 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16215.1000) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [04/06/2017 12:11:32]    CPU Usage:0 %
8604 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 15.45 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16215.1000) = C:\Windows\System32\RuntimeBroker.exe     [04/06/2017 12:09:24]    CPU Usage:0 %
8832 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 23.83 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16215.1000) = C:\Windows\System32\RuntimeBroker.exe     [04/06/2017 12:09:24]    CPU Usage:0 %
8924 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 36.24 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.16215.1000) = C:\Windows\System32\smartscreen.exe     [04/06/2017 12:09:25]    CPU Usage:0 %
8440 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 28.56 Mo] - (.-.) - (11.17.420.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe     [06/06/2017 05:11:31]    CPU Usage:0 %
3572 | [Owner : Utilisateur | Parent : 2968(NVDisplay.Container.exe) | 14.69 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8233) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe     [24/05/2017 23:12:45]    CPU Usage:0 %
6324 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 22.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
10848 | [Owner : Utilisateur | Parent : 904(services.exe) | 30.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
9292 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 24.76 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16215.1000) = C:\Windows\System32\RuntimeBroker.exe     [04/06/2017 12:09:24]    CPU Usage:0 %
10952 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 11.37 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16215.1000) = C:\Program Files\Windows Defender\MSASCuiL.exe     [04/06/2017 12:08:57]    CPU Usage:0 %
10812 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 21.76 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1057) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe     [12/01/2017 08:22:34]    CPU Usage:0 %
11952 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 14.87 Mo] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16215.1000) = C:\Windows\System32\rundll32.exe     [04/06/2017 12:10:32]    CPU Usage:0 %
11680 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 18.22 Mo] - (.Apple Inc. - iTunesHelper.) - (12.6.1.25) = C:\Program Files\iTunes\iTunesHelper.exe     [09/05/2017 04:02:44]    CPU Usage:0 %
12184 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 56.89 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6816.313) = C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe     [31/08/2016 13:26:29]    CPU Usage:0 %
11404 | [Owner : Système | Parent : 904(services.exe) | 6.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
11440 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 132.05 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.0.6.0) = C:\Program Files (x86)\Steam\Steam.exe     [23/07/2016 01:36:30]    CPU Usage:2 %
11576 | [Owner : Système | Parent : 904(services.exe) | 9.35 Mo] - (.Apple Inc. - iPodService Module (64-bit).) - (12.6.1.25) = C:\Program Files\iPod\bin\iPodService.exe     [09/05/2017 04:02:44]    CPU Usage:0 %
11656 | [Owner : Utilisateur | Parent : 11440(Steam.exe) | 69.66 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.0.6.0) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe     [14/12/2016 00:35:04]    CPU Usage:0 %
11672 | [Owner : Système | Parent : 904(services.exe) | 16.17 Mo] - (.Valve Corporation - Steam Client Service.) - (4.0.6.0) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe     [31/08/2016 19:29:13]    CPU Usage:0 %
12064 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 49.59 Mo] - (.Rivet Networks - Killer Network Manager.) - (1.1.59.1701) = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe     [15/04/2016 09:46:46]    CPU Usage:0 %
10144 | [Owner : Utilisateur | Parent : 11924() | 33.98 Mo] - (.Creative Technology Ltd - Sound Blaster Control Panel.) - (1.0.18.0) = C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe     [31/08/2016 14:45:25]    CPU Usage:0 %
8828 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 52.61 Mo] - (.CLEVO CO. - HkeyTray.) - (5.1.0.71) = C:\Program Files (x86)\Hotkey\HkeyTray.exe     [31/08/2016 14:09:29]    CPU Usage:0 %
10252 | [Owner : Système | Parent : 720(svchost.exe) | 17.7 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16215.1000) = C:\Windows\System32\wbem\WmiPrvSE.exe     [04/06/2017 12:10:42]    CPU Usage:0 %
12180 | [Owner : Utilisateur | Parent : 8824() | 121.47 Mo] - (.GOG.com - GOG Galaxy.) - (1.2.10.31) = C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe     [19/06/2017 20:45:27]    CPU Usage:0 %
8536 | [Owner : Système | Parent : 4292(HotkeyService.exe) | 12.51 Mo] - (.- TPDisableDeviceUntilSessionEnd.) - (1.0.0.0) = C:\Program Files (x86)\Hotkey\TPDisableDeviceUntilSessionEnd.exe     [31/08/2016 14:09:30]    CPU Usage:0 %
11904 | [Owner : Utilisateur | Parent : 11224() | 16.37 Mo] - (.GOG.com - GalaxyCommunicationService.) - (1.2.10.1) = C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe     [19/06/2017 20:45:28]    CPU Usage:0 %
11860 | [Owner : Utilisateur | Parent : 8828(HkeyTray.exe) | 27.39 Mo] - (.CLEVO CO. - ComboKeyTray.) - (1.0.0.8) = C:\Program Files (x86)\Hotkey\ComboKeyTray.exe     [31/08/2016 14:09:28]    CPU Usage:0 %
12380 | [Owner : Utilisateur | Parent : 12180(GalaxyClient.exe) | 50.97 Mo] - (.GOG.com - GalaxyClient Helper Application.) - (1.2.10.31) = C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe     [19/06/2017 20:45:27]    CPU Usage:1 %
12428 | [Owner : Système | Parent : 904(services.exe) | 101.56 Mo] - (.Intel(R) Corporation - XtuService.) - (6.0.2.10) = C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe     [01/12/2015 17:14:30]    CPU Usage:0 %
12552 | [Owner : Utilisateur | Parent : 12180(GalaxyClient.exe) | 199.3 Mo] - (.GOG.com - GalaxyClient Helper Application.) - (1.2.10.31) = C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe     [19/06/2017 20:45:27]    CPU Usage:2 %
12568 | [Owner : Utilisateur | Parent : 12180(GalaxyClient.exe) | 78.77 Mo] - (.GOG.com - GOG Galaxy Notifications Renderer.) - (1.2.10.31) = C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe     [19/06/2017 20:45:27]    CPU Usage:0 %
12576 | [Owner : Utilisateur | Parent : 12180(GalaxyClient.exe) | 66.41 Mo] - (.GOG.com - GalaxyClient Helper Application.) - (1.2.10.31) = C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe     [19/06/2017 20:45:27]    CPU Usage:0 %
10620 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 11.19 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
8640 | [Owner : Utilisateur | Parent : 11656(steamwebhelper.exe) | 69.91 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.0.6.0) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe     [14/12/2016 00:35:04]    CPU Usage:0 %
6816 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 166.29 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
10148 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 10.42 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
11152 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 11.07 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
10428 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 109.37 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
12940 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 195.92 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
9668 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 38.02 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
9964 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 45.31 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
2248 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 39.75 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
8480 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 53.73 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
13572 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 3.94 Mo] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.16215.1000) = C:\Windows\System32\cmd.exe     [04/06/2017 12:09:37]    CPU Usage:0 %
13600 | [Owner : Utilisateur | Parent : 13572(cmd.exe) | 12.32 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16215.1000) = C:\Windows\System32\conhost.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
13684 | [Owner : Utilisateur | Parent : 13572(cmd.exe) | 8.32 Mo] - (.Bitdefender - Bitdefender Password Manager Chrome and Firefox Extension Native Messaging Host.) - (21.0.25.76) = C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe     [02/06/2017 13:11:06]    CPU Usage:0 %
14072 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 245.18 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:2 %
14332 | [Owner : Utilisateur | Parent : 1656(svchost.exe) | 27.95 Mo] - (.Bitdefender - Bitdefender agent.) - (21.0.25.76) = C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe     [02/06/2017 13:11:03]    CPU Usage:0 %
2044 | [Owner : SERVICE RÉSEAU | Parent : 904(services.exe) | 22.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
4932 | [Owner : Système | Parent : 904(services.exe) | 6.96 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.6.1194) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe     [25/05/2016 22:54:10]    CPU Usage:0 %
10132 | [Owner : Système | Parent : 904(services.exe) | 12.9 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.6.1194) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe     [25/05/2016 22:52:56]    CPU Usage:0 %
14164 | [Owner : SERVICE LOCAL | Parent : 904(services.exe) | 10.79 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
14236 | [Owner : Utilisateur | Parent : 11604() | 39.57 Mo] - (.Intel Corporation - IAStorIcon.) - (14.8.0.1042) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe     [04/11/2015 11:28:22]    CPU Usage:0 %
1200 | [Owner : Utilisateur | Parent : 7040() | 21.42 Mo] - (.Node.js - NVIDIA Web Helper Service.) - (6.9.5.0) = C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe     [24/09/2016 00:03:52]    CPU Usage:0 %
1032 | [Owner : Utilisateur | Parent : 1200(NVIDIA Web Helper.exe) | 3.98 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16215.1000) = C:\Windows\System32\conhost.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
7884 | [Owner : Utilisateur | Parent : 14332(bdagent.exe) | 176.01 Mo] - (.Bitdefender - Bitdefender Main Interface.) - (21.0.25.92) = C:\Program Files\Bitdefender\Bitdefender 2017\seccenter.exe     [02/06/2017 13:11:11]    CPU Usage:0 %
14160 | [Owner : Utilisateur | Parent : 7884(seccenter.exe) | 14.64 Mo] - (.Bitdefender - Bitdefender Wallet Agent.) - (21.0.25.76) = C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe     [02/06/2017 13:11:06]    CPU Usage:0 %
13924 | [Owner : Utilisateur | Parent : 7884(seccenter.exe) | 19.29 Mo] - (.Bitdefender - Bitdefender Device Management Interface.) - (21.0.25.90) = C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe     [12/06/2017 11:21:20]    CPU Usage:0 %
12996 | [Owner : Système | Parent : 904(services.exe) | 49.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
1536 | [Owner : Utilisateur | Parent : 6816(chrome.exe) | 128.88 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [31/08/2016 14:57:24]    CPU Usage:0 %
13988 | [Owner : Système | Parent : 1656(svchost.exe) | 4.6 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.16215.1000) = C:\Windows\System32\CompatTelRunner.exe     [04/06/2017 12:09:47]    CPU Usage:0 %
2648 | [Owner : Système | Parent : 13988(CompatTelRunner.exe) | 6.63 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.16215.1000) = C:\Windows\System32\conhost.exe     [04/06/2017 12:10:00]    CPU Usage:0 %
6024 | [Owner : Système | Parent : 13988(CompatTelRunner.exe) | 14.13 Mo] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.16215.1000) = C:\Windows\System32\CompatTelRunner.exe     [04/06/2017 12:09:47]    CPU Usage:0 %
9336 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 17.72 Mo] - (.Microsoft Corporation - InstallAgent.) - (10.0.16215.1000) = C:\Windows\System32\InstallAgent.exe     [04/06/2017 12:09:29]    CPU Usage:0 %
11888 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 16.08 Mo] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.16215.1000) = C:\Windows\System32\InstallAgentUserBroker.exe     [04/06/2017 12:09:29]    CPU Usage:0 %
13308 | [Owner : Utilisateur | Parent : 720(svchost.exe) | 17.58 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16215.1000) = C:\Windows\System32\SettingSyncHost.exe     [04/06/2017 12:09:21]    CPU Usage:0 %
15264 | [Owner : Système | Parent : 904(services.exe) | 12.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
14456 | [Owner : Système | Parent : 6936(SearchIndexer.exe) | 14.86 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.16215.1000) = C:\Windows\System32\SearchProtocolHost.exe     [04/06/2017 12:09:29]    CPU Usage:0 %
14560 | [Owner : Système | Parent : 6936(SearchIndexer.exe) | 7.92 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.16215.1000) = C:\Windows\System32\SearchFilterHost.exe     [04/06/2017 12:09:29]    CPU Usage:0 %
7364 | [Owner : Utilisateur | Parent : 4036(explorer.exe) | 40.63 Mo] - (.SosVirus - QuickDiag.) - (1.6.17.1) = C:\Users\Utilisateur\Desktop\QuickDiag.exe     [20/06/2017 09:33:35]    CPU Usage:0 %
10212 | [Owner : Système | Parent : 904(services.exe) | 7.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
14436 | [Owner : Système | Parent : 904(services.exe) | 12.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16215.1000) = C:\Windows\System32\svchost.exe     [04/06/2017 12:09:57]    CPU Usage:0 %
8216 | [Owner : Système | Parent : 904(services.exe) | 8.54 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.16215.1000) = C:\Windows\servicing\TrustedInstaller.exe     [04/06/2017 10:16:44]    CPU Usage:0 %
12984 | [Owner : Système | Parent : 720(svchost.exe) | 9.28 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.16215.1000) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16215.1000_none_a359acf8a5044561\TiWorker.exe     [04/06/2017 10:16:47]    CPU Usage:0 %
15036 | [Owner : SERVICE RÉSEAU | Parent : 720(svchost.exe) | 9.9 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16215.1000) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [04/06/2017 12:11:26]    CPU Usage:0 %

---------- | MD5

[MD5.7F5C3EE402F6C22FB4BD40BD71091BE0] - [04/06/2017 12:10:49] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3786 Ko] - (10.0.16215.1000) : C:\WINDOWS\Explorer.exe
[MD5.A5502DA709163B6B3FFFDDE183A41ADD] - [04/06/2017 12:09:37] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [267 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\cmd.exe
[MD5.F939C28FD276FDF02F844838181C4629] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [13.2 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\csrss.exe
[MD5.CC8F16966F69F945F434339850D91315] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. - COM Surrogate.) - [16.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\dllhost.exe
[MD5.29A93A442E657B505048D4CCA79A6FC9] - [04/06/2017 12:10:42] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [681.49 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Kernel32.dll
[MD5.7613A511A58B2D8F0E634705D5999220] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. - Local Security Authority Process.) - [52.54 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\lsass.exe
[MD5.AC6185BAC91818052F0C5F0CC91C6FD9] - [04/06/2017 12:09:55] - (.© Microsoft Corporation. - Distributed COM Services.) - [1057.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\rpcss.dll
[MD5.6F87DEF67E559863467F8CC5C390A4B3] - [04/06/2017 12:10:32] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [69.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\rundll32.exe
[MD5.E872B7C333CB3366D439DA21D93D26EE] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [597.27 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\services.exe
[MD5.AB032D75B4526A7906D3FACEE35A69B6] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [48.51 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\svchost.exe
[MD5.7321E151821E7F5988A9F83774833848] - [04/06/2017 12:09:34] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1581.84 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\user32.dll
[MD5.0791D91F6E34EAF90622605B72508E82] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\userinit.exe
[MD5.3508D0582E9B971D822C5A8F9A99F5B6] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [343.55 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Wininit.exe
[MD5.E694907E0C017F2583934C21987969ED] - [04/06/2017 12:10:00] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [696 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Winlogon.exe
[MD5.2238F699FB593A1DCFB2356893E6BBFB] - [04/06/2017 12:09:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [591.83 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.4A11A15D6DB5DD12A33FAC4C239CB003] - [04/06/2017 12:08:35] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.83 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.1B7B2BA9BAE6DC09C09EB4CB6E2626B7] - [04/06/2017 12:08:35] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [186.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.E175537788607AD057EA49313A8F4461] - [04/06/2017 12:09:58] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.4E3427D37F1F5EF8B42DA89C2DE1AA8F] - [04/06/2017 12:08:33] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.1ED29C46AD6D0F47C38692FAA2543BA2] - [04/06/2017 12:10:00] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [145.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.89CBF3476595A90A42F946E52C92B20B] - [04/06/2017 12:08:28] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.8F5F73DCE1C2C07A842383300A1A5F60] - [04/06/2017 12:08:46] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [113 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1C151DC347E0C6385FE774264454260] - [04/06/2017 12:09:34] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.9EBFA5867BD056F6A05B03B67EDBD07E] - [04/06/2017 12:10:00] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [457.83 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.46589A7D84021FAB9507D3F0CC86811A] - [04/06/2017 12:09:55] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1214.83 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.B1C5786AF9649C257C71393610868006] - [04/06/2017 12:10:27] - (.© Microsoft Corporation. - MBT Transport driver.) - [299 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.CC5FEC7E3978B06C82079DE849E0B747] - [04/06/2017 12:09:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2255.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.5893B11541EDE1DEA5796F16F6279210] - [04/06/2017 12:08:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [96.5 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.C19B766AED33C686B468EA9B3C59FC6C] - [04/06/2017 12:10:32] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.E9E2D002EA6703F28F3655BE89486DB8] - [04/06/2017 12:11:37] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [181 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.8C47E9355BA8C42DEB032A82066391C8] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2639.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.69CAC3FB4BD818367995894B33CE5D35] - [04/06/2017 12:09:57] - (.© Microsoft Corporation. - TDI Translation Driver.) - [113.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.4238A38D8A5E59AB4525EFF2EAE6DE17] - [04/06/2017 12:10:42] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [399.33 Ko] - (10.0.16215.1000) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.BitDefender S.R.L. Bucharest, ROMANIA.-.BitDefender Active Virus Control Usermode Filtering Library.) - (3.13.17607.6533) -- C:\Program Files\Bitdefender\Bitdefender 2017\Active Virus Control\Avc3_00129_008\avcuf64.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll
(.NVIDIA Corporation.-.NVIDIA Driver Loader, Version 382.33.) - (22.21.13.8233) -- C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvldumdx.dll
(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 382.33.) - (22.21.13.8233) -- C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvwgf2umx_cfg.dll
(.NVIDIA Corporation.-.NVIDIA Capture Server Proxy.) - (3.6.0.74) -- C:\WINDOWS\system32\nvspcap64.dll
(.Bitdefender.-.Product Info Library.) - (21.0.25.92) -- C:\Program Files\Bitdefender\Bitdefender 2017\IServConfig.dll
(.Bitdefender.-.Bitdefender File Shredder Shell Extension.) - (21.0.25.92) -- C:\Program Files\Bitdefender\Bitdefender 2017\lang\fr-FR\fshredctx.txtui
(.BitDefender.-.FileVault API.) - (13.1.1.4) -- C:\Program Files\Bitdefender\Bitdefender 2017\bdvedapi.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 382.33.) - (22.21.13.8233) -- C:\WINDOWS\system32\nvapi64.dll
(.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll
(.Bitdefender.-.Bitdefender File Vault Shell Extension.) - (21.0.25.76) -- C:\Program Files\Bitdefender\Bitdefender 2017\bdfvsctx.dll
(.Bitdefender.-.Bitdefender File Vault Shell Extension.) - (21.0.25.92) -- C:\Program Files\Bitdefender\Bitdefender 2017\lang\fr-FR\bdfvsctx.txtui
(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll
(.Bitdefender.-.BDShellExt Module.) - (21.0.25.92) -- C:\Program Files\Bitdefender\Bitdefender 2017\bdshellext.dll
(.Bitdefender.-.BDShellExt Module.) - (21.0.25.92) -- C:\Program Files\Bitdefender\Bitdefender 2017\lang\fr-FR\bdshellext.txtui
(.Bitdefender.-.Bitdefender File Shredder Shell Extension.) - (21.0.25.76) -- C:\Program Files\Bitdefender\Bitdefender 2017\fshredctx.dll
(..-.ShellHandler for Notepad++ (64 bit).) - (0.1.0.0) -- C:\Program Files (x86)\Notepad++\NppShell_06.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.8233) -- C:\WINDOWS\system32\nv3dappshext.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.18.0.0) -- C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
OneDrive - ("C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\...\Run]) - User: DESKTOP-CJSUH9G\Utilisateur
Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\...\Run]) - User: DESKTOP-CJSUH9G\Utilisateur
GalaxyClient - (C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart [HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\...\Run]) - User: DESKTOP-CJSUH9G\Utilisateur
Killer Network Manager - (C:\PROGRA~1\KILLER~1\NETWOR~1\NETWOR~1.EXE -minimize [Common Startup]) - User: Public
NewShortcut1 - (C:\PROGRA~2\Hotkey\HkeyTray.exe  [Common Startup]) - User: Public
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\SOFTWARE\...\Run]) - User: Public
ShadowPlay - ("C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public
MBCfg64 - (C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64 [HKLM\SOFTWARE\...\Run]) - User: Public
iTunesHelper - ("C:\Program Files\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   
"Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent   
"GalaxyClient"=C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x020000000000000000000000   
"Steam"=0x020000000000000000000000   
"GalaxyClient"=   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=HP ENVY 4500 Series Class Driver,winspool,Ne02:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s   
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60   
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart   
"MBCfg64"=C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64   
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Malwarebytes TrayApp"=0x040000000000000000000000   
"SecurityHealth"=0x060000000000000000000000   
"RTHDVCPL"=0x060000000000000000000000   
"IAStorIcon"=0x020000000000000000000000   
"iTunesHelper"=0x020000000000000000000000   
"ShadowPlay"=0x020000000000000000000000   
"MBCfg64"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"RzWizard"=0x040000000000000000000000   
"UpdReg"=0x020000000000000000000000   
"Sound Blaster X-Fi MB5"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D2DD1AAC04B7D0   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=C:\WINDOWS\UpdReg.EXE   [31/08/2016 14:46:01]
"Sound Blaster X-Fi MB5"="C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB5\Sound Blaster X-Fi MB5\SBXFIMB5.exe" /r   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
CCleanerSkipUAC
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Intel PTT EK Recertification
NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
OneDrive Standalone Update Task v2

---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"fDenyChildConnections"=0   
"InstanceID"=d2ad2e24-d979-4d9d-9ba7-2ae9b23   
"GlassSessionId"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= FLIGHTSIGNING  NOEXECUTE=OPTIN  NOVGA   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   
"DirtyShutdownCount"=2   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [31/08/2016 13:25:02]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"fullprivilegeauditing"=0x80   
"LsaPid"=920   
"ProductType"=6   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretTimeout"=5000   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\WINDOWS\web\wallpaper\theme1\img13.jpg   [04/06/2017 12:09:08]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"Win8DpiScaling"=0   
"DpiScalingVer"=4096   
"UserPreferencesMask"=0x9E1E078012000000   
"MaxVirtualDesktopDimension"=3840   
"MaxMonitorDimension"=3840   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100047E1300000F0000B004000015682B9B1ADDD20143003A005C00570049004E0044004F00570053005C007700650062005C00770061006C006C00700061007000650072005C007400680065006D00650031005C0069006D006700310033002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"Pattern Upgrade"=TRUE   
"PreferredUILanguages"=fr-FR   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=0   
"GlobalAssocChangedCounter"=36   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"SlowContextMenuEntries"=0xBD0E0C47735D584D9CEDE91E22E23282380100000114020000000000C000000000000046AA0300007D6453D607D6F64DA5B848D2BA195F7B23020000DD85E44C95C3C446A9297B771D8A565517040000F5C1969EFA0E4843946015D6802C70AAAD050000   

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StoreAppsOnTaskbar"=1   
"EnableStartMenu"=1   
"StartMenuInit"=13   
"ReindexedProfile"=1   
"TaskbarSizeMove"=1   
"DisablePreviewDesktop"=1   
"TaskbarGlomLevel"=0   
"TaskbarStateLastRun"=0xB465415900000000   
"ShellViewReentered"=1   
"Start_TrackProgs"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"SmartScreenEnabled"=RequireAdmin   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"GlobalAssocChangedCounter"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"PUUActive"=0x1F6C5250070001000C003000ACF70300725F0400725F0400D1000000010006008F44D80A3E72080039410600B2480200BDBB0000782C00008600000081230600EE06000011020000F055A47652E9D201241D2100000000000100000000000000   
"BuildNumber"=16215   
"FirstLogon"=0   
"DP"=0xD000E805130001000D0000001F6C5250000000000000000017133AE596E9D20117133AE596E9D201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F03F8051010041310100820021698004803D7DD80000102889184052C4381C806410C9819628008E86506D86EB403A60A844A028E80C13DB01221009007210040038B4CE090A00E63D0240091024B541A130301007340C0A780085046062115101105208640148002C200C01CC359E8414404439E25096030041C924656030428D1242804A283F4B000010404040671438240084A2749AC4A518345422200148920055392162123040694009A608089A106000251F10AE32214686980612A42D40020CA20602E0812128487788188438021222188012A32010180060B92A485220040120882808200004A0004021000805022A20002048129C2002689108240D900018003D441728008022427440C02808424680404A202A1120007544284806400A0B00023140A0510082098A288220C444480C010008490816C049100820268C0261109A29210E3544912002174008092410227220410EC8528164212840058268C84464123005880487920002490D3000FA0A803310A0431D82209330917300022E0C14024F7E00002558B165310E200007008021C040402088413021234285540784840188000D00421010004801102120544630401CB6100034002080A8924691CC020491A1C2050412054448A60050C6000E1038222D2240A450000002984881E0334510C2E029608143010411C403A811A62051841968804001128C49102000017842BA3800809905A9290A440008A607500C1B138258420002781CF6822050CD31110059862525C2A112410A22002C84950A0461282006985402283740010008042004440A623380022023824A40400480200400080421018620001A3E21443100000D082068B0808E1300025D04820E580021B1850C832283021900296390846244508800808904002806014A000C148A035110200700044642834BC100011801610098912413B00A2120B46D000134385983B50A02005104204021400068080C4810826420300A822C08804200A0068C0022078230000335430043A8008B4C100A9088922043290E0D482891446232C02013910068602B163818921006E8080049F006014001282000022028111680C0440A18A400700319080028A15489502A04212210333120096410464464453932029008A10011129868A44044350031CA12483805030C30752521916165801803044145104A046131322502D010B91164505808C22342485B481108415A280010033176845C0200C20C8D0E11283C01087C9A4A008005D033104605110925402028201841065B1A1014D882202649A90342D0001008008F407002008948460700101E5054190106884FE5520A702041080718E280004312035C082889164204227107248042810613060201A8256908800707202C52D09101001604216AC110002990BA0C009C0319100C400322905258703CD00080153202024204013A026023018888080649000501040A222204A05430C000860008085244110108429446C02C821F09007E8982140011CC0821078002C00200203400C0000B80476842888110000020000330204444546201200221721229E41039114402408230226AB1F000203A85252488101501780332A4A01920EDCD00800031591920040A2213820840C829400101700373B42C424860010C0043ACB14404040110C68AA0031704082038841779100A81425809101786D0240C13A020009030615280D06434B280100401BA0000552100101C1225040241002040098F51521286018130CE0852202B5EA0504640130227140008090239432120142E0100118340000100C0235008820F0218040010AD01206252500244621000087A800002D60064032AF4021004080524F88C320013680A44043B764420080581800608542300155038720806C884200483A910802075040350882050033104A90006188C223300802821780611B0241921000040A4801920600E0041442A4000000000   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"AutoAdminLogon"=0   
"DefaultUserName"=Utilisateur   
"LastLogOffEndTimePerfCounter"=28102590193   
"ShutdownFlags"=39   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [05/06/2017 08:58:21]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [05/06/2017 08:58:21]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=32
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=32

