--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 24/08/2017 23:18:16

Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Nina (Administrator)] - [NINA-PC] (S-1-5-21-3664000885-1188665264-670964270-1000)

System: Microsoft Windows 10 Professionnel - - (10.0.15063) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Professionnel|C:\WINDOWS|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: GL72 6QD - Micro-Star International Co., Ltd. - IdNumber: 9S7179675019ZG1000115 - UUID: 00000000-0000-0000-0000-D8CB8AF1294C
Processor : X64 - 2304 Mhz - Intel(R) Core(TM) i5-6300HQ CPU @ 2.30GHz
BIOS Date: 01/04/16 15:02:36 Ver: 05.0000B - en|US|iso8859-1 - American Megatrends Inc. - S/N: 9S7179675019ZG1000115 - E1796IMS.103 - MSI_NB - 1072009
CoreTemp : 29.8 Celsius

----------| Quick


---------- | SoundDevice

Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&16D0E45E&0&0201
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_1462119A&REV_1003\4&16D0E45E&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000

---------- | Video

Intel(R) HD Graphics 530 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64,igd10iumd64,igd10iumd64,igd12umd64,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_191B&SUBSYS_11911462&REV_06\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
NVIDIA GeForce GTX 950M - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumdx.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumd.dll,C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvldumd.dll - PNPDeviceID: PCI\VEN_10DE&DEV_139A&SUBSYS_11911462&REV_A2\4&887D7BD&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 530 - DriverVersion: 21.20.16.4534 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:20 %
CPU #2 value:1 %
CPU #3 value:13 %
CPU #4 value:13 %
Total Overall CPU Usage value:12 %

---------- | Network

Qualcomm Atheros AR8171_8175 PCI-E Gigabit Ethernet Controller [NDIS 6.20] : SENT:0 bytes/sec / RECVD:0 bytes/sec
Intel[R] Dual Band Wireless-AC 3165 : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:12 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Intel(R) Dual Band Wireless-AC 3165 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_3165&SUBSYS_40108086&REV_81\08D40CFFFF825A6400
Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.20) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_10A1&SUBSYS_11911462&REV_10\FFF1294CD8CB8AFF00
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&58CC257&0&11
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH

---------- | Memory

RAM = Total (MB) : 4101 | Free (MB) : 1394
Pagefile = Total (MB) : 8295 | Free (MB) : 4989
Virtual = Total (MB) : 4194 | Free (MB) : 3922

Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.: 0 - Manufacturer: SK Hynix - PartNumber: HMA451S6AFR8N-TF    - S/N: 37141621

---------- | SID Users

Administrateur : [S-1-5-21-3664000885-1188665264-670964270-500]
DefaultAccount : [S-1-5-21-3664000885-1188665264-670964270-503]
Invité : [S-1-5-21-3664000885-1188665264-670964270-501]
Nina : [S-1-5-21-3664000885-1188665264-670964270-1000]
Administrateurs : [S-1-5-32-544]
Administrateurs Hyper-V : [S-1-5-32-578]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs d'assistance de contrôle d'accès : [S-1-5-32-579]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 116.69 Go | Free : 39.55 Go -> NTFS (SSD) [SATA]
E:\ -> [Fixed] | [] | Total : 931.51 Go | Free : 634.04 Go -> NTFS [SATA]

Disk Usage Information [2 total Physical Disks]

Physical Drive #0 [C:] : Read:147,304 bytes/sec, Written:730,631 bytes/sec Max Read:147,304 bytes/sec, Max Write:730,631 bytes/sec 
Physical Drive #1 [E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:147,304 bytes/sec, Write Maximum:730,631 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_THNSNJ128G8NY\4&569B64B&1&000000
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10JPVX-22JC3T0\4&569B64B&1&030000

---------- | Windows updates

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.15063.0     (© Microsoft Corporation. Tous droits réservés.)
GC : 60.0.3112.101     (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" 

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.151

---------- | Security

AV : Malwarebytes Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

328 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
488 | [Owner : Système | Parent : 464() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
616 | [Owner : Système | Parent : 464() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.502) = C:\Windows\System32\wininit.exe     [06/08/2017 17:00:36]    CPU Usage:0 %
624 | [Owner : Système | Parent : 608() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
696 | [Owner : Système | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.502) = C:\Windows\System32\services.exe     [06/08/2017 17:00:44]    CPU Usage:0 %
704 | [Owner : Système | Parent : 616(wininit.exe) | 13.43 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.483) = C:\Windows\System32\lsass.exe     [06/08/2017 17:00:43]    CPU Usage:0 %
804 | [Owner : Système | Parent : 696(services.exe) | 3.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
824 | [Owner : Système | Parent : 696(services.exe) | 25.05 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
848 | [Owner : UMFD-0 | Parent : 616(wininit.exe) | 3.19 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe     [06/08/2017 17:00:48]    CPU Usage:0 %
928 | [Owner : Système | Parent : 608() | 7.58 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.483) = C:\Windows\System32\winlogon.exe     [06/08/2017 17:00:43]    CPU Usage:0 %
972 | [Owner : UMFD-1 | Parent : 928(winlogon.exe) | 9.02 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe     [06/08/2017 17:00:48]    CPU Usage:0 %
76 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 12.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
392 | [Owner : Système | Parent : 696(services.exe) | 6.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
492 | [Owner : DWM-1 | Parent : 928(winlogon.exe) | 70.05 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1036 | [Owner : Système | Parent : 696(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1096 | [Owner : Système | Parent : 696(services.exe) | 8.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1144 | [Owner : Système | Parent : 696(services.exe) | 13.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1172 | [Owner : SERVICE LOCAL | Parent : 1036(svchost.exe) | 4.95 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe     [18/03/2017 22:57:38]    CPU Usage:0 %
1208 | [Owner : Système | Parent : 696(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1300 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 10.84 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1380 | [Owner : Système | Parent : 696(services.exe) | 7.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1432 | [Owner : Système | Parent : 696(services.exe) | 9.23 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [06/08/2017 16:05:54]    CPU Usage:0 %
1472 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 12.39 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1504 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1540 | [Owner : Système | Parent : 696(services.exe) | 8.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1548 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1556 | [Owner : Système | Parent : 696(services.exe) | 5.75 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1616 | [Owner : Système | Parent : 1432(NVDisplay.Container.exe) | 17.5 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.2.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [06/08/2017 16:05:54]    CPU Usage:0 %
1660 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.09 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1768 | [Owner : Système | Parent : 696(services.exe) | 8.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1816 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 11.49 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1844 | [Owner : Système | Parent : 696(services.exe) | 7.26 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4534) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe     [01/11/2016 23:05:54]    CPU Usage:0 %
1900 | [Owner : Système | Parent : 696(services.exe) | 7.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1908 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1956 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 8.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
1468 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.73 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2108 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 13.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2116 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 7.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2128 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2144 | [Owner : Système | Parent : 696(services.exe) | 10.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2256 | [Owner : Système | Parent : 696(services.exe) | 12.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2304 | [Owner : Système | Parent : 696(services.exe) | 10.48 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2364 | [Owner : Système | Parent : 696(services.exe) | 10.86 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe     [18/03/2017 22:58:24]    CPU Usage:0 %
2388 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 19.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2412 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 7.51 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2968 | [Owner : Système | Parent : 696(services.exe) | 8.47 Mo] - (.Apple Inc. - MobileDeviceService.) - (17.374.913.2) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe     [03/04/2017 08:52:02]    CPU Usage:0 %
2976 | [Owner : Système | Parent : 696(services.exe) | 3.71 Mo] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (19.30.1646.851) = C:\Windows\System32\ibtsiva.exe     [12/12/2016 17:21:20]    CPU Usage:0 %
2984 | [Owner : Système | Parent : 696(services.exe) | 5.72 Mo] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe     [12/08/2015 16:03:42]    CPU Usage:0 %
3012 | [Owner : Système | Parent : 696(services.exe) | 9.9 Mo] - (.Intel(R) Corporation - Intel(R) Biometric and Context Agent Service.) - (2.0.146.0) = C:\Program Files\Intel\BCA\pabeSvc64.exe     [06/05/2016 10:51:14]    CPU Usage:0 %
3020 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 16.8 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3028 | [Owner : Système | Parent : 696(services.exe) | 20.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3044 | [Owner : Système | Parent : 696(services.exe) | 7.97 Mo] - (.Micro-Star International Co., Ltd. - MSI SCM Service.) - (1.0.10.0) = C:\Program Files (x86)\SCM\MSIService.exe     [22/01/2016 13:41:04]    CPU Usage:0 %
3068 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 12.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2488 | [Owner : Système | Parent : 696(services.exe) | 6.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2684 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2772 | [Owner : Système | Parent : 696(services.exe) | 6.09 Mo] - (.MSI - SUPER CHARGER Service.) - (1.2.24.0) = C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe     [04/04/2016 22:00:59]    CPU Usage:0 %
2784 | [Owner : Système | Parent : 696(services.exe) | 18.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2824 | [Owner : Système | Parent : 696(services.exe) | 9.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3096 | [Owner : Système | Parent : 696(services.exe) | 7.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3104 | [Owner : Système | Parent : 696(services.exe) | 7.19 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.4.184) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [05/12/2016 00:08:30]    CPU Usage:0 %
3116 | [Owner : Système | Parent : 696(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe     [06/08/2017 17:01:06]    CPU Usage:0 %
3124 | [Owner : Système | Parent : 696(services.exe) | 11.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3156 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3188 | [Owner : Système | Parent : 696(services.exe) | 18.68 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.15924.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe     [04/04/2016 10:10:08]    CPU Usage:0 %
3216 | [Owner : Système | Parent : 696(services.exe) | 15.38 Mo] - (.McAfee, Inc. - Intel Security True Key.) - (4.4.135.0) = C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe     [30/07/2016 03:01:52]    CPU Usage:0 %
3236 | [Owner : Système | Parent : 696(services.exe) | 17.44 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3264 | [Owner : Système | Parent : 696(services.exe) | 5.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3304 | [Owner : Système | Parent : 696(services.exe) | 19.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3412 | [Owner : Système | Parent : 696(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.447) = C:\Program Files\Windows Defender\MsMpEng.exe     [06/08/2017 17:01:03]    CPU Usage:0 %
3428 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 10.41 Mo] - (.Electronic Arts - OriginWebHelperService.) - (10.4.16.25850) = E:\Origin\OriginWebHelperService.exe     [26/07/2017 16:55:36]    CPU Usage:0 %
3764 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 5.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
4004 | [Owner : Système | Parent : 696(services.exe) | 101.33 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.556) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [24/08/2017 21:51:10]    CPU Usage:0 %
4028 | [Owner : Système | Parent : 696(services.exe) | 13.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
4036 | [Owner : SERVICE LOCAL | Parent : 2488(svchost.exe) | 12.15 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe     [18/03/2017 22:57:46]    CPU Usage:0 %
4616 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.18 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
3992 | [Owner : SERVICE RÉSEAU | Parent : 824(svchost.exe) | 25.76 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 22:58:01]    CPU Usage:0 %
5724 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5748 | [Owner : Système | Parent : 696(services.exe) | 6.29 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5940 | [Owner : Nina | Parent : 4004(MBAMService.exe) | 31.12 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1169) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [24/08/2017 21:51:07]    CPU Usage:0 %
5988 | [Owner : Nina | Parent : 696(services.exe) | 19.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
6028 | [Owner : Nina | Parent : 1380(svchost.exe) | 26.46 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe     [18/03/2017 22:58:10]    CPU Usage:0 %
6064 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 10.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5412 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 8.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5380 | [Owner : Nina | Parent : 696(services.exe) | 25.7 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5832 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.21 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe     [06/08/2017 16:54:22]    CPU Usage:0 %
5984 | [Owner : Nina | Parent : 3104(SynTPEnhService.exe) | 20.81 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.4.184) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [05/12/2016 00:08:26]    CPU Usage:0 %
5388 | [Owner : Système | Parent : 696(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
6176 | [Owner : Nina | Parent : 1144(svchost.exe) | 20.57 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe     [18/03/2017 22:57:57]    CPU Usage:0 %
6664 | [Owner : Nina | Parent : 3188(TeamViewer_Service.exe) | 25.08 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.15924.0) = C:\Program Files (x86)\TeamViewer\TeamViewer.exe     [04/04/2016 10:10:07]    CPU Usage:0 %
6760 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
6792 | [Owner : Nina | Parent : 824(svchost.exe) | 6.58 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.15063.0) = C:\Windows\System32\wbem\unsecapp.exe     [18/03/2017 22:57:50]    CPU Usage:0 %
6860 | [Owner : Nina | Parent : 6700() | 115.12 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.447) = C:\Windows\explorer.exe     [06/08/2017 17:00:48]    CPU Usage:0 %
7008 | [Owner : Système | Parent : 696(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
7096 | [Owner : Nina | Parent : 6880() | 10.75 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4534) = C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe     [01/11/2016 23:05:54]    CPU Usage:0 %
6284 | [Owner : Nina | Parent : 6372() | 6.5 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.4.184) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [05/12/2016 00:08:34]    CPU Usage:0 %
7316 | [Owner : Système | Parent : 696(services.exe) | 43.97 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe     [06/08/2017 17:00:37]    CPU Usage:0 %
7348 | [Owner : Nina | Parent : 824(svchost.exe) | 43.78 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [18/03/2017 22:56:41]    CPU Usage:0 %
7504 | [Owner : Système | Parent : 3188(TeamViewer_Service.exe) | 6.53 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.15924.0) = C:\Program Files (x86)\TeamViewer\tv_w32.exe     [04/04/2016 10:10:08]    CPU Usage:0 %
7560 | [Owner : Système | Parent : 3188(TeamViewer_Service.exe) | 6.19 Mo] - (.TeamViewer GmbH - TeamViewer 12.) - (12.1.15924.0) = C:\Program Files (x86)\TeamViewer\tv_x64.exe     [04/04/2016 10:10:08]    CPU Usage:0 %
7780 | [Owner : Nina | Parent : 824(svchost.exe) | 42.41 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe     [18/03/2017 22:58:01]    CPU Usage:0 %
7936 | [Owner : Nina | Parent : 824(svchost.exe) | 27.36 Mo] - (.-.) - (11.19.856.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe     [22/08/2017 21:54:01]    CPU Usage:0 %
8152 | [Owner : Système | Parent : 696(services.exe) | 13.83 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5952 | [Owner : Système | Parent : 696(services.exe) | 14.9 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
8260 | [Owner : Nina | Parent : 824(svchost.exe) | 4.6 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.250) = C:\Windows\System32\SettingSyncHost.exe     [06/08/2017 17:00:35]    CPU Usage:0 %
8756 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 14.71 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
8812 | [Owner : Nina | Parent : 1616(NVDisplay.Container.exe) | 9.09 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.8205) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe     [06/08/2017 16:05:58]    CPU Usage:0 %
4336 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
5112 | [Owner : Nina | Parent : 8704() | 17.85 Mo] - (.Micro-Star International Co., Ltd. - Dragon Gaming Center.) - (1.0.1501.2801) = C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe     [28/01/2015 11:19:14]    CPU Usage:0 %
3824 | [Owner : Nina | Parent : 6860(explorer.exe) | 14.94 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe     [18/03/2017 22:56:44]    CPU Usage:0 %
9080 | [Owner : Nina | Parent : 6860(explorer.exe) | 10.45 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.526.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe     [03/03/2016 12:45:02]    CPU Usage:0 %
8300 | [Owner : Nina | Parent : 6860(explorer.exe) | 25.11 Mo] - (.MSI - SCM.) - (13.16.1229.0) = C:\Program Files (x86)\SCM\SCM.exe     [22/01/2016 13:41:04]    CPU Usage:0 %
8960 | [Owner : Nina | Parent : 6860(explorer.exe) | 8.27 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.12.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe     [04/04/2016 13:43:27]    CPU Usage:0 %
8700 | [Owner : Système | Parent : 824(svchost.exe) | 8.75 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 22:58:01]    CPU Usage:0 %
9160 | [Owner : Nina | Parent : 696(services.exe) | 23.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
9180 | [Owner : Système | Parent : 696(services.exe) | 5.46 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
6532 | [Owner : Nina | Parent : 6860(explorer.exe) | 19.42 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6963.807) = C:\Users\Nina\AppData\Local\Microsoft\OneDrive\OneDrive.exe     [04/04/2016 13:23:57]    CPU Usage:0 %
9448 | [Owner : Nina | Parent : 9364() | 10.4 Mo] - (.MSI - SUPER CHARGER.) - (1.2.24.0) = C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe     [04/04/2016 22:00:59]    CPU Usage:0 %
9536 | [Owner : Nina | Parent : 9364() | 7.1 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.144.1) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe     [21/07/2017 23:05:42]    CPU Usage:0 %
10164 | [Owner : Nina | Parent : 1144(svchost.exe) | 11.53 Mo] - (.Micro-Star International Co., Ltd. - Hotkey Listener.) - (1.0.1508.1001) = C:\Program Files (x86)\MSI\Shortcut Manager\HotkeyListener.exe     [10/08/2015 18:29:48]    CPU Usage:0 %
6484 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 8.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
7112 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
7480 | [Owner : Système | Parent : 696(services.exe) | 10.86 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
4488 | [Owner : Nina | Parent : 824(svchost.exe) | 4.2 Mo] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe     [18/03/2017 22:59:06]    CPU Usage:0 %
6220 | [Owner : Système | Parent : 696(services.exe) | 14.43 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
11084 | [Owner : Système | Parent : 696(services.exe) | 19.32 Mo] - (.McAfee, Inc. - Intel Security True Key.) - (4.4.135.0) = C:\Program Files\TrueKey\McTkSchedulerService.exe     [18/04/2016 19:12:19]    CPU Usage:0 %
8272 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.58 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
11144 | [Owner : Système | Parent : 696(services.exe) | 11.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
6916 | [Owner : Système | Parent : 696(services.exe) | 43.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
2320 | [Owner : Système | Parent : 696(services.exe) | 19.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
10332 | [Owner : Nina | Parent : 824(svchost.exe) | 34.96 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe     [06/08/2017 17:00:35]    CPU Usage:0 %
6156 | [Owner : Nina | Parent : 6860(explorer.exe) | 260.73 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
1392 | [Owner : Nina | Parent : 6156(chrome.exe) | 11.96 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
10192 | [Owner : Nina | Parent : 6156(chrome.exe) | 12.24 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
10956 | [Owner : Nina | Parent : 6156(chrome.exe) | 86.47 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
11244 | [Owner : Nina | Parent : 6156(chrome.exe) | 138.64 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
3168 | [Owner : SERVICE LOCAL | Parent : 1468(svchost.exe) | 17.67 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe     [06/08/2017 17:00:42]    CPU Usage:0 %
10400 | [Owner : Nina | Parent : 824(svchost.exe) | 24.94 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe     [18/03/2017 22:58:23]    CPU Usage:0 %
5228 | [Owner : Nina | Parent : 6156(chrome.exe) | 243.2 Mo] - (.Google Inc. - Google Chrome.) - (60.0.3112.101) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [04/04/2016 16:29:22]    CPU Usage:0 %
9644 | [Owner : Nina | Parent : 824(svchost.exe) | 10.73 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
9168 | [Owner : Nina | Parent : 824(svchost.exe) | 11.36 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.15063.0) = C:\Windows\System32\dllhost.exe     [18/03/2017 22:58:21]    CPU Usage:0 %
10640 | [Owner : SERVICE RÉSEAU | Parent : 824(svchost.exe) | 10.1 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [18/03/2017 22:58:50]    CPU Usage:0 %
10160 | [Owner : Système | Parent : 7316(SearchIndexer.exe) | 22.58 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.15063.447) = C:\Windows\System32\SearchProtocolHost.exe     [06/08/2017 17:00:36]    CPU Usage:0 %
10700 | [Owner : Nina | Parent : 824(svchost.exe) | 75.28 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [06/08/2017 17:00:52]    CPU Usage:0 %
11132 | [Owner : Nina | Parent : 824(svchost.exe) | 22.86 Mo] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.15063.413) = C:\Windows\HelpPane.exe     [06/08/2017 17:00:43]    CPU Usage:0 %
5468 | [Owner : Nina | Parent : 6860(explorer.exe) | 39.29 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\Nina\Desktop\QuickDiag.exe     [24/08/2017 23:12:35]    CPU Usage:0 %

---------- | MD5

[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [06/08/2017 17:00:48] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4733.81 Ko] - (10.0.15063.447) : C:\WINDOWS\Explorer.exe
[MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 22:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe
[MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 22:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe
[MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.90224339656D3CFEC43150209B4CD38E] - [06/08/2017 17:00:43] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll
[MD5.9936F9E94C6E3F47A158D7BFF020575A] - [06/08/2017 17:00:43] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\lsass.exe
[MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [06/08/2017 17:00:36] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 22:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.C81F9707DEA008EED4071B5A39B7C76E] - [06/08/2017 17:00:44] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\services.exe
[MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe
[MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll
[MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe
[MD5.0242626678C83AE788C655C1990A3CC3] - [06/08/2017 17:00:36] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Wininit.exe
[MD5.31E3287EF6D97C5864A301CEA75BBBA1] - [06/08/2017 17:00:43] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Winlogon.exe
[MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 22:57:36] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 22:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 22:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [06/08/2017 17:00:33] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 22:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 22:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 22:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.59F3D5FEF4A24871C07C279762DA8624] - [06/08/2017 17:00:43] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1213.41 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 22:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.075F8C81457804BB79DD33FE69A96C57] - [06/08/2017 17:00:44] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2272.91 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 22:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 22:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 22:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.02481DA7952E87F0EF007B54E0216DA8] - [06/08/2017 17:00:43] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2616.41 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.D74756DD1518D28A09CDA99696273FA4] - [09/08/2017 11:13:54] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.540) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 22:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (21.20.16.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igd10iumd64.dll
(.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igc64.dll
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.15924.0) -- C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.Apple Inc..-.ShellStreams.) - (56.0.0.76) -- C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.31.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.8205) -- C:\WINDOWS\system32\nv3dappshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 382.05.) - (22.21.13.8205) -- C:\WINDOWS\system32\nvapi64.dll
(.NVIDIA Corporation.-.NVIDIA French language resource library.) - (8.17.13.8205) -- C:\WINDOWS\SYSTEM32\Nv3DAppShExtR.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.TeamViewer GmbH.-.TeamViewer 12.) - (12.1.15924.0) -- C:\Program Files (x86)\TeamViewer\tv_x64.dll
(.Intel Corporation.-.Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator.) - (21.20.16.4534) -- C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igc64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
Twitch - (Twitch.lnk [Startup]) - User: NINA-PC\Nina
OneDrive - ("C:\Users\Nina\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
iCloudServices - (C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
iCloudDrive - (C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
uTorrent - ("C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
Steam - ("C:\Program Files (x86)\Steam\steam.exe" -silent [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
World of Tanks - ("E:\Games\World_of_Tanks\WargamingGameUpdater.exe" [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
Spotify Web Helper - ("C:\Users\Nina\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
Spotify - ("C:\Users\Nina\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
Skype - ("C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
ApplePhotoStreams - (C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\...\Run]) - User: NINA-PC\Nina
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
SCM - (C:\Program Files (x86)\SCM\SCM.exe [HKLM\SOFTWARE\...\Run]) - User: Public
NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
iTunesHelper - ("E:\iTunes\iTunesHelper.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Nina\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background   
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe   [09/05/2017 04:55:48]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe   [09/05/2017 04:55:26]
"uTorrent"="C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED   
"Steam"="C:\Program Files (x86)\Steam\steam.exe" -silent   
"World of Tanks"="E:\Games\World_of_Tanks\WargamingGameUpdater.exe"   
"Spotify Web Helper"="C:\Users\Nina\AppData\Roaming\Spotify\SpotifyWebHelper.exe"   
"Spotify"="C:\Users\Nina\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized   
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun   
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe   [09/05/2017 04:55:38]

