--------------- QuickDiag | g3n-h@ckm@n | V3_22.10.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 14/12/2017 16:37:14

Updated 22/10/2017 | 08.35 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Maxime (Administrator)] - [JACK] (S-1-5-21-60461441-1236719898-3972887004-1001)

System: Microsoft Windows 10 Famille - - (10.0.15063) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition5
Boot : Normal boot
PC: 2182 - LENOVO - IdNumber: 2957963800819 - UUID: 4812025C-9CFC-E111-83C6-B888E3849CC3
Processor : X64 - 2095 Mhz - Intel(R) Pentium(R) CPU B950 @ 2.10GHz
5ECN92WW(V8.04) - en|US|iso8859-1 - LENOVO - S/N: 2957963800819 - 5ECN92WW(V8.04) - LENOVO - 1
CoreTemp : 49 Celsius

----------| Quick


---------- | SoundDevice

Son Intel(R) pour écrans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&3A3FC0BE&0&0301
Conexant SmartAudio HD - Status: OK - Manufacturer: Conexant - PNPDeviceID: HDAUDIO\FUNC_01&VEN_14F1&DEV_506E&SUBSYS_17AAC025&REV_1000\4&3A3FC0BE&0&0001

---------- | Video

Intel(R) HD Graphics - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumd64.dll,igd10umd64.dll,igd10umd64.dll,igdumd32,igd10umd32,igd10umd32 - PNPDeviceID: PCI\VEN_8086&DEV_0106&SUBSYS_397717AA&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1874735104
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 9.17.10.4459 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU


---------- | Network


Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Carte réseau sans fil Qualcomm Atheros AR9485WB-EG - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0032&SUBSYS_321817AA&REV_01\4&18901DAC&0&00E1
Contrôleur Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_1090&SUBSYS_397917AA&REV_08\4&8F8BD4C&0&00E0
Microsoft Wi-Fi Direct Virtual Adapter - - - Status: - PnPID : 
Carte virtuelle directe Wi-Fi Microsoft - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&39D39B29&0&01
WAN Miniport (SSTP) - - - Status: - PnPID : 
WAN Miniport (IKEv2) - - - Status: - PnPID : 
WAN Miniport (L2TP) - - - Status: - PnPID : 
WAN Miniport (PPTP) - - - Status: - PnPID : 
WAN Miniport (PPPOE) - - - Status: - PnPID : 
WAN Miniport (IP) - - - Status: - PnPID : 
WAN Miniport (IPv6) - - - Status: - PnPID : 
WAN Miniport (Network Monitor) - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 4055 | Free (MB) : 2146
Pagefile = Total (MB) : 5103 | Free (MB) : 3005
Virtual = Total (MB) : 4194 | Free (MB) : 3920

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: 1 - Manufacturer: Unknown - PartNumber: RMT3160ED58E9W1600 - S/N: 4191C078

---------- | SID Users

Administrateur : [S-1-5-21-60461441-1236719898-3972887004-500]
DefaultAccount : [S-1-5-21-60461441-1236719898-3972887004-503]
HomeGroupUser$ : [S-1-5-21-60461441-1236719898-3972887004-1048]
Invité : [S-1-5-21-60461441-1236719898-3972887004-501]
Maxime : [S-1-5-21-60461441-1236719898-3972887004-1001]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion à distance : [S-1-5-32-580]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
HomeUsers : [S-1-5-21-60461441-1236719898-3972887004-1047]
WinRMRemoteWMIUsers__ : [S-1-5-21-60461441-1236719898-3972887004-1000]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Windows8_OS] | Total : 883.74 Go | Free : 437.96 Go -> NTFS [SATA]
D:\ -> [Fixed] | [LENOVO] | Total : 25 Go | Free : 24.86 Go -> NTFS [SATA]

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 6 Part. - PnPID : SCSI\DISK&VEN_ATA&PROD_ST1000LM024_HN-M\4&3359EDDD&0&000000

---------- | Windows updates

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.15063.608     (© Microsoft Corporation. Tous droits réservés.)
FF : 57.0.1.6541     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 63.0.3239.84     (Copyright 2016 Google Inc.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 28.0.0.126
FlashPlayer Plugin : 28.0.0.126