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.MEDIA=117A629 autorun.exe"=0x5341435001000000000000000700000028000000F86D2B00278B2B000100000000000000000000067102000070D84B2B7292D2010000000000000000
"SIGN.MEDIA=4AC396C Drivers\06_Airplane\setup.exe"=0x5341435001000000000000000700000028000000D8190D00469C0D000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000064620000000000000100000001000000
"SIGN.MEDIA=3539E99 Options\00_IRST\SetupRST.exe"=0x534143500100000000000000070000002800000068E6D400796FD50001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CCA40000000000000200000002000000
"SIGN.MEDIA=B78A60 Options\02_Finger\Synaptics\Syna_WBFUSB_Viper_FPReader_Setup_WHCK.exe"=0x5341435001000000000000000700000028000000608AB700A34FB80001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000000080040000000000000000000000000000000002A060000000000000100000001000000
"SIGN.MEDIA=44790 Options\03_SBX\setup.exe"=0x5341435001000000000000000700000028000000C8470400E86A040001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000002EA60100000000000100000001000000
"\\192.168.0.41\atelier\LOGICIELS\Apps Reinstall\7Zip.exe"=0x5341435001000000000000000700000028000000CCF11000000000000100000000000000000000067100000019B4C529E312D10100000000000000000200000028000000000000000008004000000000000000000000000000000000A7760000000000000100000001000000
"\\192.168.0.41\atelier\LOGICIELS\Apps Reinstall\LibreOffice_5.0.6_Win_x86.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000009F1F0300000000000100000001000000
"\\192.168.0.41\atelier\LOGICIELS\Apps Reinstall\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000005CB40000000000000100000001000000
"C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe"=0x5341435001000000000000000700000028000000C80304001B58040001000000000000000000000A8021000070D84B2B7292D201000000000000000002000000280000000000000000000000000000000000000000000000000000007EFF4500000000000600000006000000
"C:\Users\Utilisateur\Downloads\SteamSetup.exe"=0x534143500100000000000000070000002800000088131600052B160001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B4380000000000000100000001000000
"C:\Program Files (x86)\Creative\ALchemy\ALchemy.exe"=0x5341435001000000000000000700000028000000C8ED06003DB507000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BF170000000000000100000001000000
"C:\Users\Utilisateur\Downloads\UplayInstaller.exe"=0x53414350010000000000000007000000280000003840BA03F395BA0301000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C3128900000000000100000001000000
"SIGN.MEDIA=110E16B8 Setup.exe"=0x534143500100000000000000070000002800000088151200840B13000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F856EB02000000000100000001000000
"C:\Users\Utilisateur\Downloads\winrar-x64-540fr.exe"=0x534143500100000000000000070000002800000058D92200119C230001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B72D0000000000000100000001000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090AB1700BE9B180001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000B3C80900000000004100000041000000
"C:\Users\Utilisateur\Downloads\nvidia-inspector_1-9-7-6_en_338154\nvidiaInspector.exe"=0x534143500100000000000000070000002800000000DE06000000000001000000000000000000000AF522000059193B14E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000201F0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\nvidia-inspector_1-9-7-6_en_338154\nvidiaProfileInspector.exe"=0x5341435001000000000000000700000028000000004A05000000000001000000000000000000000AF522000059193B14E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000566E0100000000000100000001000000
"C:\Program Files\Rockstar Games\Grand Theft Auto V\PlayGTAV.exe"=0x5341435001000000000000000700000028000000987F9B0055919B0001000000000000000000000A73220000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000D1F69A04000000002600000026000000
"E:\Unreal Engine\Epic Games\4.12\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe"=0x534143500100000000000000070000002800000030BE62020FEA62020100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C92A0000000000000100000001000000
"E:\Unreal Engine\Epic Games\Launcher\Engine\Binaries\Win64\UnrealVersionSelector.exe"=0x5341435001000000000000000700000028000000C0351500DE78150001000000000000000000000A7322000059193B14E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000013020000000000000200000002000000
"C:\Users\Utilisateur\Downloads\fbx20161_2_fbxsdk_vs2013_win.exe"=0x5341435001000000000000000700000028000000F870EF059650F0050100000000000000000000067100000019B4C529E312D10100000000000000000200000028000000000000000008004000000000000000000000000000000000982E0200000000000200000002000000
"SIGN.MEDIA=121C58 wdexpress_full.exe"=0x5341435001000000000000000700000028000000581C1200EF7E120001000000000000000000000A0021000019B4C529E312D101000000800000000002000000280000000000000000000010000000000000000000000000000000008C7B0600000000000400000004000000
"C:\Users\Utilisateur\Downloads\OriginThinSetup.exe"=0x5341435001000000000000000700000028000000900DDF01E55BDF010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F6560400000000000100000001000000
"C:\Users\Utilisateur\Downloads\GMStudio-Installer-1.4.1757.exe"=0x534143500100000000000000070000002800000058112E07440A2F0701000000000000000000010600010000EC0226F94500D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AB430B00000000000100000001000000
"C:\Users\Utilisateur\Downloads\rehd-noblaya-2cfad7d5afa540d\rehd-noblaya.exe"=0x534143500100000000000000070000002800000021240B000000000001000000000000000000000A71200000EC0226F94500D201000000000000000002000000280000000000000000000000000000000000000000000000000000008F080900000000000100000001000000
"C:\Users\Utilisateur\Downloads\Nexus Mod Manager-0.61.23.exe"=0x5341435001000000000000000700000028000000C80961000B78610001000000000000000000000A00210000EC0226F94500D201000000000000000002000000280000000000000000000040000000000000000000000000000000003D8D0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\UnityDownloadAssistant-5.4.0f3.exe"=0x534143500100000000000000070000002800000038F60A00CB310B0001000000000000000000010600010000EC0226F94500D2010000000000000000
"D:\Unity\Editor\Unity.exe"=0x5341435001000000000000000700000028000000D827830390A2830301000000000000000000000A00210000752E1A03CC3CD201000000000000000002000000280000000000000000000000000000000000000000000000000000002428E400000000000600000006000000
"C:\Users\Utilisateur\Downloads\BethesdaNetLauncher_Setup (1).exe"=0x53414350010000000000000007000000280000008898730062B5730001000000000000000000000A00210000EC0226F94500D20100000000000000000200000028000000000000008000004000000000000000000000000000000000B3B50000000000000100000001000000
"C:\Users\Utilisateur\Downloads\npp.6.9.2.Installer.exe"=0x5341435001000000000000000700000028000000A841400008F9400001000000000000000000010671000000EC0226F94500D20100000000000000000200000028000000000000000008004000000000000000000000000000000000F25F0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\w2dc-noblaya-7102ef6beddedf2\w2dc-noblaya.exe"=0x534143500100000000000000070000002800000025740E000000000001000000000000000000000A732200005C92D7CC4500D2010000000000000000020000002800000000000000000000400000000000000000000000000000000092980E00000000000100000001000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000C83A5E0094865E0001000000000000000000000A002100005C92D7CC4500D2010000000000000000020000002800000000000000000000000000000000000000000000000000000058CAC201000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000C0E68A012E458B0101000000000000000000000A00210000EC0226F94500D2010000009100000000
"C:\Users\Utilisateur\OneDrive\Power and Revolution\par_fr_dl_610.exe"=0x534143500100000000000000070000002800000098B5F065AFCEF06501000000000000000000010671020000EC0226F94500D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A59A0100000000000100000001000000
"C:\Users\Utilisateur\OneDrive\Power and Revolution\pgs_fr_dl_621_addon.exe"=0x53414350010000000000000007000000280000001062E70C9D3FE80C01000000000000000000010671020000EC0226F94500D201000000000000000002000000280000000000000000000040000000000000000000000000000000007D340000000000000100000001000000
"C:\Users\Utilisateur\OneDrive\Power and Revolution\pmt_fr_dl_622_addon.exe"=0x53414350010000000000000007000000280000006079771053FB771001000000000000000000010671020000EC0226F94500D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A3190000000000000100000001000000
"D:\Game\Power & Revolution (français)\_start.exe"=0x534143500100000000000000070000002800000088AC640080F5640001000000000000000000000A7122000099E63F362530D201000000000000000002000000280000000000000000000000000000000000000000000000000000002A223C00000000000600000006000000
"C:\Users\Utilisateur\Downloads\Star_Citizen_Launcher_Setup.exe"=0x534143500100000000000000070000002800000096CEA4060000000001000000000000000000000671000000EC0226F94500D20100000000000000000200000028000000000000008008004000000000000000000000000000000000C4E50500000000000100000001000000
"D:\Games\Cloud Imperium Games\CIGLauncher.exe"=0x534143500100000000000000020000002800000000000000000000400000000000000000000000000000000073000200000000000100000001000000070000002800000000B000000000000001000000000000000000000AF5220000EDFEA142F60BD2010000000000000000
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=0x5341435001000000000000000700000028000000387206004631070001000000000000000000000A00210000A980D27BC710D201000000000000000002000000280000000000000080000040000000000000000000000000000000007F360700000000000100000001000000
"C:\Users\Utilisateur\Downloads\372.90-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000D81D3715B6B3371501000000000000000000020600010000A980D27BC710D20100000000000000000200000028000000000000000000004000000000000000000000000000000000590E0300000000000100000001000000
"D:\Games\Steam\steamapps\common\Rollercoaster Tycoon 2\Install\setup.exe"=0x5341435001000000000000000700000028000000F8A30100A81F020001000000000000000000010571000000A980D27BC710D20100000000000000000200000028000000000000000008004000000000000000000000000000000000895B0100000000000400000004000000
"D:\Games\Steam\steamapps\common\Rollercoaster Tycoon 2\rct2.exe"=0x5341435001000000000000000700000028000000008A67001000010001000000000000000000000A61200000A980D27BC710D20100000000000000000500000010000000000000000000000000000000200000000200000028000000000000002000006000000000000000000000000000000000F2540400000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000C8E2D9015286DA0101000000000000000000000A00210000A980D27BC710D2010000009100000000
"C:\Users\Utilisateur\Downloads\ce-launcher.exe"=0x5341435001000000000000000700000028000000789A25043392260401000000000000000000010600010000A980D27BC710D20100000000000000000200000028000000000000008000004000000000000000000000000000000000528C0000000000000100000001000000
"C:\Program Files (x86)\Cheat Engine 6.5.1\Cheat Engine.exe"=0x534143500100000000000000070000002800000008230500E0E0050001000000000000000000000A61220000A980D27BC710D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001EC20200000000000300000003000000
"C:\Program Files (x86)\Cheat Engine 6.5.1\cheatengine-x86_64.exe"=0x5341435001000000000000000700000028000000085BA700FEC0A70001000000000000000000000A002100002A1B0F5AC710D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BFCD0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\re4h-noblaya-c628e54e00ef750\re4h-noblaya.exe"=0x53414350010000000000000007000000280000003A3E0B000000000001000000000000000000030671000000A980D27BC710D20100000000000000000200000028000000000000000000000000000000000000000000000000000000B9221400000000000100000001000000
"SIGN.MEDIA=2500FD3 Autorun.exe"=0x534143500100000000000000070000002800000000C002000000000001000000000000000000010571200000A980D27BC710D20100000000000000000200000028000000000000008000000000000000000000000000000000000000AA640900000000000100000001000000
"D:\Crytek\CRYENGINE Launcher\live\CRYENGINE_Launcher.exe"=0x5341435001000000000000000700000028000000F84B48031B49490301000000000000000000000A00210000C227CE2BCC3CD20100000000000000000200000028000000000000008000000000000000000000000000000000000000156E0800000000000300000003000000
"C:\Users\Utilisateur\Downloads\chofflinekeyreq\CH_requestkey.exe"=0x5341435001000000000000000700000028000000004400000000000001000000000000000000000671200000C227CE2BCC3CD201000000000000000002000000280000000000000000000000000000000000000000000000000000008B9F2100000000000300000003000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\VsImmersiveActivateHelper140.exe"=0x5341435001000000000000000700000028000000F8A601000ED6010001000000000000000000030600010000C227CE2BCC3CD201000000000000000002000000280000000000000000000040000000000000000000000000000000001F000000000000000200000002000000
"C:\Program Files (x86)\Steam\bin\steamservice.exe"=0x534143500100000000000000070000002800000020451600724C160001000000000000000000000A00210000C227CE2BCC3CD2010000000000000000020000002800000000000000000000400000000000000000000000000000000022310000000000002400000024000000
"C:\Users\Utilisateur\Downloads\373.06-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000A85148157939491501000000000000000000020600010000CD85FFE1BE26D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E2B60200000000000100000001000000
"C:\Users\Utilisateur\Downloads\qbittorrent_3.3.7_setup.exe"=0x53414350010000000000000007000000280000009631FB000000000001000000000000000000020600010000CD85FFE1BE26D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BE8E0100000000000100000001000000
"C:\Users\Utilisateur\Downloads\purevpn_setup.exe"=0x53414350010000000000000007000000280000003057D4012A36D50101000000000000000000000A00210000CD85FFE1BE26D201000000000000000002000000280000000000000000000040000000000000000000000000000000003ECA0800000000000100000001000000
"D:\Games\Ark Server Manager\ARK Server Manager.exe"=0x5341435001000000000000000700000028000000309D140080BF140001000000000000000000000AF52200003928B1BB702BD2010000000000000000050000001000000000000000000000000000000020000000020000002800000000000000200000600000000000000000000000000000000017BED100000000000500000005000000
"E:\SteamLibrary\steamapps\common\ARKDevKit\ARKDevKitLaunch.bat"=0x5341435001000000000000000700000028000000007C0300A058040001000000000000000000010500100000C227CE2BCC3CD2010000000000000000
"E:\SteamLibrary\steamapps\common\ARKDevKit\ARKDevKit.bat"=0x534143500100000000000000070000002800000000460400381B0500010000000000000000000105001000003928B1BB702BD2010000000000000000
"C:\Users\Utilisateur\Downloads\fi17-noblaya-83d7ec03e17aa73\fi17-noblaya.exe"=0x5341435001000000000000000700000028000000296E10000000000001000000000000000000000A732200003928B1BB702BD2010000000000000000020000002800000000000000000000400000000000000000000000000000000041B91D00000000000100000001000000
"C:\Users\Utilisateur\Downloads\paint.net.4.0.12.install\paint.net.4.0.12.install.exe"=0x5341435001000000000000000700000028000000E8E86B0024246C0001000000000000000000010600010000DC7A5F0E712BD20100000000000000000200000028000000000000000000004000000000000000000000000000000000BA920000000000000100000001000000
"C:\Users\Utilisateur\Downloads\civ6-noblaya-541df1bf8090b50\civ6-noblaya.exe"=0x53414350010000000000000007000000280000001A5610000000000001000000000000000000000A73220000691522EE4E37D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A9DBB200000000000600000006000000
"C:\Program Files\paint.net\PaintDotNet.exe"=0x5341435001000000000000000700000028000000D0EC1A00B5D11B0001000000000000000000000A80210000C48C08A5BD69D20100000000000000000200000028000000000000000000001000000000000000000000000000000000F884FC01000000000200000002000000
"C:\Users\Utilisateur\Downloads\mm-noblaya-53e33c8338de8c9\mm-noblaya.exe"=0x53414350010000000000000007000000280000001AAC40010000000001000000000000000000000A71220000C227CE2BCC3CD20100000000000000000200000028000000000000000000004000000000000000000000000000000000D0F45A02000000000500000005000000
"C:\Users\Utilisateur\Downloads\spst-noblaya-0f4d4c63954be55\spst-noblaya.exe"=0x534143500100000000000000070000002800000049380B000000000001000000000000000000030671000000622CC5164F37D201000000000000000002000000280000000000000000000000000000000000000000000000000000005ED40901000000000100000001000000
"D:\Games\Origin\FIFA 17\FIFA17.exe"=0x5341435001000000000000000700000028000000B083490851DE490801000000000000000000000A00210000691522EE4E37D2010000000000000000020000002800000000000000100000200000000000000000000000000000000057C70000000000000200000002000000
"E:\Amazon\Lumberyard\1.5.0.0\dev\Bin64\Editor.exe"=0x53414350010000000000000002000000280000000000000000000000000000000000000000000000000000008E29BC00000000000200000002000000070000002800000000D053017AE7530101000000000000000000000A73220000752E1A03CC3CD2010000000000000000
"C:\Users\Utilisateur\Downloads\powersaves3ds-software-143\powersaves_setup_v1.43.exe"=0x53414350010000000000000007000000280000007BA546000000000001000000000000000000030600010000C227CE2BCC3CD201000000000000000002000000280000000000000000000000000000000000000000000000000000003D440000000000000100000001000000
"C:\Users\Utilisateur\Downloads\Nexus Mod Manager-0.63.9.exe"=0x534143500100000000000000070000002800000068796200FED3620001000000000000000000000A00210000C227CE2BCC3CD20100000000000000000200000028000000000000000000004000000000000000000000000000000000BB9F0000000000000100000001000000
"C:\Program Files\Rockstar Games\Grand Theft Auto V\GTAVLauncher.exe"=0x5341435001000000000000000700000028000000986943011006440101000000000000000000000A73220000752E1A03CC3CD2010000000000000000020000002800000000000000000000000000000000000000000000000000000064300400000000000200000002000000
"C:\Users\Utilisateur\Downloads\powersaves3ds-software-145\powersaves_setup_v1.45.exe"=0x53414350010000000000000007000000280000002BA946000000000001000000000000000000030600010000C227CE2BCC3CD20100000000000000000200000028000000000000000000000000000000000000000000000000000000C5D40D00000000000100000001000000
"C:\Program Files (x86)\Action Replay PowerSaves 3DS\PowerSaves3DS.exe"=0x5341435001000000000000000700000028000000009C8E00167C8F0001000000000000000000000A71220000C227CE2BCC3CD2010000000000000000020000002800000000000000000000000000000000000000000000000000000075D10400000000000200000002000000
"C:\Users\Utilisateur\Downloads\fcp-noblaya-4e194dcd1667766\fcp-noblaya.exe"=0x534143500100000000000000070000002800000028C20E000000000001000000000000000000000A73220000752E1A03CC3CD20100000000000000000200000028000000000000000000004000000000000000000000000000000000B56B2200000000000100000001000000
"C:\Users\Utilisateur\Downloads\ytl-noblaya-3ac17f61f2f3c05\ytl-noblaya.exe"=0x5341435001000000000000000700000028000000157026010000000001000000000000000000000A71220000C227CE2BCC3CD201000000000000000002000000280000000000000000000040000000000000000000000000000000006036B200000000000200000002000000
"SIGN.MEDIA=FD1177F9 Autorun.exe"=0x5341435001000000000000000700000028000000000010000000000001000000000000000000010571200000C227CE2BCC3CD20100000000000000000200000028000000000000008000000000000000000000000000000000000000F07C0A00000000000100000001000000
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C01702001B81020001000000000000000000000A61220000C227CE2BCC3CD201000000000000000002000000280000000000000000000010000000000000000000000000000000008ED13A00000000000400000004000000
"C:\Users\Utilisateur\Downloads\Setup_MakeMKV_v1.10.2.exe"=0x534143500100000000000000070000002800000065B2A20041B6010001000000000000000000010600010000C227CE2BCC3CD2010000000000000000020000002800000000000000000000400000000000000000000000000000000080241700000000000100000001000000
"C:\Program Files (x86)\MakeMKV\makemkv.exe"=0x534143500100000000000000070000002800000000443006F31F310601000000000000000000000A71200000C227CE2BCC3CD2010000000000000000020000002800000000000000000000000000000000000000000000000000000031426100000000000300000003000000
"SIGN.MEDIA=6BCD78 Autorun.exe"=0x534143500100000000000000070000002800000000B000000000000001000000000000000000010571200000C227CE2BCC3CD201000000000000000002000000280000000000000080000000000000000000000000000000000000001F1D0300000000000100000001000000
"SIGN.MEDIA=1C0C090 Autorun.exe"=0x534143500100000000000000070000002800000000C000000000000001000000000000000000010571200000C227CE2BCC3CD20100000000000000000200000028000000000000008000000000000000000000000000000000000000994A0600000000000300000003000000
"D:\Games\Steam\steamapps\common\RailWorks\RailWorks.exe"=0x534143500100000000000000070000002800000000CA0500510A060001000000000000000000000A71220000C227CE2BCC3CD20100000000000000000200000050000000000000001000002000000000000000000000000000000000F2D6010000000000010000000100000000000000000000000000000001000000000000000000000039430200000000000100000000000000
"D:\Games\Atari\RollerCoaster Tycoon 3\RCT3.EXE"=0x5341435001000000000000000700000028000000005400000000000001000000000000000000010571200000C227CE2BCC3CD20100000000000000000200000028000000000000001000002000540000000000000000000000000000D8916100000000000700000007000000
"C:\Users\Utilisateur\Downloads\twom-noblaya-bf949d7030db50b\twom-noblaya.exe"=0x5341435001000000000000000700000028000000181A0B000000000001000000000000000000000A71200000C227CE2BCC3CD20100000000000000000200000028000000000000000000000000000000000000000000000000000000898B0001000000000400000004000000
"C:\Users\Utilisateur\Downloads\dreamset249x64\dreamset.exe"=0x5341435001000000000000000700000028000000007CA3000000000001000000000000000000000A73220000752E1A03CC3CD2010000000000000000020000002800000000000000000000000000000000000000000000000000000005191400000000000200000002000000
"C:\Users\Utilisateur\Downloads\FileZilla_3.22.2.2_win64-setup_bundled2.exe"=0x534143500100000000000000070000002800000008E265002D73660001000000000000000000000A00210000C227CE2BCC3CD20100000000000000000200000028000000000000000000004000000000000000000000000000000000F0770300000000000100000001000000
"C:\Users\Utilisateur\Downloads\dcc296\DCC.exe"=0x5341435001000000000000000700000028000000005265000000000001000000000000000000000671200000C227CE2BCC3CD20100000000000000000200000028000000000000000000000000000200000000000000000000000000356A0300000000000100000001000000
"C:\Program Files\FileZilla FTP Client\filezilla.exe"=0x5341435001000000000000000700000028000000B0DCBF0060A4C00001000000000000000000000A00210000752E1A03CC3CD201000000000000000002000000280000000000000000000000000000000000000000000000000000007BFDAF01000000000500000005000000
"C:\Users\Utilisateur\Downloads\UnityDownloadAssistant-5.5.0f3.exe"=0x5341435001000000000000000700000028000000002F0B0001640B0001000000000000000000010600010000C227CE2BCC3CD20100000000000000000200000028000000000000000000004000000000000000000000000000000000CE9B0100000000000100000001000000
"E:\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe"=0x534143500100000000000000070000002800000088CE08001CB6090001000000000000000000030600010000C227CE2BCC3CD201000000C000000000020000002800000000000000000000100000000000000000000000000000000017810000000000000100000001000000
"D:\Games\Singles 2\Singles2.exe"=0x53414350010000000000000007000000280000000070770022C0770001000000000000000000010571200000C227CE2BCC3CD2010000000000000000020000007800000000000A042000006000000000000000000000000000000000C60E000000000000010000000100000000020105200000600000000000000000000000000000000010270000000000000100000000000000000000000000000000000000000000000000000000000000901C0000000000000100000000000000
"C:\Users\Utilisateur\Downloads\376.19-desktop-win10-64bit-international-whql.exe"=0x5341435001000000000000000700000028000000A0817E176C5D7F1701000000000000000000020600010000C227CE2BCC3CD2010000000000000000020000002800000000000000000000400000000000000000000000000000000065DF0300000000000100000001000000
"C:\Users\Utilisateur\Downloads\DSLtest2107.exe"=0x534143500100000000000000070000002800000000AE17000000000001000000000000000000030671000000C227CE2BCC3CD20100000000000000000500000010000000000000000000000000000106200000000200000050000000000001062000006000000000000000000000000000000000530E010000000000010000000100000000000000000000400400000000000000000000000000000086710000000000000100000000000000
"C:\Users\Utilisateur\Downloads\maLivebox_setup_3.4.0.0.exe"=0x5341435001000000000000000700000028000000F01EB404A3B5B40401000000000000000000010600010000C227CE2BCC3CD2010000000000000000
"C:\Users\Utilisateur\Downloads\setup-x86_64.exe"=0x534143500100000000000000070000002800000013FC0D000000000001000000000000000000000A00210000752E1A03CC3CD20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000168D0800000000000100000001000000
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"=0x5341435001000000000000000700000028000000C83E8000A554800001000000000000000000000A71220000706DD1C7BD69D201000000000000000002000000280000000000000000000000000000000000000000000000000000004103AA00000000000300000003000000
"E:\Unreal Engine\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe"=0x53414350010000000000000002000000280000000000000000000000000000000000000000000000000000004AB700000000000001000000010000000700000028000000C08FA001C8B0A00101000000000000000000000A73220000762A2FB21ADDD2010000000000000000
"C:\Program Files (x86)\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B09C22000C3B230001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000BB169F04000000002700000027000000
"C:\Users\Utilisateur\Downloads\mab-noblaya-f38d4adf6698b20\mab-noblaya.exe"=0x5341435001000000000000000700000028000000307815000000000001000000000000000000000671000000F4708272724DD2010000000000000000020000005000000000030105200000600000000000000000000000000000000027090000000000000100000001000000000000000000000010100000000000000000000000000000A4090000000000000100000000000000
"C:\Users\Utilisateur\Downloads\GPU-Z.0.8.7.exe"=0x534143500100000000000000070000002800000028A71B0095C71B0001000000000000000000000A71220000F4708272724DD20100000000000000000200000028000000000000000000004000000000000000000000000000000000A6790300000000000100000001000000
"C:\Users\Utilisateur\Downloads\cpu-z_1.77-en\cpuz_x64.exe"=0x5341435001000000000000000700000028000000D8583500C924360001000000000000000000000A00210000A3483754724DD20100000000000000000200000028000000000000000000004000000000000000000000000000000000C6F30000000000000100000001000000
"C:\Users\Utilisateur\Downloads\kav_setup.exe"=0x5341435001000000000000000700000028000000A835DA00F648DA0001000000000000000000020600010000F4708272724DD201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000050000000000000000000000000000000002F0D0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\bitpro.exe"=0x5341435001000000000000000700000028000000D05E9C01A8959C0101000000000000000000000A00210000F4708272724DD201000000000000000002000000280000000000000000000040000000000000000000000000000000002E290B00000000000100000001000000
"C:\Users\Utilisateur\Downloads\FurMark_1.11.0_Setup.exe"=0x5341435001000000000000000700000028000000DD7E49000000000001000000000000000000020600010000F4708272724DD2010000000000000000020000002800000000000000000000400000000000000000000000000000000058350000000000000100000001000000
"C:\Users\Utilisateur\Downloads\instspeedfan452.exe"=0x534143500100000000000000070000002800000068192F008906300001000000000000000000000A00210000F4708272724DD201000000000000000002000000280000000000000000000040000000000000000000000000000000000E1D0000000000000100000001000000
"C:\Program Files (x86)\SpeedFan\speedfan.exe"=0x5341435001000000000000000700000028000000889C7C0033627D0001000000000000000000000A00210000706DD1C7BD69D201000000000000000002000000280000000000000000000040000000000000000000000000000000003B830300000000000200000002000000
"C:\Users\Utilisateur\Downloads\spsetup130.exe"=0x5341435001000000000000000700000028000000C00660008435600001000000000000000000010600010000F4708272724DD2010000000000000000020000002800000000000000000000400000000000000000000000000000000050F0E200000000000100000001000000
"C:\Users\Utilisateur\Downloads\hw64_542.exe"=0x534143500100000000000000070000002800000010A73900304F3A0001000000000000000000010600010000F4708272724DD20100000000000000000200000028000000000000000000004000000000000000000000000000000000AD1F0000000000000100000001000000
"C:\Program Files\HWiNFO64\HWiNFO64.EXE"=0x5341435001000000000000000700000028000000703E34002F3A350001000000000000000000000A00210000A3483754724DD2010000000000000000020000002800000000000000000000400000000000000000000000000000000091DDDC00000000000100000001000000
"C:\Users\Utilisateur\Downloads\subs-noblaya-3d07f81014d4f85\subs-noblaya.exe"=0x534143500100000000000000070000002800000048CA0A000000000001000000000000000000000A71220000F4708272724DD2010000000000000000020000002800000000000000000000400000000000000000000000000000000048601C00000000000100000001000000
"D:\Games\Steam\steamapps\common\Subsistence\Binaries\UnSetup.exe"=0x534143500100000000000000070000002800000040351000C01C1100010000000000000000000306F5020000A3483754724DD20100000000000000000200000028000000000000000000004000000000000000000000000000000000680E0000000000000100000001000000
"E:\Blender Foundation\Blender\blender.exe"=0x534143500100000000000000070000002800000000260E060000000001000000000000000000000A73220000A3483754724DD201000000000000000002000000280000000000000000000000000000000000000000000000000000004D2B2600000000000200000002000000
"D:\Games\Origin\The Sims 4\Game\Bin\TS4.exe"=0x534143500100000000000000070000002800000018F73E019A373F0101000000000000000000000A00210000F4708272724DD20100000000000000000200000028000000000000000000000000000000000000000000000000000000665C8400000000000200000002000000
"E:\SteamLibrary\steamapps\common\Football Manager 2017\fm.exe"=0x534143500100000000000000070000002800000000B6BF070000000001000000000000000000000A00210000C48C08A5BD69D201000000000000000002000000280000000000000000000000000000000000000000000000000000004F050000000000000100000001000000
"C:\Program Files\BurnInTest\bit.exe"=0x5341435001000000000000000700000028000000402B73011EC3730101000000000000000000000A0021000092BBAB82A674D201000000000000000002000000500000000000000010000060000000000000000000000000000000007CF50000000000000100000001000000000000000000004000000000000000000000000000000000CD470200000000000200000000000000
"C:\Program Files\Speccy\Speccy64.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000C14B10000000000005000000050000000700000028000000D8C46C0089006D0001000000000000000000000A73220000EE8D78097292D2010000000000000000
"C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.11.0\FurMark.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000CA3A8300000000000400000004000000070000002800000000AE4900AA104A0001000000000000000000020671220000DA5325B7A674D2010000000000000000
"D:\The Sims 1 - The Complete Collection\start.exe"=0x5341435001000000000000000700000028000000006056000000000001000000000000000000010571200000706DD1C7BD69D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DD2C0300000000000200000002000000
"C:\Program Files (x86)\Maxis\Les Sims\Sims.exe"=0x534143500100000000000000070000002800000000702E000000000001000000000000000000010571200000706DD1C7BD69D20100000000000000000200000050000000000201052080006000040000000000000000000000000000EC80130000000000020000000200000000020105200000600004004000000000000000000000000009121C00000000000100000000000000
"\\nas\ATELIER\Outils\Testeur de materiel\OCCT - Stresstest alim-cpu-gpu.exe"=0x534143500100000000000000070000002800000074C769000000000001000000000000000000000671000000706DD1C7BD69D2010000000000000000020000002800000000000000000800400000000000000000000000000000000031EC2500000000000100000001000000
"C:\Program Files (x86)\OCCTPT\OCCT.exe"=0x53414350010000000000000007000000280000000018C304BF08C404010000000000000000000306F1020000DA5325B7A674D2010000000000000000020000002800000000000000000000400010000000000000000000000000000070CC6501000000000100000001000000
"C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=0x5341435001000000000000000700000028000000387C2500EAF9250001000000000000000000000A7322000092BBAB82A674D2010000000000000000020000002800000000000000000000000000000000000000000000000000000084195200000000000100000001000000
"C:\Program Files (x86)\Hotkey\HkeyTray.exe"=0x534143500100000000000000070000002800000000D417000000000001000000000000000000000AF1220000DA5325B7A674D2010000000000000000020000002800000000000000000000000000000000000000000000000000000022020000000000000100000001000000
"C:\Program Files (x86)\Hotkey\GameFeet.exe"=0x5341435001000000000000000700000028000000004609000000000001000000000000000000000AF1220000DA5325B7A674D201000000000000000002000000280000000000000000000000000000000000000000000000000000006C370000000000000100000001000000
"C:\Program Files (x86)\Hotkey\devicecontrol.exe"=0x5341435001000000000000000700000028000000D8B7270040F327000100000000000000000003067302000092BBAB82A674D20100000000000000000200000028000000000000000000000000000000000000000000000000000000CB000000000000000100000001000000
"C:\Program Files (x86)\Hotkey\ControlCenter.exe"=0x5341435001000000000000000200000028000000000000000000000014000000000000000000000000000000E74F03000000000006000000060000000700000028000000005A59000000000001000000000000000000000AF122000070D84B2B7292D2010000000000000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8B41100C199120001000000000000000000000A71220000DA5325B7A674D201000000000000000002000000280000000000000000000000000000000000000000000000000000000A010000000000000200000002000000
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\setup.exe"=0x5341435001000000000000000700000028000000C06F06003E47070001000000000000000000000A00210000DA5325B7A674D2010000000000000000020000002800000000000000000000400000000000000000000000000000000096AD0000000000000100000001000000
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe"=0x5341435001000000000000000700000028000000C0EB0B0096020C0001000000000000000000000A71200000DA5325B7A674D201000000000000000002000000280000000000000080000000000000000000000000000000000000007D000000000000000100000001000000
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"=0x5341435001000000000000000700000028000000C031160086C6160001000000000000000000000A00210000DA5325B7A674D20100000000000000000200000028000000000000000000000000000000000000000000000000000000D4130B01000000000100000001000000
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000607A0300E606040001000000000000000000030600010000762A2FB21ADDD201000000000000000002000000280000000000000000000040000000000000000000000000000000006642F032000000001200000012000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058731100C541120001000000000000000000000A00210000762A2FB21ADDD2010000000100000000
"C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A002100007AE8ED9FBACCD2010000000100000000
"C:\Users\Utilisateur\Downloads\chofflinekeyreq (1)\CH_requestkey.exe"=0x53414350010000000000000007000000280000000044000000000000010000000000000000000006712000007AE8ED9FBACCD201000000000000000002000000280000000000000000000000000000000000000000000000000000008ED01700000000000100000001000000
"C:\Users\Utilisateur\Downloads\wild-noblaya-aced947aaccd31b\21238-noblaya-Tom Clancys Ghost Recon Wildlands Trainer.exe"=0x5341435001000000000000000700000028000000C06021000000000001000000000000000000000A712200007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000597B1400000000000100000001000000
"C:\Users\Utilisateur\Downloads\par-noblaya-43180deac0e5d31\par-noblaya.exe"=0x534143500100000000000000070000002800000017A20B000000000001000000000000000000000A712200007AE8ED9FBACCD2010000000000000000020000002800000000000000000000400000000000000000000000000000000050C6A400000000000100000001000000
"C:\Users\Utilisateur\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.139-1.0.2060.exe"=0x534143500100000000000000070000002800000088F5D003E57BD10301000000000000000000000A002100007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000F2670000000000000100000001000000
"C:\Users\Utilisateur\Downloads\maf3-noblaya-dea259e7670b0e3\21370-noblaya-Mafia III Trainer.exe"=0x5341435001000000000000000700000028000000C0DE1B000000000001000000000000000000000A712200007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000C6200A00000000000100000001000000
"C:\Program Files (x86)\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C00010000000000000000000106000100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000200000002000000
"C:\Users\Utilisateur\AppData\Local\Temp\RarSFX0\bddeploy.exe"=0x534143500100000000000000070000002800000030890A00D5870B0001000000000000000000000A002100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000400000000000000000000000000000000094110000000000000100000001000000
"C:\Users\Utilisateur\AppData\Local\Temp\RarSFX1\setupdownloader.exe"=0x5341435001000000000000000700000028000000F0B41B00EBBF1B0001000000000000000000000A002100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000000000000000000000000000000000000036753F14000000000100000001000000
"C:\Program Files\CCleaner\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8BA8D000DCD8D0001000000000000000000000A002100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000000000000000000000000000000000000029010000000000000100000001000000
"C:\Users\Utilisateur\AppData\Local\Temp\RarSFX2\installer.exe"=0x53414350010000000000000002000000280000000000000000000000000000000000000000000000000000003D463601000000000100000001000000
"C:\Users\Utilisateur\Desktop\GTA V Offline.cmd"=0x5341435001000000000000000700000028000000002C04008D66040001000000000000000000010500100000762A2FB21ADDD2010000000000000000
"C:\Users\Utilisateur\Downloads\FiveM.exe"=0x5341435001000000000000000700000028000000000621000000000001000000000000000000000A002100007AE8ED9FBACCD20100000000000000000200000028000000000000000000000000000000000000000000000000000000F1890000000000000100000001000000
"C:\Users\Utilisateur\Downloads\FiveMP Installer.exe"=0x5341435001000000000000000700000028000000577C7F020000000001000000000000000000000A002100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000400000000000000000000000000000000038EE0000000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000508C2100383E220001000000000000000000010600010000762A2FB21ADDD20100000000000000000200000028000000000000000000001000000000000000000000000000000000F411CC01000000000500000005000000
"C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000387B6E0249B96E0201000000000000000000000A002100007AE8ED9FBACCD20100000000000000000200000028000000000000000000001000000000000000000000000000000000CB904E00000000000100000001000000
"C:\Users\Utilisateur\Downloads\whocrashedSetup.exe"=0x5341435001000000000000000700000028000000E0904B00F3484C0001000000000000000000000A002100007AE8ED9FBACCD2010000000000000000020000002800000000000000000000400000000000000000000000000000000063853A00000000000100000001000000
"C:\Users\Utilisateur\Downloads\Mes_Drivers_3.0.4.exe"=0x534143500100000000000000070000002800000078C91800A0D8180001000000000000000000000A712200007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000994C0000000000000300000003000000
"C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x534143500100000000000000070000002800000088EF4201C770430101000000000000000000000A002100007AE8ED9FBACCD20100000000000000000200000028000000000000000000000000000000000000000000000000000000A7420000000000000100000001000000
"C:\Program Files (x86)\Origin\OriginClientService.exe"=0x534143500100000000000000070000002800000090EB2000A4CD2100010000000000000000000106000100007AE8ED9FBACCD201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000009A030000000000000100000001000000
"C:\Program Files (x86)\Origin\OriginWebHelperService.exe"=0x534143500100000000000000070000002800000098B72F00F7993000010000000000000000000106000100007AE8ED9FBACCD20100000000000000000200000028000000000000000000000000000000000000000000000000000000B9030000000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D0390B0088680B0001000000000000000000000A712200007AE8ED9FBACCD201000000000000000002000000280000000000000000000040000000000000000000000000000000007D000000000000000100000001000000
"C:\Users\Utilisateur\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe"=0x5341435001000000000000000700000028000000581B2C0449A62C04010000000000000000000306000100007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000C9660000000000000100000001000000
"C:\Users\Utilisateur\AppData\Local\Temp\{27a7f406-88d7-44ea-a775-b2146040b201}\.be\vcredist_x64.exe"=0x5341435001000000000000000700000028000000A01F0700338F070001000000000000000000000A002100007AE8ED9FBACCD20100000000000000000200000028000000000000000000004000000000000000000000000000000000E8590000000000000100000001000000
"C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000762A2FB21ADDD2010000000100000000
"C:\Users\Utilisateur\AppData\Local\Temp\RarSFX0\installer.exe"=0x5341435001000000000000000700000028000000B8520B00858D0B0001000000000000000000000A00210000762A2FB21ADDD201000000000000000002000000280000000000000000000000000000000000000000000000000000003C250000000000000100000001000000
"C:\Program Files (x86)\Steam\Steam.exe"=0x5341435001000000000000000700000028000000206D2E001DC72E0001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000E6526901000000000200000002000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000C8A01D00AADB1D0001000000000000000000000A00210000762A2FB21ADDD2010000009100000000
"SIGN.MEDIA=D1D90120 Install.exe"=0x534143500100000000000000070000002800000000F001000000000001000000000000000000010571200000762A2FB21ADDD20100000000000000000200000028000000000000000008004000000000000000000000000000000000400B0900000000000100000001000000
"C:\Program Files (x86)\Rockstar Games\GTA San Andreas\GTA_SA.EXE"=0x5341435001000000000000000700000028000000007ADB00EA5BDC0001000000000000000000010571200000762A2FB21ADDD201000000000000000001000000040000000100000005000000100000000000000000000000000201053080000002000000780000000002010530800070000400000000000000000000000000006469950000000000020000000200000000020105200000700004004001000000000000000100000047A70100000000000100000000000000000000000000001000040000000000000000000000000000718D0200000000000100000000000000
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"=0x5341435001000000000000000700000028000000D0311200C061120001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000004000000000000000000000000000000000606D0000000000000100000001000000
"C:\Program Files (x86)\Origin\Origin.exe"=0x534143500100000000000000070000002800000078832E000E922E0001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000DE6B2000000000000400000004000000
"C:\Users\Utilisateur\Downloads\UDPixel22_installer.exe"=0x53414350010000000000000007000000280000000ECC00000000000001000000000000000000010571000000762A2FB21ADDD20100000000000000000200000028000000000000000008004000000000000000000000000000000000F53A0000000000000100000001000000
"C:\Program Files (x86)\UDPixel\UDPixel.exe"=0x53414350010000000000000007000000280000000020010000000000010000000000000000000006F1200000762A2FB21ADDD201000000000000000002000000280000000000000000000000000000000000000000000000000000002C712A00000000000100000001000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C0E83E00A5A33F0001000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000000000000000000000000000000000000000E6A40100000000000200000002000000
"D:\Games\Bethesda.net Launcher\BethesdaNetUpdater.exe"=0x5341435001000000000000000700000028000000C07427004595270001000000000000000000000A71220000762A2FB21ADDD201000000000000000002000000280000000000000000000000000000000000000000000000000000003F8E0C01000000000300000003000000
"D:\Nexus Mod Manager\NexusClient.exe"=0x534143500100000000000000070000002800000098F731001AE7320001000000000000000000000AF1220000762A2FB21ADDD201000000000000000002000000280000000000000000000000000000000000000000000000000000006FAB0400000000000100000001000000
"C:\Users\Utilisateur\Downloads\setup_galaxy_1.2.10.31.exe"=0x5341435001000000000000000700000028000000D8D8770964C8780901000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000004000000000000000000000000000000000CE4B0000000000000100000001000000
"C:\Users\Utilisateur\Downloads\FxBgbear.exe"=0x534143500100000000000000070000002800000088B80200C350030001000000000000000000010571000000762A2FB21ADDD2010000000000000000020000002800000000000000000000400000000000000000000000000000000041EE2900000000000100000001000000
"C:\Users\Utilisateur\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080A72A0003022B0001000000000000000000030600010000762A2FB21ADDD20100000000000000000200000028000000000000000000004000000000000000000000000000000000571F0500000000000100000001000000
"C:\Users\Utilisateur\Downloads\RogueKiller_setup.exe"=0x534143500100000000000000070000002800000050BF1C0291271D0201000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000004000000000000000000000000000000000D9510000000000000100000001000000
"C:\Program Files\RogueKiller\RogueKiller64.exe"=0x534143500100000000000000070000002800000048E89201C082930101000000000000000000000A00210000762A2FB21ADDD20100000000000000000200000028000000000000000000004000000000000000000000000000000000EB731D00000000000200000002000000
"C:\Users\Utilisateur\Downloads\adwcleaner_6-047_fr_430277.exe"=0x5341435001000000000000000700000028000000C8B73E0077C63E0001000000000000000000000A00210000762A2FB21ADDD201000000000000000002000000280000000000000000000040000000000000000000000000000000009A9A0000000000000100000001000000
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe"=0x534143500100000000000000070000002800000058CD0600F9CE060001000000000000000000000A71220000762A2FB21ADDD201000000000000000002000000280000000000000000000000020000000000000000000000000000006C6B0A00000000000100000001000000
"C:\Users\Utilisateur\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8632A000C532B0001000000000000000000000A00210000762A2FB21ADDD2010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131417320896085871

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=1
"ProductType"=2
"ManagedDefenderProductType"=0
"ProductStatus"=0
"InstallTime"=0x3DC7674EAB03D201
"OOBEInstallTime"=0xB7FF10CBD4D4D201
"InstallLocation"=C:\Program Files\Windows Defender\
"DisableAntiVirus"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1
"DefaultInboundAction"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.198.206] avec 32 octets de donn?es?:
R?ponse de 216.58.198.206?: octets=32 temps=30 ms TTL=55
R?ponse de 216.58.198.206?: octets=32 temps=27 ms TTL=55
R?ponse de 216.58.198.206?: octets=32 temps=35 ms TTL=55
R?ponse de 216.58.198.206?: octets=32 temps=24 ms TTL=55

Statistiques Ping pour 216.58.198.206:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 24ms, Maximum = 35ms, Moyenne = 29ms

---------- | @

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Cache_Update_Frequency"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=%11%\blank.htm
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"ImageStoreRandomFolder"=7gzuaa7