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x020000000000000000000000   
"Steam"=0x0300000037A542E7E9E2D201   
"Skype"=0x03000000B2B1BE6F71C9D101   
"AppleIEDAV"=0x020000000000000000000000   
"iCloudDrive"=0x0300000058DECA5BE8E2D201   
"iCloudPhotos"=0x020000000000000000000000   
"iCloudServices"=0x03000000B330947171C9D101   
"uTorrent"=0x030000005574A51AE6EDD201   
"World of Tanks"=0x03000000B71A9FE1E9E2D201   
"Spotify"=0x030000004C4C5E56E8E2D201   
"Spotify Web Helper"=0x030000003121A0EAE9E2D201   
"AudialsNotifier"=0x020000000000000000000000   
"ApplePhotoStreams"=0x020000000000000000000000   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=shutdown -s -t 3600\1   
"MRUList"=gljkihfedcba   
"b"=shutdown -s -t 25200\1   
"c"=shutdown -s -t 10800\1   
"d"=shutdown -s -t 1800\1   
"e"=shutdown -s -t 7200\1   
"f"=regedit\1   
"g"=cmd\1   
"h"=msconfig\1   
"i"=devmgmt.msc\1   
"j"=cleanmgr\1   
"k"=%TEMP%\1   
"l"=sfc /scannow\1   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Microsoft Print to PDF,winspool,Ne01:   
"IsMRUEstablished"=0   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   
"SCM"=C:\Program Files (x86)\SCM\SCM.exe   [22/01/2016 13:41:04]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"   
"iTunesHelper"="E:\iTunes\iTunesHelper.exe"   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x060000000000000000000000   
"RTHDVCPL"=0x060000000000000000000000   
"NvBackend"=0x020000000000000000000000   
"SCM"=0x020000000000000000000000   
"iTunesHelper"=0x03000000A407FC6D71C9D101   
"ShadowPlay"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"USB3MON"=0x020000000000000000000000   
"SUPER CHARGER"=0x020000000000000000000000   
"SunJavaUpdateSched"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D2A02A4539A47C   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"   
"SUPER CHARGER"=C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe   [04/04/2016 22:00:59]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Apple Diagnostics
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
MSI_Dragon Gaming Center
MSI_Help_Desk_Agent
MSI_Shortcut Manager
OneDrive Standalone Update Task-S-1-5-21-3664000885-1188665264-670964270-1000
User_Feed_Synchronization-{45E22C5F-88F2-4576-B219-197FFEAD25DB}
{1306381C-6D4B-4C15-B06B-B7B53C4EB92D}
{3DC3432C-81C6-44FC-8F3E-246B733F8928}
{87F1A922-2C82-4130-8A3D-B5705D4240DC}
{97707857-553E-4CC3-B0FA-8831F20558C3}

---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"InstanceID"=ef113a36-1473-484f-a828-6ea36b7   
"GlassSessionId"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   
"PendingFileRenameOperations"=\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve.tmp
!\??\C:\WINDOWS\AppCompat\Programs\Amcache.hve   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=1   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaPid"=704   
"Notification Packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter   
"ProductType"=6   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\Users\Nina\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper   [22/10/2016 20:31:14]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Win8DpiScaling"=1   
"DpiScalingVer"=4096   
"MaxVirtualDesktopDimension"=2944   
"MaxMonitorDimension"=1920   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC30100AF400A008007000038040000E782EC9DBA0ED30143003A005C00550073006500720073005C004E0069006E0061005C0041007000700044006100740061005C004C006F00630061006C005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C005400680065006D00650073005C005400720061006E00730063006F00640065006400570061006C006C00700061007000650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"AutoColorization"=1   
"ImageColor"=2264122745   
"LockScreenAutoLockActive"=0   
"PreferredUILanguages"=fr-FR   
"LogPixels"=120   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003828000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=2   
"GlobalAssocChangedCounter"=29   
"FirstRunTelemetryComplete"=1   
"AppReadinessLogonComplete"=1   
"SlowContextMenuEntries"=0x0114020000000000C00000000000004604020000CEC429A936FD7042B4F534ECAC5BD63C8A0300006078A409B011A54DAFA526D86198A7809C000000FB9A790967ADD111ABCD00C04FC309367D0000001A58CE57B60C66429CA019364C90A0B38D000000   
"link"=0x15000000   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=0   
"StartMenuInit"=13   
"Start_ShowMyGames"=0   
"ShowSuperHidden"=0   
"ShowStatusBar"=1   
"StoreAppsOnTaskbar"=1   
"EnableStartMenu"=1   
"ReindexedProfile"=1   
"AlwaysShowMenus"=1   
"TaskbarStateLastRun"=0xB32A9F5900000000   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x050000000400000003000000020000000100000000000000FFFFFFFF   
"0"=0x6D0061006D000000   
"1"=0x6D0061006D0061006D00690061000000   
"2"=0x6D0061006D0061006D000000   
"3"=0x6D0061006D0061000000   
"4"=0x73007600630068000000   
"5"=0x6E0069006E0061000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=2   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=15063   
"FirstLogon"=0   
"PUUActive"=0x3A3934BC010001001C002F0084190100B0CC0100F9071800D1000000020008008F789636790F180034850200E18500008F7D00004E0C000000000000C78302007A0900004B010000A06C1BAB1B1DD30184190100000000000100000000000000   
"DP"=0xCE005800100001001B0000003A3934BCD4AB4B0000000000A06C1BAB1B1DD301BB0C341F101DD301208D1300000000000000000021900B000000000000000000000000000000000000000000000000000000000000000000   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DefaultUserName"=   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"LastLogOffEndTimePerfCounter"=1441042353   
"ShutdownFlags"=7   
"Userinit"=C:\Windows\system32\userinit.exe,   
"scremoveoption"=0   
"ShutdownWithoutLogon"=0   
"DisableCad"=1   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe   [18/03/2017 22:58:21]


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [20/03/2017 07:10:43]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [20/03/2017 07:10:43]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=1886D5E CDSetup.exe"=1
"SIGN.MEDIA=A531E2 USB3.0_Intel_USB_3.0_xHC_Driver_Skylake_MR2_PV_4.0.2.42_4.0.2.42_0x2c4e2f04\Setup.exe"=1
"SIGN.MEDIA=319CA039 lan_qualcomm_ar816x_2.1.0.21_0xf5620e17_w8100\setup.exe"=1
"C:\Users\Nina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JL29GA1H\TeamViewer_Setup_fr[1].exe"=1