---------- | Security

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

376 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.15063.0) = C:\Windows\System32\smss.exe     [18/03/2017 21:57:38]    --> Command Line : 
548 | [Owner : Système | Parent : 536() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 21:57:38]    --> Command Line : 
620 | [Owner : Système | Parent : 536() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (10.0.15063.502) = C:\Windows\System32\wininit.exe     [16/09/2017 07:38:44]    --> Command Line : 
692 | [Owner : Système | Parent : 620(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (10.0.15063.502) = C:\Windows\System32\services.exe     [15/09/2017 17:54:08]    --> Command Line : 
700 | [Owner : Système | Parent : 620(wininit.exe) | 12.69 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.674) = C:\Windows\System32\lsass.exe     [11/10/2017 13:55:04]    --> Command Line : 
820 | [Owner : Système | Parent : 692(services.exe) | 3.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
828 | [Owner : UMFD-0 | Parent : 620(wininit.exe) | 2.76 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe     [16/09/2017 07:59:58]    --> Command Line : 
936 | [Owner : Système | Parent : 692(services.exe) | 24.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
984 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 11.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
64 | [Owner : Système | Parent : 692(services.exe) | 6.07 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1028 | [Owner : Système | Parent : 692(services.exe) | 5.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1064 | [Owner : Système | Parent : 692(services.exe) | 8.95 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1084 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 21.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1160 | [Owner : Système | Parent : 692(services.exe) | 14.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1184 | [Owner : SERVICE LOCAL | Parent : 1028(svchost.exe) | 5.23 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe     [18/03/2017 21:57:38]    --> Command Line : 
1204 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1288 | [Owner : Système | Parent : 692(services.exe) | 10.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1340 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 16.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1492 | [Owner : Système | Parent : 692(services.exe) | 5.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1504 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 7.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1520 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 7.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1568 | [Owner : Système | Parent : 692(services.exe) | 7.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1608 | [Owner : Système | Parent : 692(services.exe) | 11.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1672 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 6.88 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1708 | [Owner : Système | Parent : 692(services.exe) | 8.08 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1796 | [Owner : Système | Parent : 692(services.exe) | 7.35 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1804 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 7.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1812 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 11.1 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1948 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 11.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1968 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 8.59 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2044 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 7.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1080 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 5.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1632 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 10.5 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2224 | [Owner : Système | Parent : 692(services.exe) | 12.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2292 | [Owner : Système | Parent : 692(services.exe) | 12.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2428 | [Owner : Système | Parent : 692(services.exe) | 13.56 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe     [15/09/2017 17:53:54]    --> Command Line : 
2520 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 7.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2548 | [Owner : Système | Parent : 692(services.exe) | 5.92 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2660 | [Owner : Système | Parent : 692(services.exe) | 6.42 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2724 | [Owner : SERVICE LOCAL | Parent : 2660(svchost.exe) | 8.1 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe     [18/03/2017 21:57:46]    --> Command Line : 
2816 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 11.66 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2824 | [Owner : Système | Parent : 692(services.exe) | 6.04 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [19/07/2017 22:50:40]    --> Command Line : 
2832 | [Owner : Système | Parent : 692(services.exe) | 7.4 Mo] - (.Conexant Systems Inc. - Conexant Audio Message Service.) - (1.12.0.0) = C:\Windows\System32\CxAudMsg64.exe     [23/07/2017 13:12:08]    --> Command Line : 
2852 | [Owner : Système | Parent : 692(services.exe) | 24.3 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2876 | [Owner : Système | Parent : 692(services.exe) | 6.77 Mo] - (.Nuance Communications, Inc. - Dragon NaturallySpeaking Service.) - (11.0.200.90) = C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe     [12/08/2010 16:06:46]    --> Command Line : 
2884 | [Owner : Système | Parent : 692(services.exe) | 4.94 Mo] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe     [29/05/2014 15:41:49]    --> Command Line : 
2904 | [Owner : Système | Parent : 692(services.exe) | 6.39 Mo] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe     [20/04/2012 13:16:12]    --> Command Line : 
2912 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 6.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2920 | [Owner : Système | Parent : 692(services.exe) | 5.5 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe     [25/09/2012 07:55:05]    --> Command Line : 
2944 | [Owner : Système | Parent : 692(services.exe) | 14.63 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2952 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 24.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2984 | [Owner : Système | Parent : 692(services.exe) | 8.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3012 | [Owner : Système | Parent : 692(services.exe) | 8.13 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3056 | [Owner : Système | Parent : 692(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe     [11/10/2017 13:55:50]    --> Command Line : 
2068 | [Owner : Système | Parent : 692(services.exe) | 7.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
2220 | [Owner : Système | Parent : 692(services.exe) | 4.2 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.0.9.5) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [03/06/2015 02:16:46]    --> Command Line : 
2440 | [Owner : Système | Parent : 692(services.exe) | 8.04 Mo] - (.Reason Software Company Inc. - Unchecky Service.) - (1.1.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe     [04/10/2017 18:07:43]    --> Command Line : 
2240 | [Owner : Système | Parent : 692(services.exe) | 36.66 Mo] - (.- SPWindowsService.) - (1.0.0.0) = C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe     [28/10/2017 10:41:39]    --> Command Line : 
2760 | [Owner : Système | Parent : 692(services.exe) | 6.88 Mo] - (.Atheros - Atheros Coex Service Application.) - (8.0.0.255) = C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe     [19/08/2012 20:13:26]    --> Command Line : 
3108 | [Owner : Système | Parent : 692(services.exe) | 18.33 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3116 | [Owner : Système | Parent : 692(services.exe) | 16.96 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3124 | [Owner : Système | Parent : 692(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3132 | [Owner : Système | Parent : 692(services.exe) | 41.54 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3140 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 8.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3284 | [Owner : Système | Parent : 692(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.17007.17123) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe     [12/12/2017 10:02:58]    --> Command Line : 
3348 | [Owner : Système | Parent : 692(services.exe) | 29.93 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.556) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [14/09/2017 16:10:27]    --> Command Line : 
3396 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 4.99 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3596 | [Owner : Système | Parent : 692(services.exe) | 12.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3656 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 8.47 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3868 | [Owner : Système | Parent : 692(services.exe) | 6.4 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3960 | [Owner : SERVICE RÉSEAU | Parent : 692(services.exe) | 6.64 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
4868 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.12.17007.17123) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe     [12/12/2017 10:02:58]    --> Command Line : 
2036 | [Owner : Système | Parent : 692(services.exe) | 13.93 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
6056 | [Owner : Système | Parent : 692(services.exe) | 5.57 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
6084 | [Owner : Système | Parent : 692(services.exe) | 21.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
4944 | [Owner : Système | Parent : 692(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3280 | [Owner : Système | Parent : 4648() | 0.09 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe     [16/11/2017 18:42:00]    --> Command Line : 
1640 | [Owner : Système | Parent : 692(services.exe) | 5.7 Mo] - (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe     [25/09/2012 07:54:39]    --> Command Line : 
5288 | [Owner : Système | Parent : 4648() | 0.63 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe     [16/11/2017 18:42:00]    --> Command Line : 
3836 | [Owner : Système | Parent : 692(services.exe) | 22.1 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe     [23/07/2017 13:44:45]    --> Command Line : 
6524 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
5672 | [Owner : Système | Parent : 692(services.exe) | 10.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1156 | [Owner : Système | Parent : 692(services.exe) | 16.22 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
6540 | [Owner : Système | Parent : 692(services.exe) | 12.52 Mo] - (.Intel Corporation - User Notification Service.) - (8.1.0.1252) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe     [25/09/2012 07:55:00]    --> Command Line : 
3872 | [Owner : Système | Parent : 692(services.exe) | 42.12 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
7820 | [Owner : Système | Parent : 5504() | ?????] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe     [18/03/2017 21:57:38]    --> Command Line : 
6396 | [Owner : Système | Parent : 5504() | 8.58 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (10.0.15063.608) = C:\Windows\System32\winlogon.exe     [16/09/2017 07:38:45]    --> Command Line : 
8696 | [Owner : DWM-2 | Parent : 6396(winlogon.exe) | 39.92 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe     [18/03/2017 21:58:21]    --> Command Line : 
5180 | [Owner : UMFD-2 | Parent : 6396(winlogon.exe) | 5.26 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe     [16/09/2017 07:59:58]    --> Command Line : 
7756 | [Owner : SERVICE LOCAL | Parent : 692(services.exe) | 6.41 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
7084 | [Owner : Système | Parent : 692(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
8616 | [Owner : Maxime | Parent : 3348(MBAMService.exe) | 27.29 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1208) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [14/09/2017 16:10:20]    --> Command Line : 
5476 | [Owner : Maxime | Parent : 2220(SynTPEnhService.exe) | 21.45 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.0.9.5) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [03/06/2015 02:16:46]    --> Command Line : 
2940 | [Owner : Maxime | Parent : 2440(unchecky_svc.exe) | 8.78 Mo] - (.Reason Software Company Inc. - Unchecky Background Process.) - (1.1.0.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe     [04/10/2017 18:07:43]    --> Command Line : 
7120 | [Owner : Maxime | Parent : 692(services.exe) | 18.01 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
228 | [Owner : Maxime | Parent : 1568(svchost.exe) | 21.57 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe     [18/03/2017 21:58:10]    --> Command Line : 
1628 | [Owner : Maxime | Parent : 692(services.exe) | 25.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
7504 | [Owner : Maxime | Parent : 6068() | 4.63 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.0.9.5) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [03/06/2015 02:16:48]    --> Command Line : 
1868 | [Owner : Maxime | Parent : 1160(svchost.exe) | 19.28 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe     [18/03/2017 21:57:57]    --> Command Line : 
3740 | [Owner : Maxime | Parent : 4700() | 84.64 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe     [11/10/2017 13:54:19]    --> Command Line : 
6248 | [Owner : Système | Parent : 692(services.exe) | 18.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
9172 | [Owner : Système | Parent : 692(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
8508 | [Owner : Maxime | Parent : 1160(svchost.exe) | 3.01 Mo] - (.CyberLink - YouCam Mirage.) - (1.0.0.629) = C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe     [27/07/2012 10:52:44]    --> Command Line : 
4836 | [Owner : Maxime | Parent : 692(services.exe) | 24.38 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
5056 | [Owner : Maxime | Parent : 5948() | 0.59 Mo] - (.Lenovo - Lenovo Solution Center Notifications.) - (1.1.0.0) = C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe     [07/12/2016 13:00:36]    --> Command Line : 
1960 | [Owner : Maxime | Parent : 936(svchost.exe) | 13.95 Mo] - (.Microsoft Corporation - InstallAgent.) - (10.0.15063.502) = C:\Windows\System32\InstallAgent.exe     [16/09/2017 07:36:42]    --> Command Line : 
9104 | [Owner : Maxime | Parent : 936(svchost.exe) | 12.18 Mo] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.15063.502) = C:\Windows\System32\InstallAgentUserBroker.exe     [16/09/2017 07:36:43]    --> Command Line : 
7540 | [Owner : Maxime | Parent : 936(svchost.exe) | 88.26 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [23/07/2017 13:44:58]    --> Command Line : 
2996 | [Owner : Maxime | Parent : 936(svchost.exe) | 69.14 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [18/03/2017 21:56:41]    --> Command Line : 
1276 | [Owner : Maxime | Parent : 936(svchost.exe) | 10.21 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe     [18/03/2017 21:58:01]    --> Command Line : 
2092 | [Owner : Maxime | Parent : 936(svchost.exe) | 37.44 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe     [11/10/2017 13:54:17]    --> Command Line : 
5880 | [Owner : Système | Parent : 3836(SearchIndexer.exe) | 11.33 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.15063.447) = C:\Windows\System32\SearchProtocolHost.exe     [23/07/2017 13:56:57]    --> Command Line : 
5696 | [Owner : SERVICE LOCAL | Parent : 1948(svchost.exe) | 15.7 Mo] - (.Microsoft Corporation - Isolation graphique de périphérique audio Windows.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe     [23/07/2017 13:57:00]    --> Command Line : 
6652 | [Owner : Maxime | Parent : 632() | 174.18 Mo] - (.Mozilla Corporation - Firefox.) - (57.0.1.6541) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [27/05/2014 14:28:44]    --> Command Line : 
3324 | [Owner : Maxime | Parent : 6652(firefox.exe) | 46.15 Mo] - (.Mozilla Corporation - Firefox.) - (57.0.1.6541) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [27/05/2014 14:28:44]    --> Command Line : 
6976 | [Owner : Maxime | Parent : 6652(firefox.exe) | 141.12 Mo] - (.Mozilla Corporation - Firefox.) - (57.0.1.6541) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [27/05/2014 14:28:44]    --> Command Line : 
7544 | [Owner : Maxime | Parent : 6652(firefox.exe) | 71.78 Mo] - (.Mozilla Corporation - Firefox.) - (57.0.1.6541) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [27/05/2014 14:28:44]    --> Command Line : 
6160 | [Owner : Système | Parent : 692(services.exe) | 5.62 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
1020 | [Owner : Système | Parent : 692(services.exe) | 15 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
3148 | [Owner : Maxime | Parent : 1160(svchost.exe) | 6.81 Mo] - (.- LSC.Services.UpdateStatusService.) - (3.4.2.6) = C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe     [07/12/2016 13:00:56]    --> Command Line : 
1876 | [Owner : Système | Parent : 692(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe     [18/03/2017 21:58:21]    --> Command Line : 
8884 | [Owner : SERVICE RÉSEAU | Parent : 936(svchost.exe) | 12.23 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 21:58:01]    --> Command Line : 
6844 | [Owner : Système | Parent : 3836(SearchIndexer.exe) | 8.54 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.15063.0) = C:\Windows\System32\SearchFilterHost.exe     [18/03/2017 21:58:18]    --> Command Line : 
2620 | [Owner : Maxime | Parent : 1160(svchost.exe) | 7 Mo] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe     [19/07/2017 22:50:40]    --> Command Line : 
172 | [Owner : Maxime | Parent : 6652(firefox.exe) | 41.79 Mo] - (.SosVirus - QuickDiag.) - (22.10.17.1) = C:\Users\Maxime\Downloads\QuickDiag.exe     [14/12/2017 16:34:37]    --> Command Line : 
1564 | [Owner : Système | Parent : 936(svchost.exe) | 9.06 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [18/03/2017 21:58:01]    --> Command Line : 
5644 | [Owner : SERVICE RÉSEAU | Parent : 936(svchost.exe) | 10 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [18/03/2017 21:58:50]    --> Command Line : 