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"ProxyOverride"=*.local
"ZonesSecurityUpgrade"=0x3215ABF94FE2D201
"WarnonZoneCrossing"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [05/02/2016 18:15:31]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [05/02/2016 18:15:31]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL   [05/02/2016 18:15:31]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [04/06/2017 12:10:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}"=0   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}"=0   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []

---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BAC1E9C-6A17-49D2-AF6D-9C9219FBCE9D}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0BAC1E9C-6A17-49D2-AF6D-9C9219FBCE9D}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}] -> (Bitdefender Wallet) : C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll  [02/06/2017 13:11:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A}] -> (Bitdefender Wallet) : C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll  [02/06/2017 13:11:02]

---------- | Chrome

C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb =  :     __MSG_description__ -    short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\cifilbmpnkjinlkchohdfcpdkmpngiik =  :     __MSG_extension_description__ -     __MSG_extension_name__ - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\dliochdbjfkdbacpmhlcpmleaejidimm =  :     Google Cast -     Google Cast (Beta) - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\fpniocchabmgenibceglhnfeimmdhdfm =  :     Easily organize and share your personal media and online content on all of your devices no matter where you are. -     Plex - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\gannpgaobkkhmpomoijebaigcapoeebl =  :     Automatically fills your logins online while keeping them completely secured. -     Bitdefender Wallet - permissions:[tabswebNavigationnativeMessaging\u003Call_urls>] - http://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\jnilhmhccmndnjdfibjnlembifhkbcdn =  :     Countdown the number of days left until favourite holidays and events such as Public holidays Christmas and Easter or any date. - http://days.to/ -     Days To - [http://days.to/http://www.days.to/] - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\mlomiejdfkolichcflejclcbmpeaniij =  :     __MSG_short_description__ -    version_name: 7.2.2 - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Utilisateur\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gannpgaobkkhmpomoijebaigcapoeebl]

---------- | Opera


---------- | Firefox


[HKLM\Software\mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"=C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff\
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"bdwteffv20@bitdefender.com"=C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff\
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.0.1 0.0.0.0
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{05f01594-ed76-4f43-8aac-475760d24c6a}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1df4de1a-9502-470b-bf59-bb6375f78b98}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{20559f0e-ace1-450f-bdf0-bff52e3cd6d0}]
"DhcpNameServer"=192.168.0.1 0.0.0.0
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{20559f0e-ace1-450f-bdf0-bff52e3cd6d0}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{71c8edc6-fba2-4822-b772-678fab3843c8}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{910a25e4-14cd-47fd-b29b-c7d76fad55ab}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{f5000d55-c697-46fc-990f-870c3d1a49fe}]
"DhcpNameServer"=192.168.0.101 4.2.2.3
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{05f01594-ed76-4f43-8aac-475760d24c6a}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1df4de1a-9502-470b-bf59-bb6375f78b98}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{20559f0e-ace1-450f-bdf0-bff52e3cd6d0}]
"DhcpNameServer"=192.168.0.1 0.0.0.0
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{20559f0e-ace1-450f-bdf0-bff52e3cd6d0}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{71c8edc6-fba2-4822-b772-678fab3843c8}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{910a25e4-14cd-47fd-b29b-c7d76fad55ab}]
"NameServer"=8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f5000d55-c697-46fc-990f-870c3d1a49fe}]
"DhcpNameServer"=192.168.0.101 4.2.2.3

---------- | Applications

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Classes\Applications\chrome.exe] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" "%1"
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Classes\Applications\notepad++.exe] : "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\devenv.exe] : "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\devenv.exe] : "C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"PrintWorkflow"=PrintWorkflowUserSvc
"DevicesFlow"=DevicesFlowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"smbsvcs"=lanmanserver
browser
"PeerDist"=PeerDistSvc
"AssignedAccessManagerSvc"=AssignedAccessManagerSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)

TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs -p

---------- | Software

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\5tudio]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\7-Zip]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Adobe]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Amazon]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\AppDataLow]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Apple Inc.]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Audiokinetic Inc.]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Beam Team Games]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Bethesda Softworks]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Bitdefender]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Blender Foundation]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\BugSplat]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Cheat Engine]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\CheatHappens]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\ched]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Chromium]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Clickteam]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\ComboKey]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Creative Tech]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Crytek]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\DefaultCompany]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Electronic Arts]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Epic Games]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Gaditek]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\GameMakerPlayer]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\GfaceGmbh]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\GMStudio]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\GNU]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\GOG.com]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Google]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\hotkey]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\HWiNFO64]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Indigo Rose]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Intel]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\inXile Entertainment]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\JavaSoft]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Killer Networking]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Lazy Bear Games]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\LeaderTech]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Ludeon Studios]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Lumberyard]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\MakeMKV]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Malwarebytes]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\McMagic Productions]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\MountAndBladeKeys]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Netscape]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\NVIDIA Corporation]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Obsidium]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\ODBC]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\paint.net]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\perforce]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Piriform]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Playsport Games]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Policies]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\QtProject]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Realtek]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Red Dot Games]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\RegisteredApplications]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Resplendence Sp]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\SecuROM]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\SpeedFan]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Synaptics]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\SyncEngines]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\sysinternals]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\techPowerUp]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\The Document Foundation]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\The Fun Pimps]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Trolltech]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\U-Play online]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Ubisoft]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Unity]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Unity Technologies]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Valve]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\WinRAR]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\WinRAR SFX]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Wintertree]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\WixSharp]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Wow6432Node]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\ZHP]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Atheros]
[HKLM\Software\Autodesk]
[HKLM\Software\AVC3]
[HKLM\Software\BitDefender]
[HKLM\Software\Bitdefender Agent]
[HKLM\Software\Bitdefender Device Management]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\EA Sports]
[HKLM\Software\EpicGames]
[HKLM\Software\FileZilla 3]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Gaditek]
[HKLM\Software\Google]
[HKLM\Software\Ignis]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Killer Networking]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Maxis]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\paint.net]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\AssignedAccessConfiguration]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AssignedAccessManagerSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\7-Zip]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Airplane Mode Hid Installer]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Atari]
[HKLM\Software\WOW6432Node\Audiokinetic Inc.]
[HKLM\Software\WOW6432Node\Autodesk FBX SDK 2016.1.2]
[HKLM\Software\WOW6432Node\Bethesda Softworks]
[HKLM\Software\WOW6432Node\Bitdefender]
[HKLM\Software\WOW6432Node\Bitdefender Agent]
[HKLM\Software\WOW6432Node\Clickteam]
[HKLM\Software\WOW6432Node\Control Center 5.0001.0.71]
[HKLM\Software\WOW6432Node\Creative Tech]
[HKLM\Software\WOW6432Node\Crytek]
[HKLM\Software\WOW6432Node\Deep Silver]
[HKLM\Software\WOW6432Node\EA Sports]
[HKLM\Software\WOW6432Node\EasyAntiCheat]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\EpicGames]
[HKLM\Software\WOW6432Node\Eversim]
[HKLM\Software\WOW6432Node\FileZilla 3]
[HKLM\Software\WOW6432Node\FileZilla Client]
[HKLM\Software\WOW6432Node\fish technology group]
[HKLM\Software\WOW6432Node\Gaditek]
[HKLM\Software\WOW6432Node\GfaceGmbh]
[HKLM\Software\WOW6432Node\gog.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Infogrames]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\LibreOffice]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Maxis]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Microsoft Corporation]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Notepad++]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NuGet]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenAL]
[HKLM\Software\WOW6432Node\Orange]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\Piriform]
[HKLM\Software\WOW6432Node\PocketSoft]
[HKLM\Software\WOW6432Node\PreEmptive Solutions]
[HKLM\Software\WOW6432Node\railsimulator.com]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Rockstar Games]
[HKLM\Software\WOW6432Node\Rotobee - Realtime 3D GmbH]
[HKLM\Software\WOW6432Node\SpeedFan]
[HKLM\Software\WOW6432Node\SyncIntegrationClients]
[HKLM\Software\WOW6432Node\The Document Foundation]
[HKLM\Software\WOW6432Node\Thraex Software]
[HKLM\Software\WOW6432Node\Ubisoft]
[HKLM\Software\WOW6432Node\UDPixel]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\WinPcap]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Xamarin]
[HKLM\Software\WOW6432Node\Xvid Team]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


D:


E:


---------- | C:

[05/02/2016 18:09:10] - |SHD| - [14475357] - C:\$RECYCLE.BIN
[05/06/2017 09:20:49] - |HD| - [0] - C:\$WINDOWS.~BT
[20/06/2017 00:41:24] - |D| - [5562007] - C:\AdwCleaner
[01/09/2016 21:54:53] - |D| - [10792379297] - C:\Amazon
[05/06/2017 09:04:56] - |D| - [0] - C:\assembly
[MD5.E84C910FAC5E64629FE144FFCF1C0FE1] - [06/06/2017 11:31:24] - |A| - (.-.) - [3144] - (0.0.0.0) - C:\bdlog.txt
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[21/09/2016 23:21:37] - |SHD| - [192584] - C:\Config.Msi
[15/12/2016 18:12:33] - |D| - [20028] - C:\cygwin64
[12/06/2017 11:12:51] - |D| - [0] - C:\Data
[05/02/2016 18:07:00] - |SHD| - [0] - C:\Documents and Settings
[MD5.C0652FA971B451A100E2A5DF540CA63D] - [03/12/2016 10:55:56] - |A| - (.-.) - [4184] - (0.0.0.0) - C:\GLOB(0x210727c)
[MD5.49ACD5C7E8F019F5A1D8AB52CE864C59] - [03/12/2016 10:55:56] - |A| - (.-.) - [53743] - (0.0.0.0) - C:\GLOB(0x22b727c)
[MD5.B5240F28C76B0D38E9976F5884A17687] - [03/12/2016 10:55:56] - |A| - (.-.) - [3414] - (0.0.0.0) - C:\GLOB(0x22e727c)
[MD5.CC1AB8BAFC386CDD091964A45727D5C5] - [03/12/2016 10:55:56] - |A| - (.-.) - [3546] - (0.0.0.0) - C:\GLOB(0x231727c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:56:07] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2a5572c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:55:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2a5921c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:56:17] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2bea754)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:55:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2bed23c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:56:06] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2c1371c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:55:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2c1d23c)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:56:06] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2c46be4)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/12/2016 10:55:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\GLOB(0x2c4c6e4)
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/05/2017 23:26:23] - |ASH| - (.-.) - [27453329408] - (0.0.0.0) - C:\hiberfil.sys
[31/08/2016 14:09:57] - |D| - [5358] - C:\Intel
[14/12/2016 21:04:32] - |D| - [0] - C:\net-snmp-compil-win
[20/06/2017 09:29:25] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 19:15:25] - |ASH| - (.-.) - [10200547328] - (0.0.0.0) - C:\pagefile.sys
[04/06/2017 12:17:03] - |D| - [0] - C:\PerfLogs
[04/06/2017 12:17:03] - |RD| - [167231177675] - C:\Program Files
[04/06/2017 12:17:03] - |RD| - [154153560504] - C:\Program Files (x86)
[04/06/2017 12:17:03] - |HD| - [15026994304] - C:\ProgramData
[20/06/2017 09:34:01] - |D| - [262063] - C:\QuickDiag
[MD5.740351A6FE37A3366E3EE665C4F71E72] - [20/06/2017 09:34:06] - |A| - (.-.) - [218306] - (0.0.0.0) - C:\QuickDiag.txt
[05/02/2016 17:39:13] - |HD| - [1235230362] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 19:15:25] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[31/08/2016 19:15:25] - |SHD| - [0] - C:\System Volume Information
[05/11/2016 17:31:58] - |D| - [274] - C:\temp
[04/06/2017 10:16:43] - |RD| - [102972495007] - C:\Users
[04/06/2017 10:16:43] - |D| - [30274256947] - C:\Windows
[12/06/2017 11:56:44] - |D| - [40960067421] - C:\Windows.old

---------- | C:\WINDOWS

[04/06/2017 12:17:03] - |D| - [802] - C:\WINDOWS\addins
[04/06/2017 12:17:03] - |D| - [98053984] - C:\WINDOWS\appcompat
[04/06/2017 12:17:03] - |D| - [7892248] - C:\WINDOWS\apppatch
[04/06/2017 12:17:03] - |D| - [0] - C:\WINDOWS\AppReadiness
[04/06/2017 12:17:03] - |RD| - [2666602152] - C:\WINDOWS\assembly
[04/06/2017 12:17:03] - |D| - [673125] - C:\WINDOWS\bcastdvr
[MD5.2352504AD79AF33EF21D4B4F217C1141] - [04/06/2017 12:09:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.16215.1000) - C:\WINDOWS\bfsvc.exe
[05/06/2017 09:00:07] - |SHD| - [576523] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[04/06/2017 12:17:03] - |D| - [37468869] - C:\WINDOWS\Boot
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/06/2017 10:58:14] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[04/06/2017 12:17:03] - |D| - [2446344] - C:\WINDOWS\Branding
[MD5.9130CCE19B5DB3D2E31F9F789263FC4A] - [02/06/2017 13:11:17] - |A| - (.Copyright (c) 1999-2006 Microsoft Corporation - CAPICOM Module.) - [511328] - (2.1.0.2) - C:\WINDOWS\capicom.dll
[04/06/2017 12:03:09] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.37D052D8AE871402DEB60CB9F319412F] - [12/06/2017 11:03:44] - |A| - (.-.) - [7159] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[31/08/2016 19:19:23] - |D| - [0] - C:\WINDOWS\CSC
[MD5.45F50529721E9C2CC58B03DA993C8A7D] - [31/08/2016 14:45:46] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\ctfile.rfc
[04/06/2017 12:17:03] - |D| - [11482410] - C:\WINDOWS\Cursors
[04/06/2017 12:17:03] - |D| - [3] - C:\WINDOWS\debug
[04/06/2017 12:17:03] - |D| - [208322741] - C:\WINDOWS\DeliveryOptimization
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [12/06/2017 11:07:05] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[04/06/2017 12:17:03] - |D| - [4772937] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [12/06/2017 11:07:05] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[05/06/2017 08:57:44] - |D| - [0] - C:\WINDOWS\DigitalLocker
[04/06/2017 12:17:03] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.10D2993828B2A91C975EC4CACEF3CE7B] - [04/06/2017 12:18:41] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[04/06/2017 12:17:03] - |HD| - [40832] - C:\WINDOWS\ELAMBKUP
[05/06/2017 08:57:44] - |D| - [0] - C:\WINDOWS\en-US
[MD5.7F5C3EE402F6C22FB4BD40BD71091BE0] - [04/06/2017 12:10:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3876864] - (10.0.16215.1000) - C:\WINDOWS\explorer.exe
[04/06/2017 12:17:03] - |RSD| - [444564848] - C:\WINDOWS\Fonts
[05/06/2017 08:57:44] - |D| - [109056] - C:\WINDOWS\fr-FR
[04/06/2017 12:17:03] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[04/06/2017 12:17:03] - |D| - [46643311] - C:\WINDOWS\Globalization
[04/06/2017 12:17:03] - |D| - [71206283] - C:\WINDOWS\Help
[MD5.CBA65F502A4EB3A39655372AE1BED111] - [04/06/2017 12:10:02] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [1003008] - (10.0.16215.1000) - C:\WINDOWS\HelpPane.exe
[MD5.07C90A833C624B43E6D7B1D96EA1D006] - [04/06/2017 12:10:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [17920] - (10.0.16215.1000) - C:\WINDOWS\hh.exe
[02/03/2017 02:53:22] - |D| - [191271071] - C:\WINDOWS\HoloShell
[04/06/2017 12:17:03] - |D| - [173056880] - C:\WINDOWS\IME
[04/06/2017 12:17:03] - |RD| - [7768346] - C:\WINDOWS\ImmersiveControlPanel
[04/06/2017 12:14:48] - |D| - [109755344] - C:\WINDOWS\INF
[04/06/2017 12:17:03] - |D| - [1452092897] - C:\WINDOWS\InfusedApps
[04/06/2017 12:17:03] - |D| - [41503391] - C:\WINDOWS\InputMethod
[04/06/2017 12:17:03] - |SHD| - [4952974975] - C:\WINDOWS\Installer
[04/06/2017 12:17:03] - |D| - [94096] - C:\WINDOWS\L2Schemas
[04/06/2017 12:17:03] - |D| - [1132519] - C:\WINDOWS\LiveKernelReports
[04/06/2017 10:16:48] - |D| - [26082965] - C:\WINDOWS\Logs
[MD5.67CF48B730D1BC158F2FC5BEB0834419] - [31/08/2016 14:45:50] - |A| - (.-.) - [4862] - (0.0.0.0) - C:\WINDOWS\MBCfg_APOIM.ini
[MD5.4E45D368CFF3621450051A5EF9423EA9] - [31/08/2016 14:45:50] - |A| - (.-.) - [1165] - (0.0.0.0) - C:\WINDOWS\MBCfg_Capture_APOIM.ini
[MD5.E0C5B74B34AC369145594C0330F6A1A5] - [31/08/2016 14:45:50] - |A| - (.-.) - [4821] - (0.0.0.0) - C:\WINDOWS\MBCfg_HP_APOIM.ini
[MD5.4EFCA93135ED07ECC983B3F30C359ACD] - [31/08/2016 14:45:50] - |A| - (.-.) - [4914] - (0.0.0.0) - C:\WINDOWS\MBCfg_SP_APOIM.ini
[MD5.F0BF3A5DAA08C0B5B6E64EE817D9F090] - [31/08/2016 14:46:06] - |A| - (.-.) - [57602] - (0.0.0.0) - C:\WINDOWS\MBSpkrEQ.cfg
[04/06/2017 12:17:03] - |RSD| - [20316123] - C:\WINDOWS\Media
[MD5.81040D47AC73DA548384AE74619D9716] - [07/06/2017 12:56:27] - |A| - (.-.) - [2627079862] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [04/06/2017 12:10:36] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[04/06/2017 12:17:03] - |RD| - [1097505747] - C:\WINDOWS\Microsoft.NET
[04/06/2017 12:17:03] - |D| - [2751] - C:\WINDOWS\Migration
[18/06/2017 10:13:01] - |D| - [1930988] - C:\WINDOWS\Minidump
[04/06/2017 12:17:03] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.8318A68067191C8B07C22085625569A8] - [04/06/2017 12:09:49] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246272] - (10.0.16215.1000) - C:\WINDOWS\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [24/05/2017 23:12:41] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [21/12/2016 15:28:30] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvTelemetryContainerRecovery.bat
[05/06/2017 08:59:11] - |D| - [199472] - C:\WINDOWS\OCR
[05/02/2016 18:09:38] - |D| - [109795] - C:\WINDOWS\OEMFolder
[04/06/2017 12:17:03] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[09/06/2017 16:58:35] - |DC| - [533952702] - C:\WINDOWS\Panther
[MD5.8B962D1EDDA1131285ECC91FBF6A654F] - [13/09/2016 13:18:36] - |A| - (.-.) - [644608] - (0.0.0.0) - C:\WINDOWS\PAR FRENCH DL Uninstaller.exe
[MD5.3F30E7D132D62476DB9BA5EBB0F7B902] - [29/09/2016 21:21:22] - |A| - (.-.) - [197120] - (6.50.0.0) - C:\WINDOWS\patchw32.dll
[04/06/2017 12:17:03] - |D| - [29924717] - C:\WINDOWS\Performance
[MD5.9082AFF92E11C00EA812EC9EFF1EE6CE] - [06/06/2017 11:32:08] - |A| - (.-.) - [17010] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[04/06/2017 12:17:03] - |D| - [1136442] - C:\WINDOWS\PLA
[04/06/2017 12:17:03] - |D| - [7095130] - C:\WINDOWS\PolicyDefinitions
[12/06/2017 10:57:20] - |D| - [4840447] - C:\WINDOWS\Prefetch
[04/06/2017 12:17:03] - |RD| - [2155639] - C:\WINDOWS\PrintDialog
[MD5.CC700D9C2A31C811727762BF1BE44A01] - [05/06/2017 09:00:42] - |A| - (.-.) - [35524] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[04/06/2017 12:17:03] - |D| - [3772566] - C:\WINDOWS\Provisioning
[MD5.374525D11E8BC8C435BA47528AA0B980] - [04/06/2017 12:10:32] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [335872] - (10.0.16215.1000) - C:\WINDOWS\regedit.exe
[04/06/2017 12:17:03] - |D| - [1141084] - C:\WINDOWS\Registration
[05/06/2017 09:00:07] - |D| - [0] - C:\WINDOWS\RemotePackages
[04/06/2017 12:17:03] - |D| - [2407728] - C:\WINDOWS\rescache
[04/06/2017 12:17:03] - |D| - [4889721] - C:\WINDOWS\Resources
[MD5.BAFE98D46BAB095F7935C444DBF9A884] - [31/08/2016 13:45:04] - |A| - (.TODO: (c) <Company name>. - RtCRU.) - [4330200] - (1.11.0.0) - C:\WINDOWS\RtCRU64.exe
[MD5.51254CE041C5D011944C3E11D5A00608] - [11/04/2017 19:38:38] - |A| - (.Copyright (C) 2016 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2838232] - (1.0.6.8) - C:\WINDOWS\RtlExUpd.dll
[05/02/2016 18:09:38] - |D| - [141201859] - C:\WINDOWS\ScanState
[04/06/2017 12:17:03] - |D| - [0] - C:\WINDOWS\SchCache
[04/06/2017 12:17:03] - |D| - [153150] - C:\WINDOWS\schemas
[04/06/2017 12:17:03] - |D| - [11430213] - C:\WINDOWS\security
[12/06/2017 11:47:22] - |D| - [46368915] - C:\WINDOWS\ServiceProfiles
[04/06/2017 10:16:43] - |D| - [39107737] - C:\WINDOWS\servicing
[04/06/2017 12:19:20] - |D| - [42] - C:\WINDOWS\Setup
[MD5.6F67C0B32FD505C9D80F6BF1BF458AAE] - [12/06/2017 10:57:46] - |A| - (.-.) - [20417] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.C6FAA16C3C81657ABFB731746813D806] - [31/08/2016 15:09:41] - |A| - (.Copyright ©  2012 - SetupAfterRebootService.) - [10752] - (1.0.0.0) - C:\WINDOWS\SetupAfterRebootService.exe
[MD5.D060131CD55776F1C058590263CFF30E] - [12/06/2017 10:57:46] - |A| - (.-.) - [168] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[04/06/2017 12:17:03] - |D| - [56435200] - C:\WINDOWS\ShellExperiences
[30/10/2015 11:07:42] - |D| - [0] - C:\WINDOWS\ShellNew
[05/06/2017 08:58:46] - |D| - [3070736] - C:\WINDOWS\SKB
[31/08/2016 19:16:43] - |D| - [47532048] - C:\WINDOWS\SoftwareDistribution
[04/06/2017 12:17:03] - |D| - [86037185] - C:\WINDOWS\Speech
[04/06/2017 12:17:03] - |D| - [58941157] - C:\WINDOWS\Speech_OneCore
[MD5.50B086ECF4977EE23DA0C13A2A63FF09] - [04/06/2017 12:10:47] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.16215.1000) - C:\WINDOWS\splwow64.exe
[02/09/2016 17:27:10] - |D| - [224962048] - C:\WINDOWS\symbols
[MD5.125F8862D2C1B4CB24BE6E10032580AB] - [12/06/2017 11:00:34] - |A| - (.-.) - [603] - (0.0.0.0) - C:\WINDOWS\Synaptics.log
[MD5.125F8862D2C1B4CB24BE6E10032580AB] - [12/06/2017 11:00:34] - |A| - (.-.) - [603] - (0.0.0.0) - C:\WINDOWS\Synaptics.PD.log
[04/06/2017 12:17:03] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[04/06/2017 10:16:43] - |D| - [6170744723] - C:\WINDOWS\System32
[04/06/2017 12:17:04] - |D| - [197763400] - C:\WINDOWS\SystemApps
[04/06/2017 12:17:04] - |D| - [20015707] - C:\WINDOWS\SystemResources
[04/06/2017 10:16:48] - |D| - [1652916025] - C:\WINDOWS\SysWOW64
[04/06/2017 12:17:04] - |D| - [0] - C:\WINDOWS\TAPI
[30/10/2015 09:24:25] - |D| - [6] - C:\WINDOWS\Tasks
[04/06/2017 12:17:04] - |D| - [33745881] - C:\WINDOWS\Temp
[04/06/2017 12:17:04] - |D| - [12401152] - C:\WINDOWS\TextInput
[04/06/2017 12:17:04] - |D| - [0] - C:\WINDOWS\tracing
[04/06/2017 12:17:04] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.6B2EBA5FA1D2F1CA2B4C7982F4BF03CC] - [04/06/2017 12:11:07] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[MD5.C419DF63E0121D72411285780C2FC6CC] - [31/08/2016 14:46:01] - |A| - (.Copyright (c) Creative Technology Ltd. 2000 - Creative UpdReg.) - [90112] - (1.0.2.0) - C:\WINDOWS\Updreg.EXE
[04/06/2017 12:17:04] - |D| - [12420] - C:\WINDOWS\Vss
[04/06/2017 12:17:04] - |D| - [15729830] - C:\WINDOWS\Web
[12/09/2016 23:16:49] - |RD| - [185752] - C:\WINDOWS\WebManagement
[MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 09:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [04/06/2017 12:10:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [02/06/2017 23:26:17] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.C2C4A9B3B9BC8217ABAFFEADC01AED6A] - [04/06/2017 12:11:05] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.16215.1000) - C:\WINDOWS\winhlp32.exe
[04/06/2017 10:16:43] - |D| - [6545421644] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [04/06/2017 12:09:04] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.68F8EC9C848252D10B9746ADED25F003] - [04/06/2017 12:09:49] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.16215.1000) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy

[20/06/2017 00:39:17] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\Machine
[20/06/2017 00:39:17] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[24/05/2017 18:57:02] - C:\WINDOWS\Installer\104dca.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/10/2016 03:03:58] - C:\WINDOWS\Installer\125815.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 13:41:37] - C:\WINDOWS\Installer\16912c.msi : (Blank Project Template - Rivet Networks)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 13:41:48] - C:\WINDOWS\Installer\169130.msi : (Blank Project Template - Rivet Networks)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 13:41:56] - C:\WINDOWS\Installer\169134.msi : (Blank Project Template - Rivet Networks)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 13:42:01] - C:\WINDOWS\Installer\169138.msi : (Blank Project Template - Rivet Networks)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/12/2016 03:02:30] - C:\WINDOWS\Installer\21cd2d7.msi : ( - dotPDN LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 19:40:20] - C:\WINDOWS\Installer\23d008e.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 19:40:22] - C:\WINDOWS\Installer\23d0094.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:01:30] - C:\WINDOWS\Installer\23d009a.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:01:43] - C:\WINDOWS\Installer\23d00a0.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:01:44] - C:\WINDOWS\Installer\23d00a6.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:02:11] - C:\WINDOWS\Installer\23d00ac.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:02:14] - C:\WINDOWS\Installer\23d00b2.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:03:20] - C:\WINDOWS\Installer\23d00b8.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:03:21] - C:\WINDOWS\Installer\23d00be.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:03:40] - C:\WINDOWS\Installer\23d00c4.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:04:57] - C:\WINDOWS\Installer\23d00ca.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:05:05] - C:\WINDOWS\Installer\23d00d0.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:05:09] - C:\WINDOWS\Installer\23d00d6.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:05:45] - C:\WINDOWS\Installer\23d00dc.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:20] - C:\WINDOWS\Installer\23d00e2.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:28] - C:\WINDOWS\Installer\23d00e8.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:31] - C:\WINDOWS\Installer\23d00ee.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:32] - C:\WINDOWS\Installer\23d00f4.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:33] - C:\WINDOWS\Installer\23d00fa.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:34] - C:\WINDOWS\Installer\23d0100.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:39] - C:\WINDOWS\Installer\23d0106.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:41] - C:\WINDOWS\Installer\23d010c.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:42] - C:\WINDOWS\Installer\23d0112.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:45] - C:\WINDOWS\Installer\23d0118.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:47] - C:\WINDOWS\Installer\23d011e.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:49] - C:\WINDOWS\Installer\23d0124.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:50] - C:\WINDOWS\Installer\23d012a.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:51] - C:\WINDOWS\Installer\23d0130.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:52] - C:\WINDOWS\Installer\23d0136.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:53] - C:\WINDOWS\Installer\23d013c.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:06:57] - C:\WINDOWS\Installer\23d0142.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:07:03] - C:\WINDOWS\Installer\23d0148.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:07:13] - C:\WINDOWS\Installer\23d014e.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:07:44] - C:\WINDOWS\Installer\23d0154.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:07:49] - C:\WINDOWS\Installer\23d015a.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:08:01] - C:\WINDOWS\Installer\23d0160.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:08:04] - C:\WINDOWS\Installer\23d0166.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:08:05] - C:\WINDOWS\Installer\23d016c.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:08:10] - C:\WINDOWS\Installer\23d0172.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:24] - C:\WINDOWS\Installer\23d0178.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:28] - C:\WINDOWS\Installer\23d017e.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:29] - C:\WINDOWS\Installer\23d0184.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:31] - C:\WINDOWS\Installer\23d018a.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:43] - C:\WINDOWS\Installer\23d0190.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:49] - C:\WINDOWS\Installer\23d0196.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:50] - C:\WINDOWS\Installer\23d019c.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:52] - C:\WINDOWS\Installer\23d01a2.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:53] - C:\WINDOWS\Installer\23d01a8.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:12:57] - C:\WINDOWS\Installer\23d01ae.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2016 20:23:50] - C:\WINDOWS\Installer\23d01b4.msi : (Amazon Lumberyard 1.5.0.0 Installer - Amazon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/07/2016 21:15:46] - C:\WINDOWS\Installer\307f8a.msi : (Blank Project Template -)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2017 11:10:44] - C:\WINDOWS\Installer\32ed8bd8.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2017 11:15:02] - C:\WINDOWS\Installer\32ed8da3.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2017 11:15:13] - C:\WINDOWS\Installer\32ed8e16.msi : (Apple Software Update Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/06/2017 11:16:14] - C:\WINDOWS\Installer\32ed8e59.msi : (Apple Mobile Device Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/05/2017 13:39:02] - C:\WINDOWS\Installer\331cb1.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2016 22:56:24] - C:\WINDOWS\Installer\3ab480.msi : (Intel(R) ME UninstallLegacy - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2016 22:57:06] - C:\WINDOWS\Installer\3ab484.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2016 22:57:20] - C:\WINDOWS\Installer\3ab4a0.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/02/2016 21:19:56] - C:\WINDOWS\Installer\3ab4a4.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/03/2016 23:52:10] - C:\WINDOWS\Installer\3ab4a8.msi : (Intel® Security Assist - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/05/2016 08:46:36] - C:\WINDOWS\Installer\3ab4ab.msi : (Thunderbolt(TM) Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/11/2015 23:13:22] - C:\WINDOWS\Installer\4fce7e.msi : (Intel(R) Rapid Storage Technology - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 14:44:29] - C:\WINDOWS\Installer\4fce81.msi : (Synaptics WBF USB Fingerprint Reader install package - Synaptics Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2016 11:25:30] - C:\WINDOWS\Installer\51aaf7b.msi : (Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Data - Audiokinetic Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2016 11:25:30] - C:\WINDOWS\Installer\51aaf81.msi : (Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Binaries 64-bit - Audiokinetic Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2016 11:25:58] - C:\WINDOWS\Installer\51aaf87.msi : (Audiokinetic Wwise v2015.2_LTX build 5495 - Wwise LTX License - Audiokinetic Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2016 11:25:44] - C:\WINDOWS\Installer\51aaf8d.msi : (Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Common) - Audiokinetic Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/09/2016 11:47:34] - C:\WINDOWS\Installer\53d6c6.msi : (Epic Games Launcher - Epic Games, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:41:29] - C:\WINDOWS\Installer\5b7851.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 17:33:34] - C:\WINDOWS\Installer\6a3e405.msi : (PreEmptive Solutions' post-build instrumentation services provide obfuscation, tamper defense, shelf life, and runtime intelligence functionality. - PreEmptive Solutions LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/09/2016 17:33:40] - C:\WINDOWS\Installer\6a3e40b.msi : (PreEmptive Analytics Visual Studio Components - PreEmptive Solutions)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/12/2016 21:02:23] - C:\WINDOWS\Installer\722332.msi : (Adobe AIR Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2016 14:28:46] - C:\WINDOWS\Installer\910b789.msi : (Gtk# for .Net 2.12.26 - Xamarin, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/06/2016 05:44:30] - C:\WINDOWS\Installer\919e41a.msi : (PreEmptive Solutions provides analytics, obfuscation, tamper defense, and shelf life. - PreEmptive Solutions LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/06/2015 04:09:05] - C:\WINDOWS\Installer\919e420.msi : (PreEmptive Analytics Visual Studio Components - PreEmptive Solutions)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/12/2016 19:50:25] - C:\WINDOWS\Installer\9b1ee94.msi : (Blender - Blender Foundation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/06/2016 12:49:34] - C:\WINDOWS\Installer\c401e.msi : (Intel(R) Chipset Device Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2016 17:51:46] - C:\WINDOWS\Installer\ecbfb9.msi : (UE4 Prerequisites (x64) - Epic Games, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/09/2016 12:01:16] - C:\WINDOWS\Installer\f7d5485.msi : (CRYENGINE Launcher - Crytek GmbH)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 14:44:29] - C:\WINDOWS\Installer\Syna_Viper_FPReader5.5.204.24.msi : (Synaptics WBF USB Fingerprint Reader install package - Synaptics Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[04/06/2017 12:09:04] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[31/08/2016 14:45:50] - [20697] - C:\WINDOWS\System32\MBCfg64.ini
[31/08/2016 14:45:50] - [6968] - C:\WINDOWS\System32\MBCfgUninstall64.ini
[12/06/2017 11:00:42] - [2251376] - C:\WINDOWS\System32\PerfStringBackup.INI
[04/06/2017 12:10:29] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[04/06/2017 12:09:54] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[04/06/2017 12:09:13] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[31/08/2016 14:45:50] - [20697] - C:\WINDOWS\Syswow64\MBCfg32.ini
[31/08/2016 14:45:50] - [6968] - C:\WINDOWS\Syswow64\MBCfgUninstall32.ini
[24/05/2017 23:13:20] - [1970168] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[04/06/2017 12:10:59] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.190DD004504FD85143CCBB74398EA62B] - |A| - [12/06/2017 11:00:39] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.6A15194093A123C7285EB45D66D0219C] - |A| - [12/06/2017 11:00:41] - (.-.) - [1 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.06CC56D8F0B8D2A7C9739F207479B923] - |A| - [12/06/2017 11:21:17] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\bdec.bytes
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:09:18] - [27378.95 Ko] - C:\WINDOWS\Temp\bd_AFEE.tmp
[MD5.C61AC3B9D379B3E8EA66539B5398600F] - |A| - [12/06/2017 11:05:43] - (.-.) - [2.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:05:43] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.694DB5C04D39D5F57B1474E21AD091C5] - |A| - [12/06/2017 11:03:32] - (.-.) - [288.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170612-1103.log
[MD5.97375E2796A77B020C1116C7F3CD77AD] - |A| - [12/06/2017 11:13:39] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170612-1113.log
[MD5.B35A630889F59264003D8C25FE439016] - |A| - [12/06/2017 11:24:00] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170612-1124.log
[MD5.22D71E02D377DA856DD86F9CD6B09862] - |A| - [12/06/2017 11:54:00] - (.-.) - [6.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170612-1154.log
[MD5.AF29FB1BB719498873DA7B9343990999] - |A| - [12/06/2017 12:24:00] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170612-1224.log
[MD5.4571B19FDF2FE8B6AA0136BB9825A016] - |A| - [13/06/2017 04:00:00] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170613-0400.log
[MD5.F32DC7ED0348D3E55B6395243A9B62DC] - |A| - [13/06/2017 04:01:56] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170613-0401.log
[MD5.80F10F77A0E5133CF4BD0C9F0B99173F] - |A| - [13/06/2017 09:33:22] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170613-0933.log
[MD5.0C3CA099091634EDFFBE1D172857FAA5] - |A| - [13/06/2017 11:13:39] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170613-1113.log
[MD5.F91A120BD0C0F1B6A66D0FAADEE655FA] - |A| - [14/06/2017 10:36:57] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1036.log
[MD5.DB8CCAEAB1A81A65D92020616C3899E1] - |A| - [14/06/2017 10:39:47] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1039.log
[MD5.C2EB093C6E046544E97384F5C3534CDB] - |A| - [14/06/2017 10:52:10] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1052.log
[MD5.C3C4CB904F68B6F3FBFE25E784249B53] - |A| - [14/06/2017 11:13:39] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1113.log
[MD5.B21438AF91115BA17F34632C6CC11C4E] - |A| - [14/06/2017 11:22:20] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1122.log
[MD5.C8D46709842409CEA456DACE58BCB378] - |A| - [14/06/2017 11:52:10] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1152.log
[MD5.9A2BF4A5A5542B881E8412D76DDC558C] - |A| - [14/06/2017 18:33:44] - (.-.) - [181.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1833.log
[MD5.5CEEDCAAB3E5AE19E297E810CD890130] - |A| - [14/06/2017 18:48:56] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1848.log
[MD5.0EDDFA7755C16A2848D40B28DAD0AD66] - |A| - [14/06/2017 19:18:56] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1918.log
[MD5.FA84BAFC0C20AA747CAFD1CED2E89D71] - |A| - [14/06/2017 19:48:56] - (.-.) - [6.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-1948.log
[MD5.EBB218A14D6E0D6A5B2BE9A1F4D755A3] - |A| - [14/06/2017 21:47:09] - (.-.) - [208.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-2147.log
[MD5.35EC56B76F4CA17D28A75795DC6F1EC1] - |A| - [14/06/2017 22:02:15] - (.-.) - [6.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-2202.log
[MD5.42F5EC3ECF5600A8A50D31EC46BEC463] - |A| - [14/06/2017 22:32:13] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-2232.log
[MD5.5393FD16446929A02CF75E3C84655CC9] - |A| - [14/06/2017 23:02:13] - (.-.) - [6.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170614-2302.log
[MD5.F0D889552691C535F7D1D2A684DE79F5] - |A| - [15/06/2017 04:00:00] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170615-0400.log
[MD5.781B9A61AFD1D2FDD93DBCA39A644E27] - |A| - [15/06/2017 05:34:02] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170615-0534.log
[MD5.81E602C4B2032457263F081078651A1A] - |A| - [16/06/2017 03:15:53] - (.-.) - [6.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0315.log
[MD5.F67FD57B794D3C7E7269302F720A5F7A] - |A| - [16/06/2017 03:20:15] - (.-.) - [118.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0320.log
[MD5.172D5F2136FC8BF052890A438B67744F] - |A| - [16/06/2017 03:49:17] - (.-.) - [355.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0349.log
[MD5.1CD120E6BEBBA1D7D5644C6FABC91469] - |A| - [16/06/2017 03:49:25] - (.-.) - [10.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0349a.log
[MD5.66F4018FAE957001D10894E4B51DB840] - |A| - [16/06/2017 03:49:29] - (.-.) - [37.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0349b.log
[MD5.134836332AEB0D7DEC7653ACB802D1EE] - |A| - [16/06/2017 04:00:00] - (.-.) - [6.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0400.log
[MD5.7B8CA81352BDB12F6AC68A3DFA8F148B] - |A| - [16/06/2017 07:30:48] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170616-0730.log
[MD5.CA7C141E8FF48BF8525B6AA89C0FFA4E] - |A| - [17/06/2017 11:20:30] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1120.log
[MD5.A65579710C16F546226CC9450F942B55] - |A| - [17/06/2017 11:23:25] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1123.log
[MD5.3CA2A70997FCC045632A150C4F69441E] - |A| - [17/06/2017 11:26:43] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1126.log
[MD5.7E8B05C0A646F8AD9B3938D0CD5CFB99] - |A| - [17/06/2017 11:27:00] - (.-.) - [83.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1127.log
[MD5.6CEA20ABACFED0C35F53434884E41F72] - |A| - [17/06/2017 11:29:27] - (.-.) - [10.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1129.log
[MD5.344E07C71C3EA1373E88426DB49806F7] - |A| - [17/06/2017 11:29:33] - (.-.) - [24.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170617-1129a.log
[MD5.679CD162F1784FD31FC82860B827E1D4] - |A| - [18/06/2017 10:13:06] - (.-.) - [168.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1013.log
[MD5.87123E64EA9207A467B475040AE3280E] - |A| - [18/06/2017 10:16:04] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1016.log
[MD5.E7C3B6E188CAEAAB2FBA6F4C93130D3A] - |A| - [18/06/2017 10:16:04] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1016a.log
[MD5.EF7699253E0F8228A6FE4E74548EBA2C] - |A| - [18/06/2017 10:29:06] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1029.log
[MD5.4FF1A1C515C88362E945BD75308D6D91] - |A| - [18/06/2017 10:59:06] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1059.log
[MD5.F58AF6A6BD604A14D8A2F88DE8C32E9A] - |A| - [18/06/2017 11:29:06] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1129.log
[MD5.F50F85169D14057863608AD589F09583] - |A| - [18/06/2017 16:18:07] - (.-.) - [485.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1618.log
[MD5.52DAF883D53BD927556821EAE5573E37] - |A| - [18/06/2017 16:33:20] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1633.log
[MD5.6808733D1D323F2492236253B19F762C] - |A| - [18/06/2017 17:03:19] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1703.log
[MD5.932106896C2D196C06CE766A509CFA9D] - |A| - [18/06/2017 17:33:19] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-1733.log
[MD5.B2A3AD9FF2396115749BAC6851BCC0FA] - |A| - [18/06/2017 23:49:23] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170618-2349.log
[MD5.FE126FED68E8A0C128F6F1A2403543C6] - |A| - [19/06/2017 09:20:01] - (.-.) - [6.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-0920.log
[MD5.8063FF1C1D5A277A7137180F9F4DBE97] - |A| - [19/06/2017 09:20:03] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-0920a.log
[MD5.DD579F6D4D3B5C4F93D255CFA8B31C39] - |A| - [19/06/2017 09:23:00] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-0923.log
[MD5.C2D054979DCA7B31663C530EF0B79A4A] - |A| - [19/06/2017 09:35:21] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-0935.log
[MD5.745FE10DE742DF7D5CFB55C3B0369A7A] - |A| - [19/06/2017 09:49:23] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-0949.log
[MD5.33B11BA13A72F49582EBD9D337409958] - |A| - [19/06/2017 10:05:21] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-1005.log
[MD5.5BF22AEC48F665B6023E7A34AB4875E3] - |A| - [19/06/2017 10:35:21] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-1035.log
[MD5.ED5BF38A3962F8AD286297EF70BAC4D7] - |A| - [19/06/2017 15:38:12] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-1538.log
[MD5.8D54C90CF4A7F86BB17E3C8E32512BA9] - |A| - [19/06/2017 16:07:42] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-1607.log
[MD5.6EEC369B8981D727AA0828DD9164D9C9] - |A| - [19/06/2017 16:37:42] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-1637.log
[MD5.AF166C70592AA1E784F96D9C8F6A8003] - |A| - [19/06/2017 23:25:26] - (.-.) - [187.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-2325.log
[MD5.A629AF308C0FC44AFF3472798FB6C7FF] - |A| - [19/06/2017 23:40:53] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170619-2340.log
[MD5.14E8066D8C30F3D3163A039484805641] - |A| - [20/06/2017 00:10:52] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170620-0010.log
[MD5.B6C828D4F4F2CA480E9AD86B140B1218] - |A| - [20/06/2017 00:40:52] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170620-0040.log
[MD5.569106359CE8A6AD09B05308AF312C1D] - |A| - [20/06/2017 09:27:56] - (.-.) - [49.64 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170620-0927.log
[MD5.FBEA7A39FD30CC18D79369A13807319B] - |A| - [20/06/2017 09:32:54] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170620-0932.log
[MD5.15F60EA593A2BA392923F658BDB7B299] - |A| - [20/06/2017 09:32:54] - (.-.) - [6.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DESKTOP-CJSUH9G-20170620-0932a.log
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 09:27:55] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 09:27:55] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 09:27:55] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 09:27:55] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:02:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMI27A4.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:02:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DMI27C5.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:02:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:02:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.AF897FA0AC65F5C7E49422C95762DD7B] - |A| - [12/06/2017 11:07:42] - (.-.) - [19.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:18:18] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 10:57:55] - [2344.65 Ko] - C:\WINDOWS\Temp\NvidiaLogging
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:03:32] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170612110332FE0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/06/2017 03:49:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201706160349173A70).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/06/2017 10:13:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170618101306DD4).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/06/2017 16:18:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017061816180710B4).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/06/2017 23:25:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170619232527F6C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/06/2017 09:27:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170620092756102C).log
[MD5.9371E713B0C2758C40BBAADEE6DC591D] - |A| - [12/06/2017 10:57:44] - (.-.) - [359.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\StateRepository.log
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [12/06/2017 11:02:20] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\temC792.tmp
[MD5.00000000000000000000000000000000] - |D| - [19/06/2017 16:00:33] - [0 Ko] - C:\WINDOWS\Temp\tmp000014f6
[MD5.00000000000000000000000000000000] - |D| - [20/06/2017 09:33:37] - [0 Ko] - C:\WINDOWS\Temp\tmp00003af2
[MD5.00000000000000000000000000000000] - |D| - [18/06/2017 13:28:18] - [0 Ko] - C:\WINDOWS\Temp\tmp0000524d
[MD5.00000000000000000000000000000000] - |D| - [17/06/2017 12:24:12] - [0 Ko] - C:\WINDOWS\Temp\tmp0000531b
[MD5.00000000000000000000000000000000] - |D| - [14/06/2017 12:19:58] - [0 Ko] - C:\WINDOWS\Temp\tmp00006578
[MD5.00000000000000000000000000000000] - |D| - [19/06/2017 23:30:56] - [0 Ko] - C:\WINDOWS\Temp\tmp00006dac
[MD5.447E8800A56F81D7D5E14414E9272849] - |A| - [16/06/2017 01:41:37] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_1396a5ab-33d3-42ce-9168-6aabaa3ea7c7.log
[MD5.718CC43CF9AB6C6C510EA0253A390A7F] - |A| - [20/06/2017 09:32:55] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_526b6159-3d5f-4635-a6a9-66fbad079b63.log
[MD5.FBE0DEFA3A8A828B29C96C1038684579] - |A| - [15/06/2017 01:41:37] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_5654a6e1-6e6c-4f75-b8bd-c6e0bca18331.log
[MD5.A09D19421CD7722283D24BEBFCA5E2D8] - |A| - [12/06/2017 11:13:39] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_5b9ff98f-ef22-489e-8f8f-74bf5b285a55.log
[MD5.F308A65206ABDECF4B9F4FC1F0ACA130] - |A| - [17/06/2017 11:23:33] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_5fb63130-6f4c-4352-b35b-772072d1efa2.log
[MD5.12EE31BA92C7D570F693F5959200B4BB] - |A| - [14/06/2017 10:39:47] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_943cce85-0fc8-4477-bd95-a11205f8c965.log
[MD5.6F785D6C97E898BD125A788666259AFD] - |A| - [13/06/2017 01:41:38] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_aa696caf-a210-4144-91d4-334e7b1782ad.log
[MD5.A36649D11EF40D306378289A3A0F70FE] - |A| - [19/06/2017 09:23:02] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_ba723934-5997-41dc-a943-d50efe63ed90.log
[MD5.9E2F80BA36838F38512463B6B856D193] - |A| - [18/06/2017 10:16:05] - (.-.) - [0.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\VSIXInstaller_fec649f4-2f35-4810-93c6-aae7acc21163.log
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:00:07] - [8.59 Ko] - C:\WINDOWS\Temp\VulkanRT
[MD5.795690B61493664A9AD174B0154539AB] - |A| - [16/06/2017 13:43:27] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER1F11.tmp.WERDataCollectionStatus.txt
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [19/06/2017 23:28:49] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER76F7.tmp.WERDataCollectionStatus.txt
[MD5.FC1E8F863F777464345B4EF3F78AEB9C] - |A| - [14/06/2017 21:42:55] - (.-.) - [0.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER8C19.tmp.WERDataCollectionStatus.txt
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [18/06/2017 10:13:36] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERCAD2.tmp.WERDataCollectionStatus.txt
[MD5.83D216D27777D16F71FE0DCD7FA00609] - |A| - [12/06/2017 11:02:21] - (.-.) - [0.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\wmsetup.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/06/2017 09:27:56] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{1502905B-32EB-4F13-BB6D-0DD5D6F7DAE8} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/06/2017 10:13:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{1A291EE0-CDB4-4660-980A-EF2B37E89650} - OProcSessId.dat
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 10:58:53] - [0 Ko] - C:\WINDOWS\Temp\{70D8454B-3D73-4E21-A4C3-F6C8AA84F67B}
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/06/2017 16:18:07] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{8E2724B8-EE43-4089-8F37-CD7C3D5F2F0A} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/06/2017 11:03:32] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{8F6E3844-C1F3-4D9C-AF43-D12CD1F8740E} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/06/2017 03:49:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{92530114-2588-4081-A791-E45009F70B22} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [19/06/2017 23:25:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{F3CAD8C2-4C41-4195-B619-71FC62127948} - OProcSessId.dat
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:00:08] - [0 Ko] - C:\WINDOWS\Temp\{F6B89B3B-BC0F-48ED-967C-33D90F2669CF}
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:44] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [02/09/2016 15:11:42] - [438.24 Ko] - C:\WINDOWS\System32\1033
[MD5.7A19613ED820018D106397542AC916A3] - |A| - [12/11/2016 12:04:18] - (.-.) - [0.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@ActionCenterToastIcon.png
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [04/06/2017 12:09:49] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [04/06/2017 12:09:24] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [04/06/2017 12:10:07] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [04/06/2017 12:09:34] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [04/06/2017 12:10:11] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [04/06/2017 12:10:24] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [04/06/2017 12:10:32] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [04/06/2017 12:10:47] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [04/06/2017 12:09:34] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.C64012612E82D6113101B9F961E13F1D] - |A| - [22/01/2017 13:55:24] - (.-.) - [1.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdate.240.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [04/06/2017 12:09:25] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [04/06/2017 12:09:25] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.4B8E7580CDD5FAAF1D36DD9CA66E447F] - |A| - [12/11/2016 12:04:18] - (.-.) - [1769.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ActionCenterWelcomeImage.png
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:48] - [2978.83 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [04/06/2017 12:10:50] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.A4BBEC644DA95CE3F3A30F6D057D0526] - |A| - [31/08/2016 14:45:46] - (.-.) - [357.5 Ko] - (1.0.343.0) - C:\WINDOWS\System32\APOMgr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [2484.85 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |SD| - [05/06/2017 09:00:07] - [283.01 Ko] - C:\WINDOWS\System32\AppV
[MD5.376E4D84F716C5754BA2E110136E5310] - |A| - [18/06/2013 07:46:56] - (.-.) - [637.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\appverif.chm
[MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [22/01/2017 13:58:09] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [04/06/2017 12:09:18] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [256.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [4598.89 Ko] - C:\WINDOWS\System32\Boot
[MD5.B0197646706F92EE50283AC2E9BA62B2] - |A| - [11/07/2016 10:19:54] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [192.93 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll
[MD5.FA138A7D2F1EDFE17B4B552D20A573CB] - |A| - [11/07/2016 10:19:54] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [193.93 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll
[MD5.5DEF55AAE3813D1FBBFDFA09C3F399FB] - |A| - [11/07/2016 10:17:22] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [19.52 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US
[MD5.B62FE02B3D13A03CCAFB4213922C6B3C] - |A| - [04/06/2017 12:09:54] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [180.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:43] - [36051.18 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [25908.33 Ko] - C:\WINDOWS\System32\catroot2
[MD5.EA7D86175238805B08A2148760843AD2] - |A| - [31/08/2016 14:45:50] - (.Copyright (c) 2015 Creative Technology Ltd. - Creative Host SoundCore Module.) - [369.95 Ko] - (1.0.9.0) - C:\WINDOWS\System32\ChezSC64.DLL
[MD5.D3D71F4E598421B77A58232B2BD60236] - |A| - [31/08/2016 14:45:46] - (.-.) - [87.5 Ko] - (1.0.64.0) - C:\WINDOWS\System32\CmdRtr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [3734.36 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [358 Ko] - C:\WINDOWS\System32\Com
[MD5.9AD80558E13395E3E69CA8FAEED07874] - |A| - [12/01/2017 08:22:02] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:43] - [377514.68 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:03] - [53.11 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [306 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 16:07:32] - [0 Ko] - C:\WINDOWS\System32\CustomSDB
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [300 Ko] - C:\WINDOWS\System32\da-DK
[MD5.5786FA8D2EA889A83B35F3CF31DDA681] - |A| - [04/06/2017 12:09:49] - (.-.) - [90.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [203.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:03] - [339 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [04/06/2017 12:09:18] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [04/06/2017 12:17:10] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:03] - [864.5 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.706F32A0D5E6B92B7E7167AFD3DA8AB1] - |A| - [04/06/2017 12:10:00] - (.-.) - [90.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:46] - [8646.7 Ko] - C:\WINDOWS\System32\Dism
[MD5.10080F7C9609DA368DD544E53CDBAF44] - |A| - [04/06/2017 12:09:18] - (.-.) - [1253.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.DA82512B83F3E095D8F33497227A8ABA] - |A| - [04/06/2017 12:09:18] - (.-.) - [690.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.53D57AEA0AB2FE454603F4F094C69EF5] - |A| - [04/06/2017 12:09:18] - (.-.) - [409.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.3E992F6F0CF22F13198FD31C781E36E9] - |A| - [04/06/2017 12:08:52] - (.-.) - [3.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [335.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.65EE094289ADDF3B883FE1904707BED3] - |A| - [07/09/2016 12:33:21] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:44] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [243 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [2412.5 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [328 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [267 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [239.5 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [29419.16 Ko] - C:\WINDOWS\System32\F12
[MD5.A62179F506C6FA573CA2D77293BEA792] - |A| - [04/06/2017 12:09:34] - (.-.) - [963 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.B8020205F6519E9BA897CFBECC38A214] - |A| - [04/06/2017 12:09:34] - (.-.) - [307.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.A979310C666D03AB6424B9BF7D7EA9F4] - |A| - [04/06/2017 12:09:34] - (.-.) - [1321.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.D12E48340EF1452B111135B8DB48555E] - |A| - [04/06/2017 12:08:53] - (.-.) - [54.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [305.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [3378.04 Ko] - C:\WINDOWS\System32\Fluency
[MD5.B0B626A32E8985F4F3F73C298A90A9CD] - |A| - [12/06/2017 10:57:16] - (.-.) - [383.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:44] - [3490 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [274 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [46587.35 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [04/06/2017 12:10:38] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [261 Ko] - C:\WINDOWS\System32\he-IL
[MD5.6BCB92AF6D8A16413D8B8156C0FE363A] - |A| - [04/06/2017 12:09:29] - (.-.) - [191.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.2CA6815CA36F5E8EF6B8AACDED8BF387] - |A| - [14/05/2017 16:02:56] - (.-.) - [13.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [249.5 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [309.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 09:00:07] - [43593.36 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [04/06/2017 12:09:18] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.CFC3D294BB66C9166DA528AFDAF7108C] - |RA| - [04/06/2017 12:09:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1856 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.EAFD306A7DCF045AD7465A1514EABD58] - |RA| - [04/06/2017 12:09:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1309.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.9858F662B1F5702868063FBAE0E85495] - |A| - [04/06/2017 12:09:18] - (.-.) - [168 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [24809.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.BE297449521DFA5C095EBE92C0BF8277] - |A| - [04/06/2017 12:09:25] - (.-.) - [142.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [6416.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [330.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [243.74 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.130FC8FF1680EF79A3B9166ACECC63C4] - |A| - [23/07/2015 16:03:16] - (.Copyright (C) 2013 Qualcomm Atheros, Inc. - StreamBoost Command Line Utility.) - [92.5 Ko] - (9.0.0.4) - C:\WINDOWS\System32\kstat.exe
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [04/06/2017 12:09:18] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [79.4 Ko] - C:\WINDOWS\System32\Licenses
[MD5.A74E921318FD929E31114E52E3F27682] - |A| - [14/05/2017 16:03:05] - (.-.) - [30 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LockdownUtil.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [12069.95 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [245 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [29382.94 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:59:15] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [04/06/2017 12:13:01] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.88FCE80352CB441B937B843221CF24CE] - |A| - [12/01/2017 08:24:30] - (.Copyright (c) 2006-2016 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1933.27 Ko] - (1.2.16.131) - C:\WINDOWS\System32\MBAPO264.dll
[MD5.01409C36EAE864B98A5F3B4DA6E20F0E] - |A| - [31/08/2016 14:45:50] - (.Copyright (C) 2014 -.) - [40.13 Ko] - (1.21.0.0) - C:\WINDOWS\System32\MBCfg64.dll
[MD5.F55DC8BFC0B4EEBA996FA297817CC682] - |A| - [31/08/2016 14:45:50] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [144.63 Ko] - (0.0.0.6) - C:\WINDOWS\System32\MBCfg64.exe
[MD5.ECAFE77AD598305FF72CEEB72F14B6B4] - |A| - [31/08/2016 14:45:50] - (.-.) - [20.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBCfg64.ini
[MD5.7738CDD88DA87E2F48D0ADE6FD18C701] - |A| - [31/08/2016 14:45:50] - (.-.) - [6.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBCfgUninstall64.ini
[MD5.884070100DE2CAAAB78E8943CD55DE47] - |A| - [04/06/2017 12:10:32] - (.-.) - [773.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.0C179DA9BDF84A8F99A27357DFFA5D97] - |A| - [12/01/2017 08:24:56] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [400.41 Ko] - (1.0.0.270) - C:\WINDOWS\System32\MBWrp64.dll
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [04/06/2017 12:09:18] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 11:47:22] - [1111.36 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [6718.19 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [46746.5 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [05/02/2016 18:27:19] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [4596.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [19.15 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [294.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [768 Ko] - C:\WINDOWS\System32\NDF
[MD5.7866C0D1556D025028D55FA094383E28] - |A| - [24/05/2017 23:12:13] - (.-.) - [153.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [04/06/2017 12:10:38] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [316.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.A1AEDB9202950B42A3FAFBA2CFFB8B2F] - |A| - [25/05/2017 01:06:51] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json
[MD5.4BD619DF00512BA8D418A2F86C7C9E80] - |A| - [24/05/2017 23:12:45] - (.-.) - [7805.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.B5131B34E4D34903D0C13AFCC2D7A045] - |A| - [25/05/2017 01:06:52] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.B91130A2233A07C82FC6104092130EC9] - |A| - [31/08/2016 13:51:28] - (.-.) - [118.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvRtmpStreamer64.dll
[MD5.C5F066C17D01CD3E825768CC2CE19080] - |A| - [04/06/2017 12:17:10] - (.-.) - [15.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [13450.13 Ko] - C:\WINDOWS\System32\oobe
[MD5.CBA0E6C59D7DEFE8B6D423B778B5AF6A] - |A| - [31/08/2016 14:45:43] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [120.59 Ko] - (6.14.357.25) - C:\WINDOWS\System32\OpenAL32.dll
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [04/06/2017 12:09:18] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.652F1F54E573AF4D59E0AE658376D077] - |A| - [11/02/2011 23:23:34] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [103.52 Ko] - (4.1.0.2001) - C:\WINDOWS\System32\Packet.dll
[MD5.76BF2A528E88464CCA8C1589E24075F0] - |A| - [04/06/2017 12:18:32] - (.-.) - [187.89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.2BC0278D85672345DC7EB983FEFA24C7] - |A| - [05/06/2017 08:57:48] - (.-.) - [214.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [04/06/2017 12:18:32] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [05/06/2017 08:57:48] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.F6A9A950C5EFEE594D44CBD7765CE182] - |A| - [04/06/2017 12:18:32] - (.-.) - [812.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.BCBD59F1FAAF4445EBAFD34D4D68D737] - |A| - [05/06/2017 08:57:48] - (.-.) - [981.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.2D4F284E20CA79B5D0245AF0326A8BF2] - |A| - [12/06/2017 11:00:42] - (.-.) - [2198.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [315 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [657.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [04/06/2017 12:10:42] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [317.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [312 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.E713275BCE55BBE5B7E4B37D482C66F7] - |A| - [12/04/2016 07:20:52] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [93.16 Ko] - (0.0.0.5) - C:\WINDOWS\System32\RazerCoinstaller.dll
[MD5.AF37024A8772B27534CDACEA0CE9623B] - |A| - [04/06/2017 12:11:52] - (.Copyright (C) 2009 - RemoteFX Helper.) - [104.5 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [2.18 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [04/06/2017 12:09:18] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.BAC57A0212EE3710C850707EBC300740] - |A| - [04/06/2017 12:10:47] - (.-.) - [8.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.6CD8E7E1BEB75C2D477A3E03273175A3] - |A| - [04/06/2017 12:10:47] - (.-.) - [8.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.4D88B78AE925A70A8AF0AF05D5503F89] - |A| - [12/01/2017 08:25:06] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.D4ACC7498D5C472B979BAFA80FE0CAC5] - |A| - [12/01/2017 08:25:06] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [31/08/2016 13:45:04] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.F6F1A7C7BF422A5EF9DBD0C8B7F4A3CD] - |A| - [12/01/2017 08:25:16] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.94B8836A23BFDBFC945BDB1F7C7FFB92] - |A| - [12/01/2017 08:25:18] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.6CE89C5EDC85AB80E5A2128215586A9D] - |A| - [12/01/2017 08:25:20] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.E6F1F5B98D01FEC2D02441031F57A449] - |A| - [12/01/2017 08:25:24] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.4209D345D5345C2349F21B1DFF85179E] - |A| - [04/06/2017 12:09:57] - (.-.) - [95.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [04/06/2017 12:12:56] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.93B9AD38F583F4096DF9F4454641F8DD] - |A| - [31/08/2016 14:45:42] - (.Copyright © 2015 Creative - OpenAL Host Implementation.) - [1854 Ko] - (2.2.20.3085) - C:\WINDOWS\System32\Sens_oal.dll
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [04/06/2017 12:10:44] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [253.5 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [249.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [12/06/2017 10:57:17] - [2941.62 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [04/06/2017 12:09:18] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:43] - [12617.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [04/06/2017 12:08:53] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.093DA88CC824923845A96BF261EFF064] - |A| - [04/06/2017 12:10:49] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [7483.83 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [12398.16 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [207883.53 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [15431.87 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [08/01/2017 16:50:41] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [252 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.047BCF71FB0E5EC754437879E8DAA7F6] - |A| - [04/06/2017 12:10:32] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.29DE1516F330801F9AB9DFFA668AC157] - |A| - [12/01/2017 08:26:20] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.62 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.41C48D54A3484F0F3B686DED783894C2] - |A| - [12/01/2017 08:26:20] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.76 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.39D486B5903E487352942D4897E8D040] - |A| - [12/01/2017 08:26:22] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.5688F913B9BBD92446D8C440A7692D02] - |A| - [12/01/2017 08:26:24] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [39896 Ko] - C:\WINDOWS\System32\sru
[MD5.ED78326317227373177C3DA1E7ACEC75] - |A| - [04/06/2017 12:09:17] - (.-.) - [409.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [301 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [04/06/2017 12:11:48] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.788F7214EAF9494BA7D6637A00F85712] - |A| - [25/01/2017 22:21:24] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [793.59 Ko] - (19.3.4.66) - C:\WINDOWS\System32\SynCOM.dll
[MD5.9194330CDC242B4F1B9255C1AC2891E3] - |A| - [25/01/2017 22:21:40] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynTPAPI.) - [281.09 Ko] - (19.3.4.66) - C:\WINDOWS\System32\SynTPAPI.dll
[MD5.7F32B615B3D219EA2085A3A31DB38504] - |A| - [21/08/2016 09:34:28] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [327.62 Ko] - (19.3.4.31) - C:\WINDOWS\System32\SynTPCo50-3.dll
[MD5.B16743A405831A133073236D57AD8409] - |A| - [25/01/2017 22:21:40] - (.Copyright (C) Synaptics Incorporated 1996-2017 - Synaptics Pointing Device Driver Co-Installer.) - [343.59 Ko] - (19.3.4.66) - C:\WINDOWS\System32\SynTPCo50-7.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:46] - [1266.79 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [905.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [602.5 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 16:07:33] - [599.68 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [04/06/2017 12:10:29] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [22/12/2016 01:09:44] - [0 Ko] - C:\WINDOWS\System32\temp
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [234.5 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [298 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [04/06/2017 12:10:47] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [04/06/2017 12:10:47] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [04/06/2017 12:11:48] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [04/06/2017 12:11:48] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [247.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [4984.64 Ko] - C:\WINDOWS\System32\UNP
[MD5.4E8F2BB3A5A87E75C35533723B50E685] - |A| - [02/06/2017 13:12:29] - (.-.) - [0.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\user_gensett.xml
[MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [10/03/2017 23:17:14] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1-1-0-42-1.dll
[MD5.6632EC0848E7C2745695C9FC25416789] - |A| - [12/06/2017 11:00:07] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [524.28 Ko] - (1.0.42.1) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [10/03/2017 23:17:10] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-42-1.exe
[MD5.5D71BF91F7F8760097BE36B38B76BB09] - |A| - [12/06/2017 11:00:07] - (.-.) - [248.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [95511.08 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [145091.05 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [04/06/2017 12:09:52] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [99 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [80562.89 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.F66655C2083B5645D4A0FA818BAD9E41] - |A| - [04/06/2017 12:09:29] - (.-.) - [102 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |RSD| - [12/09/2016 23:16:49] - [73.16 Ko] - C:\WINDOWS\System32\WindowsDevicePortal
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [10533.76 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [91832 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [5083.52 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.A2473CC88ABA67391CE7929E5C69E767] - |A| - [11/02/2011 23:23:34] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [360.52 Ko] - (4.1.0.2001) - C:\WINDOWS\System32\wpcap.dll
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [04/06/2017 12:10:47] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [04/06/2017 12:09:57] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.53C8A36CA0BAE29BB67B1AC97D748744] - |A| - [31/08/2016 14:45:43] - (.Copyright © 2008 - OpenAL32.) - [455.59 Ko] - (2.2.0.7) - C:\WINDOWS\System32\wrap_oal.dll
[MD5.FBBF9B29BC65C3C5B7D5D5F3F02B05A4] - |A| - [04/06/2017 12:09:25] - (.-.) - [83.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.1897358EF9BA691BB0747D4891B36478] - |A| - [13/09/2016 13:18:57] - (.-.) - [167.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvid.ax
[MD5.84435F1BA5148814FCF1B3CC06EBCDDD] - |A| - [13/09/2016 13:18:57] - (.-.) - [696.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvidcore.dll
[MD5.D44A4DA65F4204BA1AAEBAEA97A83E2A] - |A| - [13/09/2016 13:18:57] - (.-.) - [245.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xvidvfw.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [241.04 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [08/01/2017 16:50:41] - [6.5 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [206.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [02/09/2016 15:11:42] - [437.74 Ko] - C:\WINDOWS\SysWOW64\1033
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [04/06/2017 12:10:59] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [04/06/2017 12:11:00] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [04/06/2017 12:11:23] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 10:16:48] - [1996.33 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.B2805AD4203437489E22ADAF245DF56F] - |A| - [31/08/2016 14:45:46] - (.-.) - [268.5 Ko] - (1.0.343.0) - C:\WINDOWS\SysWOW64\APOMngr.DLL
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.376E4D84F716C5754BA2E110136E5310] - |A| - [18/06/2013 05:23:20] - (.-.) - [637.95 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\appverif.chm
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [235 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.DC82758128A9A46C10C323B4D65645E9] - |A| - [31/08/2016 14:45:50] - (.Copyright (c) 2015 Creative Technology Ltd. - Creative Host SoundCore Module.) - [321.95 Ko] - (1.0.9.0) - C:\WINDOWS\SysWOW64\ChezSC32.DLL
[MD5.07FBB2936DC5179CE84DD4ABD0135EAD] - |A| - [01/12/2016 20:49:52] - (.Copyright (C) 2004/05 Sony DADC Austria AG - SecuROM Context-Menu for Explorer..) - [96 Ko] - (1.0.201.0) - C:\WINDOWS\SysWOW64\CmdLineExt.dll
[MD5.B0CCA4201C2252F4246AE656550023B3] - |A| - [31/08/2016 14:45:46] - (.-.) - [72.5 Ko] - (1.0.64.0) - C:\WINDOWS\SysWOW64\CmdRtr.DLL
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [314.5 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [297.82 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [280.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 16:07:33] - [0 Ko] - C:\WINDOWS\SysWOW64\CustomSDB
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [275.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [312 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [200.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [6782.7 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.5F03751852D2C7F5DAB6615C541DE833] - |A| - [28/11/2016 17:11:56] - (.Copyright © EasyAntiCheat Ltd 2016 - EasyAntiCheat Service.) - [374.04 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [307 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [223.5 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [1657.5 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [301 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [245.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [220.5 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [25133.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [280 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:45] - [3150.5 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [251 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [38321.32 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.E078D8B3ED38C58A5B63EF1033ADCD06] - |A| - [31/08/2016 14:21:43] - (.-.) - [9.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Gms.log
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [243.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.3653660E7B36DFC8EC9115F97D28BA26] - |A| - [04/06/2017 12:10:53] - (.-.) - [170 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [229.5 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.F804CB6E3D071739C291C54C63D07933] - |RA| - [04/06/2017 12:10:57] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1602.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.751EF942C6D9BD4FFE59EEFFCD67C8D1] - |RA| - [04/06/2017 12:10:57] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1131 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [20710.67 Ko] - C:\WINDOWS\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.A4001C78F2806662B3BD91ACB44E6330] - |A| - [22/12/2016 01:28:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\initdebug.nfo
[MD5.3A019717FEC47184FEFD2F2513E97982] - |A| - [04/06/2017 12:10:56] - (.-.) - [119.58 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [218.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [304.5 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.EED4AE909ACEDFBC108EF83E7FC30632] - |A| - [12/01/2017 08:24:24] - (.Copyright (c) 2006-2016 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1705.27 Ko] - (1.2.16.131) - C:\WINDOWS\SysWOW64\MBAPO232.dll
[MD5.20FD18FE9EA2612ED9B421064D69F3D8] - |A| - [31/08/2016 14:45:50] - (.Copyright (C) 2014 -.) - [37.13 Ko] - (1.21.0.0) - C:\WINDOWS\SysWOW64\MBCfg32.dll
[MD5.7391C842DFF4D7ACCA1B3C38486178E8] - |A| - [31/08/2016 14:45:50] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [135.63 Ko] - (0.0.0.6) - C:\WINDOWS\SysWOW64\MBCfg32.exe
[MD5.ECAFE77AD598305FF72CEEB72F14B6B4] - |A| - [31/08/2016 14:45:50] - (.-.) - [20.21 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MBCfg32.ini
[MD5.7738CDD88DA87E2F48D0ADE6FD18C701] - |A| - [31/08/2016 14:45:50] - (.-.) - [6.8 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\MBCfgUninstall32.ini
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [2945.08 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [811.33 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [290.5 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [04/06/2017 12:17:04] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.83B77B03667AF77E0BA3E093EF4831F6] - |A| - [25/05/2017 01:06:51] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json
[MD5.663A319D105E14548DBA4C72201876B1] - |A| - [31/08/2016 14:45:43] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [106.59 Ko] - (6.14.357.25) - C:\WINDOWS\SysWOW64\OpenAL32.dll
[MD5.1250BEF11BFA086F772CD2A273BC036E] - |A| - [11/02/2011 23:23:34] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.2001) - C:\WINDOWS\SysWOW64\Packet.dll
[MD5.1FD6E0FEEC0485FB14733BB3B120E2DA] - |A| - [24/05/2017 23:13:20] - (.-.) - [1923.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [288.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:46] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [291.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [286 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [11/02/2011 23:23:34] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.98F6807EBE3215EBEB8D4F6C21C86A2E] - |A| - [31/08/2016 14:45:50] - (.Copyright (C) 2011 - Command Router Restore Utility.) - [15.13 Ko] - (2.0.13.0) - C:\WINDOWS\SysWOW64\ResDefA.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [231 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.1987E86DCBEF29B9ABFF648303BDAF16] - |A| - [14/03/2016 07:36:22] - (.Copyright © 2016 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [95.46 Ko] - (1.0.45.6) - C:\WINDOWS\SysWOW64\rzdevinfo.dll
[MD5.00000000000000000000000000000000] - |D| - [24/05/2017 23:12:51] - [129.71 Ko] - C:\WINDOWS\SysWOW64\sda
[MD5.826B5EAC12C76FCD92D066BBAAB154E2] - |A| - [31/08/2016 14:45:42] - (.Copyright © 2015 Creative - OpenAL Host Implementation.) - [1572 Ko] - (2.2.20.3085) - C:\WINDOWS\SysWOW64\Sens_oal.dll
[MD5.0FFE35F0B0CD5A324BBE22F02569AE3B] - |A| - [29/12/2012 22:59:38] - (.Copyright © Almico Software 2001-2013 - SpeedFan x64 Driver.) - [27.99 Ko] - (2.3.11.0) - C:\WINDOWS\SysWOW64\speedfan.sys
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [2001.74 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [08/01/2017 16:50:42] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [232 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.C4E8ECBF37CBA9DE64B9FEEDEC128B9D] - |A| - [04/06/2017 12:10:52] - (.-.) - [301 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [277 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.AAD2347FCC52BC2AC10F4D41BEF9D1B1] - |A| - [25/01/2017 22:21:28] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [426.09 Ko] - (19.3.4.66) - C:\WINDOWS\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:46] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [215.5 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.4AB9C9898DF4529EB05759C24F0A97FD] - |A| - [31/08/2016 14:45:43] - (.Copyright © 2009 - OpenAL Installer.) - [790.59 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\tmp421F.tmp
[MD5.4AB9C9898DF4529EB05759C24F0A97FD] - |A| - [31/08/2016 14:45:43] - (.Copyright © 2009 - OpenAL Installer.) - [790.59 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\tmp4220.tmp
[MD5.4AB9C9898DF4529EB05759C24F0A97FD] - |A| - [11/04/2017 19:46:12] - (.Copyright © 2009 - OpenAL Installer.) - [790.59 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\tmp6121.tmp
[MD5.4AB9C9898DF4529EB05759C24F0A97FD] - |A| - [11/04/2017 19:46:12] - (.Copyright © 2009 - OpenAL Installer.) - [790.59 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\tmp6122.tmp
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [274 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [04/06/2017 12:11:53] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [227 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.4B0C0A8C960AF22761FB6A25D8A50DF2] - |A| - [08/09/2016 12:58:22] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [437.26 Ko] - (6.0.6.4) - C:\WINDOWS\SysWOW64\vp6vfw.dll
[MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [10/03/2017 23:17:28] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-42-1.dll
[MD5.4F89AC14A299EEB1E23D1BACA381A89F] - |A| - [12/06/2017 11:00:07] - (.Copyright (C) 2015-2017 - Vulkan Loader.) - [513.28 Ko] - (1.0.42.1) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [10/03/2017 23:17:20] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-42-1.exe
[MD5.82695D42B9F6C2B9625A3E9D3C924B50] - |A| - [12/06/2017 11:00:07] - (.-.) - [228.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [19359.7 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:46] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.2120FD31F1294480A523C731EBBB2A45] - |A| - [04/06/2017 12:10:53] - (.-.) - [90 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [8590.03 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [5083.52 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [05/06/2017 08:57:46] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.190FB481D293D85B507D071E75BCB05C] - |A| - [11/02/2011 23:23:34] - (.Copyright © 2005-2010 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.2001) - C:\WINDOWS\SysWOW64\wpcap.dll
[MD5.DB08CF76449D2EB521DFB71A58DAF62D] - |A| - [31/08/2016 14:45:43] - (.Copyright © 2008 - OpenAL32.) - [434.59 Ko] - (2.2.0.7) - C:\WINDOWS\SysWOW64\wrap_oal.dll
[MD5.6A1D342BEE0743A8ED2AF1D14D5FA9DB] - |A| - [04/06/2017 12:10:56] - (.-.) - [57 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [11/06/2017 03:23:11] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.1AE36A72AFEE8DC664BCDEA73F76FC50] - |A| - [13/09/2016 13:18:57] - (.-.) - [144.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvid.ax
[MD5.BD64AE063AA0DEA6C69CBDF8DBAB6551] - |A| - [13/09/2016 13:18:57] - (.-.) - [624 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidcore.dll
[MD5.ABB1048DDD4F6B86041E582C04779B43] - |A| - [13/09/2016 13:18:57] - (.-.) - [230 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidvfw.dll
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [198 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [08/01/2017 16:50:42] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [04/06/2017 12:17:04] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Utilisateur\AppData\Roaming   [12/06/2017 11:00:51]
"Local AppData"=C:\Users\Utilisateur\AppData\Local   [12/06/2017 11:00:51]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Libraries   [31/08/2016 13:25:03]
"My Video"=C:\Users\Utilisateur\Videos   [31/08/2016 13:25:02]
"My Pictures"=C:\Users\Utilisateur\Pictures   [31/08/2016 13:25:02]
"Desktop"=C:\Users\Utilisateur\Desktop   [31/08/2016 13:25:02]
"History"=C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\History   [31/08/2016 13:25:02]
"NetHood"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [12/06/2017 11:00:51]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Utilisateur\Contacts   [31/08/2016 13:25:03]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\RoamingTiles   [31/08/2016 13:25:03]
"Cookies"=C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\INetCookies   [31/08/2016 13:25:02]
"Favorites"=C:\Users\Utilisateur\Favorites   [31/08/2016 13:25:02]
"SendTo"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\SendTo   [05/11/2016 14:51:22]
"Start Menu"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu   [05/11/2016 14:51:22]
"My Music"=C:\Users\Utilisateur\Music   [31/08/2016 13:25:02]
"Programs"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [05/11/2016 14:51:22]
"Recent"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Recent   [31/08/2016 13:25:02]
"CD Burning"=C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\Burn\Burn   [12/06/2017 11:10:43]
"PrintHood"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [12/06/2017 11:00:51]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Utilisateur\Searches   [31/08/2016 13:25:03]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Utilisateur\Downloads   [31/08/2016 13:25:02]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Utilisateur\AppData\LocalLow   [31/08/2016 13:25:02]
"Startup"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [31/08/2016 13:25:03]
"Administrative Tools"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [31/08/2016 13:25:03]
"Personal"=C:\Users\Utilisateur\Documents   [31/08/2016 13:25:02]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Utilisateur\Links   [31/08/2016 13:25:02]
"Cache"=C:\Users\Utilisateur\AppData\Local\Microsoft\Windows\INetCache   [12/06/2017 11:00:51]
"Templates"=C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Templates   [12/06/2017 11:00:51]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Utilisateur\Saved Games   [31/08/2016 13:25:02]
"Fonts"=C:\WINDOWS\Fonts   [04/06/2017 12:17:03]