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006821030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"SIGN.MEDIA=1886D5E CDSetup.exe"=0x5341435001000000000000000700000028000000386D880155E9880101000000000000000000000A7122000019B4C529E312D10100000000000000000500000010000000000000000000000000000006000000000200000028000000000000060000006000000000000000000000000000000000C0360000000000000800000008000000
"SIGN.MEDIA=12F844 SETUP.EXE"=0x534143500100000000000000070000002800000030110700C7F807000100000000000000000000067102000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000010A30800000000000100000001000000
"C:\Users\Nina\Desktop\Nouveau dossier\CDSetup.exe"=0x5341435001000000000000000700000028000000386D880155E9880101000000000000000000000A7122000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000060FF5F00000000000B0000000B000000
"C:\Users\Nina\Desktop\Nouveau dossier\Win10 x86x64\EC\Setup.exe"=0x5341435001000000000000000700000028000000304104004C96040001000000000000000000000A0021000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008A180000000000000100000001000000
"C:\Users\Nina\Desktop\Nouveau dossier\AP\Battery Calibration\Install.bat"=0x534143500100000000000000070000002800000000920300914704000100000000000000000001050010000059193B14E312D1010000000000000000
"C:\Users\Nina\Desktop\Nouveau dossier\AP\Battery Calibration\setup.exe"=0x5341435001000000000000000700000028000000F0237E0004497E000100000000000000000000067102000019B4C529E312D1010000000000000000
"C:\Users\Nina\Downloads\MSI Battery Calibration_v1.0.1508.1001 (1)\setup.exe"=0x5341435001000000000000000700000028000000F0237E0004497E000100000000000000000000067102000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000020000000000000000000000000068CD0200000000000400000004000000
"C:\Users\Nina\Downloads\MSI SCM x64 13.016.01229 (1)\setup.exe"=0x5341435001000000000000000700000028000000182D00003900010001000000000000000000000AF322000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A7350000000000000100000001000000
"C:\Program Files (x86)\SCM\SCM.exe"=0x5341435001000000000000000700000028000000008C04000000000001000000000000000000000AF3220000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000AC000000000000001100000011000000
"C:\Users\Nina\Downloads\super_charger _1.2.024\SUPER CHARGER.exe"=0x534143500100000000000000070000002800000038B236003AE936000100000000000000000001060001000019B4C529E312D1010000000000000000
"C:\Users\Nina\Downloads\SizingOptions_v3.0.1512.1801 (1)\setup.exe"=0x5341435001000000000000000700000028000000183100002989000001000000000000000000000AF122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000083620000000000000100000001000000
"C:\Users\Nina\Downloads\Dragon Gaming Center v1.0.1501.2801_1.0.1501.2801\Setup.exe"=0x5341435001000000000000000700000028000000A019DE0086F5DE000100000000000000000000067102000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000AE460000000000000100000001000000
"C:\Users\Nina\Downloads\Help Desk_1.0.1602.1801 (1)\setup.exe"=0x534143500100000000000000070000002800000060178900B4FF89000100000000000000000000067102000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000193D0000000000000100000001000000
"C:\Users\Nina\Downloads\Help Desk_1.0.1602.1801\setup.exe"=0x534143500100000000000000070000002800000060178900B4FF89000100000000000000000000067102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000200000000000000000000000000C9440000000000000100000001000000
"C:\Users\Nina\Downloads\Shortcut Manager_v1.0.1508.1001_1.0.1508.1001_0x7f0eabc1 (1)\setup.exe"=0x534143500100000000000000070000002800000071BAE601000000000100000000000000000000067102000019B4C529E312D1010000000000000000
"C:\Users\Nina\Downloads\Shortcut Manager_v1.0.1508.1001_1.0.1508.1001_0x7f0eabc1 (2)\setup.exe"=0x534143500100000000000000070000002800000071BAE601000000000100000000000000000000067102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000200000000000000000000000000ED390000000000000100000001000000
"C:\Users\Nina\Downloads\SteamSetup.exe"=0x5341435001000000000000000700000028000000681115002116150001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000001D9B0200000000000400000004000000
"C:\Users\Nina\AppData\Local\Temp\IXP309.TMP\SetupAdmin.exe"=0x534143500100000000000000070000002800000048470100437F01000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000764A0000000000000100000001000000
"C:\Users\Nina\Downloads\JavaSetup8u77.exe"=0x534143500100000000000000070000002800000040360B00C9340C0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009B610600000000000200000002000000
"C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe"=0x5341435001000000000000000700000028000000884E68000D94680001000000000000000000000AF52200008D6EE477682ED201000000000000000002000000500000000000000000000040000000000000000000000000000000004EAFF001000000000900000005000000000000000000000004000000000000000000000000000000BE114B03000000000F00000000000000
"C:\Users\Nina\Downloads\WoT_internet_install_eu.exe"=0x534143500100000000000000070000002800000078074700C5B247000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000057313B02000000000200000002000000
"C:\Users\Nina\Downloads\JavaSetup8u77 (1).exe"=0x534143500100000000000000070000002800000040360B00C9340C0001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000DC8B0500000000000200000002000000
"C:\Users\Nina\Downloads\SkypeSetup.exe"=0x534143500100000000000000070000002800000080F216003960170001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C4AE0200000000000100000001000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0720C009F7D0C0001000000010000000000000A0021000059193B14E312D1010000000000000000
"C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaw.exe"=0x534143500100000000000000070000002800000040EC02002958030001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000740C0000000000000400000004000000
"C:\Users\Nina\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe"=0x5341435001000000000000000700000028000000A8F8D301BC98D4010100000000000000000003060001000019B4C529E312D10100000000000000000200000050000000000000000000004000000000000000000000000000000000040F000000000000020000000100000000000000000000000000000000000000000000000000000002B60000000000000400000000000000
"C:\Users\Nina\AppData\Local\Temp\IXP000.TMP\VCREDI~2.EXE"=0x5341435001000000000000000700000028000000507F30004B5231000100000000000000000001057100000019B4C529E312D10100000000000000000200000028000000000000008009004000000000000000000000000000000000B60E0000000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\IXP000.TMP\VCREDI~3.EXE"=0x534143500100000000000000070000002800000050492900C3D329000100000000000000000001057100000019B4C529E312D1010000000000000000020000002800000000000000800900400000000000000000000000000000000083190000000000000200000002000000
"C:\Users\Nina\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exe"=0x53414350010000000000000007000000280000000810080083D108000100000000000000000000067102000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006E120000000000000300000003000000
"C:\Riot Games\League of Legends\lol.launcher.exe"=0x5341435001000000000000000700000028000000B87C010083C101000100000000000000000001067100000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000867F2102000000000C0000000C000000
"C:\Users\Nina\Downloads\Minecraft.exe"=0x534143500100000000000000070000002800000088071300D238130001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003D012000000000000100000001000000
"C:\Users\Nina\Desktop\jeux\Minecraft.exe"=0x534143500100000000000000070000002800000088071300D238130001000000000000000000000A7120000019B4C529E312D10100000000000000000200000050000000000000000000004000000000000000000000000000000000E055000000000000010000000100000000000000000000000000000000000000000000000000000087F72600000000000D00000000000000
"C:\Users\Nina\Desktop\jeux\Minecraft\Minecraft.exe"=0x534143500100000000000000070000002800000088071300D238130001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006E112301000000000F0000000F000000
"C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe"=0x5341435001000000000000000700000028000000F0FB0F001B93100001000000000000000000030671200000A47A1198672ED20100000000000000000200000028000000000000000000000000020200000000000000000000000000241C0000000000000500000005000000
"C:\Program Files (x86)\MSI\Sizing Options\Sizing Options.exe"=0x5341435001000000000000000700000028000000385B7A06DAE17A0601000000000000000000000AF52200008D6EE477682ED201000000000000000002000000280000000000000000000000000000000000000000000000000000003E560000000000000600000006000000
"C:\Program Files (x86)\MSI\Shortcut Manager\Shortcut Manager.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000018514F0068A64F0001000000000000000000000AF52200008D6EE477682ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000C4470400000000000600000006000000
"C:\Users\Nina\Downloads\OriginThinSetup.exe"=0x5341435001000000000000000700000028000000C821DE01D94EDE010100000000000000000001060001000019B4C529E312D1010000000000000000
"C:\Program Files (x86)\Origin\Origin.exe"=0x5341435001000000000000000700000028000000F0873700C96238000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000077010000000000000300000003000000
"C:\Users\Nina\Downloads\ChromeSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D1010000008100000000
"C:\Users\Nina\AppData\Local\Temp\GUMBC18.tmp\GoogleUpdateSetup.exe"=0x534143500100000000000000070000002800000050120F00AD530F0001000000000000000000000A0021000019B4C529E312D10100000080000000000200000028000000000000000000004000000000000000000000000000000000B6F40200000000000100000001000000
"C:\Users\Nina\Downloads\364.72-notebook-win10-64bit-international-whql.exe"=0x53414350010000000000000007000000280000008014A5157A7EA5150100000000000000000002060001000019B4C529E312D1010000000000000000
"C:\Users\Nina\Downloads\wrar531fr.exe"=0x534143500100000000000000070000002800000050FC1C005F9C1D0001000000000000000000000A0021000019B4C529E312D101000000800000000002000000280000000000000000000040000000000000000000000000000000001D660000000000000100000001000000
"C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000000816006EE1160001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000002AC6002000000006600000066000000
"C:\Users\Nina\AppData\Local\Temp\IXP963.TMP\SetupAdmin.exe"=0x534143500100000000000000070000002800000048470100437F01000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000EE0F0000000000000100000001000000
"C:\Program Files (x86)\Steam\uninstall.exe"=0x5341435001000000000000000700000028000000C8280200D15D020003000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000065D70000000000000100000001000000
"C:\Users\Nina\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe"=0x5341435001000000000000000700000028000000E05103000EE3030001000000000000000000000A7120000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008C3E5D00000000000200000002000000
"C:\Games\World_of_Tanks\WoTLauncher.exe"=0x534143500100000000000000070000002800000008896E0078BB6E0001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000800000000000000000000000000000000000000070C04C00000000000500000005000000
"C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe"=0x5341435001000000000000000700000028000000D0371301111914010100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1040000000000000200000002000000
"C:\Users\Nina\Desktop\Sims 4\[R.G. Mechanics] The Sims 4\setup.exe"=0x534143500100000000000000070000002800000038541800000000000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000075933800000000000100000001000000
"C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4.exe"=0x5341435001000000000000000700000028000000003E2801000000000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000005DAFE301000000000800000008000000
"C:\Users\Nina\Downloads\audacity-win-2.1.0.exe"=0x5341435001000000000000000700000028000000B86C7101000000000100000000000000000003060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000963D0000000000000100000001000000000000000000004000000000000000000000000000000000AB9F0000000000000100000000000000
"C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000547E000000000001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7BE0100000000000400000004000000
"C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4 Create A Sim Demo\Cleanup.exe"=0x5341435001000000000000000700000028000000E0440E00829B0E000100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D7200000000000000100000001000000
"C:\Users\Nina\Downloads\readerdc_fr_ka_install.exe"=0x5341435001000000000000000700000028000000E03E1200E33A13000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000593C0E00000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000B8AE2000DD1821000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007B370000000000000100000001000000
"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"=0x5341435001000000000000000700000028000000407C0500046406000300000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004F120000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA0200D5D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Program Files (x86)\Audacity\unins000.exe"=0x5341435001000000000000000700000028000000C9C11600000000000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000040000200000000000000000000000000009E170000000000000100000001000000
"E:\lol.launcher.exe"=0x5341435001000000000000000700000028000000B87C010083C101000100000000000000000001067100000019B4C529E312D10100000000000000000500000010000000000000000000000000000000800000000200000050000000000000008000004000000000000000000000000000000000C05803000000000001000000010000000000000080000000100000000000000000000000000000001B1F8201000000000C00000000000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u91-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B0014980B0001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000067FC1900000000000100000001000000
"C:\Users\Nina\AppData\Roaming\Curse Client\Bin\CurseSetupHelper.exe"=0x5341435001000000000000000700000028000000884B0900EFDE0900010000000000000000000306F502000059193B14E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5010000000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\SkypeSetup.exe"=0x534143500100000000000000070000002800000080A6B102A133B20201000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CBED0000000000000100000001000000
"C:\Users\Nina\Downloads\vlc-2.2.2-win64.exe"=0x5341435001000000000000000700000028000000C59FDE014ACB01000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A9B60100000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B8F607007FF3080001000000000000000000000A7122000019B4C529E312D1010000000100000000
"C:\Program Files\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000388F2E0036A72E0001000000000000000000000A7322000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B16C0400000000000200000002000000
"F:\WD Smartware Pro Free Trial\WDSmartWareProFreeTrial.exe"=0x5341435001000000000000000700000028000000902B4D000C6C4D000100000000000000000002067122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000041170000000000000100000001000000
"C:\Users\Nina\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe"=0x5341435001000000000000000700000028000000E8F7630098CC640001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000CB70D00000000000200000002000000
"C:\Users\Nina\AppData\Local\Temp\IXP402.TMP\SetupAdmin.exe"=0x534143500100000000000000070000002800000038470100D29001000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000100D0000000000000100000001000000
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"=0x534143500100000000000000070000002800000038070100F180010001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002E000000000000000100000001000000
"C:\Users\Nina\Downloads\iTunes6464Setup.exe"=0x5341435001000000000000000700000028000000487B290A449E290A0100000000000000000001060001000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B7630100000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\IXP653.TMP\SetupAdmin.exe"=0x5341435001000000000000000700000028000000484F01000ADA01000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000320F0000000000000100000001000000
"E:\steam\antenna\nw.exe"=0x5341435001000000000000000700000028000000003C13007EBA130001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BC1A0000000000000100000001000000
"E:\steam\Neverwinter\steamapps\common\Cryptic Studios\Neverwinter.exe"=0x534143500100000000000000070000002800000080CFF6036B38F7030100000000000000000003067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008E030900000000000100000001000000
"E:\steam\Worm.is The Game\Wormis.exe"=0x534143500100000000000000070000002800000000240200E63C010001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BB490000000000000100000001000000
"E:\R.G. Mechanics\The Sims 4\Game\Bin\TS4.exe"=0x5341435001000000000000000700000028000000003E28010000000001000000000000000000030600010000A47A1198672ED20100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000000000000000000000000000000000000000039A551200000000280000001D0000000000000000000040000000000000000000000000000000006DED0000000000000100000000000000
"E:\Riot Games\League of Legends\lol.launcher.exe"=0x5341435001000000000000000700000028000000B87C010083C101000100000000000000000001067100000019B4C529E312D10100000000000000000200000028000000000000008000000000000000000000000000000000000000D4120500000000000100000001000000
"E:\Games\World_of_Tanks\WorldOfTanks.exe"=0x53414350010000000000000007000000280000000845B8013DE7B80101000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006DFA0000000000000200000002000000
"E:\Games\World_of_Tanks\unins000.exe"=0x5341435001000000000000000700000028000000D35A1200000000000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000020000000000000000000000000000F5200000000000000100000001000000
"C:\Users\Nina\Desktop\jeux\World of Tank.exe"=0x534143500100000000000000070000002800000008896E0078BB6E0001000000000000000000000A7122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000FF770000000000000100000001000000
"C:\Users\Nina\Desktop\jeux\Neverwinter.exe"=0x534143500100000000000000070000002800000080CFF6036B38F7030100000000000000000003067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DC4E0000000000000100000001000000
"C:\Users\Nina\Desktop\jeux\League of Legend.exe"=0x5341435001000000000000000700000028000000B87C010083C101000100000000000000000001067100000019B4C529E312D1010000000000000000020000002800000000000000000000000002000000000000000000000000000024070000000000000200000002000000
"C:\Windows\SysWOW64\msiexec.exe"=0x534143500100000000000000070000002800000000E400006BAB01000300000001000000000003060001000019B4C529E312D1010000000000000000
"E:\Riot Games\lol.launcher.exe"=0x5341435001000000000000000500000010000000000000000000000000000000800000000700000028000000B87C010083C1010001000000000000000000010671000000A47A1198672ED20100000000000000000200000050000000000000008000000000000000000000000000000000000000BF83E50100000000260000002100000000000000800000400000000000000000000000000000000070C20100000000000100000000000000
"C:\Users\Nina\Desktop\jeux\Sims 4.exe"=0x5341435001000000000000000700000028000000003E2801000000000100000000000000000003060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000000000000000000000000000000000000014020000000000000B00000002000000000000000000004000000000000000000000000000000000F4010000000000000300000000000000
"C:\Users\Nina\Desktop\jeux\Sims 4\[R.G. Mechanics] The Sims 4\setup.exe"=0x534143500100000000000000070000002800000038541800000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D3480600000000000400000004000000
"C:\Users\Nina\Desktop\jeux\Wormis.exe"=0x534143500100000000000000070000002800000000240200E63C010001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A5090000000000000400000004000000
"C:\Users\Nina\Downloads\hw32_530.exe"=0x534143500100000000000000070000002800000050302B0092C62B000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000355A0000000000000100000001000000
"C:\Program Files (x86)\HWiNFO32\HWiNFO32.EXE"=0x5341435001000000000000000700000028000000703C2500A557250001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000BDCC0500000000000100000001000000
"C:\Program Files (x86)\HWiNFO32\unins000.exe"=0x53414350010000000000000007000000280000001E010D00000000000300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B00F0000000000000100000001000000
"C:\Users\Nina\Downloads\Install_CopyTransControlCenter.exe"=0x5341435001000000000000000700000028000000E8F7630098CC640001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000034210000000000000100000001000000
"C:\Users\Nina\Downloads\Neverwinter_ArcSetup.exe"=0x5341435001000000000000000700000028000000B83E0F000000000001000000000000000000000A7120000019B4C529E312D101000000800000000002000000280000000000000000080040000000000000000000000000000000000B150400000000000100000001000000
"E:\ArcLauncher.exe"=0x5341435001000000000000000700000028000000D85706004884060001000000000000000000000A7120000019B4C529E312D101000000000000000001000000040000000100000005000000100000000000000000000000000000008000000002000000500000000000000080000020000020000000000000002000000000002E850000000000000300000003000000000000008000000000002000000000000000200000000000BF7F0000000000000100000000000000
"C:\Users\Nina\Desktop\Steam.exe"=0x534143500100000000000000070000002800000050842C00D4532D0001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000FE160100000000000300000003000000
"E:\arc\ArcLauncher.exe"=0x5341435001000000000000000700000028000000D85706004884060001000000000000000000000A7120000019B4C529E312D101000000000000000001000000040000000100000005000000100000000000000000000000000000008000000002000000780000000000000080000060000000000000000000000000000000006F7500000000000001000000010000000000000080000020000020000000000000002000000000006A7B0000000000000200000000000000000000008000000000002000000000000000200000000000A87B0000000000000100000000000000
"C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe"=0x534143500100000000000000070000002800000080370D00AEA70D000300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D3CF0000000000000100000001000000
"C:\Users\Nina\Downloads\uTorrent.exe"=0x5341435001000000000000000700000028000000009C2600780C270001000000000000000000000A0021000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003DF70100000000000100000001000000
"C:\Users\Nina\Downloads\PotPlayerSetup64.exe"=0x534143500100000000000000070000002800000040D337012D1938010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000C7420300000000000100000001000000
"E:\FileHistory\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C02502004B47020001000000000000000000000A63220000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000008044E703000000000C0200000C020000
"E:\Steam\Steam.exe"=0x534143500100000000000000070000002800000050822B009F2E2C0001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002AE60000000000001400000014000000
"E:\Steam\steamapps\common\Cryptic Studios\Neverwinter\Live\GameClient.exe"=0x5341435001000000000000000700000028000000187CCF026B68D00201000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000070950200000000000100000001000000
"E:\Steam\uninstall.exe"=0x5341435001000000000000000700000028000000C8280200D15D020003000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000000F560000000000000100000001000000
"C:\Users\Nina\Downloads\SteamSetup (1).exe"=0x5341435001000000000000000700000028000000800C160041BB160001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D1490200000000000200000002000000
"C:\Program Files\Intel Security\True Key\Application\truekey.exe"=0x534143500100000000000000070000002800000030F5460011B9470001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000039010000000000000600000006000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u101-windows-au.exe"=0x534143500100000000000000070000002800000040500B0095370C0001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000750C0300000000000100000001000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\SETUP.EXE"=0x534143500100000000000000070000002800000078B30600F7A107000300000000000000000001067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8550200000000000100000001000000
"E:\manga\gimp-2.8.18-setup.exe"=0x5341435001000000000000000700000028000000F0199D043EDD9D0401000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000053570100000000000100000001000000
"C:\Autodesk\Autodesk_PIXLR_Win_32bit_dlm\Setup.exe"=0x534143500100000000000000070000002800000088F90E0092F30F000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000FA1B0200000000000100000001000000
"C:\Program Files\GIMP 2\bin\gimp-2.8.exe"=0x5341435001000000000000000700000028000000B8015400633C540001000000000000000000000A002100008D6EE477682ED201000000000000000002000000280000000000000000000000000000000000000000000000000000003A490E00000000000B0000000B000000
"C:\Program Files (x86)\Autodesk\Autodesk Pixlr\bin\Pixlr.exe"=0x534143500100000000000000070000002800000048657B00B7C67B0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004B950D00000000000400000004000000
"C:\Users\Nina\Downloads\Apache_OpenOffice_4.1.2_Win_x86_install_fr.exe"=0x53414350010000000000000007000000280000008364E307000000000100000000000000000001067100000019B4C529E312D101000000000000000002000000280000000000000000080040000000000000000000000000000000004C4B0100000000000100000001000000
"C:\Program Files (x86)\OpenOffice 4\program\soffice.exe"=0x5341435001000000000000000700000028000000001A9600AE40960001000000000000000000000A71220000A47A1198672ED201000000000000000002000000280000000000000000000010000000000000000000000000000000006B273200000000000600000006000000
"C:\Program Files (x86)\OpenOffice 4\program\swriter.exe"=0x5341435001000000000000000700000028000000009601001759020001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000431FB100000000001400000014000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.283\ReneeUndeleter_2016.exe"=0x53414350010000000000000007000000280000009802D400EFBAD4000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CDAB0400000000000100000001000000
"C:\Program Files (x86)\Rene.E Laboratory\Undeleter\unins000.exe"=0x5341435001000000000000000700000028000000594F1300000000000300000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000015140000000000000100000001000000
"SIGN.MEDIA=4E1574F8 SanDiskSecureAccessV2_win.exe"=0x5341435001000000000000000700000028000000F89B7600985C77000100000000000000000003067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BB0D0000000000000100000001000000
"E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe"=0x5341435001000000000000000700000028000000D0FD03000F64040001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000800000000000000000000000000000000000000002050000000000000100000001000000
"E:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe"=0x5341435001000000000000000700000028000000704DA9006DDAA90001000000000000000000000671000000A47A1198672ED20100000000000000000200000050000000000000000000000000000000000000000000000000000000B5462600000000000E00000005000000000000000000004000000000000000000000000000000000146A0000000000000200000000000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.422\VisionCam-Setup2014.3.13.exe"=0x53414350010000000000000007000000280000006CA9AC00000000000100000000000000000002060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000074670000000000000100000001000000
"C:\VisionCam\DeviceClient.exe"=0x534143500100000000000000070000002800000000C247000000000001000000000000000000030671220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000BA6B1700000000002C0000002C000000
"E:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe"=0x5341435001000000000000000700000028000000607F04002FDA040001000000000000000000010671220000A47A1198672ED2010000000000000000020000002800000000000000100000100000000000000000000000000000000052FD3A17000000000900000009000000
"C:\Users\Nina\Documents\Nouveau dossier\Win10 x86\Nvidia VGA\setup.exe"=0x5341435001000000000000000700000028000000305106002A9B060001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D4860000000000000100000001000000
"C:\Users\Nina\Documents\Nouveau dossier\Win10 x64\Nvidia VGA\setup.exe"=0x5341435001000000000000000700000028000000305106002A9B060001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000C1360300000000000200000002000000
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe"=0x5341435001000000000000000700000028000000784A4800487B480001000000000000000000000AF122000019B4C529E312D1010000000000000000
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe"=0x534143500100000000000000070000002800000038481000D47F100001000000000000000000030600010000A47A1198672ED201000000000000000002000000280000000000000080000000000000000000000000000000000000002FDB0300000000000600000006000000
"C:\Program Files\WBFS\WBFS Manager 3.0\WBFSManager.exe"=0x534143500100000000000000070000002800000000DA030000000000010000000000000000000006F52200008D6EE477682ED2010000000000000000020000002800000000000000000000408000000000000000800000000000000081886B00000000001100000011000000010000000400000001000000
"C:\Users\Nina\Downloads\WiiBackupManager_Build78\WiiBackupManager_Win64.exe"=0x534143500100000000000000070000002800000000C47C00000000000100000000000000000001067302000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000DB780300000000000100000001000000
"C:\Users\Nina\Desktop\jeux\Sims 4\[R.G. Mechanics] The Sims 4\Les sims 4 v1.7.6 by FaZeR\The.Sims.4.Update.v1.7.65.1020.Incl.DLC-RELOADED\Update\setup.exe"=0x5341435001000000000000000700000028000000B6EB0D00000000000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000079220400000000000100000001000000
"E:\R.G. Mechanics\The Sims 4\The Sims 4\Game\Bin\TS4.exe"=0x5341435001000000000000000700000028000000D05B2801BC1C290101000000000000000000030600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000FD0A0000000000000600000006000000
"E:\R.G. Mechanics\The Sims 4\The Sims 4\unins000.exe"=0x5341435001000000000000000700000028000000C93F14000000000003000000000000000000030600010000A47A1198672ED20100000000000000000200000028000000000000000000000000020200000000000000000000000000CD390000000000000300000003000000
"C:\Users\Nina\Desktop\Wii\Wii Backup Manager\WiiBackupManager_Win32.exe"=0x534143500100000000000000070000002800000000AA5500000000000100000000000000000001067102000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000FCB00100000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.772\ncWBFSTool_v1.1.b3\ncWBFSTool.exe"=0x5341435001000000000000000700000028000000002C050000000000010000000000000000000006F102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000CCCB0000000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.853\ncWBFSTool_v1.1.b3\ncWBFSTool.exe"=0x5341435001000000000000000700000028000000002C050000000000010000000000000000000006F102000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000422A0200000000000100000001000000
"C:\Users\Nina\Desktop\Wii\Wii Backup Manager\WiiBackupManager_Win64.exe"=0x534143500100000000000000070000002800000000C47C00000000000100000000000000000001067302000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000EE321900000000000B0000000B000000
"C:\Users\Nina\Desktop\Wii\Wadtool 1.0beta\WadTool.exe"=0x534143500100000000000000070000002800000000E606000000000001000000000000000000000A6120000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000D37604000000000001000000010000000000000000000000400000000000000000000000000000005B4D0200000000000100000000000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u111-windows-au.exe"=0x534143500100000000000000070000002800000040420B0047080C0001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B3980400000000000100000001000000
"C:\Users\Nina\Downloads\osu!install.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000756509000000000001000000010000000700000028000000C03A4400C89D440001000000000000000000030680010000A47A1198672ED2010000000000000000
"C:\Users\Nina\Downloads\ultrastardx-1.1-installer-full.exe"=0x534143500100000000000000070000002800000028D032020000000001000000000000000000010600010000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000000B4C1E00000000000200000002000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6705.1122\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E03000008040001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=0x534143500100000000000000070000002800000038720600CF38070001000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000080000040000000000000000000000000000000003A2D0000000000000100000001000000
"E:\Origin\legacyPM\OriginLegacyCLI.exe"=0x534143500100000000000000070000002800000070AD0C00F9F30C0001000000000000000000010600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000D5010000000000000700000007000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\Users\Nina\AppData\Local\Temp\Gw2.exe"=0x5341435001000000000000000700000028000000A84ECA01FD45CB01010000000000000000000206000100008D6EE477682ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000CA4A2803000000000100000001000000
"C:\Program Files\Guild Wars 2\Gw2-64.exe"=0x5341435001000000000000000700000028000000A84ECA01FD45CB01010000000000000000000206000100008D6EE477682ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000E5DBA200000000000700000007000000
"SIGN.MEDIA=5017C AUTORUN.EXE"=0x5341435001000000000000000700000028000000005001000000000001000000000000000000010571200000A47A1198672ED201000000000000000002000000280000000000000080000000000400000000000000000000000000000CAF0A00000000000200000002000000
"SIGN.MEDIA=FC7A46B7 Autorun.exe"=0x534143500100000000000000070000002800000000C01E000000000001000000000000000000010571200000A47A1198672ED2010000000000000000020000002800000000000000800000000000000000000000000000000000000025060100000000000200000002000000
"F:\WD Apps Setup.exe"=0x534143500100000000000000070000002800000048F31A00282A1B0001000000000000000000010600010000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000024140000000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.610\Fat32Formatter1.1EN\Fat32Formatter.exe"=0x534143500100000000000000070000002800000000100600C9C5060001000000000000000000010671020000A47A1198672ED20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D5A60200000000000100000001000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.690\Fat32Formatter1.1EN\Fat32Formatter.exe"=0x534143500100000000000000070000002800000000100600C9C5060001000000000000000000010671020000A47A1198672ED20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000D9440000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u121-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B009A2E0C0001000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000E8F44000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6764.0111\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E0300F3A9030001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\Users\Nina\Downloads\Wallpaper Engine 1.0.517\launcher.exe"=0x5341435001000000000000000700000028000000003001000000000001000000000000000000000A71220000A47A1198672ED201000000000000000005000000100000000000000000000000000000008000000002000000500000000000000080000040000000000000000000000000000000008B0300000000000001000000010000000000000080000000000000000000000000000000000000006F820000000000000400000000000000
"C:\Users\Nina\Downloads\Wallpaper Engine 1.0.517\wallpaper32.exe"=0x534143500100000000000000070000002800000000880A000000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000BB111200000000000100000001000000
"C:\Users\Nina\Desktop\Wallpaper Engine 1.0.517\launcher.exe"=0x5341435001000000000000000700000028000000003001000000000001000000000000000000000A71220000A47A1198672ED2010000000000000000020000002800000000000000800000000000000000000000000000000000000050120000000000000300000003000000
"C:\Users\Nina\Desktop\Wallpaper Engine 1.0.517\wallpaper32.exe"=0x534143500100000000000000070000002800000000880A000000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000BF030200000000000100000001000000
"C:\Users\Nina\Downloads\Wallpaper Engine 1.0.517\wallpaper64.exe"=0x534143500100000000000000070000002800000000A60D000000000001000000000000000000000A002100008D6EE477682ED20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000CFAB7E01000000000300000003000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\Users\Nina\AppData\Local\osu!\osu!.exe"=0x5341435001000000000000000700000028000000C03844009C78440001000000000000000000030680010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000409C0000000000000200000002000000
"E:\Steam\steamapps\common\Cryptic Studios\Neverwinter\Live\crypticError.exe"=0x534143500100000000000000070000002800000000FA7C000000000001000000000000000000000A71200000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000F6660700000000000100000001000000
"C:\$WINDOWS.~BT\setup.exe"=0x5341435001000000000000000700000028000000C03A01005188010001000000000000000000000A002100008D6EE477682ED20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000930C0000000000000100000001000000
"C:\Program Files (x86)\Common Files\EAInstaller\Theme Hospital\Cleanup.exe"=0x5341435001000000000000000700000028000000400B0D00CBBC0D0001000000000000000000020600010000A47A1198672ED201000000000000000002000000280000000000000000000040000000000000000000000000000000002B200000000000000100000001000000
"C:\Users\Nina\Desktop\Setup.exe"=0x5341435001000000000000000700000028000000FDF50A000000000001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000000700000000000000100000001000000
"C:\Users\Nina\Desktop\Nouveau dossier (2)\SKIDROW\911.exe"=0x5341435001000000000000000700000028000000008410010000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000E9080000000000000300000003000000
"C:\Users\Nina\Desktop\Nouveau dossier (2)\911.exe"=0x5341435001000000000000000700000028000000008410010000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000FD0A0000000000000200000002000000
"C:\Users\Nina\Desktop\Nouveau dossier (2)\Setup.exe"=0x5341435001000000000000000700000028000000FDF50A000000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000991F0100000000000200000002000000
"C:\Program Files (x86)\PlayWay SA\911 Operator\911.exe"=0x5341435001000000000000000700000028000000008410010000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000DC798500000000001300000013000000
"E:\Sims 4 Fr\The Sims 4\Game\Bin\TS4.exe"=0x534143500100000000000000070000002800000000D63E010000000001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000DC934401000000006900000008000000000000000000004000000000000000000000000000000000A47D9900000000000400000000000000
"C:\Users\Nina\Downloads\Nero_BurningROM2017-1.10.0.6_stub_trial.exe"=0x5341435001000000000000000700000028000000A8C62E00A8662F0001000000000000000000010671000000A47A1198672ED2010000000000000000020000002800000000000000000800400000000000000000000000000000000091C71800000000000100000001000000
"C:\Program Files (x86)\Nero\Nero 2017\Nero Launcher\NeroLauncher.exe"=0x5341435001000000000000000700000028000000781FD201B81ED30101000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000008000000000000000000000000000000000000000D2550300000000000100000001000000
"C:\Program Files (x86)\Nero\Nero TuneItUp\unins000.exe"=0x534143500100000000000000070000002800000008201200244C120003000000000000000000030600010000A47A1198672ED20100000000000000000100000004000000010000000500000010000000000000000000000000000000000000000200000050000000000000000000000000008000000000000000800000000000841E0000000000000200000001000000000000000000002000020200000000000000000000000000990B0000000000000100000000000000
"C:\Users\Nina\Downloads\Nero_BurningROM2017-1.10.0.6_stub_trial (1).exe"=0x5341435001000000000000000700000028000000A8C62E00A8662F0001000000000000000000010671000000A47A1198672ED2010000000000000000050000001000000000000000000000000000000000080000020000002800000000000000000800400000000000000000000000000000000000340000000000000100000001000000
"C:\Users\Nina\Downloads\Deepburner1.exe"=0x5341435001000000000000000700000028000000D8B22B0008482C0001000000000000000000000A41200000A47A1198672ED20100000000000000000200000028000000000000000008005000000000000000000000000000000000AED00000000000000100000001000000
"C:\Program Files (x86)\Astonsoft\DeepBurner\DeepBurner.exe"=0x5341435001000000000000000700000028000000000E39000000000001000000000000000000010571200000A47A1198672ED20100000000000000000200000028000000000000000000000000040200000000000000000000000000403A0C00000000000100000001000000
"C:\Program Files (x86)\Astonsoft\DeepBurner\Uninstall.exe"=0x5341435001000000000000000700000028000000000A03000000000003000000000000000000010541200000A47A1198672ED20100000000000000000200000028000000000000000008000000000000000000000000000000000000CE170000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A00210000A47A1198672ED2010000000100000000
"C:\Users\Nina\Downloads\UltraStar.Deluxe_v1.3.5.beta_installer.exe"=0x534143500100000000000000070000002800000029C9C4020000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000B9AE0100000000000100000001000000
"C:\Program Files (x86)\UltraStar Deluxe\Uninstall.exe"=0x53414350010000000000000007000000280000005D3804000000000001000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000007C220000000000000100000001000000
"C:\Program Files (x86)\UltraStar Deluxe\ultrastardx.exe"=0x5341435001000000000000000700000028000000003A12000000000001000000000000000000010671220000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000E4D66000000000000C0000000C000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u131-windows-au.exe"=0x5341435001000000000000000700000028000000404A0B00316E0B0001000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000234B0D00000000000100000001000000
"C:\Program Files\NVIDIA Corporation\Display\nvtray.exe"=0x5341435001000000000000000700000028000000387C250044B0250001000000000000000000000A732200008D6EE477682ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000183F0E00000000000100000001000000
"C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x53414350010000000000000007000000280000003890C2003A43C30001000000000000000000000A732200008D6EE477682ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000012E50300000000000100000001000000
"C:\Users\Nina\Documents\Nouveau dossier\CDSetup.exe"=0x5341435001000000000000000700000028000000386D880155E9880101000000000000000000000A71220000A47A1198672ED2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000060110100000000000200000002000000
"E:\PotPlayer\PotPlayerMini64.exe"=0x5341435001000000000000000700000028000000C0DB030042FD030001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000006E347D00000000008300000083000000
"C:\Users\Nina\Downloads\MediaCoder-0.8.47.5872.exe"=0x53414350010000000000000007000000280000007D7D0F040000000001000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000080520100000000000200000002000000
"C:\Program Files (x86)\MediaCoder\MediaCoder.exe"=0x534143500100000000000000070000002800000000C019000000000001000000000000000000000A71220000A47A1198672ED2010000000000000000050000001000000000000000000000000000000000000000020000005000000000000000000000000000000000000000000000000000000005018501000000000C00000002000000000000000000004000000000000000000000000000000000FE020000000000000100000000000000
"C:\Users\Nina\Downloads\YandereSimLauncher.exe"=0x534143500100000000000000070000002800000000561C000000000001000000000000000000000A802100008D6EE477682ED2010000000000000000
"C:\Users\Nina\AppData\Local\Temp\Rar$EXa0.923\setup.exe"=0x534143500100000000000000070000002800000060798D00D3F38D0001000000000000000000000671020000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000036740000000000000100000001000000
"C:\Program Files (x86)\MSI\Help Desk\MSI Help Desk.exe"=0x534143500100000000000000070000002800000018E73900AE313A0001000000000000000000000AF5220000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000001EF60200000000000500000005000000
"E:\Games\World_of_Tanks\WoTLauncher.exe"=0x534143500100000000000000070000002800000008C178009307790001000000000000000000000A71220000A47A1198672ED2010000000000000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6915.0529\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A03001AF7030001000000000000000000000A71200000A47A1198672ED2010000000100000000
"C:\Users\Nina\AppData\Roaming\Spotify\Spotify.exe"=0x5341435001000000000000000700000028000000700A6A00DF306A0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000417D0600000000000300000003000000
"C:\Users\Nina\AppData\Roaming\Curse Client\Bin\Curse.exe"=0x5341435001000000000000000700000028000000404509008CBC090001000000000000000000000AF52200008D6EE477682ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000057090000000000000100000001000000
"C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000C0381E00BB9A1E0001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000FB050000000000000100000001000000
"C:\Program Files (x86)\MediaCoder\uninst.exe"=0x5341435001000000000000000700000028000000EB9703000000000003000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000F10C0000000000000200000002000000
"C:\ProgramData\Origin\SelfUpdate\Staged\OriginThinSetupInternal.exe"=0x534143500100000000000000070000002800000088EF4201C770430101000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000E9920000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000A47A1198672ED2010000000100000000
"E:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe"=0x5341435001000000000000000700000028000000F828010086FC010001000000000000000000010571000000A47A1198672ED2010000000000000000
"C:\Users\Nina\Desktop\jeux\YandereSimLauncher.exe"=0x534143500100000000000000070000002800000000561C000000000001000000000000000000000A802100008D6EE477682ED2010000000000000000
"E:\iTunes\iTunes.exe"=0x5341435001000000000000000700000028000000387B6E0249B96E0201000000000000000000000A00210000E78E163C2AA0D20100000000000000000200000050000000000000000000001000000000000000000000000000000000AD57330000000000040000000400000000000000000000000000000000000000000000000000000073F48000000000000A00000000000000
"C:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe"=0x5341435001000000000000000700000028000000F828010086FC010001000000000000000000010571000000A47A1198672ED2010000000000000000020000005000000000000000000000000000000000000000000000000000000079A37C0000000000020000000200000000000000000000400000000000000000000000000000000037090000000000000100000000000000
"C:\Users\Nina\Desktop\jeux\BioIncRedemption.exe"=0x534143500100000000000000070000002800000000BE14010000000001000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000004D080000000000000300000003000000
"C:\Users\Nina\Desktop\jeux\Bio.Inc.Redemption\BioIncRedemption.exe"=0x534143500100000000000000070000002800000000BE14010000000001000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000EEB76B00000000000500000005000000
"C:\Users\Nina\Downloads\ArcSetup.exe"=0x534143500100000000000000070000002800000080AE06000000000001000000000000000000000A71200000A47A1198672ED201000000800000000002000000280000000000000000080040000000000000000000000000000000003CFF0400000000000100000001000000
"C:\Program Files (x86)\Arc\ArcLauncher.exe"=0x534143500100000000000000070000002800000018540600EEDF060001000000000000000000000A71200000A47A1198672ED2010000000000000000050000001000000000000000000000000000000080000000020000002800000000000000800000000000000000000000000000000000000009860000000000000200000002000000
"C:\Users\Nina\Desktop\Neverwinter.exe"=0x5341435001000000000000000700000028000000E8653A04C00E3B0401000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000844D0000000000000200000002000000
"C:\Users\Nina\Desktop\CrypticError.exe"=0x534143500100000000000000070000002800000000A8C0000000000001000000000000000000000A71220000A47A1198672ED2010000000000000000
"C:\Program Files (x86)\Steam\steamapps\common\Cryptic Studios\Neverwinter\Live\GameClient.exe"=0x534143500100000000000000070000002800000000D0CF023333D00201000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000C51D0400000000000300000003000000
"E:\minecraft\Minecraft.exe"=0x534143500100000000000000070000002800000080A352024C35530201000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000A5EC1D00000000000100000001000000
"C:\Program Files (x86)\Steam\Steam.exe"=0x534143500100000000000000070000002800000020B92E00F32E2F0001000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000000F000000000000000100000001000000
"C:\Users\Nina\Downloads\phoneclean-setup.exe"=0x534143500100000000000000070000002800000040F30D00CF340E0001000000000000000000010600010000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000036520A00000000000100000001000000
"C:\Program Files (x86)\iMobie\PhoneClean\PhoneClean.exe"=0x5341435001000000000000000700000028000000E8974600FB72470001000000000000000000000AF52200008D6EE477682ED201000000000000000002000000280000000000000000000000000000000000000000000000000000003C7A0100000000000300000003000000
"C:\Program Files (x86)\iMobie\PhoneClean\uninstall.exe"=0x534143500100000000000000070000002800000020AE0600C018070003000000000000000000010600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000870E0000000000000100000001000000
"C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000E0F5A701CC87A80101000000000000000000000A00210000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000
"C:\Users\Nina\Downloads\iMyfone-iphone-data-eraser-for-ios_setup.exe"=0x5341435001000000000000000700000028000000E85CBD0124D6BD0101000000000000000000000A00210000A47A1198672ED20100000000000000000200000028000000000000000000004000000000000000000000000000000000446D0600000000000100000001000000
"C:\Program Files (x86)\iMyFone\iMyFone Umate Pro\unins000.exe"=0x5341435001000000000000000700000028000000C91913000000000003000000000000000000000A00210000A47A1198672ED2010000000000000000020000002800000000000000000000000000000000000000000000000000000051170000000000000100000001000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000A47A1198672ED2010000000100000000
"E:\Origin\OriginClientService.exe"=0x5341435001000000000000000700000028000000601B210080FA210001000000000000000000010600010000A47A1198672ED201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000008D050000000000000100000001000000
"E:\Origin\OriginWebHelperService.exe"=0x5341435001000000000000000700000028000000680F3000D893300001000000000000000000010600010000A47A1198672ED201000000000000000002000000280000000000000000000000000000000000000000000000000000004C030000000000000100000001000000
"E:\Riot Games\LeagueClient.exe"=0x534143500100000000000000070000002800000080CE35003CB7360001000000000000000000000A71220000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000F5F97C00000000000200000002000000
"C:\Users\Nina\AppData\Local\Temp\jre-8u144-windows-au.exe"=0x5341435001000000000000000700000028000000404C0B001FB30B0001000000000000000000000A71220000A47A1198672ED2010000000000000000020000002800000000000000000000400000000000000000000000000000000062570100000000000100000001000000
"C:\Users\Nina\AppData\Local\Ankama\Dofus\Dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A9CF3700000000000300000003000000
"E:\Origin\Origin.exe"=0x534143500100000000000000070000002800000040832E0090C32E0001000000000000000000000A00210000A47A1198672ED2010000000000000000
"C:\WINDOWS\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A732200008D6EE477682ED201000000000000000002000000280000000000000000000040000000000000000000000000000000000F000000000000000200000002000000
"C:\Users\Nina\Pictures\dofus.exe"=0x5341435001000000000000000700000028000000608662002955630001000000000000000000020600010000A47A1198672ED20100000000000000000200000028000000000000000000000000000000000000000000000000000000040F0000000000000100000001000000
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x534143500100000000000000070000002800000098246B02B8AA6B0201000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000A6010000000000000700000007000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000407A0300493E040001000000000000000000030600010000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000071F4B200000000000600000006000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058DD1300AC8C140001000000000000000000000A00210000E78E163C2AA0D2010000000100000000
"C:\Program Files\Windows Defender\MSASCui.exe"=0x5341435001000000000000000700000028000000987D130016BF130001000000010000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Users\Nina\AppData\Roaming\IMVUClient\Uninstall.exe"=0x53414350010000000000000007000000280000008DB60300FA135B0203000000000000000000010600010000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000800000000000000080000000000031840700000000000100000001000000010000000400000001000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200FD5A030001000000010000000000000A61220000E63F486B2AA0D2010000000000000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D06877016C60780101000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Nina\AppData\Local\Microsoft\OneDrive\17.3.6963.0807\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B003006835040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Nina\Downloads\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080A32B00C3922C0001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000024B30000000000000100000001000000
"C:\Users\Nina\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe"=0x5341435001000000000000000700000028000000C032EE03934DEE0301000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000E2C60500000000000100000001000000
"C:\Users\Nina\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000080A32B00C3922C0001000000000000000000030600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C3400D00000000000300000003000000
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D07591001008920001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000064AA0100000000000100000001000000
"C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe"=0x5341435001000000000000000700000028000000D0510B009B490C0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E0070000000000000600000006000000
"C:\Users\Nina\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000EEDD0300000000000100000001000000
"C:\Users\Nina\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000009A100000000000000100000001000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows Defender]
"UIFirstRun"=0