---------- | MD5

[MD5.01078D46C77CE0D7DC584A29062A799D] - [11/10/2017 13:54:19] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4735.3 Ko] - (10.0.15063.674) : C:\WINDOWS\Explorer.exe
[MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 21:57:50] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe
[MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 21:57:38] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe
[MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 21:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.90224339656D3CFEC43150209B4CD38E] - [23/07/2017 13:44:45] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll
[MD5.BA909DA3D184EF80F9293AB9E12FF30F] - [11/10/2017 13:55:04] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\lsass.exe
[MD5.AA7F1C36F5BC779964CFA4F98D224D9F] - [16/09/2017 07:59:56] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\rpcss.dll
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 21:58:29] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.C81F9707DEA008EED4071B5A39B7C76E] - [15/09/2017 17:54:08] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [515.6 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\services.exe
[MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 21:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe
[MD5.B074ECE844C671332F89C7544DBFC74A] - [15/11/2017 17:40:44] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [1314.06 Ko] - (10.0.15063.726) : C:\WINDOWS\System32\user32.dll
[MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 21:58:21] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe
[MD5.0242626678C83AE788C655C1990A3CC3] - [16/09/2017 07:38:44] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [310.77 Ko] - (10.0.15063.502) : C:\WINDOWS\System32\Wininit.exe
[MD5.9CDA170849A4F66F4D68B3DBB3AC8394] - [16/09/2017 07:38:45] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [690 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Winlogon.exe
[MD5.5A6D591D56791BA63CE73FCAD60D89A1] - [16/09/2017 07:38:53] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de fonction connexe pour WinSock.) - [596.41 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 21:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 21:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 21:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 21:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 21:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [23/07/2017 13:56:55] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 21:56:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 21:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 21:57:54] - (.© Microsoft Corporation. Tous droits réservés. - Minirdr SMB Windows NT.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.BC6EB2110C8462FF20E74B2E2A31917E] - [15/11/2017 17:38:56] - (.© Microsoft Corporation. Tous droits réservés. - NDIS (Network Driver Interface Specification).) - [1210.4 Ko] - (10.0.15063.726) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.BAD3C424788BC071C3EC82CFCDA954D2] - [16/09/2017 08:01:09] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.608) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.4FB781DF7C0ED6B989F465A7886583F1] - [15/11/2017 17:39:00] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [2272.9 Ko] - (10.0.15063.726) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 21:56:26] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 21:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 21:59:55] - (.© Microsoft Corporation. Tous droits réservés. - Redirecteur de périphérique de Microsoft RDP.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.9360DA9E370C1E1483967351C0CB7245] - [11/10/2017 13:55:34] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [2609.4 Ko] - (10.0.15063.674) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.D74756DD1518D28A09CDA99696273FA4] - [16/09/2017 07:31:33] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.540) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 21:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{f9e93b39-49d1-4179-9848-a5a2896955ea}] - () - (%systemroot%\system32\mrt.exe)