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache   
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"{767E6811-49CB-4273-87C2-20F355E1085B}"=C:\Users\Utilisateur\OneDrive\SkyDrive camera roll   [31/08/2016 19:43:56]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [04/06/2017 12:17:03]
"Common AppData"=C:\ProgramData   [04/06/2017 12:17:03]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 09:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 09:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [04/06/2017 12:17:03]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [04/06/2017 12:17:03]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [04/06/2017 12:17:03]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 09:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 09:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 09:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 09:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [04/06/2017 12:17:03]
"Common AppData"=C:\ProgramData   [04/06/2017 12:17:03]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 09:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 09:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [04/06/2017 12:17:03]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [04/06/2017 12:17:03]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [04/06/2017 12:17:03]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 09:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 09:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 09:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 09:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [Public]


---------- | [Utilisateur]

[12/06/2017 11:00:51] - |D| - [6384857841] - C:\Users\Utilisateur\AppData\Local
[31/08/2016 13:25:02] - |D| - [8330495160] - C:\Users\Utilisateur\AppData\LocalLow
[12/06/2017 11:00:51] - |D| - [1202320153] - C:\Users\Utilisateur\AppData\Roaming
[07/10/2016 11:01:50] - |D| - [1434363] - C:\Users\Utilisateur\AppData\Local\2K Games
[31/08/2016 13:27:03] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\ActiveSync
[31/08/2016 14:53:34] - |D| - [22610409] - C:\Users\Utilisateur\AppData\Local\Adobe
[06/09/2016 12:43:49] - |D| - [1193] - C:\Users\Utilisateur\AppData\Local\Amazon
[16/01/2017 10:51:54] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\Apple
[16/01/2017 10:52:13] - |D| - [967449172] - C:\Users\Utilisateur\AppData\Local\Apple Computer
[12/06/2017 11:00:51] - |SHD| - [59889906321] - C:\Users\Utilisateur\AppData\Local\Application Data
[04/09/2016 11:19:55] - |D| - [63152] - C:\Users\Utilisateur\AppData\Local\ARK_Server_Manager
[12/06/2017 18:52:36] - |D| - [789004] - C:\Users\Utilisateur\AppData\Local\assembly
[09/09/2016 14:31:44] - |D| - [11402811] - C:\Users\Utilisateur\AppData\Local\Bethesda.net Launcher
[14/09/2016 00:08:37] - |D| - [63488] - C:\Users\Utilisateur\AppData\Local\Black_Tree_Gaming
[08/09/2016 17:24:26] - |D| - [397] - C:\Users\Utilisateur\AppData\Local\CAPCOM
[31/08/2016 19:31:12] - |D| - [5984542] - C:\Users\Utilisateur\AppData\Local\CEF
[13/10/2016 10:00:32] - |D| - [474] - C:\Users\Utilisateur\AppData\Local\Chris_Pietschmann_(http__
[14/12/2016 00:35:14] - |D| - [40] - C:\Users\Utilisateur\AppData\Local\Chromium
[31/08/2016 13:41:48] - |D| - [43887985] - C:\Users\Utilisateur\AppData\Local\Comms
[07/09/2016 12:34:48] - |D| - [2190922] - C:\Users\Utilisateur\AppData\Local\ConnectedDevicesPlatform
[31/08/2016 22:27:26] - |D| - [92179635] - C:\Users\Utilisateur\AppData\Local\CrashDumps
[01/09/2016 15:33:16] - |D| - [26726] - C:\Users\Utilisateur\AppData\Local\CrashReportClient
[26/10/2016 15:58:14] - |D| - [42074] - C:\Users\Utilisateur\AppData\Local\Creative
[28/09/2016 12:01:53] - |D| - [10721275] - C:\Users\Utilisateur\AppData\Local\CRYENGINE_Launcher
[20/12/2016 12:20:58] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\DBG
[09/10/2016 22:15:21] - |D| - [458759] - C:\Users\Utilisateur\AppData\Local\Diagnostics
[31/08/2016 13:40:05] - |A| - [0] - C:\Users\Utilisateur\AppData\Local\Driver_11ACPresent.flag
[31/08/2016 13:40:05] - |A| - [0] - C:\Users\Utilisateur\AppData\Local\Driver_1535Present.flag
[31/08/2016 13:40:05] - |A| - [0] - C:\Users\Utilisateur\AppData\Local\Driver_LOM_8171Present.flag
[13/10/2016 10:03:38] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\ElevatedDiagnostics
[01/09/2016 11:48:36] - |D| - [279720324] - C:\Users\Utilisateur\AppData\Local\EpicGamesLauncher
[02/09/2016 22:18:28] - |D| - [2684] - C:\Users\Utilisateur\AppData\Local\Fallout4
[04/06/2017 15:17:44] - |D| - [41761668] - C:\Users\Utilisateur\AppData\Local\FiveM
[07/09/2016 23:25:17] - |D| - [111141] - C:\Users\Utilisateur\AppData\Local\GameMaker-Studio
[19/06/2017 20:45:32] - |D| - [2080] - C:\Users\Utilisateur\AppData\Local\GOG.com
[31/08/2016 15:09:12] - |D| - [615853359] - C:\Users\Utilisateur\AppData\Local\Google
[12/06/2017 11:00:51] - |SHD| - [130] - C:\Users\Utilisateur\AppData\Local\Historique
[14/06/2017 01:36:03] - |AH| - [113011] - C:\Users\Utilisateur\AppData\Local\IconCache.db
[11/09/2016 17:26:48] - |D| - [92806467] - C:\Users\Utilisateur\AppData\Local\Introversion
[24/10/2016 00:44:44] - |D| - [1132] - C:\Users\Utilisateur\AppData\Local\IsolatedStorage
[16/01/2017 10:53:43] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\iTunes
[12/06/2017 11:00:51] - |D| - [453881181] - C:\Users\Utilisateur\AppData\Local\Microsoft
[31/08/2016 14:51:37] - |D| - [81432] - C:\Users\Utilisateur\AppData\Local\MicrosoftEdge
[25/09/2016 21:52:34] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\My Games
[31/08/2016 20:30:19] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\NetworkTiles
[31/08/2016 13:51:33] - |D| - [820931666] - C:\Users\Utilisateur\AppData\Local\NVIDIA
[31/08/2016 13:52:35] - |D| - [355106309] - C:\Users\Utilisateur\AppData\Local\NVIDIA Corporation
[31/01/2017 16:49:25] - |D| - [10804] - C:\Users\Utilisateur\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
[05/09/2016 23:09:06] - |D| - [83106976] - C:\Users\Utilisateur\AppData\Local\Origin
[12/06/2017 11:00:59] - |D| - [743158249] - C:\Users\Utilisateur\AppData\Local\Packages
[04/11/2016 16:36:29] - |D| - [128] - C:\Users\Utilisateur\AppData\Local\paint.net
[01/09/2016 15:37:49] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\PeerDistRepub
[12/06/2017 11:18:43] - |D| - [43379] - C:\Users\Utilisateur\AppData\Local\PlaceholderTileLogoFolder
[08/09/2016 23:15:49] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\Programs
[31/08/2016 13:25:06] - |D| - [162274] - C:\Users\Utilisateur\AppData\Local\Publishers
[31/08/2016 19:29:41] - |D| - [864] - C:\Users\Utilisateur\AppData\Local\Razer_Inc
[14/12/2016 21:54:25] - |A| - [7598] - C:\Users\Utilisateur\AppData\Local\Resmon.ResmonCfg
[31/08/2016 22:55:39] - |D| - [80] - C:\Users\Utilisateur\AppData\Local\Rockstar Games
[14/09/2016 00:05:08] - |D| - [4063] - C:\Users\Utilisateur\AppData\Local\Skyrim
[28/10/2016 15:58:05] - |D| - [165] - C:\Users\Utilisateur\AppData\Local\Skyrim Special Edition
[01/09/2016 01:51:21] - |D| - [237350260] - C:\Users\Utilisateur\AppData\Local\Sports Interactive
[31/08/2016 19:31:11] - |D| - [418821569] - C:\Users\Utilisateur\AppData\Local\Steam
[12/06/2017 11:00:51] - |D| - [92896664] - C:\Users\Utilisateur\AppData\Local\Temp
[12/06/2017 11:00:51] - |SHD| - [9421819] - C:\Users\Utilisateur\AppData\Local\Temporary Internet Files
[31/08/2016 13:25:03] - |D| - [17843403] - C:\Users\Utilisateur\AppData\Local\TileDataLayer
[31/08/2016 20:10:12] - |D| - [4322] - C:\Users\Utilisateur\AppData\Local\Ubisoft Game Launcher
[09/09/2016 12:29:03] - |D| - [243574] - C:\Users\Utilisateur\AppData\Local\Unity
[01/09/2016 11:48:36] - |D| - [971370372] - C:\Users\Utilisateur\AppData\Local\UnrealEngine
[01/09/2016 11:51:20] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\UnrealEngineLauncher
[31/08/2016 13:25:03] - |D| - [0] - C:\Users\Utilisateur\AppData\Local\VirtualStore
[07/09/2016 23:26:13] - |D| - [765] - C:\Users\Utilisateur\AppData\Local\YoYo_Games_Ltd
[19/06/2017 23:59:46] - |D| - [158697] - C:\Users\Utilisateur\AppData\Local\ZHP
[11/09/2016 19:02:01] - |D| - [46080] - C:\Users\Utilisateur\AppData\LocalLow\Adobe
[08/09/2016 23:33:48] - |D| - [151] - C:\Users\Utilisateur\AppData\LocalLow\Beam Team Games
[09/09/2016 12:34:00] - |D| - [0] - C:\Users\Utilisateur\AppData\LocalLow\DefaultCompany
[21/09/2016 20:42:50] - |D| - [118224] - C:\Users\Utilisateur\AppData\LocalLow\Lazy Bear Games
[01/09/2016 01:23:27] - |D| - [169284545] - C:\Users\Utilisateur\AppData\LocalLow\Ludeon Studios
[17/12/2016 12:15:26] - |D| - [68204] - C:\Users\Utilisateur\AppData\LocalLow\McMagic Productions
[31/08/2016 13:25:15] - |SD| - [10158863] - C:\Users\Utilisateur\AppData\LocalLow\Microsoft
[12/11/2016 19:14:41] - |D| - [38198495] - C:\Users\Utilisateur\AppData\LocalLow\Playsport Games
[14/01/2017 15:04:46] - |D| - [4929] - C:\Users\Utilisateur\AppData\LocalLow\Red Dot Games
[31/08/2016 20:13:26] - |D| - [0] - C:\Users\Utilisateur\AppData\LocalLow\Temp
[30/11/2016 11:36:06] - |D| - [4738100] - C:\Users\Utilisateur\AppData\LocalLow\U-Play online
[09/09/2016 12:29:03] - |D| - [8107877569] - C:\Users\Utilisateur\AppData\LocalLow\Unity
[04/12/2016 16:16:13] - |D| - [224] - C:\Users\Utilisateur\AppData\Roaming\11bitstudios
[28/11/2016 17:11:57] - |D| - [18375212] - C:\Users\Utilisateur\AppData\Roaming\7DaysToDie
[31/08/2016 13:25:03] - |D| - [178721] - C:\Users\Utilisateur\AppData\Roaming\Adobe
[06/09/2016 13:17:12] - |A| - [3599] - C:\Users\Utilisateur\AppData\Roaming\Amazon.ini
[16/01/2017 10:52:13] - |D| - [8075393] - C:\Users\Utilisateur\AppData\Roaming\Apple Computer
[29/09/2016 21:23:23] - |D| - [1557] - C:\Users\Utilisateur\AppData\Roaming\Atari
[02/06/2017 13:10:46] - |D| - [49149] - C:\Users\Utilisateur\AppData\Roaming\Bitdefender
[28/12/2016 20:58:36] - |D| - [118332] - C:\Users\Utilisateur\AppData\Roaming\Blender Foundation
[04/10/2016 21:15:07] - |D| - [57974] - C:\Users\Utilisateur\AppData\Roaming\Clickteam
[28/09/2016 12:39:42] - |D| - [12647] - C:\Users\Utilisateur\AppData\Roaming\Crytek
[30/11/2016 22:39:08] - |D| - [1648] - C:\Users\Utilisateur\AppData\Roaming\dvdcss
[25/05/2017 12:56:55] - |D| - [1050152] - C:\Users\Utilisateur\AppData\Roaming\EasyAntiCheat
[05/12/2016 16:47:47] - |D| - [38745] - C:\Users\Utilisateur\AppData\Roaming\FileZilla
[25/09/2016 21:52:37] - |D| - [2562596] - C:\Users\Utilisateur\AppData\Roaming\FiraxisLive
[14/12/2016 21:03:30] - |D| - [10240] - C:\Users\Utilisateur\AppData\Roaming\fr.orange.assistancelivebox
[07/09/2016 23:25:55] - |D| - [779257526] - C:\Users\Utilisateur\AppData\Roaming\GameMaker-Studio
[24/05/2017 21:08:27] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\Google
[31/08/2016 14:44:12] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\Intel Corporation
[25/09/2016 21:26:53] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\Leadertech
[31/08/2016 14:52:23] - |D| - [57983] - C:\Users\Utilisateur\AppData\Roaming\Macromedia
[12/06/2017 11:00:51] - |SD| - [47909473] - C:\Users\Utilisateur\AppData\Roaming\Microsoft
[22/11/2016 17:16:35] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\MMFApplications
[21/12/2016 14:54:41] - |D| - [990] - C:\Users\Utilisateur\AppData\Roaming\Mount&Blade
[10/09/2016 10:57:47] - |D| - [2673795] - C:\Users\Utilisateur\AppData\Roaming\Notepad++
[02/09/2016 17:09:37] - |D| - [60] - C:\Users\Utilisateur\AppData\Roaming\NuGet
[01/09/2016 23:38:54] - |D| - [6711921] - C:\Users\Utilisateur\AppData\Roaming\NVIDIA
[03/09/2016 19:34:50] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\OBS
[05/09/2016 23:09:09] - |D| - [147196] - C:\Users\Utilisateur\AppData\Roaming\Origin
[02/06/2017 13:10:06] - |D| - [0] - C:\Users\Utilisateur\AppData\Roaming\QuickScan
[01/09/2016 13:33:32] - |D| - [76] - C:\Users\Utilisateur\AppData\Roaming\Skype
[01/09/2016 01:44:39] - |D| - [38571218] - C:\Users\Utilisateur\AppData\Roaming\Tropico 5
[09/09/2016 12:29:01] - |D| - [291925111] - C:\Users\Utilisateur\AppData\Roaming\Unity
[01/09/2016 14:51:28] - |D| - [173] - C:\Users\Utilisateur\AppData\Roaming\Unreal Engine
[30/11/2016 22:34:13] - |D| - [86321] - C:\Users\Utilisateur\AppData\Roaming\vlc
[01/09/2016 10:32:51] - |D| - [12] - C:\Users\Utilisateur\AppData\Roaming\WinRAR
[19/06/2017 23:59:46] - |D| - [4442109] - C:\Users\Utilisateur\AppData\Roaming\ZHP
[31/08/2016 13:25:03] - |ASH| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[12/06/2017 11:00:51] - |SHD| - [97404] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[05/11/2016 14:51:22] - |RD| - [97404] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[12/06/2017 11:00:51] - |RD| - [3888] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[12/06/2017 11:00:51] - |RD| - [2961] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[31/08/2016 13:25:03] - |RD| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[02/09/2016 15:52:42] - |D| - [2917] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome
[01/09/2016 00:14:35] - |A| - [233] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin's Creed® Rogue.url
[09/09/2016 14:33:54] - |D| - [588] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
[19/12/2016 19:51:19] - |D| - [759] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
[12/06/2017 11:09:03] - |ASH| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[31/08/2016 20:19:27] - |A| - [234] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Far Cry Primal.url
[04/06/2017 15:17:45] - |A| - [2093] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
[01/09/2016 10:14:19] - |A| - [1047] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk
[07/09/2016 23:25:17] - |D| - [3500] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
[12/06/2017 11:00:51] - |D| - [170] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/12/2016 00:36:19] - |D| - [3012] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
[22/01/2017 19:00:58] - |D| - [13580] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maxis
[09/09/2016 12:25:35] - |D| - [3045] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2015 Tools for Unity
[31/01/2017 16:16:18] - |D| - [2958] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
[31/08/2016 13:26:29] - |A| - [2485] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[14/12/2016 21:03:18] - |D| - [2720] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orange
[22/12/2016 01:28:07] - |D| - [4178] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[08/09/2016 00:12:15] - |A| - [232] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splinter Cell Blacklist.url
[14/09/2016 00:20:16] - |D| - [773] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
[31/08/2016 13:25:03] - |RD| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[01/09/2016 01:43:22] - |D| - [22416] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[22/12/2016 00:05:59] - |A| - [234] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steep.url
[12/06/2017 11:00:51] - |RD| - [3496] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[01/09/2016 00:13:56] - |A| - [233] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's Rainbow Six Siege.url
[31/08/2016 20:10:12] - |D| - [2701] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[15/06/2017 09:44:57] - |D| - [4028] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UDPixel
[17/12/2016 10:46:51] - |A| - [234] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WATCH_DOGS® 2.url
[12/06/2017 11:00:51] - |RD| - [7790] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[01/09/2016 10:31:10] - |D| - [4377] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[31/08/2016 13:25:03] - |ASH| - [174] - C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[31/08/2016 14:56:46] - |D| - [369200877] - C:\ProgramData\Adobe
[02/06/2017 12:03:19] - |A| - [49525] - C:\ProgramData\agent.1496397796.bdinstall.bin
[14/12/2016 21:03:06] - |D| - [214339953] - C:\ProgramData\Apple
[16/01/2017 10:52:06] - |D| - [161939659] - C:\ProgramData\Apple Computer
[12/06/2017 11:08:49] - |SHD| - [145752915397] - C:\ProgramData\Application Data
[02/06/2017 13:11:58] - |D| - [0] - C:\ProgramData\BDLogging
[02/06/2017 13:10:00] - |D| - [4577209] - C:\ProgramData\Bitdefender
[02/06/2017 12:03:16] - |D| - [0] - C:\ProgramData\Bitdefender Agent
[02/06/2017 13:15:41] - |D| - [0] - C:\ProgramData\Bitdefender Device Management
[05/02/2016 18:07:00] - |SHD| - [40836] - C:\ProgramData\Bureau
[02/06/2017 13:12:24] - |A| - [460796] - C:\ProgramData\cl.1496401787.bdinstall.bin
[08/01/2017 16:50:41] - |D| - [0] - C:\ProgramData\Comms
[31/08/2016 14:45:50] - |D| - [145026] - C:\ProgramData\Creative
[28/09/2016 12:30:30] - |D| - [259] - C:\ProgramData\Crytek
[01/09/2016 15:43:40] - |D| - [1243] - C:\ProgramData\dbdata
[02/06/2017 13:15:48] - |A| - [56461] - C:\ProgramData\dm.1496402139.bdinstall.bin
[12/06/2017 11:21:23] - |A| - [40623] - C:\ProgramData\dm.update.1497259275.bdinstall.bin
[12/06/2017 11:08:49] - |SHD| - [9972] - C:\ProgramData\Documents
[31/08/2016 13:40:11] - |D| - [43108272] - C:\ProgramData\Downloaded Installations
[05/09/2016 23:07:17] - |D| - [2226] - C:\ProgramData\Electronic Arts
[01/09/2016 11:48:26] - |D| - [59769400] - C:\ProgramData\Epic
[28/09/2016 12:02:00] - |D| - [32097023] - C:\ProgramData\GFACE
[19/06/2017 20:45:26] - |D| - [262074163] - C:\ProgramData\GOG.com
[31/08/2016 14:09:59] - |D| - [62965680] - C:\ProgramData\Intel
[31/08/2016 13:42:03] - |D| - [2356325] - C:\ProgramData\Killer
[05/02/2016 18:07:00] - |SHD| - [322049] - C:\ProgramData\Menu Démarrer
[04/06/2017 12:17:03] - |SD| - [1454861547] - C:\ProgramData\Microsoft
[12/06/2017 11:11:01] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[05/02/2016 18:07:00] - |SHD| - [0] - C:\ProgramData\Modèles
[02/09/2016 17:30:05] - |D| - [700] - C:\ProgramData\NuGet
[24/05/2017 23:12:41] - |D| - [3806231] - C:\ProgramData\NVIDIA
[24/05/2017 23:12:38] - |D| - [1442821258] - C:\ProgramData\NVIDIA Corporation
[21/12/2016 15:28:36] - |A| - [5110] - C:\ProgramData\NvTelemetryContainer.log
[21/12/2016 15:28:36] - |A| - [5110] - C:\ProgramData\NvTelemetryContainer.log_backup1
[14/12/2016 21:03:08] - |D| - [36355] - C:\ProgramData\Orange
[05/09/2016 23:07:17] - |D| - [334366142] - C:\ProgramData\Origin
[31/08/2016 13:30:19] - |D| - [10570923071] - C:\ProgramData\Package Cache
[22/12/2016 01:09:44] - |D| - [732] - C:\ProgramData\PassMark
[02/09/2016 17:33:40] - |D| - [4390578] - C:\ProgramData\PreEmptive Solutions
[24/05/2017 23:13:17] - |D| - [24366] - C:\ProgramData\Razer
[04/06/2017 12:17:03] - |D| - [7391] - C:\ProgramData\regid.1991-06.com.microsoft
[20/06/2017 00:08:52] - |D| - [708223] - C:\ProgramData\RogueKiller
[04/06/2017 12:17:03] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[09/09/2016 12:29:03] - |D| - [6778] - C:\ProgramData\Unity
[04/06/2017 12:17:03] - |D| - [1540] - C:\ProgramData\USOPrivate
[12/06/2017 11:03:39] - |D| - [888832] - C:\ProgramData\USOShared
[02/09/2016 17:38:44] - |AD| - [1619200] - C:\ProgramData\Windows App Certification Kit
[05/06/2017 09:00:07] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[04/06/2017 12:17:07] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[05/02/2016 18:07:00] - |SHD| - [321875] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[04/06/2017 12:17:03] - |RD| - [321875] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[31/08/2016 14:53:29] - |D| - [2095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[13/09/2016 09:32:27] - |A| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[04/06/2017 12:17:03] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[04/06/2017 12:17:03] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[25/05/2017 17:22:20] - |A| - [2505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[31/08/2016 14:57:02] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[19/11/2016 15:39:02] - |D| - [1259] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
[04/06/2017 12:17:03] - |RD| - [24294] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[16/01/2017 10:51:54] - |A| - [2583] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[25/09/2016 21:31:24] - |D| - [17356] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[02/09/2016 10:15:38] - |D| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[09/09/2016 14:31:38] - |D| - [1619] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
[02/06/2017 13:11:55] - |D| - [7747] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
[09/09/2016 12:11:15] - |A| - [1498] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
[22/12/2016 01:09:44] - |D| - [3324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnInTest
[22/12/2016 16:35:48] - |D| - [963] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[28/09/2016 23:30:34] - |D| - [10800] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.5.1
[31/08/2016 14:45:26] - |D| - [7038] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[28/09/2016 12:01:43] - |D| - [1477] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CRYENGINE Launcher
[04/06/2017 12:17:07] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[01/09/2016 11:48:33] - |A| - [1384] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
[05/02/2016 18:15:40] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[03/10/2016 16:19:43] - |D| - [3051] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17
[05/12/2016 16:44:18] - |D| - [2013] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[04/06/2017 16:58:24] - |A| - [1215] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Five Multiplayer.lnk
[07/09/2016 23:25:27] - |D| - [3961] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Player
[22/12/2016 01:21:32] - |D| - [3181] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[19/06/2017 20:45:32] - |D| - [1170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[31/08/2016 14:57:24] - |A| - [2330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[22/12/2016 16:42:09] - |D| - [871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
[04/06/2017 12:12:56] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[31/08/2016 14:44:10] - |RD| - [2471] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[06/06/2017 11:31:02] - |D| - [4175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[31/08/2016 13:42:03] - |D| - [5141] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
[08/09/2016 12:58:23] - |D| - [4368] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Les Sims 4
[31/08/2016 14:59:09] - |D| - [8213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
[31/08/2016 14:24:31] - |D| - [2346] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logiciel Thunderbolt(TM)
[16/10/2016 20:27:52] - |D| - [3074] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumberyard
[04/06/2017 12:17:03] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[02/09/2016 17:28:48] - |D| - [1773] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[02/09/2016 17:40:27] - |D| - [2338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[02/09/2016 17:40:10] - |D| - [868] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
[02/09/2016 17:45:24] - |D| - [6466] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[08/09/2016 23:16:18] - |D| - [2157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[10/09/2016 10:57:49] - |D| - [1106] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[24/09/2016 00:03:54] - |D| - [1479] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[05/02/2016 18:15:40] - |A| - [2487] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[05/09/2016 23:07:17] - |D| - [1872] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[18/10/2016 09:57:19] - |D| - [5195] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016
[05/02/2016 18:15:40] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[04/11/2016 16:36:31] - |A| - [1140] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
[13/09/2016 13:18:36] - |D| - [4412] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power & Revolution (français)
[05/02/2016 18:15:40] - |A| - [2514] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[13/09/2016 09:32:27] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[31/08/2016 22:37:37] - |D| - [9102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[20/06/2017 00:08:48] - |D| - [953] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[30/11/2016 22:27:50] - |D| - [2893] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Singles2
[22/12/2016 16:35:45] - |D| - [935] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[04/06/2017 12:17:03] - |RD| - [3219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[31/08/2016 19:29:13] - |D| - [1108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[04/06/2017 12:17:03] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[30/10/2015 11:07:42] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[09/09/2016 11:52:18] - |D| - [2305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
[31/08/2016 14:57:29] - |D| - [7188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[02/09/2016 17:24:26] - |D| - [3913] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
[09/09/2016 12:09:57] - |D| - [7287] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
[09/09/2016 12:07:42] - |A| - [1507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
[07/06/2017 13:21:11] - |D| - [941] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
[02/09/2016 17:37:10] - |D| - [16988] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[12/06/2017 11:02:21] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[02/09/2016 17:42:59] - |D| - [4769] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
[01/09/2016 10:31:10] - |D| - [4305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[05/02/2016 18:15:40] - |A| - [2497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[02/09/2016 10:04:06] - |D| - [37408] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wwise v2015.2_LTX build 5495
[13/09/2016 13:18:57] - |D| - [10355] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[04/06/2017 12:17:07] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[31/08/2016 13:42:03] - |A| - [2299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
[31/08/2016 14:09:26] - |A| - [746] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk

---------- | C:\Program Files (x86)