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131465024054216454

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"ManagedDefenderProductType"=0
"ProductStatus"=0
"InstallTime"=0x4A178E39638ED101
"OOBEInstallTime"=0x414B3850BE0ED301
"InstallLocation"=C:\Program Files\Windows Defender\
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:817::200e] avec 32 octets de donn?es?:
R?ponse de 2a00:1450:4007:817::200e?: temps=39 ms 
R?ponse de 2a00:1450:4007:817::200e?: temps=75 ms 
R?ponse de 2a00:1450:4007:817::200e?: temps=47 ms 
R?ponse de 2a00:1450:4007:817::200e?: temps=44 ms 

Statistiques Ping pour 2a00:1450:4007:817::200e:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 39ms, Maximum = 75ms, Moyenne = 51ms

---------- | @

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Cache_Update_Frequency"=Once_Per_Session
"Local Page"=C:\Windows\system32\blank.htm
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000002003000030020000
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0x084EBC2D458ED101
"IE8TourShown"=1
"IE8TourShownTime"=0x3CCFEFE9458ED101
"Start Page Redirect Cache_TIMESTAMP"=0x59E54136498ED101
"Start Page Redirect Cache AcceptLangs"=fr
"NotifyDownloadComplete"=yes
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"OperationalData"=13
"EdgeSwitchingOSBuildNumber"=10586.th2_release.170602-2241
"ImageStoreRandomFolder"=pheiri2
"FormSuggest Passwords"=no
"FormSuggest PW Ask"=no
"Start Page_TIMESTAMP"=0xF8C80E70669BD201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000030000000DFD27CDA4E1624616BBF962BBF5F2F7C30FB65CFA5680E1A067569D4F254201C69EF5E7BE287968EF06E910FA1931311020000000E000000396E386C4953665A5A6A6B253364
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0x68152F0B3218D301
"IE10TourShown"=1
"IE10TourShownTime"=0x1B2122CCBA0ED301

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"ZonesSecurityUpgrade"=0x1B2122CCBA0ED301
"WarnonZoneCrossing"=0
"EnableNegotiate"=1
"ProxyEnable"=0
"MigrateProxy"=1
"GlobalUserOffline"=0
"ProxyOverride"=*.local

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSR]
"progid"=Potplayer.nsr







---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [18/03/2017 22:57:23]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"DownloadRetries"=0   
"KnownProvidersUpgradeTime"=0x1B2122CCBA0ED301   
"Version"=5   
"UpgradeTime"=0x1B2122CCBA0ED301   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{4BAAC1B8-0800-42C9-8FA6-08B211F356B8}"=True Key   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F4B8786-5502-4803-8EBC-F652A1153BB6}] -> (True Key Helper) : C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll  [15/07/2016 15:10:30]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll  [27/07/2017 12:26:15]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BFE29A-8139-402a-B2A4-C23AE9E1A75F}] -> (ArcPluginIEBHO Class) : C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll  [30/06/2017 17:46:44]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll  [27/07/2017 12:26:15]

---------- | Chrome

C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf =  : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom =  :     __MSG_description__ -    short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Nina\AppData\Local\Google\Chrome\User Data\Default\extensions\pknoiboaofdhfmocdjchadchhdcijndj =  :     -     MSI Gaming Series Dragon - https://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox


[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.2] - (VLC Multimedia Plugin) : E:\FileHistory\VLC\npvlc.dll
[HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : E:\FileHistory\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.144.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.144.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin] - (Arc PlayNow plugin for Mozilla browsers) : C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{69db67bf-969b-40c1-9afb-8ca48b825a64}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{fafd3826-46b1-446a-bfd6-edd35f8df40f}]
"DhcpNameServer"=172.20.10.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{69db67bf-969b-40c1-9afb-8ca48b825a64}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{fafd3826-46b1-446a-bfd6-edd35f8df40f}]
"DhcpNameServer"=172.20.10.1

---------- | Applications

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "E:\PotPlayer\PotPlayerMini64.exe" "%1"
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "E:\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "E:\FileHistory\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "E:\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "E:\FileHistory\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"DevicesFlow"=DevicesFlowUserSvc
"smbsvcs"=lanmanserver
browser
"PeerDist"=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)

TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Adobe]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Ankama]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\AppDataLow]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Apple Inc.]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Application]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Astonsoft]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Autodesk]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\BitTorrent]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Brother]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\BugSplat]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Chromium]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Clients]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Cryptic]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\DAUM]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\DefaultCompany]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\DryGin Studios]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Electronic Arts]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Enterbrain]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Game Maker]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Google]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\HWiNFO32]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\IM Providers]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\InstallShield]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Intel]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Intel Security]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\JavaSoft]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\JutsuGames]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Logitech]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Macromedia]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Malwarebytes]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft/Windows NT]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Mojang]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Nero]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Netscape]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\nwjs]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\ODBC]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\OpenOffice]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\osu!]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Perfect World Platform Client]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Policies]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\PopCap]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\ProtectedStorage]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\RapidSolution]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Realtek]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\RegisteredApplications]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\SCM]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Shortcut Manager]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Skype]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Smartly Dressed Games]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Spotify]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Synaptics]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\SyncEngines]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\sysinternals]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\TeamViewer]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Trolltech]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Twitch]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Unity]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Valve]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\VisionCam]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Wargaming.net]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\WinRAR]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Wow6432Node]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\YandereDev]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\ZHP]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Zyrax Software]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ArenaNet]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Clients]
[HKLM\Software\DAUM]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Intel Security]
[HKLM\Software\IPS]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\McAfee.com]
[HKLM\Software\Microsoft]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\RapidSolution]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Sonic]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\TrueKey]
[HKLM\Software\VideoLAN]
[HKLM\Software\Waves Audio]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Autodesk]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Dragon Gaming Center]
[HKLM\Software\WOW6432Node\EA GAMES]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\iMyFone]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Intel Security]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Maxis]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\MediaCoder]
[HKLM\Software\WOW6432Node\Microids]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\MSI Remind Manager]
[HKLM\Software\WOW6432Node\MSI Reminder Manager]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OpenOffice]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\Perfect World Entertainment]
[HKLM\Software\WOW6432Node\PopCap]
[HKLM\Software\WOW6432Node\Qualcomm Atheros Inc.]
[HKLM\Software\WOW6432Node\RapidSolution]
[HKLM\Software\WOW6432Node\Rene.E Laboratory]
[HKLM\Software\WOW6432Node\Riot Games]
[HKLM\Software\WOW6432Node\simplitec]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\TrueKey]
[HKLM\Software\WOW6432Node\TVInstallTemp]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WBFS Manager 3.0]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


E:


---------- | C:

[14/07/2009 05:18:56] - |SHD| - [1929] - C:\$Recycle.Bin
[22/10/2016 21:14:51] - |HD| - [201558] - C:\$SysReset
[04/04/2016 10:22:31] - |HD| - [46143815] - C:\$Windows.~WS
[02/08/2016 11:09:45] - |D| - [473736669] - C:\Autodesk
[MD5.A6799D0F42122C0D1E28655C10DB2707] - [18/04/2016 19:00:10] - |A| - (.-.) - [30] - (0.0.0.0) - C:\AVScanner.ini
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[03/04/2016 13:12:38] - |SHD| - [0] - C:\Config.Msi
[10/07/2017 16:24:15] - |D| - [0] - C:\cryptic
[14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings
[04/04/2016 12:58:02] - |D| - [0] - C:\ESD
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [06/08/2017 16:10:38] - |ASH| - (.-.) - [3149549568] - (0.0.0.0) - C:\hiberfil.sys
[03/04/2016 11:26:49] - |D| - [123033] - C:\Intel
[13/02/2016 15:20:39] - |D| - [17443235] - C:\Logs
[05/04/2016 21:31:36] - |D| - [841099004] - C:\NVIDIA
[24/08/2017 21:58:35] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/06/2017 21:48:12] - |ASH| - (.-.) - [4294967296] - (0.0.0.0) - C:\pagefile.sys
[18/03/2017 23:03:28] - |D| - [0] - C:\PerfLogs
[18/03/2017 23:03:28] - |RD| - [4897533981] - C:\Program Files
[18/03/2017 23:03:28] - |RD| - [27292638219] - C:\Program Files (x86)
[18/03/2017 23:03:29] - |HD| - [2979087609] - C:\ProgramData
[24/08/2017 23:12:54] - |D| - [262063] - C:\QuickDiag
[MD5.7301B60D3B7CB8E0A8297FE382EAE182] - [24/08/2017 23:13:03] - |A| - (.-.) - [213332] - (0.0.0.0) - C:\QuickDiag.txt
[06/08/2017 16:14:07] - |SHD| - [0] - C:\Recovery
[04/04/2016 22:00:59] - |HD| - [296] - C:\SuperChargerProfile
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/10/2016 21:19:03] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
[02/04/2016 21:38:51] - |SHD| - [0] - C:\System Volume Information
[18/03/2017 13:40:20] - |RD| - [30661490275] - C:\Users
[23/09/2016 22:39:38] - |AD| - [26167183] - C:\VisionCam
[18/03/2017 13:40:20] - |D| - [35487351334] - C:\Windows
[06/08/2017 17:02:07] - |D| - [0] - C:\Windows.old