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.Google.-.Google Drive shell extension.) - (2.34.7529.6838) -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
(.Dropbox, Inc..-.Dropbox Shell Extension.) - (1.0.0.25) -- C:\Users\Maxime\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
(..-..) - (14.0.7109.5000) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
(.Intel Corporation.-.LDDM User Mode Driver for Intel(R) Graphics Technology.) - (9.17.10.4459) -- C:\WINDOWS\SYSTEM32\igd10umd64.dll
(..-..) - (4.11.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
Dropbox - (C:\WINDOWS\ServiceProfiles\NetworkService\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Startup]) - User: JACK\Maxime
Facebook Update - ("C:\Users\Maxime\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
Google Update - (C:\Users\Maxime\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
GoogleDriveSync - ("C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
EPLTarget\P0000000000000001 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-412 413 415 Series" [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
ISUSPM - (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
BingSvc - (C:\Users\Maxime\AppData\Local\Microsoft\BingSvc\BingSvc.exe [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
Spotify Web Helper - ("C:\Users\Maxime\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
Spotify - ("C:\Users\Maxime\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
EPLTarget\P0000000000000002 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-412 413 415 Series" [HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\...\Run]) - User: JACK\Maxime
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
IgfxTray - ("C:\WINDOWS\system32\igfxtray.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
HotKeysCmds - ("C:\WINDOWS\system32\hkcmd.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
Persistence - ("C:\WINDOWS\system32\igfxpers.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
cAudioFilterAgent - ("C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
SmartAudio - ("C:\Program Files\CONEXANT\SAII\SACpl.exe" /t [HKLM\SOFTWARE\...\Run]) - User: Public
Energy Management - (C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [HKLM\SOFTWARE\...\Run]) - User: Public
EnergyUtility - (C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [HKLM\SOFTWARE\...\Run]) - User: Public
SynTPEnh - (%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="C:\Users\Maxime\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver   
"Google Update"=C:\Users\Maxime\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe   
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart   
"EPLTarget\P0000000000000001"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-412 413 415 Series"   
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler   
"BingSvc"=C:\Users\Maxime\AppData\Local\Microsoft\BingSvc\BingSvc.exe   [24/06/2015 21:27:11]
"Spotify Web Helper"="C:\Users\Maxime\AppData\Roaming\Spotify\SpotifyWebHelper.exe"   
"Spotify"="C:\Users\Maxime\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized   
"EPLTarget\P0000000000000002"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-412 413 415 Series"   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"RESTART_STICKY_NOTES"=0x0300000091F110098361D101   
"GarminExpressTrayApp"=0x03000000FB57E46EF6DACF01   
"Facebook Update"=0x030000004FD7A28CF6DACF01   
"Skype"=0x03000000ACA0AC0F2D8BCF01   
"StopClope"=0x020000000000000000000000   
"Google Update"=0x030000002751618FF6DACF01   
"GoogleDriveSync"=0x03000000309038082D8BCF01   
"iTunesHelper"=0x020000000000000000000000   
"EPLTarget\P0000000000000000"=0x020000000000000000000000   
"EPLTarget\P0000000000000001"=0x020000000000000000000000   
"EPLTarget\P0000000000000002"=0x020000000000000000000000   
"Spotify"=0x03000000CF96F3EB8261D101   
"Spotify Web Helper"=0x020000000000000000000000   
"BingSvc"=0x020000000000000000000000   
"ISUSPM"=0x020000000000000000000000   
"OneDrive"=0x020000000000000000000000   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=cmd\1   
"MRUList"=a   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=XP-412 413 415 Series(Réseau),winspool,Ne00:   
"IsMRUEstablished"=1   
"LegacyDefaultPrinterMode"=0   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"   
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"   
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"   
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"   
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe" /t   
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe   [13/08/2012 08:48:56]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe   [13/08/2012 08:49:28]
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x040000000000000000000000   
"SynTPEnh"=0x0700000045158594F6DACF01   
"SmartAudio"=0x020000000000000000000000   
"cAudioFilterAgent"=0x020000000000000000000000   
"BtvStack"=0x020000000000000000000000   
"Energy Management"=0x020000000000000000000000   
"EnergyUtility"=0x020000000000000000000000   
"BtTray"=0x020000000000000000000000   
"HotKeysCmds"=0x020000000000000000000000   
"IgfxTray"=0x020000000000000000000000   
"Persistence"=0x020000000000000000000000   
"AvastUI.exe"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"331BigDog"=0x040000000000000000000000   
"Dolby Advanced Audio v2"=0x020000000000000000000000   
"YouCam Mirage"=0x030000001A009A5AF6DACF01   
"YouCam Tray"=0x03000000661AE565F6DACF01   
"UpdateP2GShortCut"=0x030000004851AB85F6DACF01   
"RemoteControl10"=0x0300000011B0A388F6DACF01   
"Intel AppUp(SM) center"=0x020000000000000000000000   
"BCSSync"=0x030000000DC81A84F6DACF01   
"AvastUI.exe"=0x020000000000000000000000   
"mobilegeni daemon"=0x020000000000000000000000   
"EEventManager"=0x020000000000000000000000   
"avast"=0x020000000000000000000000   
"332BigDog"=0x03000000A13DEC96F6DACF01   
"Adobe ARM"=0x0300000020A1864CBFB3CE01   
"SunJavaUpdateSched"=0x03000000006BF94DBFB3CE01   
"tuto4pc_fr_41"=0x03000000C01FAD4DBFB3CE01   
"20131121"=0x020000000000000000000000   
"APSDaemon"=0x020000000000000000000000   
"DNS7reminder"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=1   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D325FFA9F5E74C   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="C:\Program Files (x86)\USB Camera\VM331STI.EXE"   
"YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"   
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s   
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"   
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"   
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4   
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices   
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"   
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"   
"DNS7reminder"="C:\Windows\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini   
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Wininit.ini : 

[Rename]
NUL=C:\WINDOWS\system32\Macromed\Flash\Flash.ocx


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player Updater
EPSON XP-412 413 415 Series Invitation {3C606750-BB97-42A2-AF7C-3BD83A76FF03}
EPSON XP-412 413 415 Series Invitation {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}
EPSON XP-412 413 415 Series Invitation {602EACDE-32D6-4A04-800C-40473B983AAC}
EPSON XP-412 413 415 Series Invitation {FC64140B-E2DA-4554-870A-1A85E0C5C308}
EPSON XP-412 413 415 Series Update {3C606750-BB97-42A2-AF7C-3BD83A76FF03}
EPSON XP-412 413 415 Series Update {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}
EPSON XP-412 413 415 Series Update {602EACDE-32D6-4A04-800C-40473B983AAC}
EPSON XP-412 413 415 Series Update {FC64140B-E2DA-4554-870A-1A85E0C5C308}
FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core
FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core
GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core1d35e22e940f17a
GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA
GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA1d35e22e965ebcc
Java Update Scheduler
MirageAgent
OneDrive Standalone Update Task-S-1-5-21-60461441-1236719898-3972887004-1001
Optimize Start Menu Cache Files-S-1-5-21-60461441-1236719898-3972887004-1001
Programme de mise à jour en ligne de Adobe
Synaptics TouchPad Enhancements
User_Feed_Synchronization-{705B7F45-E8EE-4A4E-98D3-1F2168150387}
{7A763036-D193-4834-8A73-9B2E252F76CD}
{A08C5381-A8AA-41F7-80F2-0DFB7EA5C2AD}