[31/08/2016 14:53:28] - |D| - [3511045] - C:\Program Files (x86)\7-Zip
[19/11/2016 15:39:01] - |AD| - [10083448] - C:\Program Files (x86)\Action Replay PowerSaves 3DS
[31/08/2016 14:56:58] - |D| - [264625236] - C:\Program Files (x86)\Adobe
[31/08/2016 14:14:13] - |AD| - [3027111] - C:\Program Files (x86)\AirplaneModeInstaller
[02/09/2016 17:41:53] - |D| - [7582698] - C:\Program Files (x86)\AppInsights
[06/06/2017 11:29:01] - |AD| - [2767262] - C:\Program Files (x86)\Apple Software Update
[02/09/2016 17:38:50] - |AD| - [311234] - C:\Program Files (x86)\Application Verifier
[02/09/2016 10:04:06] - |D| - [2309389073] - C:\Program Files (x86)\Audiokinetic
[16/01/2017 10:51:49] - |AD| - [631713] - C:\Program Files (x86)\Bonjour
[28/09/2016 23:30:29] - |AD| - [38259424] - C:\Program Files (x86)\Cheat Engine 6.5.1
[04/06/2017 12:17:03] - |D| - [404969969] - C:\Program Files (x86)\Common Files
[31/08/2016 14:45:09] - |D| - [86234177] - C:\Program Files (x86)\Creative
[04/06/2017 12:17:06] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[04/06/2017 16:58:20] - |AD| - [151454501] - C:\Program Files (x86)\Five Multiplayer
[22/12/2016 01:21:32] - |D| - [7343571] - C:\Program Files (x86)\Geeks3D
[19/06/2017 20:45:26] - |D| - [118714561] - C:\Program Files (x86)\GOG Galaxy
[31/08/2016 14:57:13] - |D| - [424798480] - C:\Program Files (x86)\Google
[09/09/2016 11:52:37] - |D| - [71525890] - C:\Program Files (x86)\GtkSharp
[31/08/2016 14:09:26] - |AD| - [291667758] - C:\Program Files (x86)\Hotkey
[02/09/2016 17:27:14] - |AD| - [217744] - C:\Program Files (x86)\HTML Help Workshop
[02/09/2016 17:29:49] - |D| - [1182443] - C:\Program Files (x86)\IIS
[02/09/2016 17:30:16] - |AD| - [17563722] - C:\Program Files (x86)\IIS Express
[31/08/2016 13:42:07] - |HD| - [379602481] - C:\Program Files (x86)\InstallShield Installation Information
[31/08/2016 14:09:57] - |D| - [123405039] - C:\Program Files (x86)\Intel
[04/06/2017 12:17:03] - |D| - [2005059] - C:\Program Files (x86)\Internet Explorer
[31/08/2016 14:58:58] - |AD| - [452868622] - C:\Program Files (x86)\LibreOffice 5
[01/12/2016 00:36:16] - |D| - [123319380] - C:\Program Files (x86)\MakeMKV
[22/01/2017 18:57:54] - |D| - [3515646128] - C:\Program Files (x86)\Maxis
[02/09/2016 17:31:26] - |D| - [267762914] - C:\Program Files (x86)\Microsoft ASP.NET
[02/09/2016 15:11:55] - |D| - [25269676] - C:\Program Files (x86)\Microsoft Help Viewer
[05/02/2016 18:15:21] - |AD| - [2187774757] - C:\Program Files (x86)\Microsoft Office
[09/09/2016 12:12:36] - |D| - [19600882] - C:\Program Files (x86)\Microsoft Office365 Tools
[02/09/2016 15:11:53] - |AD| - [1180413973] - C:\Program Files (x86)\Microsoft SDKs
[02/09/2016 17:40:18] - |AD| - [55907910] - C:\Program Files (x86)\Microsoft Silverlight
[02/09/2016 15:11:41] - |AD| - [54045208] - C:\Program Files (x86)\Microsoft SQL Server
[02/09/2016 15:11:28] - |D| - [9709348] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[02/09/2016 17:45:24] - |AD| - [886564366] - C:\Program Files (x86)\Microsoft Visual Studio 11.0
[02/09/2016 17:03:04] - |D| - [7920470] - C:\Program Files (x86)\Microsoft Visual Studio 12.0
[09/09/2016 12:05:59] - |AD| - [1757176664] - C:\Program Files (x86)\Microsoft Visual Studio 14.0
[09/09/2016 12:25:35] - |D| - [922251] - C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
[02/09/2016 17:29:54] - |D| - [87329395] - C:\Program Files (x86)\Microsoft WCF Data Services
[02/09/2016 17:31:01] - |AD| - [142836334] - C:\Program Files (x86)\Microsoft Web Tools
[02/09/2016 17:42:36] - |D| - [16952184] - C:\Program Files (x86)\Microsoft XDE
[04/06/2017 12:17:03] - |D| - [44326103] - C:\Program Files (x86)\Microsoft.NET
[11/06/2017 03:23:09] - |D| - [140143960] - C:\Program Files (x86)\MSBuild
[10/09/2016 10:57:47] - |D| - [6954101] - C:\Program Files (x86)\Notepad++
[02/09/2016 17:30:05] - |D| - [9313914] - C:\Program Files (x86)\NuGet
[24/05/2017 23:12:41] - |D| - [447969631] - C:\Program Files (x86)\NVIDIA Corporation
[31/01/2017 16:16:15] - |D| - [83364171] - C:\Program Files (x86)\OCCTPT
[14/12/2016 21:03:00] - |D| - [157970276] - C:\Program Files (x86)\Orange
[05/09/2016 23:07:02] - |AD| - [343456268] - C:\Program Files (x86)\Origin
[05/09/2016 23:09:35] - |D| - [0] - C:\Program Files (x86)\Origin Games
[24/05/2017 23:13:15] - |D| - [9023490] - C:\Program Files (x86)\Razer
[31/08/2016 13:43:58] - |D| - [1373151855] - C:\Program Files (x86)\Realtek
[11/06/2017 03:23:09] - |D| - [1285503411] - C:\Program Files (x86)\Reference Assemblies
[31/08/2016 22:40:38] - |D| - [5133642257] - C:\Program Files (x86)\Rockstar Games
[22/12/2016 01:28:07] - |D| - [9510049] - C:\Program Files (x86)\SpeedFan
[31/08/2016 19:29:12] - |D| - [128259348375] - C:\Program Files (x86)\Steam
[31/08/2016 14:25:09] - |HD| - [319488] - C:\Program Files (x86)\Temp
[31/08/2016 20:10:06] - |D| - [318746185] - C:\Program Files (x86)\Ubisoft
[15/06/2017 09:44:57] - |D| - [109864] - C:\Program Files (x86)\UDPixel
[24/05/2017 23:12:40] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[31/08/2016 14:57:23] - |D| - [126263314] - C:\Program Files (x86)\VideoLAN
[13/10/2016 09:59:30] - |AD| - [333] - C:\Program Files (x86)\Virtual Router
[12/06/2017 11:00:07] - |D| - [1099146] - C:\Program Files (x86)\VulkanRT
[04/06/2017 12:17:03] - |D| - [1720976] - C:\Program Files (x86)\Windows Defender
[02/09/2016 15:12:21] - |D| - [571721638] - C:\Program Files (x86)\Windows Kits
[04/06/2017 12:17:03] - |D| - [626688] - C:\Program Files (x86)\Windows Mail
[05/06/2017 08:58:30] - |D| - [3295897] - C:\Program Files (x86)\Windows Media Player
[04/06/2017 12:17:03] - |D| - [38784] - C:\Program Files (x86)\Windows Multimedia Platform
[04/06/2017 12:17:03] - |D| - [7569602] - C:\Program Files (x86)\Windows NT
[02/09/2016 17:27:22] - |D| - [168022172] - C:\Program Files (x86)\Windows Phone Kits
[02/09/2016 17:43:02] - |D| - [118655720] - C:\Program Files (x86)\Windows Phone Silverlight Kits
[04/06/2017 12:17:03] - |D| - [5347168] - C:\Program Files (x86)\Windows Photo Viewer
[04/06/2017 12:17:03] - |D| - [38784] - C:\Program Files (x86)\Windows Portable Devices
[04/06/2017 12:17:03] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[04/06/2017 12:17:03] - |D| - [2244361] - C:\Program Files (x86)\WindowsPowerShell
[13/09/2016 13:18:55] - |D| - [11261204] - C:\Program Files (x86)\Xvid

---------- | C:\Program Files

[02/09/2016 17:38:50] - |AD| - [352338] - C:\Program Files\Application Verifier
[02/06/2017 13:09:58] - |D| - [599634751] - C:\Program Files\Bitdefender
[02/06/2017 12:03:16] - |AD| - [33210335] - C:\Program Files\Bitdefender Agent
[16/01/2017 10:51:49] - |AD| - [615066] - C:\Program Files\Bonjour
[22/12/2016 01:09:39] - |AD| - [69576052] - C:\Program Files\BurnInTest
[22/12/2016 16:35:46] - |AD| - [19991856] - C:\Program Files\CCleaner
[04/06/2017 12:17:03] - |D| - [1205503740] - C:\Program Files\Common Files
[04/06/2017 12:17:06] - |ASH| - [174] - C:\Program Files\desktop.ini
[05/02/2016 18:07:00] - |SHD| - [1205503740] - C:\Program Files\Fichiers communs
[05/12/2016 16:44:16] - |AD| - [23502188] - C:\Program Files\FileZilla FTP Client
[22/12/2016 16:42:08] - |AD| - [4208793] - C:\Program Files\HWiNFO64
[02/09/2016 17:29:49] - |AD| - [5476315] - C:\Program Files\IIS
[02/09/2016 17:30:16] - |AD| - [18302026] - C:\Program Files\IIS Express
[24/05/2017 23:12:48] - |D| - [1162360] - C:\Program Files\Insyde
[31/08/2016 13:30:22] - |D| - [39056419] - C:\Program Files\Intel
[04/06/2017 12:17:03] - |D| - [2630702] - C:\Program Files\Internet Explorer
[06/06/2017 11:30:43] - |D| - [1369059] - C:\Program Files\iPod
[06/06/2017 11:30:43] - |AD| - [432195919] - C:\Program Files\iTunes
[31/08/2016 13:41:39] - |D| - [45594850] - C:\Program Files\Killer Networking
[05/02/2016 18:15:20] - |D| - [8751504] - C:\Program Files\Microsoft Office 15
[02/09/2016 15:11:41] - |AD| - [424485402] - C:\Program Files\Microsoft SQL Server
[02/09/2016 15:11:29] - |AD| - [10320164] - C:\Program Files\Microsoft SQL Server Compact Edition
[02/09/2016 17:17:46] - |D| - [2300078] - C:\Program Files\Microsoft Visual Studio 12.0
[11/06/2017 03:23:09] - |D| - [25757] - C:\Program Files\MSBuild
[24/05/2017 23:12:35] - |D| - [1891399114] - C:\Program Files\NVIDIA Corporation
[04/11/2016 16:36:29] - |AD| - [59812904] - C:\Program Files\paint.net
[24/05/2017 23:12:52] - |D| - [37392384] - C:\Program Files\Realtek
[11/06/2017 03:23:09] - |D| - [36850857] - C:\Program Files\Reference Assemblies
[31/08/2016 20:14:57] - |D| - [75851126414] - C:\Program Files\Rockstar Games
[20/06/2017 00:08:46] - |D| - [51729550] - C:\Program Files\RogueKiller
[22/12/2016 16:35:44] - |AD| - [15197840] - C:\Program Files\Speccy
[24/05/2017 23:13:12] - |AD| - [96603243] - C:\Program Files\Synaptics
[05/02/2016 18:07:21] - |HD| - [0] - C:\Program Files\Uninstall Information
[07/06/2017 13:21:11] - |AD| - [13365484] - C:\Program Files\WhoCrashed
[04/06/2017 12:17:03] - |D| - [13884963] - C:\Program Files\Windows Defender
[05/06/2017 09:00:06] - |D| - [6941696] - C:\Program Files\Windows Defender Advanced Threat Protection
[04/06/2017 12:17:03] - |D| - [637952] - C:\Program Files\Windows Mail
[05/06/2017 08:58:30] - |D| - [4825789] - C:\Program Files\Windows Media Player
[04/06/2017 12:17:03] - |D| - [45512] - C:\Program Files\Windows Multimedia Platform
[04/06/2017 12:17:03] - |D| - [7834818] - C:\Program Files\Windows NT
[04/06/2017 12:17:03] - |D| - [6126432] - C:\Program Files\Windows Photo Viewer
[04/06/2017 12:17:03] - |D| - [45512] - C:\Program Files\Windows Portable Devices
[04/06/2017 12:17:03] - |D| - [92712] - C:\Program Files\Windows Security
[04/06/2017 12:17:03] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[04/06/2017 12:17:03] - |HD| - [86180015858] - C:\Program Files\WindowsApps
[04/06/2017 12:17:03] - |D| - [2494131] - C:\Program Files\WindowsPowerShell
[14/12/2016 21:02:59] - |D| - [189003] - C:\Program Files\WinPcap
[01/09/2016 10:31:01] - |AD| - [6299307] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[31/08/2016 14:56:58] - |AD| - [9328571] - C:\Program Files (x86)\Common Files\Adobe
[14/12/2016 21:02:26] - |AD| - [48275661] - C:\Program Files (x86)\Common Files\Adobe AIR
[16/01/2017 10:51:30] - |D| - [140484035] - C:\Program Files (x86)\Common Files\Apple
[01/09/2016 12:16:58] - |D| - [5855776] - C:\Program Files (x86)\Common Files\BattlEye
[31/08/2016 14:21:08] - |AD| - [47976] - C:\Program Files (x86)\Common Files\DESIGNER
[08/09/2016 12:58:22] - |HD| - [9930416] - C:\Program Files (x86)\Common Files\EAInstaller
[31/08/2016 14:44:49] - |D| - [8220068] - C:\Program Files (x86)\Common Files\InstallShield
[31/08/2016 14:44:54] - |D| - [251197] - C:\Program Files (x86)\Common Files\Intel Corporation
[02/09/2016 17:20:22] - |AD| - [41639936] - C:\Program Files (x86)\Common Files\Merge Modules
[02/09/2016 17:37:06] - |D| - [2221] - C:\Program Files (x86)\Common Files\Microsoft
[04/06/2017 12:17:03] - |D| - [126445898] - C:\Program Files (x86)\Common Files\Microsoft Shared
[29/09/2016 21:21:21] - |D| - [662081] - C:\Program Files (x86)\Common Files\PocketSoft
[31/08/2016 14:21:43] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent
[04/06/2017 12:17:03] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[31/08/2016 19:29:13] - |D| - [3767360] - C:\Program Files (x86)\Common Files\Steam
[04/06/2017 12:17:03] - |D| - [9527691] - C:\Program Files (x86)\Common Files\System
[13/09/2016 13:17:46] - |D| - [323584] - C:\Program Files (x86)\Common Files\Thraex Software

---------- | C:\Program Files\Common files

[16/01/2017 10:51:37] - |D| - [158806340] - C:\Program Files\Common files\Apple
[24/05/2017 23:12:31] - |D| - [422] - C:\Program Files\Common files\Atheros
[02/06/2017 13:09:42] - |D| - [876828657] - C:\Program Files\Common files\Bitdefender
[03/10/2016 16:19:42] - |HD| - [1043666] - C:\Program Files\Common files\EAInstaller
[04/06/2017 12:17:03] - |D| - [158616886] - C:\Program Files\Common files\microsoft shared
[04/06/2017 12:17:03] - |D| - [2702] - C:\Program Files\Common files\Services
[04/06/2017 12:17:03] - |D| - [10205067] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [12/06/2017 11:04:38] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.CFC20C5FD1AF643C1D07514DA7DFFE6F] - [12/06/2017 11:04:38] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.00000000000000000000000000000000] - [12/06/2017 11:04:38] - |D| - [2606] - C:\WINDOWS\System32\Tasks\Apple
[MD5.909C31F9DECBF4D28D2681B64B4E10CB] - [12/06/2017 11:04:38] - |A| - [2668] - C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864         :   C:\Program Files\Bitdefender Agent\WatchDog.exe
[MD5.75537AF89FF28162661A14F9EE367EE6] - [12/06/2017 11:04:38] - |A| - [2388] - C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C         :   C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
[MD5.4D817BD6DC4E816E092F60141807ECB7] - [12/06/2017 11:04:38] - |A| - [2218] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.AE67C509A7071B8B905D61BA239A51B1] - [12/06/2017 11:04:38] - |A| - [3290] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.40A900AA01F275C94FB01C77B5CE0E40] - [12/06/2017 11:04:38] - |A| - [3514] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [12/06/2017 11:04:38] - |D| - [11100] - C:\WINDOWS\System32\Tasks\Intel
[MD5.09650088CE3965E8EB34EB949C199736] - [12/06/2017 11:04:38] - |A| - [3118] - C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification         :   "C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe"
[MD5.00000000000000000000000000000000] - [04/06/2017 12:17:04] - |D| - [555426] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.C18BCF8C6336505D5915A80EE95C47D2] - [12/06/2017 11:04:38] - |A| - [3398] - C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
[MD5.D271B57C704ED9FE8F7BDF6C46E504F6] - [12/06/2017 11:04:38] - |A| - [3176] - C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
[MD5.B8FC6CCCF9BB0C866D8776CB00C01F1C] - [12/06/2017 11:04:38] - |A| - [2968] - C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
[MD5.F51E0D33C44156DBFB6432F11B308A7A] - [12/06/2017 11:04:38] - |A| - [2984] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.A416713998B405C15DF29DC980393AF6] - [12/06/2017 11:04:38] - |A| - [2744] - C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
[MD5.1A919F03C70ACB361EBE07E705BA7845] - [12/06/2017 11:04:38] - |A| - [2838] - C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
[MD5.9173F2CE9E5535610FEDA93AA2FBA706] - [12/06/2017 11:04:38] - |A| - [2786] - C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
[MD5.30DF4287C7842184041D1D65DD2C55ED] - [12/06/2017 11:04:38] - |A| - [2956] - C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}         :   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
[MD5.0C20D8B77DAA1A35F354E7C361A70572] - [12/06/2017 11:04:38] - |A| - [3302] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.00000000000000000000000000000000] - [04/06/2017 12:17:04] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"{443FEFA6-59A9-4FFB-AC29-210F09E204B6}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{57EEFA6A-663B-4576-91E1-F30C4290BCA5}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{3386D6EA-56C5-4E82-A3A0-56E064E5D206}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Forza Horizon 3|Desc=Forza Horizon 3|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1987231219-3494637732-3076478737-3503969843-3465841799-2831659819-1889736820|EmbedCtxt=Forza Horizon 3|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{2BC514A0-C229-4F5F-9632-C186E0110C6E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Forza Horizon 3|Desc=Forza Horizon 3|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1987231219-3494637732-3076478737-3503969843-3465841799-2831659819-1889736820|EmbedCtxt=Forza Horizon 3|Platform=2:6:2|Platform2=GTEQ|
"{4A54A865-A2F3-4B88-93FC-9E928AC49A35}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Dododex Taming Calculator for Ark: Survival Evolved|Desc=Dododex Taming Calculator for Ark: Survival Evolved|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-2269949195-3939652191-1188738508-3357411355-3203514927-3430353469-3027853318|EmbedCtxt=Dododex Taming Calculator for Ark: Survival Evolved|Platform=2:6:2|Platform2=GTEQ|
"{DE565150-7744-4836-9688-6E5EF0977F74}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Forza Hub|Desc=Forza Hub|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1393333600-1512676117-1933989848-3941882286-3705629185-3519201258-4031779555|EmbedCtxt=Forza Hub|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{5AB31A47-0EC9-4C03-B867-7E9C5A5B913E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Forza Hub|Desc=Forza Hub|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1393333600-1512676117-1933989848-3941882286-3705629185-3519201258-4031779555|EmbedCtxt=Forza Hub|Platform=2:6:2|Platform2=GTEQ|
"{EAD352FA-37B0-4938-933E-51DB3273E632}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{0C2F0608-2A4B-429D-B09D-58EE069C5BDD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{4B0621FC-74A9-49E4-A9E6-D6569F5832D5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=D:\Games\Uplay\Tom Clancy's Ghost Recon Wildlands\GRW.exe|Name=Ghost Recon Wildlands|
"{D9714544-44A9-4B11-B480-98F4CA8408A8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Xbox One SmartGlass|Desc=Xbox One SmartGlass|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-2214089197-971179125-4124359169-283697964-1336710732-3555069067-437187921|EmbedCtxt=Xbox One SmartGlass|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{A4C77D3F-58C4-458F-95E7-FF4760AC5FEF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox One SmartGlass|Desc=Xbox One SmartGlass|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-2214089197-971179125-4124359169-283697964-1336710732-3555069067-437187921|EmbedCtxt=Xbox One SmartGlass|Platform=2:6:2|Platform2=GTEQ|
"{8304E8D6-8780-42CB-A383-EF95F48CD8B1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ|
"compositor-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=48862|Name=compositor_Allow_In_TCP|Desc=Allow inbound TCP traffic on port 48862 for ShellCompositor.|EmbedCtxt=shellcompositor|
"compositor-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|LPort=48862|Name=compositor_Allow_Out_TCP|Desc=Allow outbound TCP traffic for ShellCompositor.|EmbedCtxt=shellcompositor|
"UDP Query User{5C3337D3-7147-449C-844E-F70D7A65561D}E:\unreal engine\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=E:\unreal engine\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User|
"TCP Query User{3454AFF0-B704-426A-8861-8A7559B51369}E:\unreal engine\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=E:\unreal engine\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe|Name=EpicGamesLauncher|Desc=EpicGamesLauncher|Defer=User|
"{090BC5FF-1744-4211-BF8C-AF81E4929CA2}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe|Name=PluginLivebox.exe|EmbedCtxt=@firewallapi.dll,-23255|
"{94089908-9B5F-46FB-8656-1D49E961D681}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\PluginLivebox.exe|Name=PluginLivebox.exe|EmbedCtxt=@firewallapi.dll,-23255|
"{722C3FF3-D91E-4B09-B68F-AF81ED64296B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe|Name=LiveboxManager.exe|EmbedCtxt=@firewallapi.dll,-23255|
"{3DE25257-4BC3-47C3-B822-824367B1C237}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\LiveboxManager.exe|Name=LiveboxManager.exe|EmbedCtxt=@firewallapi.dll,-23255|
"{F87CB22B-6DF0-4908-AAB2-446326CF2ADC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe|Name=Dedicarz Service|EmbedCtxt=@firewallapi.dll,-23255|
"{AC360BE1-41F2-4646-8032-D86E15B24954}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Orange\ma Livebox\dedicarz\DedicarzService.exe|Name=Dedicarz Service|EmbedCtxt=@firewallapi.dll,-23255|
"{AD83078C-6772-496B-9950-C33F7AC5694D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|EmbedCtxt=@firewallapi.dll,-23255|
"{7539569A-E61D-4DFE-9CEF-5B6ABAC350BD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|EmbedCtxt=@firewallapi.dll,-23255|
"UDP Query User{0FB96178-A26F-4705-BB6D-1AF4840D686F}D:\crytek\cryengine launcher\crytek\cryengine_5.2\bin\win_x64\sandbox.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\crytek\cryengine launcher\crytek\cryengine_5.2\bin\win_x64\sandbox.exe|Name=sandbox|Desc=sandbox|Defer=User|
"TCP Query User{023B1B4B-5412-48CF-9327-C066A68F674D}D:\crytek\cryengine launcher\crytek\cryengine_5.2\bin\win_x64\sandbox.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\crytek\cryengine launcher\crytek\cryengine_5.2\bin\win_x64\sandbox.exe|Name=sandbox|Desc=sandbox|Defer=User|
"{2D0D2691-C076-4259-BFE2-C6DD6907BF42}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)|
"{7A093264-D8E6-43C9-B657-7D98490FEC00}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)|
"{2E01C6C0-B0D1-41CF-9105-E12ED092DE9A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)|
"{9F50E102-0C1F-4A28-9876-9002A9F0B654}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)|
"UDP Query User{406BC71A-3869-40CE-9574-A0FF952A0C58}D:\games\cloud imperium games\patcher\cigpatcher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\cloud imperium games\patcher\cigpatcher.exe|Name=cigpatcher|Desc=cigpatcher|Edge=TRUE|Defer=App|
"TCP Query User{E6724033-9514-48DC-9249-0DF4A78A4659}D:\games\cloud imperium games\patcher\cigpatcher.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\cloud imperium games\patcher\cigpatcher.exe|Name=cigpatcher|Desc=cigpatcher|Edge=TRUE|Defer=App|
"WebManagement-In-Https"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=50443|App=System|Name=WebManagement_Allow_In_HTTPS|Desc=Allow inbound TCP traffic on dynamic HTTPS port for device web management|EmbedCtxt=WebManagement|
"WebManagement-In-Http"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=50080|App=System|Name=WebManagement_Allow_In_HTTP|Desc=Allow inbound TCP traffic on dynamic HTTP port for device web management|EmbedCtxt=WebManagement|
"SshProxy-Service"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=22|App=%SystemRoot%\system32\svchost.exe|Svc=SshProxy|Name=@%SystemRoot%\system32\SshProxy.dll,-5|Desc=@%SystemRoot%\system32\SshProxy.dll,-6|EmbedCtxt=Ssh Server|
"WebManagement-Out"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=WebManagement_Allow_Out|Desc=Allow outbound TCP traffic from device web management|EmbedCtxt=WebManagement|
"UDP Query User{C1E1D1D4-A7A3-410E-ADAC-FD8EFBCD2ACC}C:\program files\rockstar games\grand theft auto v\gta5.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files\rockstar games\grand theft auto v\gta5.exe|Name=Grand Theft Auto V|Desc=Grand Theft Auto V|Defer=User|
"TCP Query User{CB7C2CCF-7F79-47BF-B0B1-5FE6A293D650}C:\program files\rockstar games\grand theft auto v\gta5.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files\rockstar games\grand theft auto v\gta5.exe|Name=Grand Theft Auto V|Desc=Grand Theft Auto V|Defer=User|
"UDP Query User{2757C87F-89E5-4BC6-91AD-04B4DEA6DB89}D:\games\steam\steamapps\common\fallout 4\creationkit.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\steam\steamapps\common\fallout 4\creationkit.exe|Name=Creation Kit 2.0|Desc=Creation Kit 2.0|Defer=User|
"TCP Query User{3A7D554B-0CBF-4002-AA3E-2C358544E7E4}D:\games\steam\steamapps\common\fallout 4\creationkit.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\steam\steamapps\common\fallout 4\creationkit.exe|Name=Creation Kit 2.0|Desc=Creation Kit 2.0|Defer=User|
"UDP Query User{100521AB-6B35-4C96-AA3C-8EEE29847836}D:\games\steam\steamapps\common\assettocorsa\acs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\games\steam\steamapps\common\assettocorsa\acs.exe|Name=acs|Desc=acs|Defer=User|
"TCP Query User{D7939791-83B6-47DD-9D84-568522CF0491}D:\games\steam\steamapps\common\assettocorsa\acs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\games\steam\steamapps\common\assettocorsa\acs.exe|Name=acs|Desc=acs|Defer=User|
"{ED8E3A03-3A5C-431C-A25A-9ECD833EE42A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe|Name=devenv.exe|Edge=TRUE|
"{29FD062C-6879-4E5E-AEC1-5C682848DD9B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=D:\Unity\Editor\Unity.exe|Name=Unity.exe|Edge=TRUE|
"{2A0E6AFA-7659-494D-9269-EF26A0F469E4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe|Name=UnityVS.OpenFile.exe|Edge=TRUE|
"{E884BD7F-BFE4-4C4E-8047-F483557EB1DD}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe|Name=Visual Studio 2015 Remote Debugger Discovery (devenv.exe)|Desc=Inbound rule to allow Visual Studio to discover remote debuggers running on the local network [UDP 3702]|Edge=TRUE|
"UDP Query User{69F2B612-E129-40B2-AA13-F3D4D260E29D}E:\amazon\lumberyard\1.4.0.1\dev\bin64\assetprocessor_tmp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=E:\amazon\lumberyard\1.4.0.1\dev\bin64\assetprocessor_tmp.exe|Name=assetprocessor_tmp|Desc=assetprocessor_tmp|Defer=User|
"TCP Query User{90EAED2C-BF5E-47D5-BA3E-44685B450D6C}E:\amazon\lumberyard\1.4.0.1\dev\bin64\assetprocessor_tmp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=E:\amazon\lumberyard\1.4.0.1\dev\bin64\assetprocessor_tmp.exe|Name=assetprocessor_tmp|Desc=assetprocessor_tmp|Defer=User|
"UDP Query User{582E68B2-4904-42C4-8319-AC426ED4AAFB}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
"TCP Query User{DBB25BBC-C5B5-4EB2-8B1D-95E055DB6885}C:\program files (x86)\google\chrome\application\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files (x86)\google\chrome\application\chrome.exe|Name=Google Chrome|Desc=Google Chrome|Defer=User|
"{F0C62AEC-3750-452D-BC7A-FB8E414D7FFC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Uplay\Tom Clancy's Rainbow Six Siege\RainbowSix.exe|Name=Rainbow Six - Siege: Launcher|
"{9E0B0135-C650-4398-BE41-68A219F5670E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Uplay\Tom Clancy's Rainbow Six Siege\RainbowSix.exe|Name=Rainbow Six - Siege: Launcher|
"{804BCACF-AB52-4298-94B7-E278CEEECCB5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Uplay\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe|Name=Rainbow Six - Siege: Game|
"{4EBF535C-E1B8-43A3-87C2-B7B3219B4701}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Uplay\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe|Name=Rainbow Six - Siege: Game|
"{8AE00CA3-7C00-4F18-B1BA-75134FBC902B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Uplay\Far Cry 4\bin\FarCry4.exe|Name=FarCry4|
"{F605F346-F3E4-4E19-8F12-741A71CDCFF2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Uplay\Far Cry 4\bin\FarCry4.exe|Name=FarCry4|
"{9C41C774-38F4-4F13-8252-3E6A582978AF}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Uplay\Far Cry 4\bin\IGE_WPF64.exe|Name=FarCry4-IGE|
"{89497182-3429-4EB4-98B7-F740854C0B57}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Uplay\Far Cry 4\bin\IGE_WPF64.exe|Name=FarCry4-IGE|
"{6D832701-FABF-45F2-8493-24AA199ADA6B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Uplay\Assassin's Creed Rogue\ACC.exe|Name=AC Rogue|
"{0840267A-50E8-4F5A-8D9C-0A5C609D0C87}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Uplay\Assassin's Creed Rogue\ACC.exe|Name=AC Rogue|
"TCP Query User{61409B0D-8305-4540-9D39-731502A1E071}D:\games\origin\fifa 17\fifa17.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\games\origin\fifa 17\fifa17.exe|Name=FIFA 17|Desc=FIFA 17|Defer=User|
"UDP Query User{E48C5D2E-B8B1-477B-9B18-AC0B241FE12F}D:\games\origin\fifa 17\fifa17.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\games\origin\fifa 17\fifa17.exe|Name=FIFA 17|Desc=FIFA 17|Defer=User|
"{1F814DC5-072B-4A70-9B01-FA6235C379F8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Holograms|Desc=Holograms|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1602109543-489299846-2933479085-1573170910-173486505-4040315008-997329221|EmbedCtxt=Holograms|Platform=2:6:2|Platform2=GTEQ|
"{104B34CF-408E-4B45-A5BD-7991A15C54B7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe|Name=SHIELD Streaming SSAS UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAS (mDNS)|
"{2435F8D6-C1FC-4F63-AFF7-6F8A91BFE67F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Forza Motorsport 6: Apex|Desc=Forza Motorsport 6: Apex|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-659367499-3410908210-3321606304-2202737211-3639351877-388867530-2978036834|EmbedCtxt=Forza Motorsport 6: Apex|Platform=2:6:2|Platform2=GTEQ|
"{4AD0649E-F942-4F21-97B6-F25D52674CAF}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Forza Motorsport 6: Apex|Desc=Forza Motorsport 6: Apex|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-659367499-3410908210-3321606304-2202737211-3639351877-388867530-2978036834|EmbedCtxt=Forza Motorsport 6: Apex|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{29FB823A-925C-4613-81C0-ADEBC71C9971}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=D:\Games\Uplay\WATCH_DOGS2\bin\WatchDogs2.exe|Name=WatchDogs2-TCP|
"{E0A0826B-8077-4758-B665-A1AC2D6438D1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=D:\Games\Uplay\WATCH_DOGS2\bin\WatchDogs2.exe|Name=WatchDogs2-UDP|
"TCP Query User{600BAE1D-6754-4C05-94F3-567A077D80D2}E:\ark dev kit\arkdevkit\engine\binaries\win64\ue4editor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\ark dev kit\arkdevkit\engine\binaries\win64\ue4editor.exe|Name=Unreal Engine|Desc=Unreal Engine|Defer=User|
"UDP Query User{5087E294-EBCD-4849-B695-7ACB39AFE8EB}E:\ark dev kit\arkdevkit\engine\binaries\win64\ue4editor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\ark dev kit\arkdevkit\engine\binaries\win64\ue4editor.exe|Name=Unreal Engine|Desc=Unreal Engine|Defer=User|
"TCP Query User{89115A52-759E-4603-8B44-F3A2D5DD464B}E:\unreal engine\epic games\4.14\engine\binaries\win64\ue4editor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\unreal engine\epic games\4.14\engine\binaries\win64\ue4editor.exe|Name=Unreal Engine|Desc=Unreal Engine|Defer=User|
"UDP Query User{B67FDCAF-87A5-4EF9-9FEB-9E92BA64B71A}E:\unreal engine\epic games\4.14\engine\binaries\win64\ue4editor.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\unreal engine\epic games\4.14\engine\binaries\win64\ue4editor.exe|Name=Unreal Engine|Desc=Unreal Engine|Defer=User|
"{59E85198-50FF-445B-AD98-876670505654}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=9103|App=D:\Games\Uplay\Steep\steep.exe|Name=STEEP|
"{164B0284-274E-4777-B243-8F792A269C71}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{E794D79E-A3DA-41C0-BABC-90A2E5D23455}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{23B817EA-D0CE-499B-8617-58D12AFBF5DB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{5B1A022C-932C-4BC4-94AF-990D5CD742D4}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{D813F581-6A41-4CD5-A75E-225FA06FF72A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ|
"{4352AC87-A036-450C-8010-EB7CF9C70AB7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{B6C81BF6-7FAA-4E8B-AAE2-0AFEC8EBD7B5}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|
"{154BF8B5-3721-445F-BBBE-1065174F2055}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{5B0FD435-FE01-4A1A-810C-E252190582F6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{CDDAD587-1760-4760-95FA-DA102ACD1B60}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"{2B425E62-7D44-4886-96D1-FB88B40544D0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{D0453F74-65F5-49A9-AF4D-CF4382AD4B65}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{4A6D40BB-38EE-4D54-9538-3546DC6C5045}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{BF371F00-D91E-413E-9AEF-3E3D6DCB3E36}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{B1A70F10-DAE4-476D-99F1-3A8701704D96}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{50CFAC02-0325-41F1-8CAD-A589AC37C8FE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{1159F440-19E3-4EAE-A2AA-F1DFA27D5182}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{58082319-3AC1-419A-8E4C-A1C99B43FE6C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
"{C7F5FD71-2341-423D-9C85-B0376A7163E8}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{661A8FB9-D80C-4B15-A5E6-43F10D7E5B05}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Origin\The Sims 4\Game\Bin\TS4.exe|Name=Les Sims™ 4 32 Bit|
"{EF66A4D0-4E86-4C85-9F18-9D87ABA35FDC}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Origin\The Sims 4\Game\Bin\TS4.exe|Name=Les Sims™ 4 32 Bit|
"{B7FFBFBF-5CFB-46F7-AD8A-8764D36F42DD}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe|Name=Les Sims™ 4 64 Bit|
"{74A5C2AE-0F4C-4572-853B-824465B76EE2}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Origin\The Sims 4\Game\Bin\TS4_x64.exe|Name=Les Sims™ 4 64 Bit|
"{DF38E022-0059-4E6B-94E3-99855C4B4861}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\Games\Origin\FIFA 17\FIFASetup\fifaconfig.exe|Name=FIFA 17|
"{A452DD6C-C526-4CE2-B726-A9F6CAA9295A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\Games\Origin\FIFA 17\FIFASetup\fifaconfig.exe|Name=FIFA 17|
"{09B3F97A-ED17-4384-B609-4EB669A62911}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{54E3ACDA-7D12-4F04-904D-E9B7E22A14AA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{CFF802E6-37B1-441C-B7FA-0E29C694E766}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-533811266-1534692092-1485993985-1002|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{091BC97E-2352-4362-A539-10A6D8FF7596}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem21.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4532C9EB-FEF9-43AC-83DA-D5DE1F9A2BFF}] : (nvpciflt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{57465043-616c-6c6f-7574-5f636c617373}] : (WFPCALLOUTS) [] -> @oem57.inf,%ClassName%;WFPCALLOUTS
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CC41EBA2-AB57-4F4E-8C3D-1BC33B1E74E3}] : (RDPDR) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem52.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[02/06/2017 13:09:58] - (2.4.986.68) - (BitDefender S.R.L. - Trufos Kernel Module) - C:\WINDOWS\system32\DRIVERS\trufos.sys
[02/06/2017 13:09:59] - (2.0.0.75) - (BitDefender LLC - BitDefender Gonzales FileSystem Driver) - C:\WINDOWS\system32\DRIVERS\gzflt.sys
[02/06/2017 13:11:03] - (3.13.17482.6533) - (BitDefender - Active Virus Control filter driver) - C:\WINDOWS\system32\DRIVERS\avc3.sys
[02/06/2017 13:10:56] - (1.1.0.719) - (Bitdefender - IGNIS filter driver) - C:\WINDOWS\system32\DRIVERS\ignis.sys
[23/03/2016 10:46:52] - (4.1.4.54) - (Rivet Networks, LLC. - Killer Bandwidth Control Filter Driver) - C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys
[22/12/2016 16:42:16] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\WINDOWS\system32\drivers\HWiNFO64A.SYS
[02/06/2017 13:11:05] - (13.1.1.4) - (BitDefender - FileVault Disk Driver) - C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
[02/06/2017 13:10:56] - (7.0.0.31) - (BitDefender LLC - BitDefender Firewall WFP Filter Driver) - C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
[24/10/2016 00:44:40] - (4.21.0.9613) - (PureVPN - PureStealth) - C:\WINDOWS\System32\drivers\neo_vpn.sys
[25/05/2017 01:06:52] - (22.21.13.8233) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 382.33) - C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_5a93b359bc8bcc04\nvlddmkm.sys
[04/06/2017 12:08:33] - (9.0.0.42) - (Qualcomm Atheros, Inc. - Killer e2400 PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\e2xw10x64.sys
[31/08/2016 13:45:04] - (10.0.10586.21288) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\WINDOWS\system32\DRIVERS\RtsPer.sys
[04/06/2017 12:08:28] - (4.0.2.262) - (Qualcomm Atheros, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\Qcamain10x64.sys
[07/03/2017 11:30:05] - (19.3.4.66) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
[31/08/2016 14:09:43] - (1.0.0.13) - (Insyde Software Corp. - HotKey Keyboard Class Filter Driver) - C:\WINDOWS\system32\DRIVERS\HKKbdFltr.sys
[31/08/2016 14:09:43] - (1.0.0.13) - (Insyde Software Corp. - HotKey Mouse Class Filter Driver) - C:\WINDOWS\system32\DRIVERS\HKMouFltr.sys
[07/03/2017 11:30:05] - (19.3.4.66) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[02/10/2015 06:19:48] - (1.4.0.3) - (Insyde Corporation - Insyde Airplane Mode HID Mini-driver) - C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys
[24/05/2017 23:30:45] - (3.60.2.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys
[25/05/2017 01:06:53] - (202.0.0.0) - (NVIDIA Corporation - Virtual USB Host Controller driver) - C:\WINDOWS\System32\drivers\nvvhci.sys
[25/04/2017 19:23:06] - (1.3.34.26) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys
[12/01/2017 08:22:26] - (6.10.0.8) - (Creative Technology Ltd. - Creative Audio Driver) - C:\WINDOWS\system32\drivers\MBfilt64.sys
[11/07/2016 10:20:00] - (10.0.0.265) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[11/02/2011 23:23:34] - (4.1.0.2001) - (CACE Technologies, Inc. - npf.sys (NT5/6 AMD64) Kernel Driver) - C:\WINDOWS\system32\drivers\npf.sys
[29/12/2012 22:59:38] - (2.3.11.0) - (Almico Software - SpeedFan x64 Driver) - C:\WINDOWS\SysWOW64\speedfan.sys
[02/06/2017 13:11:03] - (3.13.17482.6533) - (BitDefender - Active Virus Control Kernel Filtering driver) - C:\WINDOWS\system32\DRIVERS\avckf.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - avc3 (avc3) -> system32\DRIVERS\avc3.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bdelam (bdelam) -> system32\drivers\bdelam.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - gzflt (gzflt) -> system32\DRIVERS\gzflt.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvpciflt () -> system32\DRIVERS\nvpciflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - trufos (trufos) -> system32\DRIVERS\trufos.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bdfwfpf (bdfwfpf) -> \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BDVEDISK (BDVEDISK) -> \SystemRoot\system32\DRIVERS\bdvedisk.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BfLwf (@oem11.inf,%BfLwf_Desc%;Killer Bandwidth Control) -> \SystemRoot\system32\DRIVERS\bwcW10x64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\WINDOWS\system32\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - iocbios2 (iocbios2) -> \??\C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - npf (NetGroup Packet Filter Driver) -> system32\drivers\npf.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - speedfan (speedfan) -> \??\C:\WINDOWS\SysWOW64\speedfan.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.07F7F501AD50DE2BA2D5842D9B6D6155] - [22/01/2017 19:01:13] - (.© 2004 Macrovision Corporation - Macrovision SECURITY Driver.) - [159.81 Ko] - (4.0.60.0) - C:\WINDOWS\Syswow64\Drivers\SECDRV.SYS