---------- | C:\WINDOWS

[18/03/2017 23:03:29] - |D| - [802] - C:\WINDOWS\addins
[18/03/2017 23:03:29] - |D| - [14247272] - C:\WINDOWS\appcompat
[18/03/2017 23:03:29] - |D| - [12471860] - C:\WINDOWS\AppPatch
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness
[18/03/2017 23:03:28] - |RD| - [1295643452] - C:\WINDOWS\assembly
[18/03/2017 23:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr
[MD5.293283CF350E00AF8C4A2770BDBF4D50] - [06/08/2017 17:00:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe
[20/03/2017 07:12:42] - |SHD| - [581211] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
[18/03/2017 23:03:29] - |D| - [38058825] - C:\WINDOWS\Boot
[MD5.2A8BC4CC2DB13EB46E00F0F83CAC6A47] - [06/08/2017 16:05:43] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[18/03/2017 23:03:29] - |D| - [2447960] - C:\WINDOWS\Branding
[MD5.C6D9924A98FFF222C3EFB48B18FF944C] - [10/08/2016 20:13:36] - |A| - (.-.) - [27] - (0.0.0.0) - C:\WINDOWS\BRPP2KA.INI
[MD5.96AB5888BC087FACFDB69D0956738724] - [10/08/2016 20:13:36] - |A| - (.-.) - [434] - (0.0.0.0) - C:\WINDOWS\BRWMARK.INI
[18/03/2017 22:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.ED2891699678049690AB19C94C5EC2B1] - [06/08/2017 16:10:59] - |A| - (.-.) - [15190] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[14/07/2009 17:35:29] - |D| - [0] - C:\WINDOWS\CSC
[18/03/2017 23:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors
[18/03/2017 23:03:29] - |D| - [1043] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [06/08/2017 16:12:57] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[18/03/2017 23:03:29] - |D| - [4450554] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [06/08/2017 16:12:57] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[20/03/2017 07:10:01] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.E61FF707353F44F8265E5486B12E0345] - [04/04/2016 23:29:41] - |A| - (.-.) - [151023] - (0.0.0.0) - C:\WINDOWS\DirectX.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/04/2016 16:40:16] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\dockDev.txt
[18/03/2017 23:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.6BB4D191654FE4BFD40DC5EBC86EE3CE] - [04/04/2016 10:06:53] - |A| - (.-.) - [25320] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/04/2016 16:42:11] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\driverlist.txt
[MD5.AACC9854CCE2DA7D9B71211B33ACAAFA] - [18/03/2017 23:05:44] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[14/07/2009 17:35:30] - |D| - [0] - C:\WINDOWS\ehome
[18/03/2017 23:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP
[20/03/2017 07:10:01] - |D| - [0] - C:\WINDOWS\en-US
[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [06/08/2017 17:00:48] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4847424] - (10.0.15063.447) - C:\WINDOWS\explorer.exe
[18/03/2017 23:03:29] - |RSD| - [420337356] - C:\WINDOWS\Fonts
[20/03/2017 07:10:01] - |D| - [109056] - C:\WINDOWS\fr-FR
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[18/03/2017 23:03:29] - |D| - [45967119] - C:\WINDOWS\Globalization
[18/03/2017 23:03:29] - |D| - [71861792] - C:\WINDOWS\Help
[MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [06/08/2017 17:00:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe
[MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 22:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe
[20/03/2017 07:12:42] - |D| - [14071088] - C:\WINDOWS\HoloShell
[18/03/2017 23:03:29] - |D| - [173056880] - C:\WINDOWS\IME
[18/03/2017 23:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel
[18/03/2017 23:01:21] - |D| - [95311297] - C:\WINDOWS\INF
[18/03/2017 23:03:29] - |D| - [1375270182] - C:\WINDOWS\InfusedApps
[18/03/2017 23:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod
[18/03/2017 23:03:29] - |HDC| - [717462986] - C:\WINDOWS\Installer
[18/03/2017 23:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas
[18/03/2017 23:03:29] - |D| - [722217004] - C:\WINDOWS\LiveKernelReports
[18/03/2017 13:40:24] - |D| - [36846071] - C:\WINDOWS\Logs
[18/03/2017 23:03:29] - |RSD| - [27807331] - C:\WINDOWS\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 22:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[18/03/2017 23:03:28] - |RD| - [826551370] - C:\WINDOWS\Microsoft.NET
[18/03/2017 23:03:29] - |D| - [2751] - C:\WINDOWS\Migration
[18/03/2017 23:03:29] - |RD| - [487312] - C:\WINDOWS\MiracastView
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini
[04/04/2016 23:23:14] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe
[MD5.A4D3F39C273211A72F57037D4762DDA5] - [25/08/2016 20:18:44] - |A| - (.-.) - [163414] - (0.0.0.0) - C:\WINDOWS\ntbtlog.txt
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [06/08/2017 16:05:54] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\WINDOWS\NvContainerRecovery.bat
[20/03/2017 07:11:34] - |D| - [199472] - C:\WINDOWS\OCR
[18/03/2017 23:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[06/08/2017 00:42:15] - |DC| - [303889167] - C:\WINDOWS\Panther
[18/03/2017 23:03:29] - |D| - [29328709] - C:\WINDOWS\Performance
[MD5.4B5BAAEBF5D39C3C5A5A1A3E16AB5DBC] - [09/08/2017 16:01:45] - |A| - (.-.) - [4192] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[18/03/2017 23:03:29] - |D| - [1136442] - C:\WINDOWS\PLA
[18/03/2017 23:03:29] - |D| - [7008949] - C:\WINDOWS\PolicyDefinitions
[06/08/2017 16:05:07] - |D| - [4718784] - C:\WINDOWS\Prefetch
[18/03/2017 23:03:29] - |RD| - [2168604] - C:\WINDOWS\PrintDialog
[MD5.ED055B221E70C084FF205EBCD1124A08] - [20/03/2017 07:13:20] - |A| - (.-.) - [34774] - (0.0.0.0) - C:\WINDOWS\Professional.xml
[18/03/2017 23:03:29] - |D| - [2884514] - C:\WINDOWS\Provisioning
[14/05/2017 21:30:10] - |D| - [73728] - C:\WINDOWS\pss
[MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 22:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe
[18/03/2017 23:03:29] - |D| - [1117876] - C:\WINDOWS\Registration
[20/03/2017 07:12:42] - |D| - [0] - C:\WINDOWS\RemotePackages
[18/03/2017 23:03:29] - |D| - [4757880] - C:\WINDOWS\rescache
[18/03/2017 23:03:29] - |D| - [4060288] - C:\WINDOWS\Resources
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\SchCache
[18/03/2017 23:03:29] - |D| - [142904] - C:\WINDOWS\schemas
[18/03/2017 23:03:29] - |D| - [9845391] - C:\WINDOWS\security
[06/08/2017 16:04:54] - |D| - [46023515] - C:\WINDOWS\ServiceProfiles
[18/03/2017 13:40:20] - |D| - [74998306] - C:\WINDOWS\servicing
[18/03/2017 23:06:43] - |D| - [42] - C:\WINDOWS\Setup
[MD5.336AF46BE480FCBAF7B06185E05DD72D] - [06/08/2017 16:05:14] - |A| - (.-.) - [22211] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D060131CD55776F1C058590263CFF30E] - [06/08/2017 16:05:14] - |A| - (.-.) - [168] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[18/03/2017 23:03:29] - |D| - [41940480] - C:\WINDOWS\ShellExperiences
[20/03/2017 07:11:09] - |D| - [3070736] - C:\WINDOWS\SKB
[04/04/2016 08:52:10] - |D| - [317750615] - C:\WINDOWS\SoftwareDistribution
[18/03/2017 23:03:29] - |D| - [86037185] - C:\WINDOWS\Speech
[18/03/2017 23:03:29] - |D| - [58890509] - C:\WINDOWS\Speech_OneCore
[MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 22:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe
[MD5.73654C359365BD32EDE84EF194AACC91] - [06/08/2017 16:06:16] - |A| - (.-.) - [530] - (0.0.0.0) - C:\WINDOWS\Synaptics.log
[MD5.C39E811D8D9A67815767BF5FAB244A04] - [06/08/2017 16:06:16] - |A| - (.-.) - [1058] - (0.0.0.0) - C:\WINDOWS\Synaptics.PD.log
[18/03/2017 23:03:29] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[18/03/2017 13:40:20] - |D| - [19581746752] - C:\WINDOWS\System32
[18/03/2017 23:03:29] - |D| - [191683612] - C:\WINDOWS\SystemApps
[18/03/2017 23:03:29] - |D| - [19464199] - C:\WINDOWS\SystemResources
[18/03/2017 13:40:24] - |D| - [1516570259] - C:\WINDOWS\SysWOW64
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\TAPI
[14/07/2009 05:20:14] - |D| - [220] - C:\WINDOWS\Tasks
[18/03/2017 23:03:29] - |D| - [2819682] - C:\WINDOWS\Temp
[18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\tracing
[MD5.7C7C6FCB29F30F4CA6EFBE88525BBCAA] - [04/04/2016 08:40:11] - |A| - (.-.) - [1313] - (0.0.0.0) - C:\WINDOWS\TSSysprep.log
[18/03/2017 23:03:29] - |D| - [2411743] - C:\WINDOWS\twain_32
[MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 22:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[18/03/2017 23:03:29] - |D| - [12420] - C:\WINDOWS\Vss
[18/03/2017 23:03:30] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.B31FFE3250040EE72E63CDA5A8A18EE6] - [14/07/2009 04:34:57] - |A| - (.-.) - [387] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 22:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [04/04/2016 08:52:10] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 22:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe
[18/03/2017 13:40:20] - |D| - [7197586608] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 22:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 22:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[06/05/2016 10:52:20] - C:\WINDOWS\Installer\1159628c.msi : (Intel(R) Biometric and Context Agent 2.0.146.0 - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/05/2016 10:52:20] - C:\WINDOWS\Installer\115962a2.msi : (Intel(R) Biometric and Context Agent Redistributables 2.0.146.0 - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2016 21:49:10] - C:\WINDOWS\Installer\131f95.msi : (Blank Project Template - Rivet Networks)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2016 16:45:10] - C:\WINDOWS\Installer\18709.msi : (Battery Calibration - Micro-Star International Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/05/2017 21:16:12] - C:\WINDOWS\Installer\1ed08e92.msi : (Help Desk - Micro-Star International Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/10/2015 17:37:24] - C:\WINDOWS\Installer\241a9482.msi : (OpenOffice 4.1.2 - OpenOffice)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2016 22:31:07] - C:\WINDOWS\Installer\291e11.msi : (Shortcut Manager - Micro-Star International Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/05/2016 23:06:01] - C:\WINDOWS\Installer\3288b6.msi : (League of Legends - Riot Games)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/10/2015 08:55:00] - C:\WINDOWS\Installer\351df4.msi : (Intel® RealSense™ SDK 2014 Runtime  (x64): Core - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/06/2017 14:57:54] - C:\WINDOWS\Installer\3a7bd2c.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/06/2017 14:59:59] - C:\WINDOWS\Installer\3a7bdc1.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/06/2017 15:00:06] - C:\WINDOWS\Installer\3a7be34.msi : (Apple Software Update Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/06/2017 15:02:34] - C:\WINDOWS\Installer\3a7be73.msi : (iCloud for Windows installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/06/2017 15:03:39] - C:\WINDOWS\Installer\3b2bdfb.msi : (Apple Mobile Device Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/08/2015 05:43:05] - C:\WINDOWS\Installer\454a995.msi : (Autodesk Pixlr - Autodesk)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2017 12:25:55] - C:\WINDOWS\Installer\4a2940d.msi : (Java SE Runtime Environment 8 Update 144 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2017 12:25:51] - C:\WINDOWS\Installer\4a29418.msi : (Java Auto Updater - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2016 15:40:18] - C:\WINDOWS\Installer\521682.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2016 16:48:49] - C:\WINDOWS\Installer\70f506.msi : ( - SCM)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2016 18:49:27] - C:\WINDOWS\Installer\70f50b.msi : (MSI Remind Manager - Micro-Star International Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/04/2017 23:03:17] - C:\WINDOWS\Installer\aed3942.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/04/2016 22:03:30] - C:\WINDOWS\Installer\e3876.msi : (Dragon Gaming Center - Micro-Star International Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/07/2017 20:09:02] - C:\WINDOWS\Installer\f394f.msi : (Skype - Skype Technologies S.A.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[18/03/2017 22:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[04/04/2016 13:21:32] - [2111006] - C:\WINDOWS\System32\PerfStringBackup.INI
[18/03/2017 22:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[18/03/2017 22:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[18/03/2017 22:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[18/03/2017 22:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 22:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.E5D7B16B4C8AECA217E8F5B1CFA5DC97] - |A| - [06/08/2017 17:00:44] - (.-.) - [553.78 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.FE8EEA12B6B9EC10315CA7B90EAB1548] - |A| - [14/05/2017 22:13:35] - (.-.) - [36 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup
[MD5.3BD9B691D74F02995EC03CBCBD66F04B] - |ASH| - [14/05/2017 21:30:10] - (.-.) - [36 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [14/05/2017 22:13:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG1
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [14/05/2017 22:13:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\boot.backup.LOG2
[MD5.00000000000000000000000000000000] - |D| - [18/08/2017 15:47:13] - [0 Ko] - C:\WINDOWS\Temp\970FB627-2FE3-4D1D-9E2B-C27C7A9FDE3C-Sigs
[MD5.0B76ED848EB26F2D6735EAFA264BCEB3] - |A| - [06/08/2017 16:07:30] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.A1223448CDB57F17AE3F6620855448F4] - |A| - [06/08/2017 16:07:31] - (.-.) - [0.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.AC18142BFABDCECD45F08614EC46F820] - |A| - [06/08/2017 16:12:52] - (.-.) - [28.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:12:52] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [18/08/2017 15:47:23] - [1756.11 Ko] - C:\WINDOWS\Temp\CR_199ED.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/08/2017 16:10:49] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/08/2017 16:10:49] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:05:31] - [0 Ko] - C:\WINDOWS\Temp\intel-gfx-installer-C3D9886E-5DDF-48BC-AD93-09E28F54964A
[MD5.534C592679FCB58741D3FF725CC6B858] - |A| - [06/08/2017 17:10:04] - (.-.) - [90.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.50A0C2C61BC34EF6DEB01EC93B97F4AF] - |A| - [06/08/2017 18:15:35] - (.-.) - [115.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [24/08/2017 21:46:13] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:14:23] - [20 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:05:51] - [738.43 Ko] - C:\WINDOWS\Temp\NvidiaLogging
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:05:43] - [0 Ko] - C:\WINDOWS\Temp\sefF481.tmp
[MD5.25C915542CA8694B7AC03DA977B097C1] - |A| - [06/08/2017 16:09:55] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\temCB6A.tmp
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [06/08/2017 16:09:55] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\temCD4F.tmp
[MD5.193E0F0877E3F6DA29FD4AC5E348D560] - |A| - [20/08/2017 16:59:47] - (.-.) - [1.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tpmE10E.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB601.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB632.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB653.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB674.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB695.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB6C6.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB6E8.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:36] - [0 Ko] - C:\WINDOWS\Temp\twB709.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:37] - [0 Ko] - C:\WINDOWS\Temp\twB73A.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:44] - [0 Ko] - C:\WINDOWS\Temp\twD62E.tmp
[MD5.00000000000000000000000000000000] - |D| - [20/08/2017 16:59:47] - [0 Ko] - C:\WINDOWS\Temp\twE10D.tmp
[MD5.DCD8FF5165C040F11B99E496BBED3D95] - |A| - [06/08/2017 16:09:53] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\wmsetup.log
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:02] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [0 Ko] - C:\WINDOWS\System32\040C
[MD5.1DF67CF7286D07FBA177BB6C356C19B7] - |AH| - [14/07/2009 06:45:49] - (.-.) - [13.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.1DF67CF7286D07FBA177BB6C356C19B7] - |AH| - [14/07/2009 06:45:49] - (.-.) - [13.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 22:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 22:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 22:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 22:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 22:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 22:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 22:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.4D6F7AD43E75C8A4C125416710888AF8] - |A| - [03/03/2016 12:41:36] - (.-.) - [115.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [2979.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 22:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [07/04/2016 00:44:32] - [0 Ko] - C:\WINDOWS\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |SD| - [20/03/2017 07:12:42] - [287.09 Ko] - C:\WINDOWS\System32\AppV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.46CC1ECAFCF05F1679E0FC983209BC21] - |A| - [03/03/2016 12:41:40] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 22:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [15/11/2016 23:31:08] - [1.59 Ko] - C:\WINDOWS\System32\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4546.61 Ko] - C:\WINDOWS\System32\Boot
[MD5.F7E457984E711DDBBB0BD7F0D8424D5F] - |A| - [24/02/2009 01:37:20] - (.Copyright(C) 2001-2009 Brother Industries, Ltd. - USB STI device accessing module for Brother MFC(for 64Bit).) - [49 Ko] - (2.0.7.0) - C:\WINDOWS\System32\BrUsi09a.dll
[MD5.CFB89F5FF4D93244C722B4C86152870E] - |A| - [07/04/2009 03:02:38] - (.Copyright (C) Brother Industries. 1996-2009 - Brother MFC WIA minidriver(for 64Bit).) - [1524 Ko] - (3.10.5.12) - C:\WINDOWS\System32\BrWia09b.dll
[MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 22:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 22:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp
[MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 22:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp
[MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 22:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [113910.04 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32476.45 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2959.17 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com
[MD5.0DD746F113CFD23A2652301D2D3A81E7] - |A| - [03/03/2016 12:41:58] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [327008.17 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration
[MD5.0E7CCD69215CA3615CDF824D81D82D1B] - |A| - [14/10/2016 02:42:30] - (.-.) - [547.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.A19B6B96ABEB39BA462BF5D8EDDE4E80] - |A| - [03/03/2016 12:50:24] - (.©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [299.5 Ko] - C:\WINDOWS\System32\da-DK
[MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 22:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:06:10] - [5896.91 Ko] - C:\WINDOWS\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs
[MD5.94280FDECE5459314FF8D3898609A671] - |A| - [03/03/2016 12:50:26] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.49F2BB54AB86968EEC87E7B09BC2466F] - |A| - [03/03/2016 12:50:26] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.15 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll
[MD5.8E3D08996BE4D2EA509EDECAF8947D33] - |A| - [03/03/2016 12:50:30] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.4F7AA15B639E931A721800C5EA2674D5] - |A| - [03/03/2016 12:50:34] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.67 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll
[MD5.271E067550BF452C777106AEC3806528] - |A| - [03/03/2016 12:50:36] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.79 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.26939D33A7436EA44CBA022FBA701B9E] - |A| - [03/03/2016 12:50:38] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.57 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll
[MD5.3875878B168ADB5D72D776F66982D762] - |A| - [03/03/2016 12:42:14] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.CB5A45B15171E4EF46D965B4076553F0] - |A| - [03/03/2016 12:42:22] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [338 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 22:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 23:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 22:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism
[MD5.E6C1B03EE20F6077C799A30D2E8C9BD3] - |A| - [03/03/2016 12:42:28] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [1035.65 Ko] - (0.6.2.30) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll
[MD5.4733FB229E0EB5725A91BE8B477FDAF0] - |A| - [03/03/2016 12:38:32] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2380.02 Ko] - (0.6.2.30) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll
[MD5.2595EA5682BFAD664B0B8BB0403FF7DC] - |A| - [03/03/2016 12:50:56] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5213.8 Ko] - (0.6.2.30) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:02:55] - [116268.8 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [15327770.17 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [159 Ko] - C:\WINDOWS\System32\dsc
[MD5.45B224D44BF5D6893AC790927C264635] - |A| - [03/03/2016 12:51:00] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.717FBB7BBA86B228076C935CDC862AE5] - |A| - [03/03/2016 12:51:02] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.7ED38DE232720561BE205DD90C3DAA71] - |A| - [03/03/2016 12:51:04] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.88B9EDC66EDF9E7A370541255A501DB3] - |A| - [03/03/2016 12:51:06] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.0AD826339D212887FC6BA19329CD8D1A] - |A| - [03/03/2016 12:51:08] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.2ADAA6D4F43994C6F875FE3DAC6533CE] - |A| - [03/03/2016 12:51:10] - (.(c) DTS. - DTS LFX APO.) - [247.92 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.8C6F48098C1C5DFFEFE1358A2D183DA5] - |A| - [03/03/2016 12:51:10] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.96 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.9172CD60067EC50163911BCEF1500373] - |A| - [03/03/2016 12:51:14] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.94314CD63FBA31A7C6868B42552E5041] - |A| - [03/03/2016 12:51:16] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.2FC34913CF6B11DEA369BAE59E0622B0] - |A| - [03/03/2016 12:51:20] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.D63006B4AEB63946F018AE330349F861] - |A| - [03/03/2016 12:51:24] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.B2F93B88A6B3FB421813C66A57BD46BE] - |A| - [03/03/2016 12:51:26] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.B331D6BF0B64E2F25AFB547587575720] - |A| - [03/03/2016 12:51:28] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.D21C11A3135BAB8E83B4996F0F73A469] - |A| - [03/03/2016 12:51:30] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.1082590982F746AF0AC0A6F0EAA05A53] - |A| - [03/03/2016 12:51:32] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.72 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.B438E6C7A6C395E0C2B31E80112C3ACE] - |A| - [06/08/2017 17:00:33] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [334.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.065773B6A7E8BC02526176677AD5ECD6] - |A| - [04/04/2016 13:14:41] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:02] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2175 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [327 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [28452.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.8F9E4272CB860975AC0F59A4A5D939CC] - |A| - [06/08/2017 16:04:53] - (.-.) - [408.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:02] - [3489.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [46343.53 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 22:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [06/08/2017 16:05:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.9B4BE9FE0D2E487A3710B771E7ADFE81] - |A| - [03/03/2016 12:42:36] - (.(c) 2016 Harman. - Harman APO Interface.) - [150.75 Ko] - (1.2.0.0) - C:\WINDOWS\System32\HarmanAudioInterface.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 22:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.19B11E77D05D8F0B224644D7E65181D4] - |A| - [03/03/2016 12:42:50] - (.© 2016 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [362.15 Ko] - (0.6.3.44) - C:\WINDOWS\System32\HiFiDAX2API.dll
[MD5.028F4D3A763641B95BC5DBC8EF43224A] - |A| - [03/03/2016 12:51:46] - (.© Harman. - Audio by Harman APO.) - [351.91 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMClariFi.dll
[MD5.91348E503FA51256410FBC6E541B9FD3] - |A| - [03/03/2016 12:51:48] - (.© Harman. - Audio by Harman APO.) - [186.46 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ.dll
[MD5.FCF940E516EBD0D49041673264EA8EF2] - |A| - [03/03/2016 12:51:50] - (.© Harman. - Audio by Harman APO.) - [186.46 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMEQ_Voice.dll
[MD5.865E620A504C466863C646755582D7F9] - |A| - [03/03/2016 12:51:50] - (.© Harman. - Audio by Harman APO.) - [199.07 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMHVS.dll
[MD5.BDAFE2F60C6540AD1A94BC1EDE1E436C] - |A| - [03/03/2016 12:51:52] - (.© Harman. - Audio by Harman APO.) - [175.39 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMLimiter.dll
[MD5.CDDB2CCEDF5FD7B002EC5AF6719D369C] - |A| - [03/03/2016 12:42:52] - (.?Harman. - Audio by Harman APO UI.) - [406.75 Ko] - (1.4.0.0) - C:\WINDOWS\System32\HMUI.dll
[MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 22:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [309.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.9D50BBD777C5BB9D2F348404F43A863C] - |A| - [18/03/2017 22:59:04] - (.-.) - [88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hvsievaluator.exe
[MD5.05D356275A90F5F8CEDA076FEFF03430] - |A| - [18/03/2017 22:59:04] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hvsigpext.dll
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:12:42] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 22:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.99F65EBA79FBA4D6B6F2491F051DA8F1] - |A| - [03/03/2016 12:51:54] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [460.28 Ko] - (1.0.0.19) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.CED8D247E52C4E8F9F8A7DF30B22B723] - |A| - [01/11/2016 23:05:54] - (.-.) - [265.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 22:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [25850.67 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 22:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.D496F7C90AAFE7D3234F5EAC6503E15E] - |A| - [01/11/2016 23:05:56] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [111.01 Ko] - (2.1.0.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.28B8B654FA25578D84A136FA099886EE] - || - [22/03/2017 21:48:33] - (.-.) - [181.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [331 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [240 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.5D2E30A69B250614AE75A492268511CF] - |A| - [03/03/2016 12:52:16] - (.© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [237.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 22:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses
[MD5.10DA7720D2B8A683930DF25B9CAE4AA0] - |A| - [18/03/2017 22:59:09] - (.-.) - [30 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LockdownUtil.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [29519.73 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [29887.32 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [18/03/2017 22:59:55] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\WINDOWS\System32\manifeststore
[MD5.7435831EB0EAE994D3728449BB2C740C] - |A| - [03/03/2016 12:52:28] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.048335F8ED9FA49C828EEF6734DD552D] - |A| - [03/03/2016 12:52:28] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.DE75C669E9B83A031720D87CD17EFAA8] - |A| - [03/03/2016 12:52:32] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.0332573D381BAE6E97E6E275DDB30EA6] - |A| - [03/03/2016 12:52:36] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1183.44 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.37FADAF268389B1C026866235EAB1EC3] - |A| - [03/03/2016 12:52:40] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.1B72224FA5DBBFFB9C9567A29125FE42] - |A| - [03/03/2016 12:52:44] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll
[MD5.A262E0D24F7B1EE795F23E445D061F9F] - |A| - [03/03/2016 12:42:58] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.AABE89D01F0F9DC6A222C6A55C28492E] - |A| - [03/03/2016 12:43:02] - (.Copyright © 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.5961008FAE63C19C625EA4368CB4BA0D] - |A| - [03/03/2016 12:43:24] - (.Copyright © 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.C151372EA254FA645E3FE989B999B9D4] - |A| - [03/03/2016 12:52:52] - (.© Waves Audio Ltd. - MaxxSpeech APO.) - [1303.11 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.94C907C512E6CBBB2F6D0C52D1FB1802] - |A| - [03/03/2016 12:52:54] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.51944723518BA291D93D1E08B07FDA86] - |A| - [03/03/2016 12:53:16] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.C56D02C4EBABD3950FAC79BB7A3C482C] - |A| - [03/03/2016 12:53:34] - (.© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll
[MD5.AF7BD5C899579C455569E4EADD76E910] - |A| - [03/03/2016 12:53:36] - (.© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.FFED99DB5805637345A0FCF68BB0F99F] - |A| - [06/08/2017 17:00:43] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 22:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:56:37] - [1110.47 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [6713.86 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [47457.11 Ko] - C:\WINDOWS\System32\migwiz
[MD5.CD3C34CEFB33ABA62E09CB0D9C88C6DF] - |A| - [03/03/2016 12:54:10] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.62C4DD7352B1DCC9869816B496F72548] - |A| - [03/03/2016 12:43:28] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll
[MD5.825448F62B8CFA1A6681A0C0DDB1D37A] - |A| - [03/03/2016 12:54:26] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5642.29 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll
[MD5.317511EBBCBAD875380E7B1E28D5546E] - |A| - [03/03/2016 12:54:34] - (.Copyright © 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [6194.65 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV3apo.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [294.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.6D3B08C2DAFEE45F5A907C1232233B92] - |A| - [06/08/2017 16:04:54] - (.-.) - [39.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 22:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [68 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [316 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.A1AEDB9202950B42A3FAFBA2CFFB8B2F] - |A| - [18/05/2017 04:34:40] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nv-vk64.json
[MD5.188012B5553C42539C85397B89D83C28] - |A| - [06/08/2017 16:05:58] - (.-.) - [7758.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.B9B60FBDA0904BF9D649E4C8556B43EE] - |A| - [18/05/2017 04:34:42] - (.-.) - [44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 23:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 22:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [13183.45 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 22:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.9783B5372423A9DBCFEBC104FA61A29A] - |A| - [18/03/2017 23:05:34] - (.-.) - [170.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.7D418ABFC9BC0285A7430991F1D4C619] - |A| - [20/03/2017 07:10:06] - (.-.) - [191.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 23:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 07:10:06] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.B23566A6B13BFD47CDF59529D953756A] - |A| - [18/03/2017 23:05:34] - (.-.) - [758.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.C5D0E4C450FCA4834111B390E9D4C0B3] - |A| - [20/03/2017 07:10:06] - (.-.) - [942.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.0F92EC12AE8F28AEE985840D4000288A] - |A| - [04/04/2016 13:21:32] - (.-.) - [2061.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314.5 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:03] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 22:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [316.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.4FA53BC4B0857460C4C4B9D9CDE21596] - |A| - [03/03/2016 12:54:34] - (.©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.06 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.7752AFBDE3C90A0F5092906B0BA9AFAA] - |A| - [03/03/2016 12:54:46] - (.©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.8E5367E602BF1F7C53A083FD5D1FC476] - |A| - [03/03/2016 12:54:58] - (.©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.64 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.AEBA257FB679C4B6AEDD3E05647ADC89] - |A| - [03/03/2016 12:55:00] - (.©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.1D966974472D1C176344802F54C697BA] - |A| - [03/03/2016 12:43:46] - (.©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.DF98B824D9FA64358198283A97F453E3] - |A| - [18/03/2017 22:59:08] - (.Copyright (C) 2009 - RemoteFX Helper.) - [104 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [2.09 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 22:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\System32\restore
[MD5.DD1359DE947749BEA4FB1302E0651877] - |A| - [03/03/2016 12:55:28] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.9AF775AC1E0FC7BBA5E61BC67E302CBB] - |A| - [03/03/2016 12:55:30] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.D2E202E4BFABBE7E86210512A82999E7] - |A| - [12/11/2015 10:33:16] - (.Copyright (C) 2014 - RtCRX.) - [89.75 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.C42B93CE1F5F4374A856DB8EC2069848] - |A| - [03/03/2016 12:38:36] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.882907BD01EE99DEB7FFF049BAB938BE] - |A| - [03/03/2016 12:55:50] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.32EDD45786C848BD6A51BAF04C26DCDB] - |A| - [03/03/2016 12:55:52] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.39 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.83ADC13711E7E8A93347F0BF1CF81F7F] - |A| - [03/03/2016 12:55:58] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 22:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 22:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.EF1060B3048BFB692F380B9B337E5E36] - |A| - [03/03/2016 12:56:20] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.25 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.EF9CD33B2590F2BFF210E826FFFFEFE3] - |A| - [03/03/2016 12:56:22] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.48F982F1A321FDACA27F3B86E202EAAE] - |A| - [03/03/2016 12:56:26] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.4A4C37674A4D940F567B2143BD68C079] - |A| - [03/03/2016 12:56:34] - (.Copyright (C) 2015 DTS, Inc. - DTS Universal APO DLL.) - [998.9 Ko] - (3.5.3.1) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.BF6B15571DF7186E179D796FCA55CC9D] - |A| - [03/03/2016 12:56:38] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Controller DLL.) - [1298.9 Ko] - (3.5.3.1) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:04:54] - [5332.99 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:03] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.723D7C639DB0B1F2A31873A6E4F638B5] - |A| - [03/03/2016 12:45:28] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.97A36139C64E0C0FA89BAF8933228DBB] - |A| - [03/03/2016 12:56:52] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Technology DLL.) - [1898.06 Ko] - (3.5.3.1) - C:\WINDOWS\System32\sltech64.dll
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 22:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:20] - [15857.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 22:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [11677.73 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [134714 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [8884.71 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.2E1DB8EBFDDB4C55B3ED58D9EF6BB51E] - |A| - [03/03/2016 12:56:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.21 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.78B4F1473F510F8066FB36F7C21BD717] - |A| - [03/03/2016 12:56:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.BAF68F1F7238B7E8A246F338842B0400] - |A| - [03/03/2016 12:57:00] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 22:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.16ADD4558028D32DCF62E043658FBB2B] - |A| - [03/03/2016 12:57:02] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.51 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.71AC1BEB84D17A53720A09CCC4960C17] - |A| - [03/03/2016 12:57:04] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.964DA683E178864E6C9E5A5ABF597895] - |A| - [03/03/2016 12:57:06] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.22651B3DBAF9689BC01B220EBAF84F2D] - |A| - [03/03/2016 12:57:06] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.20805D8C2C959E8C4AE5C0FB670D0E4C] - |A| - [03/03/2016 12:57:08] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4824 Ko] - C:\WINDOWS\System32\sru
[MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 22:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [300.5 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [18/03/2017 22:59:03] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
[MD5.69CD5F41D3CE32416D53230E40C2A801] - |A| - [05/12/2016 00:07:58] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [793.56 Ko] - (19.3.4.184) - C:\WINDOWS\System32\SynCOM.dll
[MD5.50B6B8AF7E648CDE3F7BF2E1BEC4A20E] - |A| - [05/12/2016 00:08:18] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynTPAPI.) - [281.06 Ko] - (19.3.4.184) - C:\WINDOWS\System32\SynTPAPI.dll
[MD5.98329675A2D21E744A0CE110A324BE7A] - |A| - [08/09/2015 07:34:04] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [262.7 Ko] - (19.0.22.0) - C:\WINDOWS\System32\SynTPCo36.dll
[MD5.EFAE204A0CA48CE11CD93FAA6145975C] - |A| - [05/12/2016 00:08:20] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [338.59 Ko] - (19.3.4.57) - C:\WINDOWS\System32\SynTPCo50-7.dll
[MD5.3D9F56827B318F21455671A0BAF771D4] - |A| - [16/05/2017 23:55:42] - (.Copyright (C) Synaptics Incorporated 1996-2017 - Synaptics Pointing Device Driver Co-Installer.) - [345.05 Ko] - (19.3.4.184) - C:\WINDOWS\System32\SynTPCo50-8.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:22] - [1596.28 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [906.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 22:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 22:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 22:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [18/03/2017 22:59:03] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
[MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [18/03/2017 22:59:04] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [10/07/2017 11:22:37] - [2199.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [09/09/2016 20:25:10] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1-1-0-26-0.dll
[MD5.8140DA331F52518CC5FF25E69093BC5C] - |A| - [25/04/2017 18:55:07] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [255.78 Ko] - (1.0.26.0) - C:\WINDOWS\System32\vulkan-1.dll
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [09/09/2016 20:24:38] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo-1-1-0-26-0.exe
[MD5.61DA784EB8C8E133EB3BB4AFBDD66758] - |A| - [25/04/2017 18:55:07] - (.-.) - [122.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\vulkaninfo.exe
[MD5.0F47FA03985F4988A7F4931D46F4A9CA] - |A| - [03/03/2016 12:45:34] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [90143.02 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:03] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [128569.96 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 22:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [76166.45 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 22:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [10527.82 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [81168 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.58 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:03] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 22:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 22:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [06/08/2017 17:00:35] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 22:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 22:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 22:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 13:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [04/04/2016 10:05:43] - [2109.27 Ko] - C:\WINDOWS\SysWOW64\Atheros_L1e
[MD5.00000000000000000000000000000000] - |D| - [15/11/2016 23:31:09] - [1.59 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot2
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [13.43 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.5E7C8AD13A4CFDC0A89219DB8942E378] - |A| - [22/01/2016 13:41:04] - (.Copyright ©  2012 - DeviceCount.) - [244.5 Ko] - (1.0.2.1) - C:\WINDOWS\SysWOW64\DeviceCount.exe
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 22:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 22:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.2EEE3859AA2A57E80B6CC03DF62F37A3] - |A| - [01/11/2016 23:05:54] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [102.02 Ko] - (2.1.0.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [305 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [222.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.43A814814843B7F3E46DE8B46E422A8E] - |A| - [01/11/2016 23:05:56] - (.-.) - [138.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libEGL.dll
[MD5.32FB4F03748E617D51EFBC0496E4D2D5] - |A| - [01/11/2016 23:05:56] - (.-.) - [99.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
[MD5.1C79384B8FFD8963302D4483EFDE734D] - |A| - [01/11/2016 23:05:56] - (.-.) - [109.51 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\libGLESv2.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [79.18 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [224.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [24345.97 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\manifeststore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [3042.39 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.71C6748EE8DE938532057EF10B4B7E44] - |A| - [09/07/2009 15:54:42] - (.Copyright (C) Micro-Star International Co., Ltd. - MSI SCM Service.) - [157 Ko] - (1.0.10.0) - C:\WINDOWS\SysWOW64\MSIService.exe
[MD5.B2E936ECBAF883ADA4862F8777E5A24C] - |A| - [15/04/2011 17:26:46] - (.Copyright (C) Micro-Star International Co., Ltd. - MSIWmiAcpi Dynamic Link Library.) - [1561 Ko] - (1.0.11.0) - C:\WINDOWS\SysWOW64\MSIWmiAcpi.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 23:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.83B77B03667AF77E0BA3E093EF4831F6] - |A| - [18/05/2017 04:34:40] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\nv-vk32.json
[MD5.78B4F1473F510F8066FB36F7C21BD717] - |A| - [03/03/2016 12:56:58] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 22:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.C3EC334F0708F6A4C8CA7232347AD3C6] - |A| - [16/05/2017 23:55:26] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [426.05 Ko] - (19.3.4.184) - C:\WINDOWS\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:04] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [18/03/2017 22:59:09] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.4B0C0A8C960AF22761FB6A25D8A50DF2] - |A| - [16/04/2016 14:48:19] - (.Copyright © 2000-3 ON2 Technologies - VP6 VIDEO FOR WINDOWS CODEC.) - [437.26 Ko] - (6.0.6.4) - C:\WINDOWS\SysWOW64\vp6vfw.dll
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [09/09/2016 20:25:58] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1-1-0-26-0.dll
[MD5.2F28B023406F83D17ACE4294E2510F44] - |A| - [25/04/2017 18:55:07] - (.Copyright (C) 2015-2016 - Vulkan Loader.) - [263.28 Ko] - (1.0.26.0) - C:\WINDOWS\SysWOW64\vulkan-1.dll
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [09/09/2016 20:25:28] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-26-0.exe
[MD5.6448CF3F64B96B8C72A9D5905F7C07B0] - |A| - [25/04/2017 18:55:07] - (.-.) - [108.28 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [17440.97 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:04] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 22:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [8884.75 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [4753.59 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 07:10:04] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.CBEF4A9CBE10E64555B5B250B0811564] - |A| - [19/03/2008 15:06:50] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WmiAcpi.bat
[MD5.900C8C6BF827F5CFDF4483E343F4669C] - |A| - [24/01/2011 14:49:56] - (.-.) - [1.7 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\wmiacpi.reg
[MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [06/08/2017 17:01:03] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [06/08/2017 16:54:42] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Nina\AppData\Roaming   [06/08/2017 16:07:43]
"Local AppData"=C:\Users\Nina\AppData\Local   [06/08/2017 16:07:43]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Libraries   [04/04/2016 09:08:48]
"My Video"=C:\Users\Nina\Videos   [04/04/2016 09:08:40]
"My Pictures"=C:\Users\Nina\Pictures   [04/04/2016 09:08:40]
"Desktop"=C:\Users\Nina\Desktop   [04/04/2016 09:08:40]
"History"=C:\Users\Nina\AppData\Local\Microsoft\Windows\History   [04/04/2016 09:08:40]
"NetHood"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [06/08/2017 16:07:43]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Nina\Contacts   [04/04/2016 09:08:42]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Nina\AppData\Local\Microsoft\Windows\RoamingTiles   [04/04/2016 13:22:13]
"Cookies"=C:\Users\Nina\AppData\Local\Microsoft\Windows\INetCookies   [04/04/2016 09:08:40]
"Favorites"=C:\Users\Nina\Favorites   [04/04/2016 09:08:40]
"SendTo"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\SendTo   [04/04/2016 13:13:13]
"Start Menu"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu   [04/04/2016 13:13:13]
"My Music"=C:\Users\Nina\Music   [04/04/2016 09:08:40]
"Programs"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [04/04/2016 13:13:13]
"Recent"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Recent   [04/04/2016 09:08:40]
"CD Burning"=C:\Users\Nina\AppData\Local\Microsoft\Windows\Burn\Burn   [06/08/2017 16:15:53]
"PrintHood"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [06/08/2017 16:07:43]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Nina\Searches   [04/04/2016 09:08:48]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Nina\Downloads   [04/04/2016 09:08:40]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Nina\AppData\LocalLow   [04/04/2016 09:08:40]
"Startup"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [04/04/2016 09:08:48]
"Administrative Tools"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [04/04/2016 09:08:48]
"Personal"=C:\Users\Nina\Documents   [04/04/2016 09:08:40]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Nina\Links   [04/04/2016 09:08:40]
"Cache"=C:\Users\Nina\AppData\Local\Microsoft\Windows\INetCache   [06/08/2017 16:07:43]
"Templates"=C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Templates   [06/08/2017 16:07:43]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Nina\Saved Games   [04/04/2016 09:08:40]
"Fonts"=C:\WINDOWS\Fonts   [18/03/2017 23:03:29]