---------- | Startings up registry ? Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN  NOVGA   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(5)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=21   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaPid"=700   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=b4b50cc0-7767-45c8-9093-f829e83   
"GlassSessionId"=2   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"MouseWheelRouting"=2   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"ScreenSaveActive"=1   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallPaper"=C:\Users\Maxime\Desktop\Album\Portable Mich' 220817\WP_20170225_003.jpg   [22/08/2017 11:37:48]
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"MouseMonitorEscapeSpeed"=0   
"UserPreferencesMask"=0x9E1E078012000000   
"AutoColorization"=1   
"MaxVirtualDesktopDimension"=3520   
"MaxMonitorDimension"=1920   
"TranscodedImageCount"=1   
"LastUpdated"=4294967295   
"TranscodedImageCache"=0x7AC301000E4C1A00200A0000B005000000995AECA28FD20143003A005C00550073006500720073005C004D006100780069006D0065005C004400650073006B0074006F0070005C0041006C00620075006D005C0050006F0072007400610062006C00650020004D00690063006800270020003200320030003800310037005C00570050005F00320030003100370030003200320035005F003000300033002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ImageColor"=2763234115   
"LogPixels"=96   
"Win8DpiScaling"=0   
"PreferredUILanguages"=fr-FR   
"DpiScalingVer"=4096   
"ScreenSaverIsSecure"=0   
"ScreenSaveTimeOut"=18000   
"SCRNSAVE.EXE"=C:\WINDOWS\system32\PhotoScreensaver.scr   [23/07/2017 13:57:45]
"WaitToKillAppTimeout"=200   
"HungAppTimeout"=200   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x240000003428000000000000000000000000000001000000130000000000000062000000   
"ExplorerStartupTraceRecorded"=1   
"UserSignedIn"=1   
"SlowContextMenuEntries"=0x3673466C8182604E8204430CED96822DA5F001000114020000000000C000000000000046EEDC0100BD0E0C47735D584D9CEDE91E22E23282269600001A58CE57B60C66429CA019364C90A0B37883000060B81DB4E464D2119906E49FADC173CAB5D40000   
"SIDUpdatedOnLibraries"=1   
"LocalKnownFoldersMigrated"=1   
"TelemetrySalt"=6   
"AppReadinessLogonComplete"=1   
"FirstRunTelemetryComplete"=1   
"GlobalAssocChangedCounter"=53   
"Browse For Folder Width"=347   
"Browse For Folder Height"=288   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"ShowSuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ShowStatusBar"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=13   
"ReindexedProfile"=1   
"ShellViewReentered"=1   
"Start_TrackSearchContract"=1   
"ApplicationSearchHistory"=1   
"Start_TrackShareContractHistory"=1   
"Start_ShareContractHistoryCount"=5   
"Start_TrackShareContractMFU"=1   
"StoreAppsOnTaskbar"=1   
"RTStartMenuNotificationDisplayCount"=0   
"EnableStartMenu"=1   
"TaskbarSizeMove"=1   
"DisablePreviewDesktop"=0   
"TaskbarGlomLevel"=2   
"TaskbarStateLastRun"=0xB3432E5A00000000   
"TaskbarAutoHideInTabletMode"=0   
"TaskbarSmallIcons"=0   
"DontUsePowerShellOnWinX"=0   
"TaskbarBadges"=1   
"ShowTaskViewButton"=1   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x1500000014000000130000001200000011000000100000000F0000000E000000030000000C0000000D0000000B0000000A000000020000000900000008000000070000000600000005000000040000000100000000000000FFFFFFFF   
"0"=0x73007200740074007200610069006C002E007400780074000000   
"1"=0x65006E007200650067000000   
"4"=0x71007500690063006B00740069006D0065000000   
"5"=0x530065007400750070002E006D0073000000   
"6"=0x73006500690067000000   
"7"=0x35003000200061006E0073000000   
"8"=0x35003000200061006E00730020006D0069006300680020006D0061006E00750065000000   
"9"=0x6C006500200073006500690067000000   
"2"=0x530065007400750070002E006D00730069000000   
"10"=0x64006F0077006E000000   
"11"=0x64006F0077006E006C006F0061006400200077000000   
"13"=0x64006F0077006E006C006F00610064000000   
"12"=0x64006F0077006E006C006F006100640020006E00610076006900670061000000   
"3"=0x730065007400750070000000   
"14"=0x610070007000440061000000   
"15"=0x63006100700074007500720065000000   
"16"=0x6300610070007400750072006500200064002700E9006300720061006E000000   
"17"=0x6400E900670072006500760065006D00650074000000   
"18"=0x6400E900670072006500760065006D0065006E0074000000   
"19"=0x7200690062000000   
"20"=0x6D0061006C000000   
"21"=0x6D0061006C0077000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"DisableCAD"=1   
"SoftwareSASGeneration"=1   
"ConsentPromptBehaviorAdmin"=5   
"EnableLUA"=1   
"PromptOnSecureDesktop"=1   
"EnableSecureUIAPath"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoRecentDocsHistory"=0   
"NoActiveDesktopChanges"=0   
"NoActiveDesktop"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=87   
"AicEnabled"=PreferStore   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"DisableCAD"=1   
"SoftwareSASGeneration"=1   
"ConsentPromptBehaviorAdmin"=5   
"EnableLUA"=1   
"PromptOnSecureDesktop"=1   
"EnableSecureUIAPath"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoRecentDocsHistory"=0   
"NoActiveDesktopChanges"=0   
"NoActiveDesktop"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=28   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
"BuildNumber"=15063   
"FirstLogon"=0   
"PUUActive"=0x3A3934BC0100150073006A011E5E0900FCD70F00F3C05000D100000002002A00D6DE2112076585000933180006750300DFF0020045980000000000000E611300D82D000007090000F9736B47EE74D3011E5E0900000000000100000000000000   
"DP"=0xCE00580091001500780000003A3934BCC9BA200000000000F9736B47EE74D3014BDBEA48E974D301AE8372000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DefaultDomainName"=   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"LastLogOffEndTimePerfCounter"=38084390508   
"ShutdownFlags"=2147483755   
"Userinit"=C:\Windows\system32\userinit.exe,   
"AutoAdminLogon"=0   
"DefaultUserName"=MicrosoftAccount\danet.maxime@yahoo.fr   
"ShutdownWithoutLogon"=0   
"scremoveoption"=0   
"DisableCad"=1   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Clients\StartMenuInternet\Google Chrome.3ACIGE7GWDDAYEBV2NW4VK76L4\Shell\open\Command]
""="C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe"   
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Clients\StartMenuInternet\Google Chrome.3ACIGE7GWDDAYEBV2NW4VK76L4\InstallInfo]
"ReinstallCommand"="C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [16/09/2017 08:01:13]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [16/09/2017 08:01:13]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Maxime\AppData\Local\Temp\6842BB0C-BAB0-7891-A961-A2869AAA397E\Setup.exe"=1
"C:\Users\Maxime\AppData\Local\Temp\IS1668~1\DeltaTB.exe"=1
"C:\Users\Maxime\AppData\Local\Temp\E142A830-BAB0-7891-A002-3D661AEA382E\Setup.exe"=1
"C:\Users\Maxime\AppData\Local\Temp\__TEMPWEBPLAYER__\DeltaTB.exe"=1