---------- | Uninstall

[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GameMaker-Studio14] : (GameMaker-Studio 1.4.-.YoYo Games Ltd.) -> "D:\GameMaker-Studio 1.4\uninstall.exe"
[HKU\S-1-5-21-533811266-1534692092-1485993985-1002\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Star Citizen Launcher] : (Star Citizen Launcher.-.Cloud Imperium Games) -> D:\Games\Cloud Imperium Games\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\6af12c54-643b-4752-87d0-8335503010de_is1] : (Nexus Mod Manager.-.Black Tree Gaming) -> "D:\Nexus Mod Manager\uninstall\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\8B3D7924-ED89-486B-8322-E8594065D5CB_is1] : (RogueKiller version 12.11.3.0.-.Adlice Software) -> "C:\Program Files\RogueKiller\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AirplaneModeHid] : (Insyde Airplane Mode HID Mini-Driver.-.Insyde Corporation) -> C:\Program Files\Insyde\AirplaneModeDriver\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Bitdefender] : (Bitdefender Total Security 2017.-.Bitdefender) -> C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\installer.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Bitdefender Agent] : (Bitdefender Agent.-.Bitdefender) -> C:\Program Files\Bitdefender Agent\installer\installer.exe /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Bitdefender Device Management] : (Bitdefender Device Management.-.Bitdefender) -> "C:\Program Files\Bitdefender\Bitdefender Device Management\installer\installer.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\BurnInTest_is1] : (BurnInTest v8.1 Pro.-.Passmark Software) -> "C:\Program Files\BurnInTest\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\HWiNFO64_is1] : (HWiNFO64 Version 5.42.-.Martin Malík - REALiX) -> "C:\Program Files\HWiNFO64\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Speccy] : (Speccy.-.Piriform) -> "C:\Program Files\Speccy\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 10220] : (Postal 3.-.Trashmasters) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10220
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 10500] : (Empire: Total War.-.The Creative Assembly) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10500
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 107410] : (Arma 3.-.Bohemia Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/107410
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 110800] : (L.A. Noire.-.Team Bondi) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/110800
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 12110] : (Grand Theft Auto: Vice City.-.Rockstar Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12110
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 12120] : (Grand Theft Auto: San Andreas.-.Rockstar Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12120
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 12210] : (Grand Theft Auto IV.-.Rockstar North) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/12210
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 17390] : (Spore.-.Maxis™) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17390
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 17440] : (Spore: Creepy & Cute Parts Pack.-.Maxis™) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/17440
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 203140] : (Hitman: Absolution.-.IO Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/203140
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 203160] : (Tomb Raider.-.Crystal Dynamics) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/203160
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 204100] : (Max Payne 3.-.Rockstar Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/204100
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 205930] : (Hitman: Sniper Challenge.-.IO Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/205930
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 213670] : (South Park™: The Stick of Truth™.-.Obsidian Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/213670
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 214950] : (Total War: ROME II - Emperor Edition.-.Creative Assembly) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/214950
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 216250] : (Dead Island Riptide.-.Techland) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/216250
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 220240] : (Far Cry® 3.-.Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220240
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 220980] : (CRYENGINE.-.Crytek) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220980
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22100] : (Mount & Blade.-.TaleWorlds Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22100
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 221380] : (Age of Empires II: HD Edition.-.Skybox Labs) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221380
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 223100] : (Homefront: The Revolution.-.Dambuster Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/223100
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22320] : (The Elder Scrolls III: Morrowind.-.Bethesda Game Studios®) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22320
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22330] : (The Elder Scrolls IV: Oblivion .-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22330
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 223470] : (POSTAL 2.-.Running With Scissors) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/223470
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22370] : (Fallout 3 - Game of the Year Edition.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22370
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 22380] : (Fallout: New Vegas.-.Obsidian Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22380
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 224440] : (Folk Tale.-.Games Foundry) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/224440
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 232890] : (Stronghold Crusader 2.-.FireFly Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/232890
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 233450] : (Prison Architect.-.Introversion Software) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/233450
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 234630] : (Project CARS.-.Slightly Mad Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/234630
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 236850] : (Europa Universalis IV.-.Paradox Development Studio) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/236850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 239820] : (Game Dev Tycoon.-.Greenheart Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/239820
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 24010] : (Train Simulator.-.Dovetail Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24010
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 242050] : (Assassin's Creed IV Black Flag.-.Ubisoft Montreal) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/242050
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 242760] : (The Forest.-.Endnight Games Ltd) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/242760
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 244210] : (Assetto Corsa.-.Kunos Simulazioni) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/244210
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 244850] : (Space Engineers.-.Keen Software House) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/244850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 245470] : (Democracy 3.-.Positech Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/245470
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 245620] : (Tropico 5.-.Haemimont Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/245620
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 246620] : (Plague Inc: Evolved.-.Ndemic Creations) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/246620
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 24720] : (Spore: Galactic Adventures.-.EA - Maxis) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24720
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 24780] : (SimCity 4 Deluxe.-.EA - Maxis) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24780
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 248170] : (Clickteam Fusion 2.5.-.Clickteam) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/248170
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 251570] : (7 Days to Die.-.The Fun Pimps) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/251570
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 252490] : (Rust.-.Facepunch Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/252490
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 254700] : (resident evil 4 / biohazard 4.-.Capcom) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/254700
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 266840] : (Age of Mythology: Extended Edition.-.SkyBox Labs) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/266840
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 281990] : (Stellaris.-.Paradox Development Studio) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/281990
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 282070] : (This War of Mine.-.11 bit studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/282070
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 285310] : (RollerCoaster Tycoon: Deluxe.-.Chris Sawyer Productions) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/285310
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 285330] : (RollerCoaster Tycoon 2: Triple Thrill Pack.-.Chris Sawyer Productions) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/285330
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 286860] : (Kingdom Come: Deliverance (Beta Access).-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/286860
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 287700] : (METAL GEAR SOLID V: THE PHANTOM PAIN.-.Konami Digital Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/287700
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 289070] : (Sid Meier's Civilization VI.-.Firaxis) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/289070
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 294100] : (RimWorld.-.Ludeon Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/294100
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 299740] : (Miscreated.-.Entrada Interactive LLC) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/299740
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 304220] : (CRYENGINE Sandbox.-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304220
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 304240] : (Resident Evil / biohazard HD REMASTER.-.CAPCOM Co., Ltd.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/304240
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 307690] : (Sleeping Dogs: Definitive Edition.-.United Front Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/307690
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 307880] : (Savage Lands.-.Signal Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/307880
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 313120] : (Stranded Deep.-.Beam Team Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/313120
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 314520] : (Euro Fishing.-.Dovetail Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/314520
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 320300] : (Car Mechanic Simulator 2015.-.Red Dot Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/320300
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 34330] : (Total War: SHOGUN 2.-.The Creative Assembly) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/34330
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 344850] : (Big Pharma.-.Twice Circled) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/344850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 346110] : (ARK: Survival Evolved.-.Studio Wildcard) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/346110
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 354140] : (Five Nights at Freddy's 3.-.Scott Cawthon) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/354140
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 360430] : (Mafia III.-.Hangar 13) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/360430
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 365720] : (Skyrim Script Extender (SKSE).-.The SKSE Team) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/365720
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 373420] : (Divinity: Original Sin Enhanced Edition.-.Larian Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/373420
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 376030] : (ARK: Survival Evolved Dedicated Server.-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/376030
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 376040] : (ARK Dev Kit.-.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/376040
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 377160] : (Fallout 4.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/377160
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 378120] : (Football Manager 2016.-.SPORTS INTERACTIVE) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/378120
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 386590] : (Novus Inceptio.-.McMagic Productions) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/386590
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 394310] : (Punch Club.-.Lazy Bear Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/394310
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 4000] : (Garry's Mod.-.Facepunch Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 402430] : (Out of the Park Baseball 17.-.Out of the Park Developments) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/402430
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 404730] : (Wasteland 2: Director's Cut.-.inXile Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/404730
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 415200] : (Motorsport Manager.-.Playsport Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/415200
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 418030] : (Subsistence.-.ColdGames) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/418030
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 418370] : (RESIDENT EVIL 7 biohazard / BIOHAZARD 7 resident evil.-.CAPCOM Co., Ltd.) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/418370
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 428690] : (Youtubers Life.-.U-Play Online) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/428690
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 440900] : (Conan Exiles.-.Funcom) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440900
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 467520] : (Power & Revolution.-.Eversim) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/467520
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 47870] : (Need for Speed: Hot Pursuit.-.Criterion Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/47870
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 482730] : (Football Manager 2017.-.Sports Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/482730
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 48700] : (Mount & Blade: Warband.-.TaleWorlds Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48700
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 48720] : (Mount & Blade: With Fire and Sword.-.TaleWorlds Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48720
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 489830] : (The Elder Scrolls V: Skyrim Special Edition.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/489830
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 50130] : (Mafia II.-.2K Czech) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/50130
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 55230] : (Saints Row: The Third.-.Volition) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/55230
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 65980] : (Sid Meier's Civilization: Beyond Earth.-.Firaxis Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/65980
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 71240] : (SEGA Bass Fishing.-.SEGA) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/71240
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 72850] : (The Elder Scrolls V: Skyrim.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 8930] : (Sid Meier's Civilization V.-.Firaxis Games) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8930
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 91310] : (Dead Island.-.Techland) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/91310
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\UDK-508c3337-8c9a-4b87-8f5c-ee1e0cc9e207] : (My Game Long Name.-.Epic Games, Inc.) -> D:\Games\Steam\steamapps\common\Subsistence\Binaries\UnSetup.exe /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.42.1] : (Vulkan Run Time Libraries 1.0.42.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.42.1\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WhoCrashed_is1] : (WhoCrashed 5.54.-.Resplendence Software Projects Sp.) -> "C:\Program Files\WhoCrashed\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0A596141-97D5-45FA-9281-98DFAF48D579}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{0A596141-97D5-45FA-9281-98DFAF48D579}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{28303E4F-8C2B-408C-B0C2-7EAA74564665}] : (Synaptics WBF USB Fingerprint Reader.-.Synaptics Incorporated) -> MsiExec.exe /X{28303E4F-8C2B-408C-B0C2-7EAA74564665}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{335F9123-9306-4DB0-AF07-9C636317EE9D}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{335F9123-9306-4DB0-AF07-9C636317EE9D}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}] : (UE4 Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3973721B-C2ED-4505-98B6-752897ECF2F1}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{3973721B-C2ED-4505-98B6-752897ECF2F1}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3AE6FD56-D431-4B53-94F0-95E844206ADF}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{3AE6FD56-D431-4B53-94F0-95E844206ADF}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{437221A8-91D1-42A0-9E04-0AD64B502374}] : (Blender.-.Blender Foundation) -> MsiExec.exe /I{437221A8-91D1-42A0-9E04-0AD64B502374}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4BDD142A-2CC4-4C7A-8F17-342FFC2D82CD}] : (Killer Wireless-AC Drivers.-.Rivet Networks) -> MsiExec.exe /X{4BDD142A-2CC4-4C7A-8F17-342FFC2D82CD}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{54EC951C-4197-4AA4-803B-101F127BBB38}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{54EC951C-4197-4AA4-803B-101F127BBB38}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{62BBB3D7-6209-48DA-8931-2EC3383EA36F}] : (Killer E240x Drivers.-.Rivet Networks) -> MsiExec.exe /X{62BBB3D7-6209-48DA-8931-2EC3383EA36F}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}] : (paint.net.-.dotPDN LLC) -> MsiExec.exe /X{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb] : (IIS Express Application Compatibility Database for x64.-.) -> %windir%\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\CustomSDB\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AF427A50-7D39-4FF3-BD0B-28D08E2873F4}] : (Killer Network Manager.-.Rivet Networks) -> MsiExec.exe /X{AF427A50-7D39-4FF3-BD0B-28D08E2873F4}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA Pilote 3D Vision 382.33.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 382.33.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 382.33.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 3.6.0.74.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.17.0329.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 25.0.0.0.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvBackend] : (NVIDIA Backend.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer] : (NVIDIA Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.LocalSystem] : (NVIDIA LocalSystem Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.MessageBus] : (NVIDIA Message Bus for NvContainer.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NetworkService] : (NVIDIA NetworkService Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.Session] : (NVIDIA Session Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.User] : (NVIDIA User Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs] : (NvNodejs.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvPlugin.Watchdog] : (NVIDIA Watchdog Plugin for NvContainer.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NvTelemetry.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci] : (NvvHci.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_OSC] : (Nvidia Share.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 3.6.0.74.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 3.70.2.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B66F70B4-34E5-429A-9F55-7129E0833A45}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{B66F70B4-34E5-429A-9F55-7129E0833A45}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD135157-92CB-471A-9BFF-BB04E6ECF25B}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{BD135157-92CB-471A-9BFF-BB04E6ECF25B}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF54C187-E49A-4D74-BBC6-345A29C6ADEC}] : (Killer Bandwidth Control Filter Driver.-.Rivet Networks) -> MsiExec.exe /X{CF54C187-E49A-4D74-BBC6-345A29C6ADEC}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0C7385A-9D20-45F3-8101-05D383885180}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{F0C7385A-9D20-45F3-8101-05D383885180}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb] : (IIS Express Application Compatibility Database for x86.-.) -> %windir%\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\CustomSDB\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 9.20.-.) -> "C:\Program Files (x86)\7-Zip\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ALchemy] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x40c  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Autodesk FBX SDK 2016.1.2] : (Autodesk FBX SDK 2016.1.2.-.Autodesk) -> "E:\Amazon\Lumberyard\1.4.0.1\3rdParty\FbxSdk\2016.1.2\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Cheat Engine 6.5.1_is1] : (Cheat Engine 6.5.1.-.Cheat Engine) -> "C:\Program Files (x86)\Cheat Engine 6.5.1\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Creation Kit: Fallout 4] : (Creation Kit: Fallout 4.-.Bethesda Softworks) -> "d:\games\bethesda.net launcher\bethesdanetlauncher.exe" bethesdanet://uninstall/7
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Creation Kit: Skyrim] : (Creation Kit: Skyrim.-.Bethesda Softworks) -> "d:\games\bethesda.net launcher\bethesdanetlauncher.exe" bethesdanet://uninstall/10
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Creative Software AutoUpdate] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x40c  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileZilla Client] : (FileZilla Client 3.22.2.2.-.Tim Kosse) -> C:\Program Files\FileZilla FTP Client\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GameMakerPlayer] : (GameMaker: Player.-.YoYo Games Ltd.) -> "C:\Users\Utilisateur\GameMakerPlayer\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Host OpenAL] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HOST_AUDIO_SOUNDCORE_MANAGER] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ma Livebox] : (ma Livebox.-.Orange) -> C:\Program Files (x86)\Orange\ma Livebox\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MakeMKV] : (MakeMKV v1.10.2.-.GuinpinSoft inc) -> C:\Program Files (x86)\MakeMKV\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Notepad++] : (Notepad++ (32-bit x86).-.Notepad++ Team) -> C:\Program Files (x86)\Notepad++\uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OCCT] : (OCCT 4.4.1.-.Ocbase.com) -> C:\Program Files (x86)\OCCTPT\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Origin\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PAR FRENCH DL] : (Power & Revolution (français).-.Eversim) -> "C:\WINDOWS\PAR FRENCH DL Uninstaller.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rockstar Games Social Club] : (Rockstar Games Social Club.-.Rockstar Games) -> C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SBXFiMB5] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{99892855-6CBD-4B0D-970F-DC53D3AA4103}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sound Blaster X-Fi MB5] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpeedFan] : (SpeedFan (remove only).-.) -> "C:\Program Files (x86)\SpeedFan\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpkEQCV] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A81B1C4F-354C-4339-A492-3B839068C9AA}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SpkEQOEM] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\UDPixel] : (UDPixel.exe.-.) -> "C:\Program Files (x86)\UDPixel\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unity] : (Unity.-.Unity Technologies ApS) -> D:\Unity\Editor\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay] : (Uplay.-.Ubisoft) -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 1771] : (Tom Clancy's Ghost Recon Wildlands.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/1771
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 2010] : (Far Cry Primal.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" uplay://uninstall/2010
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 2688] : (WATCH_DOGS2.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/2688
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 3279] : (Steep.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" uplay://uninstall/3279
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 420] : (Far Cry 4.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" uplay://uninstall/420
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 635] : (Tom Clancy's Rainbow Six Siege.-.Ubisoft Montreal) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" uplay://uninstall/635
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 895] : (Assassin's Creed Rogue.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" uplay://uninstall/895
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Uplay Install 91] : (Splinter Cell Blacklist.-.Ubisoft) -> "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" uplay://uninstall/91
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinPcapInst] : (WinPcap 4.1.2.-.CACE Technologies) -> "C:\Program Files\WinPcap\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Xvid Video Codec 1.3.4] : (Xvid Video Codec.-.Xvid Team) -> C:\Program Files (x86)\Xvid\uninstall.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{059E7155-66AB-3160-AB87-82552612FC2F}] : (Lumberyard 1.5.0.0 - mikkelsen.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{059E7155-66AB-3160-AB87-82552612FC2F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{069E43BE-F438-31EC-8B1C-BBA981CBFD1C}] : (Lumberyard 1.5.0.0 - Lua.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{069E43BE-F438-31EC-8B1C-BBA981CBFD1C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0A85B7A1-58E4-39B8-ACB8-0E59F100A702}] : (Lumberyard 1.5.0.0 - BigDigits.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{0A85B7A1-58E4-39B8-ACB8-0E59F100A702}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0CD57CEB-2FA9-3E0D-B8EE-7840C33571DF}] : (Lumberyard 1.5.0.0 - PVRTexTool.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{0CD57CEB-2FA9-3E0D-B8EE-7840C33571DF}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0E609BE1-6B8D-3134-BA1A-4E63608BC052}] : (Lumberyard 1.5.0.0 - pdcurses.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{0E609BE1-6B8D-3134-BA1A-4E63608BC052}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{12321490-F573-4815-B6CC-7ABEF18C9AC4}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x40c 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{123D0698-1DC5-3873-B475-789413BD605D}] : (Lumberyard 1.5.0.0 - jansson.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{123D0698-1DC5-3873-B475-789413BD605D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{154C563D-5AC1-3CE9-A03C-6685D2893074}] : (Lumberyard 1.5.0.0 - Substance.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{154C563D-5AC1-3CE9-A03C-6685D2893074}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1BFB9476-C0EB-3B6D-951C-73912749A454}] : (Lumberyard 1.5.0.0 - AWS.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{1BFB9476-C0EB-3B6D-951C-73912749A454}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E23A732-2707-3695-B12F-CDAED398A67D}] : (Lumberyard 1.5.0.0 - dev.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{1E23A732-2707-3695-B12F-CDAED398A67D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E242E7E-56AD-38C7-8142-04F0873CB8F6}] : (Lumberyard 1.5.0.0 - szip.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{1E242E7E-56AD-38C7-8142-04F0873CB8F6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F561AD0-55E0-4B00-9429-C727DD525977}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2386192E-D6DB-4AD2-9564-65586A0AE53E}] : (Dotfuscator and Analytics Community Edition.-.PreEmptive Solutions) -> MsiExec.exe /X{2386192E-D6DB-4AD2-9564-65586A0AE53E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1] : (Geeks3D FurMark 1.11.0.-.Geeks3D) -> "C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.11.0\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}] : (UE4 Prerequisites (x64).-.Epic Games, Inc.) -> "C:\ProgramData\Package Cache\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}\UE4PrereqSetup_x64.exe"  /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{290DE303-2C66-3D6E-ABD9-DA595F78440B}] : (Lumberyard 1.5.0.0 - rapidxml.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{290DE303-2C66-3D6E-ABD9-DA595F78440B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2A463353-1949-31DE-900A-2B921693651A}] : (Lumberyard 1.5.0.0 - zlib.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{2A463353-1949-31DE-900A-2B921693651A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E02EF9C-61EE-3302-BAF3-37C16D7F5B47}] : (Lumberyard 1.5.0.0 - LibTomCrypt.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{2E02EF9C-61EE-3302-BAF3-37C16D7F5B47}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E2755E4-D293-3FCF-99F3-980092607E10}] : (Lumberyard 1.5.0.0 - 3rdParty.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{2E2755E4-D293-3FCF-99F3-980092607E10}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}] : (Control Center 5.0001.0.71.-.) -> "C:\Program Files (x86)\InstallShield Installation Information\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}\setup.exe" -runfromtemp -l0x040c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1] : (Bethesda.net Launcher.-.Bethesda Softworks) -> "D:\Games\Bethesda.net Launcher\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{34A16C27-E72F-3B55-AD1C-A978882800DC}] : (Lumberyard 1.5.0.0 - AMD.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{34A16C27-E72F-3B55-AD1C-A978882800DC}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3DEF22C9-BF50-4118-9D30-535FF6B60D47}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Windows_vc120).-.Audiokinetic Inc.) -> MsiExec.exe /X{3DEF22C9-BF50-4118-9D30-535FF6B60D47}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}] : (PreEmptive Analytics Visual Studio Components.-.PreEmptive Solutions) -> MsiExec.exe /X{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{43A59234-01E9-3097-B1F7-B19323E85148}] : (Lumberyard 1.5.0.0 - OculusSDK.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{43A59234-01E9-3097-B1F7-B19323E85148}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{45f26b39-e102-4c6e-b38e-9e8c23cc00ba}] : (Audiokinetic Wwise v2015.2_LTX build 5495.-.Audiokinetic Inc.) -> "C:\ProgramData\Package Cache\{45f26b39-e102-4c6e-b38e-9e8c23cc00ba}\WwiseLTX_v2015.2_Setup.exe"  /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{476EAD44-D344-3335-BF54-91A062A1CBB7}] : (Lumberyard 1.5.0.0 - Wwise.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{476EAD44-D344-3335-BF54-91A062A1CBB7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48EBEBBF-B9F8-4520-A3CF-89A730721917}] : (Les Sims™ 4.-.Electronic Arts Inc.) -> "C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4\Cleanup.exe" uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{49FAD7D7-9F20-38A9-9E53-31776B411A3C}] : (Lumberyard 1.5.0.0 - ilmbase.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{49FAD7D7-9F20-38A9-9E53-31776B411A3C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A6A8D3F-BD6B-31BD-8169-38EA3B1C277D}] : (Lumberyard 1.5.0.0 - nvapi.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{4A6A8D3F-BD6B-31BD-8169-38EA3B1C277D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A9EB787-B476-4A86-B3BE-E86109687D2F}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Common).-.Audiokinetic Inc.) -> MsiExec.exe /X{4A9EB787-B476-4A86-B3BE-E86109687D2F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4BB1AE41-A135-3F29-BB58-51FA43B1844F}] : (Lumberyard 1.5.0.0 - alembic.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{4BB1AE41-A135-3F29-BB58-51FA43B1844F}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4C5D15D2-5351-4F05-A96E-56C20554F977}] : (RollerCoaster Tycoon 2 Triple Thrill Pack.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4E695C21-C785-3D3C-B93F-9AAB0B1EFAB6}] : (Lumberyard 1.5.0.0 - Lzma.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{4E695C21-C785-3D3C-B93F-9AAB0B1EFAB6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{52D87F32-70E4-4348-8148-C0B9F35B1314}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{52D87F32-70E4-4348-8148-C0B9F35B1314}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56289068-B524-3051-B901-A178A9CFD78A}] : (Lumberyard 1.5.0.0 - OpenEXR.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{56289068-B524-3051-B901-A178A9CFD78A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconduct Corp.) -> C:\WINDOWS\RtCRU64.exe /u
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}] : (Airplane Mode Hid Installer.-.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}\setup.exe" -runfromtemp -l0x0409 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60018889-9E0F-43E8-9B89-29E8C828B40A}] : (Dotfuscator and Analytics Community Edition 5.22.0.-.PreEmptive Solutions) -> MsiExec.exe /X{60018889-9E0F-43E8-9B89-29E8C828B40A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{63cb26c8-5146-4a1c-b321-4fa49a7d7118}] : (Lumberyard v1.5.0.0.-.Amazon Web Services, Inc.) -> "C:\ProgramData\Package Cache\{63cb26c8-5146-4a1c-b321-4fa49a7d7118}\tempLumberyardInstaller1.5.0.0.exe"  /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{63DDE690-7963-3A50-8A9C-6C506D9C8347}] : (Lumberyard 1.5.0.0 - p4api.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{63DDE690-7963-3A50-8A9C-6C506D9C8347}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6CF61819-EB0A-3267-8A6C-1724C6AB9878}] : (Lumberyard 1.5.0.0 - expat.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{6CF61819-EB0A-3267-8A6C-1724C6AB9878}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7258BA11-600C-430E-A759-27E2C691A335}_is1] : (GOG Galaxy.-.GOG.com) -> "C:\Program Files (x86)\GOG Galaxy\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{73B3EFFA-DEC7-348F-B478-269DC3B1AF54}] : (Lumberyard 1.5.0.0 - Qt.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{73B3EFFA-DEC7-348F-B478-269DC3B1AF54}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{73E9DEBE-C26E-45FD-A453-F43059BC47A2}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Linux).-.Audiokinetic Inc.) -> MsiExec.exe /X{73E9DEBE-C26E-45FD-A453-F43059BC47A2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{75FC89A3-8B23-4609-BF5C-090E58D6B390}] : (Killer Performance Suite.-.Rivet Networks) -> "C:\Program Files (x86)\InstallShield Installation Information\{75FC89A3-8B23-4609-BF5C-090E58D6B390}\setup.exe" -remove -runfromtemp
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{777B0A2F-CA68-3EEA-A4B7-740702825590}] : (Lumberyard 1.5.0.0 - Qwt.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{777B0A2F-CA68-3EEA-A4B7-740702825590}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{78F98E93-382F-3802-A8F1-64CB5C5DEECD}] : (Lumberyard 1.5.0.0 - tiff.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{78F98E93-382F-3802-A8F1-64CB5C5DEECD}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7A5444DE-335A-403C-8907-7A662F1722E2}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Binaries 64-bit.-.Audiokinetic Inc.) -> MsiExec.exe /X{7A5444DE-335A-403C-8907-7A662F1722E2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7C71BEEB-2D74-34CF-9518-0E4DEBDF6435}] : (Lumberyard 1.5.0.0 - LZSS.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{7C71BEEB-2D74-34CF-9518-0E4DEBDF6435}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{886069FC-F4D0-3696-999F-9776EF25DA37}] : (Lumberyard 1.5.0.0 - boost.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{886069FC-F4D0-3696-999F-9776EF25DA37}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{88B1984E-36F0-47B8-B8DC-728966807A9C}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x40c 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}] : (FIFA 17.-.Electronic Arts) -> "C:\Program Files\Common Files\EAInstaller\FIFA 17\Cleanup.exe" uninstall_game -autologging
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F11A561-4D8B-3FCA-B409-1124C9DC9575}] : (Lumberyard 1.5.0.0 - rapidjson.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{8F11A561-4D8B-3FCA-B409-1124C9DC9575}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{900D9036-4EDA-45EC-A095-E8AFB25D807A}] : (LibreOffice 5.0.6.3.-.The Document Foundation) -> MsiExec.exe /I{900D9036-4EDA-45EC-A095-E8AFB25D807A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90208999-EB52-388B-8032-C2201B582E05}] : (Lumberyard 1.5.0.0 - SQLite.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{90208999-EB52-388B-8032-C2201B582E05}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{907B4640-266B-4A21-92FB-CD1A86CD0F63}] : (RollerCoaster Tycoon 3.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x40c 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{918A4598-866C-4B8F-8901-13F8593EBED6}] : (Sound Blaster X-Fi MB5.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{918A4598-866C-4B8F-8901-13F8593EBED6}\Setup.exe" -l0x40c  /remove
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9200FDDE-ADE6-314A-BB39-C10C44AFC2F5}] : (Lumberyard 1.5.0.0 - SDL2.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{9200FDDE-ADE6-314A-BB39-C10C44AFC2F5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}] : (PreEmptive Analytics Visual Studio Components.-.PreEmptive Solutions) -> MsiExec.exe /X{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{94D9D8FF-5ACB-3172-BFA8-61928770E950}] : (Lumberyard 1.5.0.0 - OSVR.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{94D9D8FF-5ACB-3172-BFA8-61928770E950}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{99892855-6CBD-4B0D-970F-DC53D3AA4103}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{99892855-6CBD-4B0D-970F-DC53D3AA4103}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A090E296-9B54-3F95-9450-F9CE6E6B51E5}] : (Lumberyard 1.5.0.0 - OpenVR.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{A090E296-9B54-3F95-9450-F9CE6E6B51E5}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A11DFDF1-93CD-40DD-84AB-ECEB55A766F4}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A4795FC7-E73B-3DB9-A3DF-B83E4332317E}] : (Lumberyard 1.5.0.0 - dyad.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{A4795FC7-E73B-3DB9-A3DF-B83E4332317E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A81B1C4F-354C-4339-A492-3B839068C9AA}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A81B1C4F-354C-4339-A492-3B839068C9AA}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}] : (Logiciel pour périphérique à chipset Intel®.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}\SetupChipset.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AAEF329E-F353-46C9-933D-24A571986093}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x40c 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC536F45-B431-37C2-9BF2-A8FDCFDD48A6}] : (Lumberyard 1.5.0.0 - OpenSSL.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{AC536F45-B431-37C2-9BF2-A8FDCFDD48A6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824225037}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824225037}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AD415450-3266-4713-B9EA-1C40BB8D7BFF}] : (Control Center 5.0001.0.71.-.Default Company Name) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AE21E1EE-4902-34E9-BBFB-B94CD559DCE3}] : (Lumberyard 1.5.0.0 - markupsafe.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{AE21E1EE-4902-34E9-BBFB-B94CD559DCE3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0AE8717-CE8D-3843-B898-C47C9B7F14FD}] : (Lumberyard 1.5.0.0 - jinja2.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{B0AE8717-CE8D-3843-B898-C47C9B7F14FD}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B294CE94-FE0F-4427-910C-180AF9FCFED1}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{B294CE94-FE0F-4427-910C-180AF9FCFED1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B29CDF64-5F33-3086-B45E-E0E71C2F7462}] : (Lumberyard 1.5.0.0 - Codejock Software.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{B29CDF64-5F33-3086-B45E-E0E71C2F7462}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B8D2AD05-64BC-4BC2-BB76-1B9793394BF3}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Data.-.Audiokinetic Inc.) -> MsiExec.exe /X{B8D2AD05-64BC-4BC2-BB76-1B9793394BF3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B92C2C6C-F70E-497B-88A7-1FEF9888272B}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{B92C2C6C-F70E-497B-88A7-1FEF9888272B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BAC04CF9-480E-3708-9DAF-0531041AED28}] : (Lumberyard 1.5.0.0 - hdf5.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{BAC04CF9-480E-3708-9DAF-0531041AED28}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}] : (Gtk# for .Net 2.12.26.-.Xamarin, Inc.) -> MsiExec.exe /X{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C0F25560-AA35-31FB-AB44-E47ED145151E}] : (Lumberyard 1.5.0.0 - lz4.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{C0F25560-AA35-31FB-AB44-E47ED145151E}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C6034033-D022-3808-BDC8-DBCA38E2847E}] : (Lumberyard 1.5.0.0 - packageRoot.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{C6034033-D022-3808-BDC8-DBCA38E2847E}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}] : (Launcher Prerequisites (x64).-.Epic Games, Inc.) -> "C:\ProgramData\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1] : (Action Replay PowerSaves 3DS version 1.45.-.Datel Design & Development) -> "C:\Program Files (x86)\Action Replay PowerSaves 3DS\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFB784AC-3B33-3D52-B07C-54F1871F1381}] : (Lumberyard 1.5.0.0 - jsmn.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{CFB784AC-3B33-3D52-B07C-54F1871F1381}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D17EAAF2-F0CD-35B0-9D41-4A4537324DEB}] : (Lumberyard 1.5.0.0 - docs.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{D17EAAF2-F0CD-35B0-9D41-4A4537324DEB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}] : (GTA San Andreas.-.Rockstar Games) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D57270AA-D9AB-4D7C-BC08-09F2B5DEF815}_is1] : (Five Multiplayer version (PRE-RELEASE) 0.2a.-.Five Multiplayer) -> "C:\Program Files (x86)\Five Multiplayer\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}] : (Grand Theft Auto V.-.Rockstar Games) -> "C:\Program Files (x86)\InstallShield Installation Information\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}\Setup.exe" -runfromtemp -l0x040c -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E1020D5D-1DE6-3AAF-9C71-0D7E827795DA}] : (Lumberyard 1.5.0.0 - LibTomMath.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{E1020D5D-1DE6-3AAF-9C71-0D7E827795DA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E579D583-FBA3-3E6D-9461-B5374F386A38}] : (Lumberyard 1.5.0.0 - LiveMocap.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{E579D583-FBA3-3E6D-9461-B5374F386A38}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}] : (RCT3 Soaked.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\Setup.exe" -l0x40c 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0FA7AEB-3FB6-3F48-9EE9-62F1E0801C2E}] : (Lumberyard 1.5.0.0 - GoogleMock.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{F0FA7AEB-3FB6-3F48-9EE9-62F1E0801C2E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}] : (Les Sims(tm) : L'intégrale.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\Setup.exe" -l0x40c -l040c
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F4851D03-553C-4ACE-ADBD-CA6BE8451072}] : (Singles2.-.Deep Silver) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F4851D03-553C-4ACE-ADBD-CA6BE8451072}\setup.exe" -l0x40c -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F4E271EF-BAED-33A7-8368-9A1233EAE501}] : (Lumberyard 1.5.0.0 - squish-ccr.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{F4E271EF-BAED-33A7-8368-9A1233EAE501}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F752DACC-57CF-323F-AFB5-5A3CB13072CE}] : (Lumberyard 1.5.0.0 - md5.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{F752DACC-57CF-323F-AFB5-5A3CB13072CE}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}] : (Launcher CRYENGINE.-.Crytek GmbH) -> MsiExec.exe /X{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F9B4014E-6C94-423C-88AC-C9FE953B70A4}] : (Audiokinetic Wwise v2015.2_LTX build 5495 - Wwise LTX License.-.Audiokinetic Inc.) -> MsiExec.exe /X{F9B4014E-6C94-423C-88AC-C9FE953B70A4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FBD934F4-FC23-4044-8392-3551DC8D972F}] : (Logiciel Thunderbolt(TM).-.Intel Corporation) -> MsiExec.exe /X{FBD934F4-FC23-4044-8392-3551DC8D972F}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC832B0F-C308-3F30-B6A7-4833FC5E200C}] : (Lumberyard 1.5.0.0 - FreeType2.-.Amazon Web Services, Inc.) -> MsiExec.exe /I{FC832B0F-C308-3F30-B6A7-4833FC5E200C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{{4E7BB653-2585-4138-95F3-3455FCA04354}}] : (.-.) -> 