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache   
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=C:\Users\Nina\OneDrive\Images   
"{767E6811-49CB-4273-87C2-20F355E1085B}"=C:\Users\Nina\OneDrive\Images\Pellicule   
"{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"=C:\Users\Nina\OneDrive\Musique   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 23:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 23:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 23:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 23:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 23:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 23:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 23:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 23:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 23:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 23:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [Administrateur]

[13/02/2016 15:16:17] - |D| - [1434877076] - C:\Users\Administrateur\AppData\Local
[13/02/2016 15:16:17] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow
[13/02/2016 15:16:17] - |D| - [158913] - C:\Users\Administrateur\AppData\Roaming
[13/02/2016 15:18:40] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync
[13/02/2016 15:16:17] - |SHD| - [1307499500] - C:\Users\Administrateur\AppData\Local\Application Data
[13/02/2016 15:16:17] - |SHD| - [130] - C:\Users\Administrateur\AppData\Local\Historique
[13/02/2016 15:23:18] - |AH| - [3368] - C:\Users\Administrateur\AppData\Local\IconCache.db
[13/02/2016 15:16:17] - |D| - [112982044] - C:\Users\Administrateur\AppData\Local\Microsoft
[13/02/2016 15:16:26] - |D| - [3308258] - C:\Users\Administrateur\AppData\Local\Packages
[13/02/2016 15:16:17] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp
[13/02/2016 15:16:17] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files
[13/02/2016 15:16:24] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer
[13/02/2016 15:20:46] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe
[13/02/2016 15:16:17] - |SD| - [158913] - C:\Users\Administrateur\AppData\Roaming\Microsoft
[13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[13/02/2016 15:16:17] - |SHD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[13/02/2016 15:16:17] - |RD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[13/02/2016 15:16:17] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[13/02/2016 15:16:17] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[13/02/2016 15:20:48] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/02/2016 15:16:17] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[13/02/2016 15:22:01] - |A| - [2405] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[13/02/2016 15:20:48] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[13/02/2016 15:16:17] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[13/02/2016 15:16:17] - |RSD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[13/02/2016 15:20:48] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Nina]

[06/08/2017 16:07:43] - |D| - [6718541341] - C:\Users\Nina\AppData\Local
[04/04/2016 09:08:40] - |D| - [165657537] - C:\Users\Nina\AppData\LocalLow
[27/07/2017 13:20:32] - |A| - [207522] - C:\Users\Nina\AppData\Localtransition_a5a65d797fbddea7cd640f9aeea2fb9a.ini
[06/08/2017 16:07:43] - |D| - [2788549547] - C:\Users\Nina\AppData\Roaming
[17/05/2016 20:36:22] - |D| - [236544] - C:\Users\Nina\AppData\Local\A1A0B052-3EBA-4AC7-ABA3-C35F4A11D4BF.aplzod
[04/04/2016 13:24:13] - |D| - [0] - C:\Users\Nina\AppData\Local\ActiveSync
[18/04/2016 18:44:32] - |D| - [10742015] - C:\Users\Nina\AppData\Local\Adobe
[27/07/2017 13:20:19] - |D| - [2983402596] - C:\Users\Nina\AppData\Local\Ankama
[04/04/2016 23:16:13] - |D| - [0] - C:\Users\Nina\AppData\Local\Apple
[04/04/2016 23:16:46] - |D| - [7620009] - C:\Users\Nina\AppData\Local\Apple Computer
[17/05/2016 20:36:10] - |D| - [310272] - C:\Users\Nina\AppData\Local\Apple Inc
[06/08/2017 16:07:43] - |SHD| - [72433128151] - C:\Users\Nina\AppData\Local\Application Data
[02/08/2016 11:13:23] - |D| - [6513353] - C:\Users\Nina\AppData\Local\Autodesk
[04/04/2016 22:51:48] - |D| - [6430691] - C:\Users\Nina\AppData\Local\CEF
[14/12/2016 18:52:31] - |D| - [40] - C:\Users\Nina\AppData\Local\Chromium
[04/04/2016 13:39:08] - |D| - [127031826] - C:\Users\Nina\AppData\Local\Comms
[06/08/2017 16:14:26] - |D| - [1113144] - C:\Users\Nina\AppData\Local\ConnectedDevicesPlatform
[08/04/2016 21:25:48] - |D| - [215139941] - C:\Users\Nina\AppData\Local\CrashDumps
[08/05/2016 21:53:01] - |D| - [40] - C:\Users\Nina\AppData\Local\Crashpad
[12/03/2017 21:46:08] - |D| - [0] - C:\Users\Nina\AppData\Local\CrashRpt
[21/08/2017 14:06:58] - |D| - [0] - C:\Users\Nina\AppData\Local\DBG
[17/04/2016 22:39:24] - |A| - [3584] - C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[04/04/2016 09:10:27] - |D| - [0] - C:\Users\Nina\AppData\Local\Diagnostics
[05/07/2016 21:48:51] - |A| - [0] - C:\Users\Nina\AppData\Local\Driver_AR8171Present.flag
[11/09/2016 15:12:57] - |D| - [1526] - C:\Users\Nina\AppData\Local\Electronic Arts
[05/07/2016 21:26:43] - |D| - [0] - C:\Users\Nina\AppData\Local\ElevatedDiagnostics
[02/08/2016 11:12:36] - |D| - [1827740] - C:\Users\Nina\AppData\Local\fontconfig
[04/04/2016 10:07:42] - |A| - [57560] - C:\Users\Nina\AppData\Local\GDIPFONTCACHEV1.DAT
[02/08/2016 11:12:32] - |D| - [660] - C:\Users\Nina\AppData\Local\gegl-0.2
[04/04/2016 16:29:11] - |D| - [941145824] - C:\Users\Nina\AppData\Local\Google
[06/08/2017 16:07:43] - |SHD| - [580] - C:\Users\Nina\AppData\Local\Historique
[06/08/2017 18:53:26] - |AH| - [88173] - C:\Users\Nina\AppData\Local\IconCache.db
[17/07/2017 19:39:48] - |D| - [328] - C:\Users\Nina\AppData\Local\iMobie_Inc
[05/04/2016 00:46:18] - |D| - [1636] - C:\Users\Nina\AppData\Local\Micro-Star_International_
[06/08/2017 16:07:43] - |D| - [967697948] - C:\Users\Nina\AppData\Local\Microsoft
[04/04/2016 15:22:27] - |D| - [90392] - C:\Users\Nina\AppData\Local\Microsoft Help
[04/04/2016 15:21:21] - |D| - [79107] - C:\Users\Nina\AppData\Local\MicrosoftEdge
[04/04/2016 18:51:59] - |D| - [558] - C:\Users\Nina\AppData\Local\MSI
[04/04/2016 16:33:11] - |D| - [838] - C:\Users\Nina\AppData\Local\MSIOnlineRegister
[04/04/2016 13:31:11] - |D| - [0] - C:\Users\Nina\AppData\Local\NetworkTiles
[04/04/2016 13:43:32] - |D| - [191200564] - C:\Users\Nina\AppData\Local\NVIDIA
[05/04/2016 21:34:25] - |D| - [1656125] - C:\Users\Nina\AppData\Local\NVIDIA Corporation
[08/05/2016 21:53:04] - |D| - [19856607] - C:\Users\Nina\AppData\Local\nw
[05/04/2016 18:15:12] - |D| - [80624804] - C:\Users\Nina\AppData\Local\Origin
[04/04/2016 13:22:13] - |D| - [300452586] - C:\Users\Nina\AppData\Local\Packages
[04/04/2016 15:17:16] - |D| - [0] - C:\Users\Nina\AppData\Local\PeerDistRepub
[17/04/2016 22:17:20] - |D| - [0] - C:\Users\Nina\AppData\Local\Programs
[04/04/2016 13:22:19] - |D| - [272246] - C:\Users\Nina\AppData\Local\Publishers
[12/03/2017 21:44:23] - |D| - [7919066] - C:\Users\Nina\AppData\Local\RapidSolution
[22/11/2016 21:47:00] - |A| - [7601] - C:\Users\Nina\AppData\Local\Resmon.ResmonCfg
[28/07/2016 14:16:31] - |D| - [822] - C:\Users\Nina\AppData\Local\SCM_Notice
[11/06/2017 21:18:00] - |D| - [940] - C:\Users\Nina\AppData\Local\speech
[24/01/2017 21:35:40] - |D| - [593253800] - C:\Users\Nina\AppData\Local\Spotify
[04/04/2016 22:51:47] - |D| - [113017747] - C:\Users\Nina\AppData\Local\Steam
[04/04/2016 20:42:29] - |D| - [39] - C:\Users\Nina\AppData\Local\TeamViewer
[06/08/2017 16:07:43] - |D| - [111605102] - C:\Users\Nina\AppData\Local\Temp
[06/08/2017 16:07:43] - |SHD| - [389997787] - C:\Users\Nina\AppData\Local\Temporary Internet Files
[04/04/2016 13:22:13] - |D| - [12345344] - C:\Users\Nina\AppData\Local\TileDataLayer
[18/04/2016 19:13:35] - |D| - [16630333] - C:\Users\Nina\AppData\Local\tkdata
[10/07/2017 13:03:30] - |D| - [0] - C:\Users\Nina\AppData\Local\UNP
[04/04/2016 09:08:41] - |D| - [0] - C:\Users\Nina\AppData\Local\VirtualStore
[21/10/2016 14:58:14] - |D| - [2873] - C:\Users\Nina\AppData\Local\WBFSManager
[24/08/2017 21:36:49] - |D| - [158397] - C:\Users\Nina\AppData\Local\ZHP
[18/04/2016 17:57:37] - |A| - [0] - C:\Users\Nina\AppData\Local\{DA55DE18-EC50-47C6-AF78-AC6C20F9C380}
[18/04/2016 18:53:38] - |D| - [84532] - C:\Users\Nina\AppData\LocalLow\Adobe
[28/06/2017 19:59:06] - |D| - [94349] - C:\Users\Nina\AppData\LocalLow\DryGin Studios
[02/03/2017 13:13:02] - |D| - [115164717] - C:\Users\Nina\AppData\LocalLow\JutsuGames
[04/04/2016 09:45:14] - |D| - [511823] - C:\Users\Nina\AppData\LocalLow\Microsoft
[04/04/2016 23:20:53] - |D| - [49786880] - C:\Users\Nina\AppData\LocalLow\Oracle
[05/04/2016 00:28:35] - |D| - [0] - C:\Users\Nina\AppData\LocalLow\Smartly Dressed Games
[04/04/2016 23:46:24] - |D| - [15236] - C:\Users\Nina\AppData\LocalLow\Sun
[18/05/2016 18:25:20] - |D| - [285022647] - C:\Users\Nina\AppData\Roaming\.minecraft
[04/04/2016 13:22:13] - |D| - [9573] - C:\Users\Nina\AppData\Roaming\Adobe
[11/08/2017 14:31:07] - |D| - [0] - C:\Users\Nina\AppData\Roaming\AnkamaCertificates
[11/08/2017 14:30:25] - |D| - [5115] - C:\Users\Nina\AppData\Roaming\app
[04/04/2016 23:16:46] - |D| - [1443007821] - C:\Users\Nina\AppData\Roaming\Apple Computer
[10/07/2017 12:40:06] - |D| - [5350] - C:\Users\Nina\AppData\Roaming\Arc
[10/07/2017 12:42:10] - |D| - [0] - C:\Users\Nina\AppData\Roaming\ArcApp
[17/04/2016 22:17:58] - |D| - [18310] - C:\Users\Nina\AppData\Roaming\Audacity
[02/08/2016 11:11:11] - |D| - [3167] - C:\Users\Nina\AppData\Roaming\Autodesk
[10/08/2016 20:14:22] - |RD| - [0] - C:\Users\Nina\AppData\Roaming\Brother
[08/05/2016 21:28:52] - |D| - [1779474] - C:\Users\Nina\AppData\Roaming\com.freakinware.wormis
[09/05/2016 21:37:36] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Curse
[09/05/2016 21:38:02] - |AD| - [387912257] - C:\Users\Nina\AppData\Roaming\Curse Client
[11/08/2017 14:30:23] - |A| - [113] - C:\Users\Nina\AppData\Roaming\D2Info0
[18/08/2017 17:24:40] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Daum
[27/03/2017 18:41:29] - |D| - [16163] - C:\Users\Nina\AppData\Roaming\DeepBurner
[11/08/2017 14:30:23] - |D| - [1106382] - C:\Users\Nina\AppData\Roaming\Dofus
[11/08/2017 14:30:23] - |A| - [8] - C:\Users\Nina\AppData\Roaming\DofusAppId0_1
[06/06/2016 21:28:28] - |D| - [203] - C:\Users\Nina\AppData\Roaming\dvdcss
[25/08/2016 20:47:07] - |D| - [0] - C:\Users\Nina\AppData\Roaming\EncryptStick
[21/12/2016 20:08:02] - |D| - [22761639] - C:\Users\Nina\AppData\Roaming\Guild Wars 2
[04/04/2016 09:08:43] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Identities
[17/07/2017 19:39:48] - |D| - [335988] - C:\Users\Nina\AppData\Roaming\iMobie
[05/04/2016 00:11:48] - |D| - [0] - C:\Users\Nina\AppData\Roaming\java
[05/04/2016 13:26:19] - |D| - [0] - C:\Users\Nina\AppData\Roaming\LolClient
[05/04/2016 13:26:43] - |D| - [1549] - C:\Users\Nina\AppData\Roaming\Macromedia
[04/04/2016 09:08:40] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Media Center Programs
[27/04/2017 17:39:35] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Mediatronic
[06/08/2017 16:07:43] - |SD| - [7066064] - C:\Users\Nina\AppData\Roaming\Microsoft
[12/03/2017 21:24:38] - |D| - [241111521] - C:\Users\Nina\AppData\Roaming\Nero
[03/07/2016 19:06:09] - |D| - [0] - C:\Users\Nina\AppData\Roaming\NVIDIA
[08/08/2016 15:17:37] - |D| - [12347065] - C:\Users\Nina\AppData\Roaming\OpenOffice
[05/04/2016 18:15:15] - |D| - [36736] - C:\Users\Nina\AppData\Roaming\Origin
[11/08/2017 14:30:25] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Reg
[08/05/2016 21:16:34] - |D| - [175810] - C:\Users\Nina\AppData\Roaming\RenPy
[04/04/2016 23:50:37] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Riot Games
[04/04/2016 23:31:39] - |D| - [103620435] - C:\Users\Nina\AppData\Roaming\Skype
[24/01/2017 21:32:07] - |D| - [158239548] - C:\Users\Nina\AppData\Roaming\Spotify
[04/04/2016 23:46:24] - |D| - [0] - C:\Users\Nina\AppData\Roaming\Sun
[04/04/2016 10:10:09] - |D| - [414015] - C:\Users\Nina\AppData\Roaming\TeamViewer
[06/06/2017 22:12:33] - |D| - [948] - C:\Users\Nina\AppData\Roaming\Twitch
[27/11/2016 11:17:22] - |D| - [57893974] - C:\Users\Nina\AppData\Roaming\ultrastardx
[02/07/2016 21:30:19] - |D| - [39203746] - C:\Users\Nina\AppData\Roaming\uTorrent
[14/05/2016 10:08:05] - |D| - [8245581] - C:\Users\Nina\AppData\Roaming\vlc
[13/04/2016 21:43:29] - |D| - [10906060] - C:\Users\Nina\AppData\Roaming\Wargaming.net
[17/05/2016 20:14:07] - |D| - [4202914] - C:\Users\Nina\AppData\Roaming\WindSolutions
[06/04/2016 20:15:54] - |D| - [12] - C:\Users\Nina\AppData\Roaming\WinRAR
[24/08/2017 21:36:49] - |D| - [3099359] - C:\Users\Nina\AppData\Roaming\ZHP
[04/04/2016 09:08:48] - |ASH| - [174] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[27/07/2017 13:20:29] - |A| - [1117] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Dofus.lnk
[06/08/2017 16:07:43] - |SHD| - [37291] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[04/04/2016 13:13:13] - |RD| - [37291] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[06/08/2017 16:07:43] - |RD| - [3888] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[06/08/2017 16:07:43] - |RD| - [4231] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[04/04/2016 09:08:48] - |RD| - [174] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[06/08/2017 16:14:29] - |ASH| - [174] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[04/04/2016 13:24:31] - |A| - [1047] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fonctionnalités optionnelles.lnk
[17/05/2016 20:36:10] - |D| - [827] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
[28/04/2016 22:10:51] - |D| - [3989] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
[06/08/2017 16:07:43] - |D| - [170] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[04/04/2016 13:23:57] - |A| - [2404] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[24/01/2017 21:35:39] - |A| - [1831] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[04/04/2016 09:08:48] - |RD| - [1187] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[06/08/2017 16:07:43] - |RD| - [3496] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[06/06/2017 22:12:16] - |A| - [989] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch.lnk
[21/10/2016 14:57:19] - |D| - [1149] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[06/08/2017 16:07:43] - |RD| - [7238] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[06/04/2016 20:15:42] - |D| - [4497] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[04/04/2016 09:08:48] - |ASH| - [174] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[06/06/2017 22:12:16] - |A| - [1013] - C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk

---------- | [Public]


---------- | C:\ProgramData

[18/04/2016 18:52:36] - |D| - [0] - C:\ProgramData\Adobe
[04/04/2016 23:15:57] - |D| - [627045548] - C:\ProgramData\Apple
[04/04/2016 23:16:38] - |D| - [161716193] - C:\ProgramData\Apple Computer
[06/08/2017 16:14:07] - |SHD| - [33167864481] - C:\ProgramData\Application Data
[02/08/2016 11:11:11] - |D| - [10486] - C:\ProgramData\Autodesk
[04/04/2016 09:08:38] - |SHD| - [8598] - C:\ProgramData\Bureau
[30/10/2015 09:24:24] - |D| - [0] - C:\ProgramData\Comms
[06/08/2017 16:14:07] - |SHD| - [318] - C:\ProgramData\Documents
[05/07/2016 21:49:09] - |D| - [3914120] - C:\ProgramData\Downloaded Installations
[06/08/2017 16:06:12] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[11/09/2016 14:07:58] - |D| - [0] - C:\ProgramData\EA Core
[11/09/2016 14:07:57] - |D| - [1230] - C:\ProgramData\EA Logs
[05/04/2016 18:06:38] - |D| - [12767] - C:\ProgramData\Electronic Arts
[04/04/2016 09:08:38] - |SHD| - [0] - C:\ProgramData\Favoris
[24/08/2017 21:51:06] - |D| - [81294019] - C:\ProgramData\Malwarebytes
[18/04/2016 18:53:27] - |D| - [29788] - C:\ProgramData\McAfee
[04/04/2016 09:08:38] - |SHD| - [163493] - C:\ProgramData\Menu Démarrer
[18/03/2017 23:03:29] - |SD| - [1505842921] - C:\ProgramData\Microsoft
[04/04/2016 15:22:26] - |D| - [65262] - C:\ProgramData\Microsoft Help
[06/08/2017 16:16:11] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[04/04/2016 09:08:38] - |SHD| - [31386] - C:\ProgramData\Modèles
[04/04/2016 22:04:34] - |D| - [2031186] - C:\ProgramData\MSI
[12/03/2017 21:41:14] - |D| - [1313] - C:\ProgramData\Nero
[06/08/2017 16:05:54] - |D| - [152536] - C:\ProgramData\NVIDIA
[06/08/2017 16:05:51] - |D| - [23284253] - C:\ProgramData\NVIDIA Corporation
[04/04/2016 23:46:12] - |D| - [72304898] - C:\ProgramData\Oracle
[05/04/2016 18:06:38] - |D| - [338319861] - C:\ProgramData\Origin
[05/04/2016 18:06:29] - |D| - [29309036] - C:\ProgramData\Package Cache
[11/09/2016 14:08:02] - |D| - [32326212] - C:\ProgramData\PopCap Games
[12/03/2017 21:45:25] - |D| - [7112757] - C:\ProgramData\RapidSolution
[18/03/2017 23:03:29] - |D| - [997] - C:\ProgramData\regid.1991-06.com.microsoft
[04/04/2016 23:51:24] - |D| - [39] - C:\ProgramData\Riot Games
[12/03/2017 21:44:04] - |D| - [0] - C:\ProgramData\simplitec
[04/04/2016 23:31:21] - |D| - [94670848] - C:\ProgramData\Skype
[18/03/2017 23:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[18/03/2017 23:03:29] - |D| - [3642] - C:\ProgramData\USOPrivate
[06/08/2017 16:14:19] - |D| - [897024] - C:\ProgramData\USOShared
[20/03/2017 07:12:42] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[17/05/2016 20:14:07] - |D| - [45580] - C:\ProgramData\WindSolutions