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"SIGN.IE=013C2FA8 Firefox Setup 19.0.2.exe"=0x5341435001000000000000000700000028000000A82F3C0100000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000DD300800000000000100000001000000
"SIGN.IE=06A848B8 avast_free_antivirus_setup.exe"=0x5341435001000000000000000700000028000000B848A80600000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000E38F0200000000000100000001000000
"C:\Users\Maxime\Downloads\Brothersoft_downloader_For_Foobar2000.exe"=0x5341435001000000000000000700000028000000C894060000000000010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000E67C1600000000000100000001000000
"C:\Users\Maxime\Downloads\Brothersoft_downloader_For_Foobar2000(1).exe"=0x5341435001000000000000000700000028000000C894060000000000010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000392D1400000000000100000001000000
"C:\Users\Maxime\Downloads\foobar2000_v1.2.3.exe"=0x534143500100000000000000070000002800000054AA380000000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000C1391300000000000100000001000000
"C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe"=0x534143500100000000000000070000002800000070BC02007F1C0300010000000000000000000106712200002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000008C110500000000000200000002000000
"C:\Users\Maxime\Downloads\pc-decrapifier-2.3.1.exe"=0x5341435001000000000000000700000028000000BD9A190000000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000A69F0100000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR1E70.tmp\Adobe AIR Installer.exe"=0x534143500100000000000000070000002800000068930100705F0200010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000FBD53200000000000100000001000000
"C:\Program Files (x86)\foobar2000\foobar2000.exe"=0x534143500100000000000000070000002800000000481B000FF51B0001000000000000000000010600010000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\Downloads\vlc-2.0.5-win32.exe"=0x5341435001000000000000000700000028000000DEAE5D01F41C0100010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000036E40000000000000100000001000000
"C:\Users\Maxime\Downloads\install_flashplayer11x32_mssd_aih.exe"=0x5341435001000000000000000700000028000000882D0A00D6CF0A00010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000BA110500000000000100000001000000
"C:\Users\Maxime\Downloads\install_flashplayer11x32_mssd_aih [1].exe"=0x534143500100000000000000070000002800000098550F00A8FA0F00010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000006A2E0200000000000100000001000000
"C:\Users\Maxime\Downloads\SoftonicDownloader_pour_winrar.exe"=0x534143500100000000000000070000002800000060FF050000000000010000000000000000000206712000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000005A846501000000000100000001000000
"C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x5341435001000000000000000700000028000000008E11000000000001000000000000000000010600210000E63F486B2AA0D2010000000000000000020000007800000000000000000000000000000000000000000000000000000064D2F80800000000E60000000300000000000000000000400000000000000000000000000000000002BA920B000000003A00000000000000000000000000005000000000000000000000000000000000CCF56C00000000004F00000000000000
"C:\Users\Maxime\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe"=0x5341435001000000000000000700000028000000582A0A00F6CD0A00010000000000000000000206712000002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000F9150000000000000100000001000000
"C:\Users\Maxime\AppData\Roaming\Nosibay\Bubble Dock\Uninstall Bubble Dock.exe"=0x534143500100000000000000070000002800000048610600AEEA0600030000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000041DD0000000000000100000001000000
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe"=0x534143500100000000000000070000002800000040270D00B9690D00030000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000004F2F4800000000000100000001000000
"SIGN.MEDIA=41F10 JM20329 Win98 Driver\Win98 Driver\Setup.exe"=0x534143500100000000000000070000002800000000B0000000000000010000000000000000000105712000002EF6C8A3A56ACD0100000000000000000100000004000000010000000500000010000000000000000000000000030105000800000200000050000000000301050008006000820000000000000080000000000000C70600000000000001000000010000000000000000080040008200000000000000800000000000001D100000000000000100000000000000
"SIGN.MEDIA=41F10 JM20329 Win98 Driver\Win98 Driver\JMUsbMon.exe"=0x534143500100000000000000070000002800000000C0000000000000010000000000000000000105712000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001F000000000000000300000003000000
"SIGN.MEDIA=2CD3BC PcCloneEx\Setup.exe"=0x53414350010000000000000007000000280000000080D00000000000010000000000000000000006712000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000D027CB00000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE"=0x5341435001000000000000000700000028000000588C4C00345C4D00010000000000000000000106712000002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000095312300000000000100000001000000
"C:\Program Files\Microsoft Office 15\root\office15\perfboost.exe"=0x5341435001000000000000000700000028000000705A0100B2200200010000000000000000000106710000002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000100000000000000000000000000000820E0100000000000300000003000000
"C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE"=0x5341435001000000000000000700000028000000503E0E0026DE0E00010000000000000000000106710000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000001000000000000000000000000000004BC52600000000000100000001000000
"C:\Windows\SysWOW64\FlashPlayerApp.exe"=0x534143500100000000000000070000002800000060910A003BB50A00010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000AAEF0100000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR5FFA.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010092720200010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000CC820000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIRC046.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010092720200010000000000000000000206712200002EF6C8A3A56ACD010000008000000000020000002800000000000000000000000000000000000000000000000000000075EB0100000000000100000001000000
"C:\Users\Maxime\Downloads\SkypeSetupFull.exe"=0x534143500100000000000000070000002800000068A0D3016838D401010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000016470100000000000200000002000000
"C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE"=0x5341435001000000000000000700000028000000407C8601EC828601010000000000000000000106000100002EF6C8A3A56ACD010000000100000000
"C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE"=0x5341435001000000000000000700000028000000582E1C0015381C00010000000000000000000106000100002EF6C8A3A56ACD010000000100000000
"C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE"=0x534143500100000000000000070000002800000048520300006F030001000000000000000000020673220000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000
"C:\Users\Maxime\Desktop\GoogleSketchUpWFR.exe"=0x5341435001000000000000000700000028000000E0C967023CEC6702010000000000000000000106710000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000D1E10400000000000100000001000000
"C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe"=0x53414350010000000000000007000000280000000070B9005B3EBA000100000000000000000001067120000033504C2B57DFD101000000000000000002000000500000000000000000000040000000000000000000000000000000002B28BB00000000000600000006000000000000000000000000000000000000000000000000000000A55AA400000000001300000000000000
"C:\Users\Maxime\Downloads\Webplayer.exe"=0x5341435001000000000000000700000028000000B04D0B006F540B00010000000000000000000106710200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000CC0C0B00000000000200000002000000
"C:\Program Files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe"=0x5341435001000000000000000700000028000000F00506007C9E0600030000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B1910000000000000100000001000000
"C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE"=0x534143500100000000000000070000002800000090581D001F831D00010000000000000000000106000100002EF6C8A3A56ACD010000000100000000
"C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe"=0x5341435001000000000000000700000028000000B88C1C001E5A1D0003000000000000000000010600010000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000006ACB0100000000000100000001000000
"C:\Users\Maxime\Downloads\Office Professionnel Plus  Finale FR 32 BITS + Activation à vie\Office 2010 Toolkit & EZ-Activator 2.0\Office 2010 Toolkit.exe"=0x53414350010000000000000007000000280000000006D40000000000010000000000000000000106F5220000647CA60EA56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100000000000000000000000000000D77B0000000000000200000002000000