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration
[HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\00058CD18F0BF523DA1072073D56715D] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\008BB29E5CCB52C41820CAC2B3C7C7E1] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}\WinInstall.ico
[HKCR\Installer\Products\04FE16E415A899D3AAC4232F30730038] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\054514DA662331749BAEC104BBD8B7FF] : Control Center 5.0001.0.71
[HKCR\Installer\Products\05A724FA93D73FF4DBB0820DE882374F] : Killer Network Manager -> C:\Windows\Installer\{AF427A50-7D39-4FF3-BD0B-28D08E2873F4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\060DED06B6B01CC39B550DDC04F1F0AB] : Visual C++ IDE x64 Package
[HKCR\Installer\Products\06552F0C53AABF13BA444EE71D5451E1] : Lumberyard 1.5.0.0 - lz4
[HKCR\Installer\Products\066ED7F9EFB62AB39AD3F431DB311EB0] : VS Update core components
[HKCR\Installer\Products\070DA1A8F96251A4AA5B67BA98E61F59] : Azure AD Authentication Connected Service
[HKCR\Installer\Products\07E464739B0BFFD946A9BC1E96AB6D75] : Windows Software Development Kit for Windows Store Apps
[HKCR\Installer\Products\08735E734493A6A448F22717828E16E6] : Blend for Visual Studio SDK for .NET 4.5 -> C:\Windows\Installer\{37E53780-3944-4A6A-842F-727128E8616E}\Application
[HKCR\Installer\Products\09179CA7CD7686D47B34347F1ECF93A3] : Windows Phone 8.1 SDK - ARM
[HKCR\Installer\Products\096EDD36369705A3A8C9C605D6C93874] : Lumberyard 1.5.0.0 - p4api
[HKCR\Installer\Products\0B8AF8CDABE92F8339D400B12DE1CA6B] : Windows Phone SDK 8.0 Assemblies
[HKCR\Installer\Products\0BFD0160AECC0CE63E3C0A61A07DDF89] : Windows Runtime Intellisense Content - en-us
[HKCR\Installer\Products\12B30EFE5A8ADCC318DBF74C07701FAB] : Visual C++ IDE Common Resource Package
[HKCR\Installer\Products\12C596E4587CC3D39BF3A9BAB0E1AF6B] : Lumberyard 1.5.0.0 - Lzma
[HKCR\Installer\Products\141695A05D79AF54291889FDFA845D97] : Apple Mobile Device Support -> C:\WINDOWS\Installer\{0A596141-97D5-45FA-9281-98DFAF48D579}\Installer.ico
[HKCR\Installer\Products\14EA1BB4531A92F3BB8515AF341B48F4] : Lumberyard 1.5.0.0 - alembic
[HKCR\Installer\Products\165A11F8B8D4ACF34B9011429CCD5957] : Lumberyard 1.5.0.0 - rapidjson
[HKCR\Installer\Products\16CEC2D10F3CE72C27089F6D1B3087EB] : Windows App Certification Kit Native Components
[HKCR\Installer\Products\1A7B58A04E858B93CA8BE0951F007A20] : Lumberyard 1.5.0.0 - BigDigits
[HKCR\Installer\Products\1BF3F349C9F37BF44A2ED6351607863C] : PreEmptive Analytics Visual Studio Components -> C:\Windows\Installer\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}\icon.ico
[HKCR\Installer\Products\1EB906E0D8B64313ABA1E43606B80C25] : Lumberyard 1.5.0.0 - pdcurses
[HKCR\Installer\Products\237A32E1707259631BF2DCEA3D896AD7] : Lumberyard 1.5.0.0 - dev
[HKCR\Installer\Products\23F78D254E07843418840C9B3FB53141] : Apple Software Update -> C:\WINDOWS\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\Installer.ico
[HKCR\Installer\Products\263AC5E16B930DB49B0C96FC510FEF2A] : AzureTools.Notifications
[HKCR\Installer\Products\26A859D1089C7BC3CA9504FED0F18AE0] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\270EEE60165B5E83589D84A5CBEB3824] : Visual F# 3.1 SDK
[HKCR\Installer\Products\2E4D4D948E1264334A69A141511B5849] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\2F181B388B0200F4E8176CE659A1D8F4] : Visual Studio 2015 Prerequisites - ENU Language Pack
[HKCR\Installer\Products\2F220489ACB9D14AA683A16E850F4151] : Windows Software Development Kit
[HKCR\Installer\Products\2FAAE71DDC0F0B53D914A4547323D4BE] : Lumberyard 1.5.0.0 - docs
[HKCR\Installer\Products\3017D53AEA0E1244899EF3E5EEDEB3D7] : Windows Phone 8.1 Tools for Visual Studio 2013 - ENU
[HKCR\Installer\Products\303ED09266C2E6D3BA9DAD95F58744B0] : Lumberyard 1.5.0.0 - rapidxml
[HKCR\Installer\Products\317725EEA8EBA8438845ADBCEC35612F] : Visual C++ MSBuild X64 Package
[HKCR\Installer\Products\31F3525824EE05843A5A979BE0297DCA] : Entity Framework 6.1.1 Tools  for Visual Studio 2013 -> C:\Windows\Installer\{85253F13-EE42-4850-A3A5-79B90E92D7AC}\setup.ico
[HKCR\Installer\Products\3219F53360390BD4FA70C9363671EED9] : Intel(R) ME UninstallLegacy
[HKCR\Installer\Products\3304306C220D8083DB8CBDAC832E48E7] : Lumberyard 1.5.0.0 - packageRoot
[HKCR\Installer\Products\34DFCB3A6D8523137AFD61EC40763227] : Visual Studio 2012 Verification SDK
[HKCR\Installer\Products\353364A29491ED1309A0B229613956A1] : Lumberyard 1.5.0.0 - zlib
[HKCR\Installer\Products\3756197FDDB4F9A4E9F2CC187048D53C] : Launcher CRYENGINE -> C:\WINDOWS\Installer\{F7916573-4BDD-4A9F-9E2F-CC8107845DC3}\launcher.ico
[HKCR\Installer\Products\3785BBEA6FD10914898D9DCF1544BEB3] : Windows Phone 8.1 SDK - Desktop
[HKCR\Installer\Products\385D975E3ABFD6E349165B73F483A683] : Lumberyard 1.5.0.0 - LiveMocap
[HKCR\Installer\Products\39E89F87F28320838A1F46BCC5D5EEDC] : Lumberyard 1.5.0.0 - tiff
[HKCR\Installer\Products\3A894294C88FF2EF57C5B9B11927C45A] : LocalESPC Dev12
[HKCR\Installer\Products\3FD1021D439FA2435A68B252C58B2B51] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\4003DA6594B0F7696F280B65056BA187] : Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
[HKCR\Installer\Products\40EF163FE9873F24BBBA7E3B08AAE560] : Windows XP Targeting with C++
[HKCR\Installer\Products\42113BF95DF1B413B8194ECE4C131E7D] : Visual Studio 2012-Verifizierungs-SDK - deu
[HKCR\Installer\Products\42ACA5646D8BCEF44AD2E9CF9BC25D06] : TypeScript Power Tool -> C:\WINDOWS\Installer\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}\TypeScriptIcon.ico
[HKCR\Installer\Products\43295A349E1079031B7F1B39328E1584] : Lumberyard 1.5.0.0 - OculusSDK
[HKCR\Installer\Products\44DAE674443D5333FB45190A261ABC7B] : Lumberyard 1.5.0.0 - Wwise
[HKCR\Installer\Products\454D8906B7BC2C4468518D96DF69557C] : TypeScript Power Tool -> C:\Windows\Installer\{6098D454-CB7B-44C2-8615-D869FD9655C7}\TypeScriptIcon.ico
[HKCR\Installer\Products\4561C821E9B39594B8BFECF6900C0AD1] : MSBuild/NuGet Integration 14.0 (x86)
[HKCR\Installer\Products\4603731259DABD843AE2D0E980FE3755] : Prerequisites for SSDT -> C:\Windows\Installer\{21373064-AD95-48DB-A32E-0D9E08EF7355}\ARPIco
[HKCR\Installer\Products\4631232B829ED5239A4539D35332B95E] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\46FDC92B33F568034BE50E7EC1F24726] : Lumberyard 1.5.0.0 - Codejock Software
[HKCR\Installer\Products\495334533A58AEE369E3E0E568B0286D] : Visual C++ MSBuild Base Package
[HKCR\Installer\Products\49EC492BF0EF724419C081A09FCFEF1D] : Intel® Security Assist -> C:\Windows\Installer\{B294CE94-FE0F-4427-910C-180AF9FCFED1}\isa.ico
[HKCR\Installer\Products\4B07F66B5E43A924F95517920E38A354] : Intel(R) Rapid Storage Technology
[HKCR\Installer\Products\4BFC18829F177C042882365911C7E0AD] : Python Tools Redirection Template
[HKCR\Installer\Products\4D2F1236B6634EA378A7E835E93C33A1] : Visual F# 3.1 VS
[HKCR\Installer\Products\4E5572E2392DFCF3993F89002906E701] : Lumberyard 1.5.0.0 - 3rdParty
[HKCR\Installer\Products\4E75276CC42F53C368BB9E7B5D4D9DBF] : Visual C++ IDE Professional Core Package
[HKCR\Installer\Products\4F439DBF32CF440438295315CDD879F2] : Logiciel Thunderbolt(TM) -> C:\Windows\Installer\{FBD934F4-FC23-4044-8392-3551DC8D972F}\MainIcon
[HKCR\Installer\Products\50DA2D8BCB462CB4BB67B1793993B43F] : Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Data
[HKCR\Installer\Products\5122AD3302FA12F31A17750F35A3C5FA] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\54D9CEFB4DABC7D36B7A88D7126E2CA5] : Visual C++ Compiler/Tools X86 Base Package
[HKCR\Installer\Products\54F635CA134B2C73B92F8ADFFCDD846A] : Lumberyard 1.5.0.0 - OpenSSL
[HKCR\Installer\Products\5517E950BA660613BA7828556221CFF2] : Lumberyard 1.5.0.0 - mikkelsen
[HKCR\Installer\Products\575C7E8CAFCF2B64F80C8ECA56053105] : Epic Games Launcher -> C:\Windows\Installer\{C8E7C575-FCFA-46B2-8FC0-E8AC65501350}\UnrealEngineLauncher.ico
[HKCR\Installer\Products\575ED8F29FEAF4E4AB03562BFD7D6AAD] : Windows Phone 8.1 Tools for Visual Studio Professionald 2013 - ENU
[HKCR\Installer\Products\5BB48B7C178B0204C9D0BC809D7B5762] : Windows Phone 8.1 Tools for Visual Studio Professional 2013
[HKCR\Installer\Products\5C894BC8B276C6F31934480BBB1CAE3B] : Visual C++ MSBuild X86 Package
[HKCR\Installer\Products\5CBAC779B4B74EA3E8B1656C371C6D83] : ????? Visual Studio 2012 Verification SDK - rus
[HKCR\Installer\Products\5E014BAE816379C4E8AE54A0578F56DF] : Windows Phone 8.1 SDK - x64
[HKCR\Installer\Products\6309D009ADE4CE540A598EFA2BD508A7] : LibreOffice 5.0.6.3 -> C:\Windows\Installer\{900D9036-4EDA-45EC-A095-E8AFB25D807A}\soffice.ico
[HKCR\Installer\Products\644EC92151360BD3EA2FE30EACC413EA] : Visual Studio 2012 Verification SDK - enu
[HKCR\Installer\Products\659BFB78D1CDCF838A949A99A781F336] : Roslyn Language Services - x86
[HKCR\Installer\Products\65DF6EA3134D35B4490F598E4402A6FD] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\65EC0961132295E409600A78D649E98A] :  Tools for .Net 3.5
[HKCR\Installer\Products\6749BFB1BE0CD6B359C1371972944A45] : Lumberyard 1.5.0.0 - AWS
[HKCR\Installer\Products\67916EA72EF656B4E9C1D44E248877B2] : Visual Studio Extensions for Windows Library for JavaScript
[HKCR\Installer\Products\6828BC1A3BFC589A7D9927A1F0A2723F] : Windows Software Development Kit DirectX x86 Remote
[HKCR\Installer\Products\68701964CA4E4E144A0A0C68AE5842D2] : WCF Data Services 5.6.0 Runtime
[HKCR\Installer\Products\68AB67CA408033019195008142220573] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824225037}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\692E090A45B959F349059FECE6B6155E] : Lumberyard 1.5.0.0 - OpenVR
[HKCR\Installer\Products\6A098CBEC7ED4B44AA3011B916093D1E] : Blend for Visual Studio 2013 -> C:\Windows\Installer\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}\Application
[HKCR\Installer\Products\6D32A5DBF9E1873398FC9E968070D835] : Visual C++ IDE Common Package
[HKCR\Installer\Products\6D9D1C530C783A641B4BDECB0C3622C1] : Prerequisites for SSDT -> C:\Windows\Installer\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}\ARPIco
[HKCR\Installer\Products\7178EA0BD8EC34838B894CC7B9F741DF] : Lumberyard 1.5.0.0 - jinja2
[HKCR\Installer\Products\72C61A43F27E55B3DAC19A87888200CD] : Lumberyard 1.5.0.0 - AMD
[HKCR\Installer\Products\72DDB6B079031EF4DB6ED1E57C935936] : Visual Studio 2013 Prerequisites
[HKCR\Installer\Products\72F83C1B773D89C89DD8926BC7B079D8] : LocalESPCui for en-us Dev12
[HKCR\Installer\Products\751531DBBC29A174B9FFBB406ECE2FB5] : Intel(R) Management Engine Components
[HKCR\Installer\Products\761CF1F288D2A8E358EAD232AD61FDFA] : Visual Studio 2012 Verification SDK - ita
[HKCR\Installer\Products\7685C02EA360FF636B039A9CC65E8DFA] : Visual C++ IDE Debugger Resource Package
[HKCR\Installer\Products\781C45FCA94E47D4BB6C43A5926CDACE] : Killer Bandwidth Control Filter Driver -> C:\Windows\Installer\{CF54C187-E49A-4D74-BBC6-345A29C6ADEC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\787BE9A4674B68A43BEB8E169086D7F2] : Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Common)
[HKCR\Installer\Products\7CF5974AB37E9BD33AFD8BE3342313E7] : Lumberyard 1.5.0.0 - dyad
[HKCR\Installer\Products\7D3BBB269026AD849813E23C83E33AF6] : Killer E240x Drivers -> C:\Windows\Installer\{62BBB3D7-6209-48DA-8931-2EC3383EA36F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D7DAF9402F99A83E9351377B614A1C3] : Lumberyard 1.5.0.0 - ilmbase
[HKCR\Installer\Products\7E5891C65C1E59A368FEC22664F5513C] : Roslyn Language Services - x86
[HKCR\Installer\Products\7EA4744407776763CA369CDD1D0511FF] : Windows Phone SDK 8.0 Assemblies for Visual Studio 2015
[HKCR\Installer\Products\7FD222613158E194190F4F98BAD2C30B] : Visual Studio 2013 Prerequisites - ENU Language Pack
[HKCR\Installer\Products\83285658F384841369E7CE5D33EAF67E] : Visual C++ Compiler/Tools X86 Base Resource Package
[HKCR\Installer\Products\83BFD8DEB78C3B243AE32BD09F530C55] : PowreShellIntegration.Notifications
[HKCR\Installer\Products\86098265425B15039B101A879AFC7DA8] : Lumberyard 1.5.0.0 - OpenEXR
[HKCR\Installer\Products\865E370D852CC1839BBD6945431BFD35] : Visual C++ MSBuild Base Resource Package
[HKCR\Installer\Products\881D49CF80E17073D9324F11874D6446] : Windows Espc Resource Package
[HKCR\Installer\Products\88F200A0D5DFB9733A052AD548FA21B8] : Visual C++ IDE Base Package
[HKCR\Installer\Products\8960D3215CD137834B57874931DB06D5] : Lumberyard 1.5.0.0 - jansson
[HKCR\Installer\Products\8A6DD8D57D4C4554399F1FCC827C6200] : WCF RIA Services V1.0 SP2 -> C:\Windows\Installer\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}\icon.ico
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\8E805F506CD221B46B9A1500506312A6] : Application Insights Tools for Visual Studio 2013
[HKCR\Installer\Products\8E96EC9DA77D49C39A0146612297E44D] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\91816FC6A0BE7623A8C671426CBA8987] : Lumberyard 1.5.0.0 - expat
[HKCR\Installer\Products\91F50526A2D70DF31B2A8D2EAFF2693B] : Visual C++ Compiler/Tools X86 Base Resource Package
[HKCR\Installer\Products\93799D213DFF1673A86A9F920EEF04E7] : Multi-Device Hybrid Apps using C# - Templates - ENU
[HKCR\Installer\Products\9767203404DF6E239A0FB73BDCBE4E61] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\98881006F0E98E34B998928E8C824BA0] : Dotfuscator and Analytics Community Edition 5.22.0 -> C:\WINDOWS\Installer\{60018889-9E0F-43E8-9B89-29E8C828B40A}\DfIcon.ico
[HKCR\Installer\Products\9947451521A46CC3EAD3C3E5787D9290] : Visual C++ MSBuild ARM Package
[HKCR\Installer\Products\9998020925BEB88308232C02B185E250] : Lumberyard 1.5.0.0 - SQLite
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\9A8D949DFEC07993AB6757AE916E1273] : vs_update3notification
[HKCR\Installer\Products\9AF16FB7BFDB365489DACF0BAD82CC7C] : IIS 8.0 Express -> C:\Windows\Installer\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}\Icon_IisExpress
[HKCR\Installer\Products\9C22FED305FB8114D90335F56F6BD074] : Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Windows_vc120)
[HKCR\Installer\Products\9EB5FF13618FE9839AA5F76382870A93] : Visual Studio 2012 Verification SDK - chs
[HKCR\Installer\Products\9EE39CB71F443873DA676FDBC6F8B685] : Visual C++ Compiler/Tools X86 Base Package
[HKCR\Installer\Products\9EFB902DADE36063FAB6CDDA8AA72258] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\9F2683A8785FAFD3AACF1C0F1E610FC5] : Kit SDK de vérification de Visual Studio 2012 - fra
[HKCR\Installer\Products\9FC40CABE0848073D9FA501340A1DE82] : Lumberyard 1.5.0.0 - hdf5
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A241DDB44CC2A7C4F87143F2CFD228DC] : Killer Wireless-AC Drivers -> C:\Windows\Installer\{4BDD142A-2CC4-4C7A-8F17-342FFC2D82CD}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A5254F69D074C51F97E6859D89C8E3F5] : Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
[HKCR\Installer\Products\A5837C0F02D93F541810503D38881508] : iTunes -> C:\WINDOWS\Installer\{F0C7385A-9D20-45F3-8101-05D383885180}\Installer.ico
[HKCR\Installer\Products\AAE8AD66DC4DCD039B39E0FD27E81D6F] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\AFFE3B377CEDF8434B8762D93C1BFA45] : Lumberyard 1.5.0.0 - Qt
[HKCR\Installer\Products\B1273793DE2C5054896B578279CE2F1F] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\B8BEA88A5C6ACB14F8177F40DDE1D000] : Memory Profiler
[HKCR\Installer\Products\BB0423CD63198793E83F0F14CAAE11FB] : Visual C++ IDE Base Resource Package
[HKCR\Installer\Products\BEA7AF0F6BF384F3E99E261F0E08C1E2] : Lumberyard 1.5.0.0 - GoogleMock
[HKCR\Installer\Products\BEABB34E41946C44880C7E1ABD2DA019] : Build Tools Language Resources - amd64
[HKCR\Installer\Products\BEC75DC09AF2D0E38BEE87043C5317FD] : Lumberyard 1.5.0.0 - PVRTexTool
[HKCR\Installer\Products\BEEB17C747D2FC435981E0D4BEFD4653] : Lumberyard 1.5.0.0 - LZSS
[HKCR\Installer\Products\C14E23FDDA4278A44BA33B58351B08E6] : Visual Studio 2015 Prerequisites
[HKCR\Installer\Products\C159CE4579144AA408B301F121B7BB83] : Intel(R) Management Engine Components
[HKCR\Installer\Products\C2FCFBF3A29323644924413C504BD4E5] : AzureTools.Notifications
[HKCR\Installer\Products\C4361DE917E429941AABC7B46EEE931E] : Blend for Visual Studio 2013 ENU resources -> C:\Windows\Installer\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}\Application
[HKCR\Installer\Products\C4D1A74C1B3118E33A7638BFF8F4FBE8] : Visual Studio 2012 Verification SDK - jpn
[HKCR\Installer\Products\C6C2C29BE07FB794887AF1FE898872B2] : Adobe AIR
[HKCR\Installer\Products\C6D67F453CE09D34B8CC373EA10BFB60] : Memory Profiler
[HKCR\Installer\Products\C8A2FA24BBE6E2D3B91F165373F9ABCB] : Windows Espc Package
[HKCR\Installer\Products\C975B53DDE1EA734692EDC183E4CDADC] : Windows Phone 8.1 Tools for Visual Studio 2013
[HKCR\Installer\Products\C9FE20E2EE162033AB3F731CD6F7B574] : Lumberyard 1.5.0.0 - LibTomCrypt
[HKCR\Installer\Products\CA487BFC33B325D30BC7451F78F13118] : Lumberyard 1.5.0.0 - jsmn
[HKCR\Installer\Products\CCAD257FFC75F323FA5BA5C31B0327EC] : Lumberyard 1.5.0.0 - md5
[HKCR\Installer\Products\CDD6F3998F36DCB4B9829D1479A1C9CA] : Windows XP Targeting with C++
[HKCR\Installer\Products\CF35EAF295889BE3ABAAA3B92E9613CB] : VS Update core components
[HKCR\Installer\Products\CF9606880D4F696399F97967FE52AD73] : Lumberyard 1.5.0.0 - boost
[HKCR\Installer\Products\D08BFDF01E191F635B32B00924F1DD1C] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : 
[HKCR\Installer\Products\D1ACF320195E9FA3D9F2896736A915A1] : Visual C++ Library PGO X86 Package
[HKCR\Installer\Products\D2361BDEB4EFB5F42A4319AD180BC314] : Windows Phone 8.1 SDK - x86
[HKCR\Installer\Products\D365C4511CA59EC30AC366582D980347] : Lumberyard 1.5.0.0 - Substance
[HKCR\Installer\Products\D5D0201E6ED1FAA3C917D0E7287759AD] : Lumberyard 1.5.0.0 - LibTomMath
[HKCR\Installer\Products\D75BD4951D853AA4EAC6FB9984F4258F] : Behaviors SDK (Windows Phone) for Visual Studio 2013
[HKCR\Installer\Products\D8130315AEF76E5329D710639801DBCF] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\DB7E58BDDD2B4D343B0C327D5B725B79] : WCF Data Services 5.6.4 Runtime
[HKCR\Installer\Products\DBE4EEF20BEC62E34950FCD018C2AFC3] : Visual C++ IDE Core Professional Plus Resource Package
[HKCR\Installer\Products\DD81A634C2F5C3B489E5DAC3310BCC52] : PreEmptive Analytics Visual Studio Components -> C:\WINDOWS\Installer\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}\icon.ico
[HKCR\Installer\Products\DD81FBED153F3CF3B94FB802CAE25FFE] : Visual Studio 2012 ??? ?? SDK - kor
[HKCR\Installer\Products\DE75FC3A1DFF4CA39B7D0960B9B2E5AD] : Visual C++ IDE Base Resource Package
[HKCR\Installer\Products\E1011CA616579C34EBAEA41B2D028DFF] : paint.net -> C:\WINDOWS\Installer\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\E197C4E0E87BD774DBA5DC0D89B56ACE] : Application Insights Tools for Visual Studio 2015
[HKCR\Installer\Products\E1B219C9DD60FE34BBB254BCC288ABEA] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}\WinInstall.ico
[HKCR\Installer\Products\E2916832BD6D2DA459465685A6A05EE3] : Dotfuscator and Analytics Community Edition -> C:\Windows\Installer\{2386192E-D6DB-4AD2-9564-65586A0AE53E}\DfIcon.ico
[HKCR\Installer\Products\E4104B9F49C6C32488CA9CEF59B3074A] : Audiokinetic Wwise v2015.2_LTX build 5495 - Wwise LTX License
[HKCR\Installer\Products\E488FE093525C423C911369CAD61FBC0] : SDK de comprobación de Visual Studio 2012 - esn
[HKCR\Installer\Products\E61E74258FCBBA5961353B8FBF8F3B1F] : Windows Software Development Kit DirectX x64 Remote
[HKCR\Installer\Products\E751CA102F62E393B819F3BE4DA1E4D5] : Visual C++ IDE Core Package
[HKCR\Installer\Products\E7B7011E260CCD44FA1990B5D4FCBEC5] : Visual C++ MFC MBCS Library for Visual Studio 2013
[HKCR\Installer\Products\E7E242E1DA657C831824400F78C38B6F] : Lumberyard 1.5.0.0 - szip
[HKCR\Installer\Products\EB34E960834FCE13B8C1BB9A18BCDFC1] : Lumberyard 1.5.0.0 - Lua
[HKCR\Installer\Products\EB4BB95A6B2A4633284C8F71A8BB39C9] : Visual C++ IDE Debugger Package
[HKCR\Installer\Products\EBED9E37E62CDF544A354F0395CB742A] : Audiokinetic Wwise v2015.2_LTX build 5495 - SDK (Linux)
[HKCR\Installer\Products\ED1EAC4C8C777A233A7425BD37F8D01E] : Visual Studio 2012 Verification SDK
[HKCR\Installer\Products\ED4445A7A533C3049870A766F271222E] : Audiokinetic Wwise v2015.2_LTX build 5495 - Authoring Binaries 64-bit
[HKCR\Installer\Products\EDDF00296EDAA413BB931CC044FA2C5F] : Lumberyard 1.5.0.0 - SDL2
[HKCR\Installer\Products\EE1E12EA20949E43BBBF9BC45D95CD3E] : Lumberyard 1.5.0.0 - markupsafe
[HKCR\Installer\Products\F088552BE5C8FAF4F8C9D7AB36B56251] : Build Tools - x86
[HKCR\Installer\Products\F0B238CF803C03F36B7A8433CFE502C0] : Lumberyard 1.5.0.0 - FreeType2
[HKCR\Installer\Products\F28962C8543B78C3D871E588DAADFF6F] : Visual Studio Graphics Analyzer
[HKCR\Installer\Products\F2A0B77786ACAEE34A7B477020285509] : Lumberyard 1.5.0.0 - Qwt
[HKCR\Installer\Products\F2FDF73D6678FDB40A3E6AB0BD6B03DE] : Build Tools Language Resources - x86
[HKCR\Installer\Products\F3D8A6A4B6DBDB13189683AEB3C172D7] : Lumberyard 1.5.0.0 - nvapi
[HKCR\Installer\Products\F4437C82498E5FC4D850DE7CDE1797C6] : Behaviors SDK (Windows) for Visual Studio 2013
[HKCR\Installer\Products\F4DF593F5E0465B7B2BC3BFC253B5BC2] : Windows App Certification Kit x64
[HKCR\Installer\Products\F4E30382B2C8C8040B2CE7AA47656456] : Synaptics WBF USB Fingerprint Reader -> C:\Windows\Installer\{28303E4F-8C2B-408C-B0C2-7EAA74564665}\SynapticsLogo.ico
[HKCR\Installer\Products\F56A96135AD9A133CAEC9D079F204040] : Visual Studio 2012 ?? SDK - cht
[HKCR\Installer\Products\F66A30C00FF19F54D876D008E6FBBF1A] : Blend for Visual Studio SDK for Silverlight 5 -> C:\Windows\Installer\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}\Application
[HKCR\Installer\Products\FC5DAE63FE44FCF4B81E9DC684537D4A] : UE4 Prerequisites (x64) -> C:\Windows\Installer\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}\Setup.ico
[HKCR\Installer\Products\FD47F1CCF850C604CBD71FD4E6F5C7DB] : Build Tools - amd64
[HKCR\Installer\Products\FE172E4FDEAB7A333886A92133AE5E10] : Lumberyard 1.5.0.0 - squish-ccr
[HKCR\Installer\Products\FF8D9D49BCA52713FB8A162978079E05] : Lumberyard 1.5.0.0 - OSVR

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

---------- | MBR

Windows Version:		Professional
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	Notebook
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Notebook
System Product Name:		P870KM_KM1
Logical Drives Mask:		0x0000001c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 20 Jun 2017 07:32:57 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 8f935b55-c9c6-4046-ac47-e101d1305f3e
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(3750ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Tue, 20 Jun 2017 07:28:10 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 782ccd11-2f18-4249-b6a2-914a96fbc25b
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(3797ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------


------------


------------


------------


------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 19 Jun 2017 21:26:37 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 168891bb-1d5f-4738-88da-97d6dba6a1d1
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(46469ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Mon, 19 Jun 2017 21:26:05 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 7b2adb02-a13c-47e2-8915-f3a1f96f6892
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(41375ms)
Étape : SubmitDone
L’adresse ou le nom de serveur n’a pas pu être résolu 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)
------------

Le service ne peut pas être démarré. System.NullReferenceException: La référence d'objet n'est pas définie à une instance d'un objet.
   à SetupAfterRebootService.SetupARService.OnStart(String[] args)
   à System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc000041d
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x28c4
Heure de début de l’application défaillante : 0x01d2e8ff21cd7125
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : acfe002a-140d-45a0-baf0-2604e8278b5f
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x28c4
Heure de début de l’application défaillante : 0x01d2e8ff21cd7125
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : 10f4bdfc-fd5e-4bce-8ad8-d0ef1b5979f7
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc000041d
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x30e0
Heure de début de l’application défaillante : 0x01d2e8cc8338509e
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : ef814eef-1cad-458d-8bdd-80c3f9b3224a
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x30e0
Heure de début de l’application défaillante : 0x01d2e8cc8338509e
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : ae4ed021-f051-4184-92e9-28cf55d27c9b
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc000041d
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x335c
Heure de début de l’application défaillante : 0x01d2e87aa6e0ca98
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : e460d0b8-a40b-43cf-9a8a-ead2b42320a1
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------

Nom de l’application défaillante WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.e, version : 10.0.16215.1000, horodatage : 0x5933abef
Nom du module défaillant : windows.ui.core.textinput.dll, version : 10.0.16215.1000, horodatage : 0xcedc9264
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000001f6c6
ID du processus défaillant : 0x335c
Heure de début de l’application défaillante : 0x01d2e87aa6e0ca98
Chemin d’accès de l’application défaillante : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
Chemin d’accès du module défaillant: C:\WINDOWS\SYSTEM32\windows.ui.core.textinput.dll
ID de rapport : 5b7634c1-d438-46f6-8cb4-51bbb2cdacc8
Nom complet du package défaillant : InputApp_1000.16215.1000.0_neutral_neutral_cw5n1h2txyewy
ID de l’application relative au package défaillant : App
------------


------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Sun, 18 Jun 2017 14:18:20 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: f37a0732-46ae-4547-aacc-11d64b8fe38b
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(4891ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------

Échec de l’inscription du certificat SCEP pour WORKGROUP\DESKTOP-CJSUH9G$ via https://IFX-KeyId-5c2920742179bc704db1d8c54c34ca94405617ca.microsoftaik.azure.net/templates/Aik/scep :

SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Sun, 18 Jun 2017 14:18:15 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 08c74c85-9977-4188-a6c9-28ea08876755
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Méthode : POST(3140ms)
Étape : SubmitDone
Demande incorrecte (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
------------


----------( EOF)---------- - 5098 | 09:45:54