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[04/04/2016 09:08:38] - |SHD| - [163319] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[18/03/2017 23:03:29] - |RD| - [163319] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[02/03/2017 12:49:50] - |D| - [2233] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\911 Operator
[18/03/2017 23:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[18/03/2017 23:03:29] - |RD| - [20318] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[18/03/2017 23:03:29] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[04/04/2016 23:16:13] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[02/08/2016 11:12:17] - |D| - [1912] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk Pixlr
[03/07/2016 19:06:12] - |D| - [2529] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[11/09/2016 03:53:32] - |D| - [4366] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
[18/03/2017 23:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[14/07/2009 07:32:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[05/04/2016 20:02:37] - |A| - [2270] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[21/12/2016 20:18:27] - |D| - [234] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[12/06/2017 15:02:40] - |D| - [24203] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[18/03/2017 22:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[17/07/2017 19:39:45] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
[12/06/2017 15:14:32] - |D| - [3293] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[04/04/2016 23:46:22] - |D| - [6886] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[18/03/2017 23:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[24/08/2017 21:51:16] - |D| - [3896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[03/03/2017 12:55:14] - |D| - [873] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mephisto
[18/03/2017 22:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[04/04/2016 16:45:13] - |D| - [16995] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[08/08/2016 15:17:21] - |SD| - [7392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
[10/07/2017 12:39:51] - |D| - [5901] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[18/03/2017 22:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[04/04/2016 18:49:24] - |A| - [1910] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCM.lnk
[17/07/2017 20:09:12] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[18/03/2017 23:03:29] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[19/07/2016 15:54:42] - |D| - [1108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[18/03/2017 23:03:29] - |RD| - [2516] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[25/04/2017 10:36:32] - |A| - [1040] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
[18/04/2016 19:12:18] - |A| - [1239] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
[15/04/2017 17:52:47] - |D| - [3410] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[14/05/2016 10:07:51] - |D| - [4188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[23/09/2016 22:39:42] - |D| - [1401] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisionCam
[06/08/2017 16:09:53] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[06/04/2016 20:15:42] - |D| - [4425] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[18/03/2017 23:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[18/04/2016 18:53:00] - |D| - [0] - C:\Program Files (x86)\Adobe
[12/06/2017 15:00:47] - |AD| - [2767262] - C:\Program Files (x86)\Apple Software Update
[10/07/2017 12:39:50] - |AD| - [241192516] - C:\Program Files (x86)\Arc
[27/03/2017 18:41:09] - |D| - [0] - C:\Program Files (x86)\Astonsoft
[02/08/2016 11:12:11] - |D| - [148364264] - C:\Program Files (x86)\Autodesk
[04/04/2016 23:16:08] - |AD| - [631713] - C:\Program Files (x86)\Bonjour
[18/03/2017 23:03:28] - |D| - [408900974] - C:\Program Files (x86)\Common Files
[18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[04/04/2016 16:29:06] - |D| - [395274651] - C:\Program Files (x86)\Google
[17/07/2017 19:39:43] - |D| - [0] - C:\Program Files (x86)\iMobie
[04/04/2016 10:05:39] - |HD| - [88041568] - C:\Program Files (x86)\InstallShield Installation Information
[04/04/2016 10:01:57] - |D| - [7528704] - C:\Program Files (x86)\Intel
[18/03/2017 23:03:28] - |D| - [2017903] - C:\Program Files (x86)\Internet Explorer
[28/07/2016 14:33:34] - |D| - [167658621] - C:\Program Files (x86)\Java
[18/05/2016 19:45:20] - |D| - [0] - C:\Program Files (x86)\McAfee
[11/06/2017 11:32:24] - |D| - [7213135] - C:\Program Files (x86)\MediaCoder
[18/04/2016 19:27:14] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET
[04/04/2016 15:22:26] - |AD| - [8235760] - C:\Program Files (x86)\Microsoft Office
[18/03/2017 23:03:28] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[06/08/2017 16:54:41] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[04/04/2016 16:28:32] - |D| - [160637196] - C:\Program Files (x86)\MSI
[12/03/2017 21:45:25] - |D| - [0] - C:\Program Files (x86)\Music Recorder
[06/08/2017 16:05:54] - |D| - [225580940] - C:\Program Files (x86)\NVIDIA Corporation
[08/08/2016 15:17:06] - |AD| - [326547768] - C:\Program Files (x86)\OpenOffice 4
[08/05/2017 16:06:46] - |D| - [1582954351] - C:\Program Files (x86)\Origin Games
[02/03/2017 12:49:50] - |D| - [853158739] - C:\Program Files (x86)\PlayWay SA
[11/06/2016 21:23:13] - |D| - [0] - C:\Program Files (x86)\R.G. Mechanics
[06/08/2017 16:54:41] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[04/04/2016 18:49:24] - |AD| - [4714262] - C:\Program Files (x86)\SCM
[17/07/2017 20:09:11] - |RD| - [90056045] - C:\Program Files (x86)\Skype
[19/07/2016 15:54:42] - |D| - [16743313095] - C:\Program Files (x86)\Steam
[04/04/2016 10:10:06] - |AD| - [94305117] - C:\Program Files (x86)\TeamViewer
[15/04/2017 17:42:04] - |D| - [5660504064] - C:\Program Files (x86)\UltraStar Deluxe
[06/08/2017 16:05:53] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[25/04/2017 18:55:07] - |D| - [846194] - C:\Program Files (x86)\VulkanRT
[18/03/2017 23:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender
[18/03/2017 23:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail
[20/03/2017 07:10:52] - |D| - [3254425] - C:\Program Files (x86)\Windows Media Player
[18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[18/03/2017 23:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT
[18/03/2017 23:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer
[18/03/2017 23:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[18/03/2017 23:03:28] - |D| - [3253346] - C:\Program Files (x86)\WindowsPowerShell
[06/04/2016 20:15:26] - |AD| - [4615840] - C:\Program Files (x86)\WinRAR

---------- | C:\Program Files

[04/04/2016 23:16:08] - |AD| - [615066] - C:\Program Files\Bonjour
[18/03/2017 23:03:28] - |D| - [258067528] - C:\Program Files\Common Files
[18/03/2017 23:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini
[04/04/2016 10:10:46] - |D| - [1051240] - C:\Program Files\DIFX
[14/07/2009 07:32:38] - |D| - [0] - C:\Program Files\DVD Maker
[04/04/2016 09:08:38] - |SHD| - [258067528] - C:\Program Files\Fichiers communs
[06/08/2017 16:05:29] - |D| - [151048636] - C:\Program Files\Intel
[18/04/2016 19:12:13] - |D| - [115871211] - C:\Program Files\Intel Security
[18/03/2017 23:03:28] - |D| - [2644570] - C:\Program Files\Internet Explorer
[12/06/2017 15:14:04] - |D| - [1369059] - C:\Program Files\iPod
[24/08/2017 21:51:06] - |D| - [144066259] - C:\Program Files\Malwarebytes
[06/08/2017 16:54:41] - |D| - [25757] - C:\Program Files\MSBuild
[06/08/2017 16:05:47] - |D| - [1945792974] - C:\Program Files\NVIDIA Corporation
[06/08/2017 16:06:06] - |D| - [45821504] - C:\Program Files\Realtek
[06/08/2017 16:54:41] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[26/07/2017 13:59:26] - |AD| - [2158905] - C:\Program Files\rempl
[05/07/2016 21:49:11] - |AD| - [741361] - C:\Program Files\Rivet Networks
[06/08/2017 16:06:03] - |D| - [67773239] - C:\Program Files\Synaptics
[18/04/2016 18:53:21] - |D| - [29000428] - C:\Program Files\TrueKey
[13/02/2016 15:16:19] - |HD| - [0] - C:\Program Files\Uninstall Information
[10/07/2017 11:22:37] - |AD| - [10938470] - C:\Program Files\UNP
[21/10/2016 14:57:18] - |D| - [4130399] - C:\Program Files\WBFS
[18/03/2017 23:03:28] - |RD| - [16330682] - C:\Program Files\Windows Defender
[20/03/2017 07:12:42] - |D| - [7566392] - C:\Program Files\Windows Defender Advanced Threat Protection
[18/03/2017 23:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail
[20/03/2017 07:10:52] - |D| - [4781757] - C:\Program Files\Windows Media Player
[18/03/2017 23:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform
[18/03/2017 23:03:28] - |D| - [7835330] - C:\Program Files\Windows NT
[18/03/2017 23:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer
[18/03/2017 23:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices
[18/03/2017 23:03:28] - |D| - [95352] - C:\Program Files\Windows Security
[18/03/2017 23:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[18/03/2017 23:03:28] - |HD| - [2026864671] - C:\Program Files\WindowsApps
[18/03/2017 23:03:28] - |D| - [3674017] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[04/04/2016 23:15:57] - |D| - [244294742] - C:\Program Files (x86)\Common Files\Apple
[10/09/2016 20:46:52] - |HD| - [4572106] - C:\Program Files (x86)\Common Files\EAInstaller
[06/08/2017 16:05:28] - |D| - [75314869] - C:\Program Files (x86)\Common Files\Intel
[27/07/2017 12:26:25] - |D| - [1941064] - C:\Program Files (x86)\Common Files\Java
[18/04/2016 19:11:51] - |D| - [1844304] - C:\Program Files (x86)\Common Files\McAfee
[18/03/2017 23:03:28] - |D| - [17561489] - C:\Program Files (x86)\Common Files\Microsoft Shared
[12/03/2017 21:25:57] - |D| - [0] - C:\Program Files (x86)\Common Files\Nero
[18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[17/07/2017 20:09:11] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[06/08/2017 16:08:25] - |D| - [41095079] - C:\Program Files (x86)\Common Files\SpeechEngines
[04/04/2016 22:41:25] - |D| - [3772480] - C:\Program Files (x86)\Common Files\Steam
[18/03/2017 23:03:28] - |D| - [15927843] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[04/04/2016 23:16:04] - |D| - [192973146] - C:\Program Files\Common files\Apple
[18/04/2016 19:11:51] - |D| - [3616520] - C:\Program Files\Common files\AV
[18/04/2016 19:12:25] - |D| - [6713800] - C:\Program Files\Common files\Intel
[18/04/2016 19:11:50] - |D| - [4958665] - C:\Program Files\Common files\McAfee
[18/03/2017 23:03:28] - |D| - [38885948] - C:\Program Files\Common files\microsoft shared
[18/03/2017 23:03:28] - |D| - [2702] - C:\Program Files\Common files\Services
[06/08/2017 16:08:24] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines
[18/03/2017 23:03:28] - |D| - [10317707] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.B65D41A53C251D51BBF14D1DD4F26654] - [25/08/2016 20:18:58] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [06/08/2017 16:12:11] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.00000000000000000000000000000000] - [06/08/2017 16:12:11] - |D| - [2602] - C:\WINDOWS\System32\Tasks\Apple
[MD5.4BCAC94BCB94297456EF704441CFBAEE] - [06/08/2017 16:12:11] - |A| - [3486] - C:\WINDOWS\System32\Tasks\Apple Diagnostics         :   C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
[MD5.70E0AB7C09B3A912EE3B92284B87E523] - [06/08/2017 16:12:11] - |A| - [3290] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.89F68EF6CBEB60CB749FA26E0227A50C] - [06/08/2017 16:12:11] - |A| - [3514] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [635838] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.06C2FDF8239C0F94170160BC4A60D928] - [06/08/2017 16:12:11] - |A| - [2502] - C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center         :   C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe
[MD5.9490FC999693B57D31045622F3A2AAD9] - [06/08/2017 16:12:11] - |A| - [3114] - C:\WINDOWS\System32\Tasks\MSI_Help_Desk_Agent         :   C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe
[MD5.6DB32635D04F50A98289659FE162F61D] - [06/08/2017 16:12:11] - |A| - [2398] - C:\WINDOWS\System32\Tasks\MSI_Shortcut Manager         :   C:\Program Files (x86)\MSI\Shortcut Manager\HotkeyListener.exe
[MD5.DA99CC244528C4DA2439896785F518F5] - [06/08/2017 16:12:11] - |A| - [3358] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3664000885-1188665264-670964270-1000         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.ECF3C01BFB8FF47D6BCBFF4DA203B837] - [06/08/2017 16:12:11] - |A| - [4158] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{45E22C5F-88F2-4576-B219-197FFEAD25DB}         :   C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [06/08/2017 16:12:11] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.0635E73181D183993742CBFED92A93B8] - [06/08/2017 16:12:11] - |A| - [2280] - C:\WINDOWS\System32\Tasks\{1306381C-6D4B-4C15-B06B-B7B53C4EB92D}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.183BC0B885F446CD728CAD6493FDE749] - [06/08/2017 16:12:11] - |A| - [2272] - C:\WINDOWS\System32\Tasks\{3DC3432C-81C6-44FC-8F3E-246B733F8928}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.68F12BE8549C634ECD1FF1503C055D60] - [06/08/2017 16:12:11] - |A| - [2184] - C:\WINDOWS\System32\Tasks\{87F1A922-2C82-4130-8A3D-B5705D4240DC}         :   C:\Windows\system32\pcalua.exe
[MD5.90876E78A64B960D60849EB78C3E5470] - [06/08/2017 16:12:11] - |A| - [2254] - C:\WINDOWS\System32\Tasks\{97707857-553E-4CC3-B0FA-8831F20558C3}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 23:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"{7589B44E-AFCD-49A5-8683-AD61A8D1C872}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{7FF0B49F-D257-46A5-BEA0-60F3419EF531}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{BE56A70B-322F-464D-8ACA-78E1B5832681}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{471B19F9-C31D-4239-BD47-3D9B2C1EA96C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"UDP Query User{AC3258A7-2F0C-4C10-9CB0-487E39B3B97B}C:\program files (x86)\arc\arcchat.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\arc\arcchat.exe|Name=Arc Chat|Desc=Arc Chat|Defer=User|
"TCP Query User{C73BD687-A318-4297-89B0-359CF9689304}C:\program files (x86)\arc\arcchat.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\arc\arcchat.exe|Name=Arc Chat|Desc=Arc Chat|Defer=User|
"UDP Query User{C8784EEC-8499-4327-979D-644E22E82F85}E:\steam\jeux\neverwinter\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\steam\jeux\neverwinter\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"TCP Query User{B97AA1DE-7B8E-436D-833D-538EF8C2E6AF}E:\steam\jeux\neverwinter\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\steam\jeux\neverwinter\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"{3B0C2AEA-11C0-406B-99FA-CD273B3E1FE4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe|Name=Syberia II|
"{01054E56-6FB7-4797-9541-20DF1F587CD1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Origin Games\Syberia II\Syberia2.exe|Name=Syberia II|
"{14A406CB-C3C2-4533-98BB-EEB94EC8F4FD}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{470C4A7A-A9C0-433B-8E12-B2185C4300AF}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{CB782B67-2C20-4619-9165-72BA9F98CC6D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{89600DC2-A845-4A26-9EFD-465313DA9644}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{0E12A825-6D27-46BA-91AC-229121AEB22F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\PotPlayer\PotPlayerMini64.exe|Name=PotPlayer (64-bits)|Desc=PotPlayer (64-bits)|
"{15F027A4-A702-40BB-957C-5F135E7635E4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\PotPlayer\PotPlayerMini64.exe|Name=PotPlayer (64-bits)|Desc=PotPlayer (64-bits)|
"{6BBD3C02-7FC0-437C-82FF-C8844ACAE3EA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe|Name=Nero Nero TuneItUp PRO|
"{A0D44A78-0204-44C3-AE12-2AB0CC9F60C7}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Nero\Nero TuneItUp\TuneItUp.exe|Name=Nero Nero TuneItUp PRO|
"UDP Query User{F901757E-B56F-45E9-8D62-00D36E6AF1F2}E:\filehistory\vlc\vlc.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\filehistory\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|
"TCP Query User{18BCC3AC-D416-4459-9439-BE2C6158453D}E:\filehistory\vlc\vlc.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\filehistory\vlc\vlc.exe|Name=VLC media player|Desc=VLC media player|
"UDP Query User{91D10510-7FAF-4420-ABEA-7F977440888B}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"TCP Query User{6E9D6556-C8B8-4A17-861B-E0900FCB6B17}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{7312CF2D-E3ED-4F59-A1F4-E7C0F5A1F3A7}C:\users\nina\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\nina\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"TCP Query User{56CE12EF-1692-4725-9483-EE1ABAF3C3F4}C:\users\nina\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\nina\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{BE6107B8-3BCD-4DF9-A0B9-2688067C6C84}C:\users\nina\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nina\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"TCP Query User{695D1239-A579-4E4E-9269-C2010A654816}C:\users\nina\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nina\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{B3F63989-E466-4608-B2D2-061B9EC18807}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"TCP Query User{8EB56B50-A6AD-41B2-98B8-3C3FBF8C25C9}E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{89D1711A-0D38-478D-9D41-A21EA2F8EF2B}C:\visioncam\deviceclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\visioncam\deviceclient.exe|Name=VisionCam|Desc=VisionCam|Defer=User|
"TCP Query User{0ADA4905-A872-4F6F-9E41-38AD78C5058A}C:\visioncam\deviceclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\visioncam\deviceclient.exe|Name=VisionCam|Desc=VisionCam|Defer=User|
"UDP Query User{DA4F3C2B-6A37-49CC-960B-441F3539A80F}C:\visioncam\deviceclient.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\visioncam\deviceclient.exe|Name=VisionCam|Desc=VisionCam|
"TCP Query User{5023D6DC-ABF1-4652-800E-9149ACF4CD32}C:\visioncam\deviceclient.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\visioncam\deviceclient.exe|Name=VisionCam|Desc=VisionCam|
"{02AC09BA-F91B-48EA-B731-77C2F65364F8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe|Name=Medal of Honor Batailles du Pacifique Configuration|
"{59181F33-27F0-4892-A55F-5697B84E37E3}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe|Name=Medal of Honor Batailles du Pacifique Configuration|
"{5AD6FFFE-86D8-4AEB-AD74-54F813A35512}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe|Name=Medal of Honor Batailles du Pacifique|
"{F64746DE-F6CE-4DD3-B9CC-97523973BC1E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe|Name=Medal of Honor Batailles du Pacifique|
"{4028022F-161B-4197-9E5B-D4D9BB0FF8A2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe|Name=Plantes contre Zombies™|
"{87007E69-93CE-4450-90C8-989BF938AA4F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\Program Files (x86)\Origin Games\Plants vs. Zombies\PlantsVsZombies.exe|Name=Plantes contre Zombies™|
"{0EC241AA-F487-4DD8-A3DA-240E7AEB1373}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe|Name=Dead Space|
"{ED00DD17-3724-4796-84CB-A5A6C2D5ACCC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe|Name=Dead Space|
"{12CF7FB5-2628-453E-A973-97152F995DEA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe|Name=Theme Hospital|
"{539C5B2B-69F8-4F2E-BB24-646987A86861}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=E:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\EALaunchHelper.exe|Name=Theme Hospital|
"UDP Query User{8CF86540-4D40-4C14-9AE9-093EDC6DDC44}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"TCP Query User{1B872C1E-3512-4858-AC0B-AC14693820C3}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"UDP Query User{407AA435-4E3E-4113-BAD3-CECBF8C74B28}C:\windows\system32\runtimebroker.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\windows\system32\runtimebroker.exe|Name=Runtime Broker|Desc=Runtime Broker|
"TCP Query User{14DBB04B-1EA3-4D4F-B4A7-15F6EDE6AECB}C:\windows\system32\runtimebroker.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\windows\system32\runtimebroker.exe|Name=Runtime Broker|Desc=Runtime Broker|
"{70A74609-0057-44AF-B050-21664A601FC5}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-Out) (Nina)|Desc=Allow µTorrent network traffic|
"{F86D275C-78B9-48AA-94BD-7CB32535BD40}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Nina)|
"{47BE1E1B-2A0F-4863-B86E-227FFF1B6DF1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (Nina)|
"{D3289F80-C15C-4FA0-BDEB-9C9CF1E3203C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In) (Nina)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{F7BE609C-107E-4241-8119-655C7DCC3328}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-Out) (Nina)|Desc=Allow µTorrent network traffic|
"{8C2F8712-8AC6-4ECF-B00A-FDA3C59152B8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In) (Nina)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"UDP Query User{1CBE46F6-9744-48D2-8773-A68CA369BFF3}E:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=E:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"TCP Query User{F07E0220-BFF6-482B-A870-9DE885A2A103}E:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=E:\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"UDP Query User{3F2DF3F0-E572-4EF7-AB66-E1619E183D6E}C:\users\nina\desktop\jeux\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\nina\desktop\jeux\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"TCP Query User{11E5BA8B-3CC5-4235-BB42-DDB428274C9B}C:\users\nina\desktop\jeux\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\nina\desktop\jeux\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"UDP Query User{401B7848-8960-4627-96DD-0E3667E3C29E}C:\windows\system32\runtimebroker.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\windows\system32\runtimebroker.exe|Name=Runtime Broker|Desc=Runtime Broker|
"TCP Query User{19898DB1-B537-4AFA-927A-0AC8C5B81F29}C:\windows\system32\runtimebroker.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\windows\system32\runtimebroker.exe|Name=Runtime Broker|Desc=Runtime Broker|
"{B7AC12A4-D33F-4D22-9B87-D6EAB4FD840F}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=E:\Games\World_of_Tanks\worldoftanks.exe|Name=World of Tanks out|Desc=|EmbedCtxt=World of Tanks|
"{7FF8C5A7-E866-4F0F-BB68-BE99EF0BFEA6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=E:\Games\World_of_Tanks\worldoftanks.exe|Name=World of Tanks in|Desc=|EmbedCtxt=World of Tanks|
"{DD00480A-1E7F-4DF7-AA7D-6BEADB21DADA}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=E:\Games\World_of_Tanks\WoTLauncher.exe|Name=World of Tanks_Launcher out|Desc=|EmbedCtxt=World of Tanks|
"{FB995E92-617F-422F-ABA4-326847FA1188}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=E:\Games\World_of_Tanks\WoTLauncher.exe|Name=World of Tanks_Launcher in|Desc=|EmbedCtxt=World of Tanks|
"{3F9ED70A-4FA3-425C-ADA1-3A85A080E461}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Nina\Desktop\jeux\worldoftanks.exe|Name=World of Tanks out|Desc=|EmbedCtxt=World of Tanks|
"{A6B382BB-C1A3-4EB2-85A3-AD47E421C2DC}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Nina\Desktop\jeux\worldoftanks.exe|Name=World of Tanks in|Desc=|EmbedCtxt=World of Tanks|
"{6DC9765F-5F66-4645-AD82-A6DA3DD19028}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Nina\Desktop\jeux\World of Tank.exe|Name=World of Tanks_Launcher out|Desc=|EmbedCtxt=World of Tanks|
"{8FC78D47-D524-4D30-AF2A-9E29CE88BEE5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Nina\Desktop\jeux\World of Tank.exe|Name=World of Tanks_Launcher in|Desc=|EmbedCtxt=World of Tanks|
"{939239C5-B470-45EC-B987-BD076C14B6E1}"=v2.25|Action=Block|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=E:\games\world_of_tanks\worldoftanks.exe|Name=World of Tanks|Desc=World of Tanks|
"{9BE505AB-802F-433E-95D9-839AAA08286A}"=v2.25|Action=Block|Active=FALSE|Dir=In|Protocol=17|Profile=Public|App=E:\games\world_of_tanks\worldoftanks.exe|Name=World of Tanks|Desc=World of Tanks|
"{4CA7EF6F-C24E-4E36-8C48-783785E7FB4D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Neverwinter\steamapps\common\Worm.is The Game\Wormis.exe|Name=Worm.is: The Game|
"{DB9A8391-CFB8-4704-9E2E-E21A7B6FA681}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Neverwinter\steamapps\common\Worm.is The Game\Wormis.exe|Name=Worm.is: The Game|
"{189C2419-3B7A-4643-A326-4E752C4BDF5C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Neverwinter\steamapps\common\The Average Everyday Adventures of Samantha Browne\Samantha Browne.exe|Name=The Average Everyday Adventures of Samantha Browne|
"{972F8BAB-7863-4A7A-AD78-321F3CD3522A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Neverwinter\steamapps\common\The Average Everyday Adventures of Samantha Browne\Samantha Browne.exe|Name=The Average Everyday Adventures of Samantha Browne|
"{02CF0176-3F07-4CEC-9710-E8F38C11E282}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Neverwinter\steamapps\common\Cryptic Studios\Neverwinter.exe|Name=Neverwinter|
"{5A69C2CE-E878-4040-AA69-AA7DD52BDAA1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Neverwinter\steamapps\common\Cryptic Studios\Neverwinter.exe|Name=Neverwinter|
"{B0A6FE99-C0FD-4067-A158-7614DC4D3242}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe|Name=Les Sims™ 4 Démo Créer un Sim|
"{325C2F6A-0C46-4A61-97A5-4D1618AAF527}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe|Name=Les Sims™ 4 Démo Créer un Sim|
"UDP Query User{4AE740E5-E0E5-4991-8003-9AE8CA4C233C}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"TCP Query User{23C1388A-CCAE-4F38-B4B9-6FB67173CCD7}C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter\live\gameclient.exe|Name=gameclient|Desc=gameclient|Defer=User|
"{81BB3B5F-4F49-4B95-BDFB-703C0405748D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47995|LPort=47998|LPort=47999|LPort=48000|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer UDP Exception|Desc=UDP exceptions for SHIELD Streaming NvStreamer (RTSP/RI/A/V)|
"{757C963D-C68A-40B9-AE44-BD3FEBEE4021}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=35043|LPort=47995|LPort=48010|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe|Name=SHIELD Streaming NvStreamer TCP Exception|Desc=TCP exceptions for SHIELD Streaming NvStreamer (RTSP/RI)|
"{9BA10F71-041E-4A50-B6B8-C4D0DBBBB1D1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=47998|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe|Name=SHIELD Streaming SSAU UDP Exception|Desc=UDP exceptions for SHIELD Streaming SSAU (NWT)|
"{13D2C6E9-5F58-4BAE-B352-12418A99CD7A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe|Name=SHIELD Streaming NSS UDP Exception|Desc=UDP exceptions for SHIELD Streaming NSS (mDNS)|
"{F1AA4BFC-982F-4975-AB40-4442FA93336A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=47984|LPort=47989|App=C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe|Name=SHIELD Streaming NSS TCP Exception|Desc=TCP exceptions for SHIELD Streaming NSS (HTTP)|
"UDP Query User{7A757A27-BB34-487A-82A0-EBB5F21FC322}C:\users\nina\desktop\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\nina\desktop\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"TCP Query User{B438AE45-88A4-4052-950A-C17F8E687FAA}C:\users\nina\desktop\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\nina\desktop\jeux\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe|Name=javaw|Desc=javaw|Defer=User|
"{3B453CF3-52AE-47E2-9DC7-C16832F178A6}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
"{CE6593E2-C818-4AF9-9FA9-B93F7B70E60D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Games\World_of_Tanks\worldoftanks.exe|Name=World of Tanks out|Desc=|EmbedCtxt=World of Tanks|
"{3E276A83-F51C-4EEA-B159-0CF0B5352228}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Games\World_of_Tanks\worldoftanks.exe|Name=World of Tanks in|Desc=|EmbedCtxt=World of Tanks|
"{D47E3640-899F-4510-8AB0-C4FDB071FAD1}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\Games\World_of_Tanks\WoTLauncher.exe|Name=World of Tanks_Launcher out|Desc=|EmbedCtxt=World of Tanks|
"{FDAC378A-F710-49BF-881F-83FD6107EF94}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Games\World_of_Tanks\WoTLauncher.exe|Name=World of Tanks_Launcher in|Desc=|EmbedCtxt=World of Tanks|
"{9ECC1FB0-DB82-46CD-9880-81A8FBEE6232}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{3B32BCED-7B4A-4BDA-84BB-ADF757259BFF}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{E65736C0-8865-40F0-9480-C1DA8F2BBBB5}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{C274502B-6A65-4385-9535-92769ADB50CD}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{AA1D96D8-B0BE-43FD-93CA-D7A9EFDF640D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3664000885-1188665264-670964270-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{DF47A728-7E03-477B-9AD8-FA9392C599C4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{285E4E0E-5B89-4C5D-9407-0A6BE2A21712}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{596EB137-044E-4341-8353-4405BBF6A083}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ|
"{CB1C9906-9741-4457-947A-5606BBA258A1}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ|
"{D676CF5B-C3E9-46A8-A830-A26C4AF0E175}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{AD642048-34D1-4671-B8D8-8B561C9F1527}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{49EA85FB-D3E6-45B3-A6F7-C2499C77155F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{CE65C9A2-91C6-452C-B27E-ECF405EE3584}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=View 3D|Desc=View 3D|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-3739514657-3828455176-2936196785-2025316370-1894713875-3268641221-1640234959|EmbedCtxt=View 3D|Platform=2:6:2|Platform2=GTEQ|
"{4A7386E0-9421-45CA-AD61-B895836757D7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{F5528C71-802A-4BAC-B3F3-7E5591780F10}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{C9A27EE1-609F-4063-BBA5-A7DC27414BC8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{1D944AD6-4ADD-4B28-933B-D783BD2B3280}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{86554F80-4B92-4807-93CE-5289EBCAA01E}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{E6ECC10B-57DD-4175-BEAA-474AC21C27BB}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{D7901300-1E74-49C6-90AA-46EC0DB38BB7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3664000885-1188665264-670964270-1000|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem27.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[18/05/2017 07:54:04] - (22.21.13.8205) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 382.05) - C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_7b11efeca48cd7d3\nvlddmkm.sys
[05/10/2015 12:32:38] - (2.1.0.17) - (Qualcomm Atheros, Inc. - Killer e2200 PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[05/12/2016 00:08:14] - (19.3.4.184) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
[04/04/2016 16:00:32] - (19.0.22.0) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[17/05/2016 21:41:14] - (1.2.40.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\WINDOWS\system32\drivers\nvvad64v.sys
[07/06/2010 09:36:30] - (0.0.0.0) - ( -) - C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - MpKsl3492621d () -> \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{75E466FF-2140-46F9-8F4A-88A5B7408F3E}\MpKsl3492621d.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.EF558A02D734A1403583E95CCEEC2487] - [12/06/2016 12:34:22] - (.Copyright (c)1999-2015 Martin Malík - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\WINDOWS\Syswow64\Drivers\HWiNFO64A.SYS