"C:\Users\Maxime\Downloads\Office Professionnel Plus  Finale FR 32 BITS + Activation à vie\Office14\setup.exe"=0x53414350010000000000000007000000280000007815070078530700010000000000000000000106002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000050000000000000000000000000000000005AB53700000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR8DF7.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010074890200010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000B73A0000000000000100000001000000
"C:\Users\Maxime\Downloads\install_reader11_fr_mssd_aih.exe"=0x5341435001000000000000000700000028000000A0850F005C131000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000155F0400000000000100000001000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Eula.exe"=0x5341435001000000000000000700000028000000804E0100CD800100010000000000000000000106712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000060170000000000000100000001000000
"C:\Users\Maxime\Downloads\GarminExpress.exe"=0x5341435001000000000000000700000028000000F065C400CD15C500010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000D6A9D400000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR7B83.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010077AE0100010000000000000000000206712200002EF6C8A3A56ACD010000008000000000
"C:\Users\Maxime\AppData\Local\Temp\update_4908475.exe"=0x534143500100000000000000070000002800000038920100129C0100010000000000000000000106000100002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000510A0000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR80D8.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010077AE0100010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000437B2900000000000100000001000000
"C:\Users\Maxime\Downloads\Webplayer(1).exe"=0x5341435001000000000000000700000028000000E8190B00B4DA0B00010000000000000000000106710200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000050780600000000000100000001000000
"C:\Program Files (x86)\Delta\delta\1.8.21.5\GUninstaller.exe"=0x5341435001000000000000000700000028000000F00706004E8E0600030000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000D4C70000000000000100000001000000
"C:\Program Files (x86)\DealPly\uninst.exe"=0x534143500100000000000000070000002800000023F906008FC21300030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000C2F90000000000000100000001000000
"C:\Users\Maxime\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe"=0x534143500100000000000000070000002800000000A6070052730800010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000EF5D0000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR8FBF.tmp\Adobe AIR Installer.exe"=0x534143500100000000000000070000002800000068930100D6D70100010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000D0E70A00000000000100000001000000
"C:\Users\Maxime\Downloads\Dropbox 2.2.3.exe"=0x5341435001000000000000000700000028000000D01315025D041602010000000000000000000106000100002EF6C8A3A56ACD010000000000000000
"C:\Users\Maxime\AppData\Local\Temp\AIR59CF.tmp\Adobe AIR Installer.exe"=0x534143500100000000000000070000002800000068930100D6D70100010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000911F0600000000000100000001000000
"C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe"=0x5341435001000000000000000700000028000000A0BD0000B84B0100010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000480E0000000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"=0x5341435001000000000000000700000028000000989E9300F9A99300010000000000000000000106000100002EF6C8A3A56ACD010000000100000000
"C:\Users\Maxime\Downloads\28.0.1500.71_chrome_installer.exe"=0x5341435001000000000000000700000028000000600502028BC50202010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000076E0100000000000100000001000000
"C:\Users\Maxime\Desktop\installer_windows_movie_maker_French.exe"=0x5341435001000000000000000700000028000000C889270000000000010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000001E64F900000000000200000002000000
"C:\Program Files (x86)\Accelerer PC\unins000.exe"=0x534143500100000000000000070000002800000028BB1100DA2B1200030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000546F0000000000000100000001000000
"C:\Users\Maxime\AppData\Local\tuto4pc_fr_41\upt4pc_fr_41.exe"=0x5341435001000000000000000700000028000000681F300031E73000010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000AF020000000000000500000005000000
"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe"=0x534143500100000000000000070000002800000000DC010026A5020001000000000000000000020671220000E63F486B2AA0D20100000000000000000200000050000000000000000000001000000000000000000000000000000000CD99EA00000000009C00000001000000000000000000005000000000000000000000000000000000DBAD0500000000000400000000000000
"C:\Users\Maxime\AppData\Roaming\BabSolution\Shared\GUninstaller.exe"=0x5341435001000000000000000700000028000000502E05001FBB0500030000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000859B0000000000000100000001000000
"C:\Program Files (x86)\tuto4pc_fr_41\unins000.exe"=0x534143500100000000000000070000002800000033FD0A0000000000030000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000073190000000000000100000001000000
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe"=0x5341435001000000000000000700000028000000F02F02009B6F020001000000000000000000020671220000975FD891C99ECE01000000000000000002000000500000000000000000000050000000000000000000000000000000004D990100000000000100000001000000000000000000000000000000000000000000000000000000FD2B0100000000000200000000000000
"C:\Windows\Temp\installer.exe"=0x5341435001000000000000000700000028000000C0E33F0000000000010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000000A305200000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIRFD4B.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000689301008FC80100010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000371D2C00000000000100000001000000
"C:\Users\Maxime\Downloads\TuneUpUtilities2014_fr-FR.exe"=0x5341435001000000000000000700000028000000A8F3F7019CE8F801010000000000000000000206712200002EF6C8A3A56ACD010000000000000000
"C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe"=0x534143500100000000000000070000002800000038E106007FA40700010000000000000000000206002100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000007FBA0800000000000100000001000000
"C:\Users\Maxime\AppData\Roaming\File Scout\filescout.exe"=0x534143500100000000000000070000002800000000F60300707C0400010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000001FB22300000000000E0000000E000000
"C:\Windows\System32\GfxUI.exe"=0x534143500100000000000000070000002800000040035A0020BA5A00010000000000000000000106F5200000647CA60EA56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000008C8D0300000000000100000001000000
"C:\Users\Maxime\Downloads\stopclope.exe"=0x5341435001000000000000000700000028000000FF720D0000000000010000000000000000000206412000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000A05D0000000000000100000001000000
"C:\Program Files (x86)\StopClope\bin\StopClope.exe"=0x53414350010000000000000007000000280000000050170000000000010000000000000000000105F12000002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000856E0F02000000000F0000000F000000
"C:\Users\Maxime\AppData\Local\Temp\AIR5923.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000689301000AE40100010000000000000000000206712200002EF6C8A3A56ACD010000008000000000020000002800000000000000000000000000000000000000000000000000000048710000000000000100000001000000
"C:\Users\Maxime\Downloads\vlc-2.1.0-win32.exe"=0x534143500100000000000000070000002800000079767201F41C0100010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000004CF70100000000000100000001000000
"C:\Users\Maxime\Downloads\jre-7u45-windows-i586.exe"=0x5341435001000000000000000700000028000000A81FBB018D3DBB01010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000040200200000000000100000001000000
"C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe"=0x534143500100000000000000070000002800000000FA3400000000000100000000000000000002066120000033504C2B57DFD1010000000000000000020000005000000000000000000000400000000000000000000000000000000057A2810000000000050000000500000000000000000000000000000000000000000000000000000025422F00000000002300000000000000
"C:\Users\Maxime\Downloads\gimp-2.8.6-setup.exe"=0x5341435001000000000000000700000028000000306C5F05F1B25F05010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000DB4E0000000000000100000001000000
"C:\Users\Maxime\Downloads\miniphoto_installation.exe"=0x5341435001000000000000000700000028000000F0CD000000000000010000000000000000000105710000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000B2C50000000000000100000001000000
"C:\Program Files (x86)\Miniphoto\miniphoto.exe"=0x53414350010000000000000007000000280000000070010000000000010000000000000000000105F12000002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000040000000000000000000000000000B5890600000000000500000005000000
"C:\Users\Maxime\Downloads\iview_4.36_setup.exe"=0x5341435001000000000000000700000028000000604E1C008FB01C00010000000000000000000206712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000CC280200000000000100000001000000