---------- | Uninstall

[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\2744A393-554C-4E35-A24F-DEF0392B4484-2] : (Dofus.-.Ankama) -> C:\Users\Nina\AppData\Local\Ankama\Dofus\Dofus.exe --uninstall-or-repair
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Spotify] : (Spotify.-.Spotify AB) -> "C:\Users\Nina\AppData\Roaming\Spotify\Spotify.exe" /uninstall
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\Nina\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL
[HKU\S-1-5-21-3664000885-1188665264-670964270-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1] : (World of Tanks.-.Wargaming.net) -> "E:\Games\World_of_Tanks\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\3A0A5AE912CC81290DB2E472F7DC4CF387C36211] : (Package de pilotes Windows - Intel (NETwNs64) net  (04/30/2015 15.11.0.9).-.Intel) -> C:\PROGRA~1\DIFX\7F2D27~1\DPInst64.exe /u C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_neutral_75e9c63041295e0f\netwsw00.inf
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\55D9E0A8A9E1978D5A28EB04F167C1EAAC8F907A] : (Package de pilotes Windows - Intel (NETwNs64) net  (07/16/2015 18.12.0.3).-.Intel) -> C:\PROGRA~1\DIFX\7F2D27~1\DPInst64.exe /u C:\Windows\System32\DriverStore\FileRepository\netwsw02.inf_amd64_neutral_c1b94f246dc6fda4\netwsw02.inf
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\6215B44C20BCFEEA55D04A5A510C7994E3C7E28F] : (Package de pilotes Windows - Intel (NETwNs64) net  (04/30/2015 15.17.0.1).-.Intel) -> C:\PROGRA~1\DIFX\7F2D27~1\DPInst64.exe /u C:\Windows\System32\DriverStore\FileRepository\netwsw01.inf_amd64_neutral_6b0c7e460b50118c\netwsw01.inf
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PotPlayer64] : (PotPlayer-64 bit.-.Kakao Corp.) -> "E:\PotPlayer\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 109600] : (Neverwinter.-.Cryptic Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/109600
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 356670] : (Spooky's Jump Scare Mansion.-.Lag Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/356670
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 4000] : (Garry's Mod.-.Facepunch Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SynTPDeinstKey] : (Synaptics Pointing Device Driver.-.Synaptics Incorporated) -> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TrueKey] : (Intel Security True Key.-.Intel Security) -> C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> E:\FileHistory\VLC\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.26.0] : (Vulkan Run Time Libraries 1.0.26.0.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0A596141-97D5-45FA-9281-98DFAF48D579}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{0A596141-97D5-45FA-9281-98DFAF48D579}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2937FD88-C9D6-4B82-B539-37CD0A572F42}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.2.2.2018.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{37D41A97-6B02-4C30-8753-85107BE1D674}] : (Intel® RealSense™ SDK 2014 Runtime  (x64): Core.-.Intel Corporation) -> MsiExec.exe /X{37D41A97-6B02-4C30-8753-85107BE1D674}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{526002E5-7D5B-4703-A4E3-BA566AED5D8A}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}] : (iCloud.-.Apple Inc.) -> MsiExec.exe /I{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8B57FEA1-ABC0-4469-9205-856FD0D97C40}] : (SCM.-.Application) -> MsiExec.exe /I{8B57FEA1-ABC0-4469-9205-856FD0D97C40}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{90120000-002A-0000-1000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{90120000-002A-040C-1000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}] : (Apple Application Support (64 bits).-.Apple Inc.) -> MsiExec.exe /I{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A31C5565-90D9-4615-AE13-94D86C3836C7}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC937267-F287-4B31-89E3-70C978366D87}] : (AR8171 Drivers.-.Rivet Networks) -> MsiExec.exe /X{AC937267-F287-4B31-89E3-70C978366D87}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 382.05.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Pilote graphique 376.54.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus] : (NVIDIA Optimus Update 2.11.4.1.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA Logiciel système PhysX 9.16.0318.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises à jour NVIDIA 2.11.4.1.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.31.-.NVIDIA Corporation) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1424923-74F7-4399-B9D9-5F72FB1B9481}] : (Intel(R) Biometric and Context Agent.-.Intel Corporation) -> MsiExec.exe /X{C1424923-74F7-4399-B9D9-5F72FB1B9481}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C3F24413-3E29-4979-A195-DEEB56F29B2A}] : (Intel(R) Biometric and Context Agent Redistributables.-.Intel Corporation) -> MsiExec.exe /X{C3F24413-3E29-4979-A195-DEEB56F29B2A}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4D86CB2-2370-4691-8272-3869EDED6C64}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E6D505B9-1A18-4F67-9BE0-D37B5164D581}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F0C7385A-9D20-45F3-8101-05D383885180}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{F0C7385A-9D20-45F3-8101-05D383885180}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\911 Operator_is1] : (911 Operator version 1.0.-.PlayWay SA) -> "C:\Program Files (x86)\PlayWay SA\911 Operator\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Autodesk Pixlr] : (Autodesk Pixlr.-.Autodesk) -> C:\Program Files (x86)\Autodesk\Autodesk Pixlr\Setup\Setup.exe /P {B0547B43-3AEE-453C-9945-800DDF92052D} /M Pixlr /LANG fr-fr
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{263B2528-9E7A-42DD-B132-490D9BD4CA3B}] : (Shortcut Manager.-.Micro-Star International Co., Ltd.) -> C:\Program Files (x86)\InstallShield Installation Information\{263B2528-9E7A-42DD-B132-490D9BD4CA3B}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}] : (MSI Remind Manager.-.Micro-Star International Co., Ltd.) -> C:\Program Files (x86)\InstallShield Installation Information\{3E23F267-3E35-40F9-B6BF-BC034D214717}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}] : (Battery Calibration.-.Micro-Star International Co., Ltd.) -> C:\Program Files (x86)\InstallShield Installation Information\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}] : (Help Desk.-.Micro-Star International Co., Ltd.) -> C:\Program Files (x86)\InstallShield Installation Information\{7E8181AF-9679-49B3-B133-C265709B6927}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}] : (Dragon Gaming Center.-.Micro-Star International Co., Ltd.) -> C:\Program Files (x86)\InstallShield Installation Information\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}] : (Sizing Options.-.Application) -> C:\Program Files (x86)\InstallShield Installation Information\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}\setup.exe -runfromtemp -l0x0409
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 3.0.1] : (League of Legends.-.Riot Games) -> msiexec.exe /x {3E75652D-99B1-417E-B163-BEF33CAD3F16}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> E:\Origin\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 12.-.TeamViewer) -> "C:\Program Files (x86)\TeamViewer\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\UltraStar Deluxe] : (UltraStar Deluxe.-.USDX Team) -> C:\Program Files (x86)\UltraStar Deluxe\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WBFS Manager 3.0] : (WBFS Manager 3.0.-.AlexDP) -> C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.31 (32-bit).-.win.rar GmbH) -> C:\Program Files (x86)\WinRAR\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{025A585C-0C66-413D-80D2-4C05CB699771}] : (Dead Space.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\Dead Space\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1E672F6A-B698-48A2-AE8C-427F97AF8F0E}] : (AR8171 Driver Installation.-.Rivet Networks) -> "C:\Program Files (x86)\InstallShield Installation Information\{1E672F6A-B698-48A2-AE8C-427F97AF8F0E}\setup.exe" -remove -runfromtemp
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall_arp
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26356515-5821-40FA-9C3D-9785052A1062}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{263B2528-9E7A-42DD-B132-490D9BD4CA3B}] : (Shortcut Manager.-.Micro-Star International Co., Ltd.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180101F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180111F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180121F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180144F0}] : (Java 8 Update 144.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180144F0}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218077F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218091F0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29DB9165-5FC1-48F0-9188-26123F526848}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3108C217-BE83-42E4-AE9E-A56A2A92E549}] : (Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver.-.Qualcomm Atheros Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.38.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E23F267-3E35-40F9-B6BF-BC034D214717}] : (MSI Remind Manager.-.Micro-Star International Co., Ltd.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E75652D-99B1-417E-B163-BEF33CAD3F16}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{3E75652D-99B1-417E-B163-BEF33CAD3F16}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{45D0CE08-14DE-4F94-AE24-6151BBE6FA90}_is1] : (VisionCam version 81.2.0.44.-.visioncam, Inc.) -> "C:\VisionCam\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{52D87F32-70E4-4348-8148-C0B9F35B1314}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{52D87F32-70E4-4348-8148-C0B9F35B1314}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}] : (Medal of Honor Batailles du Pacifique™.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\Medal of Honor Pacific Assault\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56EC47AA-5813-4FF6-8E75-544026FBEA83}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}] : (Plantes contre Zombies™.-.Electronic Arts, Inc.) -> "C:\Program Files (x86)\Common Files\EAInstaller\PlantsvsZombies\Cleanup.exe" uninstall_game -autologging -keepMaintenanceLog
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}] : (Battery Calibration.-.Micro-Star International Co., Ltd.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1] : (SUPER CHARGER.-.MSI) -> "C:\Program Files (x86)\MSI\SUPER CHARGER\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E8181AF-9679-49B3-B133-C265709B6927}] : (Help Desk.-.Micro-Star International Co., Ltd.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0015-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0016-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0018-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0019-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001A-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001B-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-0401-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-0407-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-0413-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-001F-0C0A-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-002C-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-0044-040C-0000-0000000FF1CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90120000-006E-040C-0000-0000000FF1CE}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}] : (Dragon Gaming Center.-.Micro-Star International Co., Ltd.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9B613B56-E7B5-40C3-864B-8C6172C3A76D}_is1] : (The Sims 4.-.Electronic Arts) -> "E:\Sims 4 Fr\The Sims 4\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0547B43-3AEE-453C-9945-800DDF92052D}] : (Autodesk Pixlr.-.Autodesk) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BF1534B0-BE09-457E-A4CF-0EFC803125F2}] : (Syberia II.-.Microids) -> "C:\Program Files (x86)\Common Files\EAInstaller\Syberia II\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CED8E25B-122A-4E80-B612-7F99B93284B3}] : (Arc.-.Perfect World Entertainment) -> "C:\Program Files (x86)\InstallShield Installation Information\{CED8E25B-122A-4E80-B612-7F99B93284B3}\setup.exe" -runfromtemp -l0x040c -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D4B07658-F443-4445-A261-E643996E139D}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}] : (OpenOffice 4.1.2.-.Apache Software Foundation) -> MsiExec.exe /I{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}] : (Sizing Options.-.Application) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}] : (Apple Application Support (32 bits).-.Apple Inc.) -> MsiExec.exe /I{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F36ED29E-33E1-48AB-95DA-2498AD41A9A0}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}] : (.-.) -> 

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\008BB29E5CCB52C41820CAC2B3C7C7E1] : Apple Application Support (32 bits) -> C:\WINDOWS\Installer\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}\WinInstall.ico
[HKCR\Installer\Products\141695A05D79AF54291889FDFA845D97] : Apple Mobile Device Support -> C:\WINDOWS\Installer\{0A596141-97D5-45FA-9281-98DFAF48D579}\Installer.ico
[HKCR\Installer\Products\1AEF75B80CBA9644295058F60D9DC704] : SCM -> C:\WINDOWS\Installer\{8B57FEA1-ABC0-4469-9205-856FD0D97C40}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\23F78D254E07843418840C9B3FB53141] : Apple Software Update -> C:\WINDOWS\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\Installer.ico
[HKCR\Installer\Products\31442F3C92E397941A59EDBE652FB9A2] : Intel(R) Biometric and Context Agent Redistributables
[HKCR\Installer\Products\3294241C7F4799349B9DF527BFB14918] : Intel(R) Biometric and Context Agent
[HKCR\Installer\Products\34B7450BEEA3C354995408D0FD2950D2] : Autodesk Pixlr -> C:\WINDOWS\Installer\{B0547B43-3AEE-453C-9945-800DDF92052D}\Pixlr.ico
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110440F] : Java 8 Update 144 -> C:\Program Files (x86)\Java\jre1.8.0_144\\bin\javaws.exe
[HKCR\Installer\Products\530C9330E0BC1AA4A849C6039628DB68] : KB4023057
[HKCR\Installer\Products\762739CA782F13B4983E079C8763D678] : AR8171 Drivers -> C:\WINDOWS\Installer\{AC937267-F287-4B31-89E3-70C978366D87}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\762F32E353E39F046BFBCB30D4127471] : MSI Remind Manager -> C:\WINDOWS\Installer\{3E23F267-3E35-40F9-B6BF-BC034D214717}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\79A14D7320B603C478355801B71E6D47] : Intel® RealSense™ SDK 2014 Runtime  (x64): Core -> C:\WINDOWS\Installer\{37D41A97-6B02-4C30-8753-85107BE1D674}\arp.ico
[HKCR\Installer\Products\7C61B569877054C47B1D385AE9F6BBBC] : Dragon Gaming Center -> C:\WINDOWS\Installer\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\8252B362A7E9DD241B2394D0B94DACB3] : Shortcut Manager -> C:\WINDOWS\Installer\{263B2528-9E7A-42DD-B132-490D9BD4CA3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\843B1BCDE49CD6D4C80ED7D95AFC66E3] : OpenOffice 4.1.2 -> C:\WINDOWS\Installer\{DCB1B348-C94E-4D6D-8CE0-7D9DA5CF663E}\soffice.ico
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\WINDOWS\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\8ED6BAFDF54ED5D4590C5EC48599F3F9] : Sizing Options -> C:\WINDOWS\Installer\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.38 -> C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe
[HKCR\Installer\Products\A5837C0F02D93F541810503D38881508] : iTunes -> C:\WINDOWS\Installer\{F0C7385A-9D20-45F3-8101-05D383885180}\Installer.ico
[HKCR\Installer\Products\AD95A1B5CE1DA3C49A69FD10A1A06986] : iCloud -> C:\WINDOWS\Installer\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}\ARP.ico
[HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : 
[HKCR\Installer\Products\D25657E31B99E7141B36EB3FC3DAF361] : League of Legends -> C:\WINDOWS\Installer\{3E75652D-99B1-417E-B163-BEF33CAD3F16}\lol.launcher_1.exe
[HKCR\Installer\Products\E10CA436BD942DA48BC7094DCD6CFA1A] : Battery Calibration -> C:\WINDOWS\Installer\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E1B219C9DD60FE34BBB254BCC288ABEA] : Apple Application Support (64 bits) -> C:\WINDOWS\Installer\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}\WinInstall.ico
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\FA1818E797693B941B332C5607B99672] : Help Desk -> C:\WINDOWS\Installer\{7E8181AF-9679-49B3-B133-C265709B6927}\ARPPRODUCTICON.exe

---------- | ADS


---------- | Drives

 Disk: 0   Size=122G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    499M   Yes   No         2,048    1,024,000
  1    1    07-NTFS    119G   No    No     1,026,048  244,715,620
  2    2    27-UNKNWN  860M   No    No   245,743,616    1,763,328
  3    3    27-UNKNWN  798M   No    No   247,508,992    1,634,304

---------- | MBR

Windows Version:		Professional
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	Micro-Star International Co., Ltd.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Micro-Star International Co., Ltd.
System Product Name:		GL72 6QD
Logical Drives Mask:		0x00000014

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Le programme QuickDiag.exe version 1.7.17.1 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans le panneau de configuration Sécurité et maintenance.
 ID de processus : 24a0
 Heure de début : 01d31d1dbfd94c39
 Heure de fin : 4294967295
 Chemin d'accès de l'application : C:\Users\Nina\Downloads\QuickDiag.exe
 ID de rapport : 0b88e2f6-0a49-4a79-b05f-49c7cdb585fd
 Nom complet du package défaillant : 
 ID de l'application relative au package défaillant : 

------------

Local Hostname Nina-PC.local already in use; will try Nina-PC-2.local instead
------------

mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Nina-PC.local. Addr 192.168.1.24
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   16 Nina-PC.local. AAAA 2A01:0E34:ED0F:25E0:8C24:EB20:D45F:44AC
------------

mDNSCoreReceiveResponse: Unexpected conflict discarding   15 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Nina-PC.local.
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   17 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Nina-PC-2.local.
------------

mDNSCoreReceiveResponse: Unexpected conflict discarding   15 24.1.168.192.in-addr.arpa. PTR Nina-PC.local.
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   17 24.1.168.192.in-addr.arpa. PTR Nina-PC-2.local.
------------

mDNSCoreReceiveResponse: Resetting to Probing:   16 Nina-PC.local. AAAA FE80:0000:0000:0000:8C24:EB20:D45F:44AC
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   16 Nina-PC.local. AAAA 2A01:0E34:ED0F:25E0:8C24:EB20:D45F:44AC
------------

mDNSCoreReceiveResponse: Resetting to Probing:    4 Nina-PC.local. Addr 192.168.1.24
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   16 Nina-PC.local. AAAA 2A01:0E34:ED0F:25E0:8C24:EB20:D45F:44AC
------------

Le traitement du changement de session à échoué. System.ArgumentException: Data Source cannot be empty.  Use :memory: to open an in-memory database
   à System.Data.SQLite.SQLiteConnection.Open()
   à McAfee.YAP.Service.Data.McBioSQLite.GetConnection()
   à McAfee.YAP.Service.Data.McBioSQLite.StoreInServiceInfo(String key, String value)
   à McAfee.YAP.Service.Common.McBioBCAService.DisableSpoofingMode()
   à McAfee.YAP.Service.Service.OnSessionChange(SessionChangeDescription changeDescription)
   à System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
------------

mDNSCoreReceiveResponse: Unexpected conflict discarding   15 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Nina-PC.local.
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   17 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Nina-PC-2.local.
------------

mDNSCoreReceiveResponse: Unexpected conflict discarding   15 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.E.5.2.F.0.D.E.4.3.E.0.1.0.A.2.ip6.arpa. PTR Nina-PC.local.
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   17 C.A.4.4.F.5.4.D.0.2.B.E.4.2.C.8.0.E.5.2.F.0.D.E.4.3.E.0.1.0.A.2.ip6.arpa. PTR Nina-PC-2.local.
------------

mDNSCoreReceiveResponse: Unexpected conflict discarding   15 24.1.168.192.in-addr.arpa. PTR Nina-PC.local.
------------

mDNSCoreReceiveResponse: Received from 192.168.1.24:5353   17 24.1.168.192.in-addr.arpa. PTR Nina-PC-2.local.
------------


----------( EOF)---------- - 4269 | 23:23:23