"C:\Users\Maxime\Downloads\googledrivesync.exe"=0x5341435001000000000000000700000028000000C07F0C000D920C00010000000000000000000106000100002EF6C8A3A56ACD010000008000000000020000002800000000000000000000000000000000000000000000000000000041600D00000000000200000002000000
"C:\Users\Maxime\Downloads\pf7-setup-fr.exe"=0x5341435001000000000000000700000028000000A87209002B4E0A00010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000037438600000000000100000001000000
"C:\Users\Maxime\Downloads\UsbFix.exe"=0x53414350010000000000000007000000280000007961120000000000010000000000000000000006710000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000511C0A00000000000500000005000000
"C:\Users\Maxime\Downloads\adwcleaner.exe"=0x534143500100000000000000070000002800000012F0100000000000010000000000000000000106710200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000BE4E0300000000000100000001000000
"C:\Users\Maxime\Downloads\mbam-setup-1.75.0.1300.exe"=0x5341435001000000000000000700000028000000F0EF9C0071349D00010000000000000000000206002100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000BE3D6400000000000100000001000000
"C:\Users\Maxime\Downloads\ZHPDiag2.exe"=0x5341435001000000000000000700000028000000639C680000000000010000000000000000000206412200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000000210100000000000100000001000000
"C:\Program Files (x86)\ZHPDiag\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D000000000001000000000000000000020671220000975FD891C99ECE0100000000000000000200000050000000000000000000004002000000000000000000000000000000F96E1D00000000000100000001000000000000000000000002000000000000000000000000000000DA551F0000000000020000000000000006000000080000000200000000000000
"C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D000000000001000000000000000000020671220000975FD891C99ECE010000000000000000020000005000000000000000000000400000000000000000000000000000000023D602000000000001000000010000000000000000000000000000000000000000000000000000004BD50800000000000200000000000000
"SIGN.IE=0AC9BE delfix.exe"=0x5341435001000000000000000700000028000000BEC90A0000000000010000000000000000000106710200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000069410100000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIRFF6D.tmp\Adobe AIR Installer.exe"=0x53414350010000000000000007000000280000006893010015FA0100010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000A6AC2F00000000000100000001000000
"C:\Program Files (x86)\TuneUp Utilities 2014\UpdateWizard.exe"=0x5341435001000000000000000700000028000000387F0300BAA6030001000000000000000000020600210000975FD891C99ECE010000008000000000020000002800000000000000000000400000000000000000000000000000000073D62900000000000C0000000C000000
"C:\Users\Maxime\Desktop\OnlineHD-Chrome-V2.1.exe"=0x534143500100000000000000070000002800000010320700405A0700010000000000000000000106000100002EF6C8A3A56ACD010000000000000000
"C:\Users\Maxime\AppData\Local\BeamriseUninstall\Bootstrapper{1.4BR2gpTP.100}.exe"=0x534143500100000000000000070000002800000048050E003F9F0E00030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000100000004000000010000000500000010000000000000000000000000000106000000000200000050000000000001060000002000008000000000000000800000000000A94C00000000000001000000010000000000000000000000000080000000000000008000000000002287000000000000010000000000000006000000080000000000800000000000
"C:\Program Files (x86)\Miniphoto\uninstall.exe"=0x53414350010000000000000007000000280000005089000000000000030000000000000000000105710000002EF6C8A3A56ACD010000000000000000020000002800000000000000000800000000000000000000000000000000000055A30000000000000100000001000000
"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe"=0x534143500100000000000000070000002800000000B0060000000000030000000000000000000006710200002EF6C8A3A56ACD01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000001000000000000000000000000000004E7D0000000000000100000001000000
"C:\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe"=0x5341435001000000000000000700000028000000600D21006DD62100030000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000095450000000000000100000001000000
"C:\Program Files (x86)\IrfanView\iv_uninstall.exe"=0x53414350010000000000000007000000280000006094000052360100030000000000000000000206712000002EF6C8A3A56ACD010000000000000000020000002800000000000000000800000000000000000000000000000000000080170000000000000100000001000000
"C:\Program Files (x86)\Mobogenie\uninst.exe"=0x53414350010000000000000007000000280000000B020200E6C43501030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000A5AD0000000000000100000001000000
"C:\Program Files (x86)\OnlineHD V7.0\Uninstall.exe"=0x5341435001000000000000000700000028000000002E010000000000030000000000000000000206712200002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000095450000000000000100000001000000
"C:\Program Files (x86)\OnlineHD.TV\uninst.exe"=0x534143500100000000000000070000002800000089D90000405A0700030000000000000000000106000100002EF6C8A3A56ACD01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000200000000000000000000000000003A130000000000000100000001000000
"C:\Program Files (x86)\PcCloneEX\Uninstall.exe"=0x5341435001000000000000000700000028000000003A2D0000000000030000000000000000000006710000002EF6C8A3A56ACD010000000000000000020000002800000000000000000800000000000000000000000000000000000092190000000000000100000001000000
"C:\Program Files (x86)\SecretSauce\SecretSauceUninstall.exe"=0x5341435001000000000000000700000028000000BAAE03008ABC0D00030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000F8A70000000000000100000001000000
"C:\Program Files (x86)\SugarSync\uninstall.exe"=0x53414350010000000000000007000000280000002688010018050801030000000000000000000106002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000071240000000000000100000001000000
"C:\Program Files (x86)\InstallShield Installation Information\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\setup.exe"=0x534143500100000000000000070000002800000069BE0D0000000000030000000000000000000106002100002EF6C8A3A56ACD010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000010800000000000000080000000000075670000000000000100000001000000010000000400000001000000
"C:\Users\Maxime\Downloads\jxpiinstall.exe"=0x5341435001000000000000000700000028000000A80D0E00E44C0E00010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000040000000000000000000000000000000008B2B0200000000000100000001000000
"C:\Program Files (x86)\Java\jre7\bin\javacpl.exe"=0x5341435001000000000000000700000028000000A805010087960100010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B4790000000000000200000002000000
"C:\Users\Maxime\Downloads\Philip's Large Red Cursors.exe"=0x53414350010000000000000007000000280000007F89070000000000010000000000000000000206412000002EF6C8A3A56ACD010000000000000000020000002800000000000000000800400000000000000000000000000000000021750000000000000100000001000000
"C:\Users\Maxime\Downloads\Civikey-Std-2.6.1.exe"=0x534143500100000000000000070000002800000091B2F90300000000010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000000F290100000000000200000002000000
"C:\Program Files (x86)\Civikey\Std\binaries\CiviKey.exe"=0x534143500100000000000000070000002800000000CA0C0000000000010000000000000000000106800100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B8781E00000000000300000003000000
"C:\Program Files\CONEXANT\SAII\SACpl.exe"=0x5341435001000000000000000700000028000000002419001F881900010000000000000000000106712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000A8610000000000000100000001000000
"SIGN.MEDIA=74186F SETUP.EXE"=0x53414350010000000000000007000000280000000022020000000000010000000000000000000105712000002EF6C8A3A56ACD010000000000000000020000002800000000000000000800400000000000000000000000000000000073850200000000000100000001000000
"SIGN.MEDIA=6F20F58 SETUP.EXE"=0x534143500100000000000000070000002800000000180100270C0200010000000000000000000105003000002EF6C8A3A56ACD010000000000000000
"SIGN.MEDIA=1DE723 Pirate.exe"=0x534143500100000000000000070000002800000000700B00AB770B00010000000000000000000006712000002EF6C8A3A56ACD010000000000000000020000002800000000000000000000000000000000000000000000000000000019430C00000000000300000003000000
"SIGN.MEDIA=1DE723 setup.exe"=0x5341435001000000000000000700000028000000002E0200DEFF0200010000000000000000000105712000002EF6C8A3A56ACD0100000000000000000200000028000000000000000008004000000000000000000000000000000000AEC30000000000000100000001000000
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVDLaunchPolicy.exe"=0x534143500100000000000000070000002800000028A5060067C306000100000000000000000001067122000033504C2B57DFD101000000000000000002000000500000000000000080000040000000000000000000000000000000007AF46B0000000000030000000300000000000000800000000000000000000000000000000000000010F82000000000000200000000000000
"C:\Users\Maxime\Desktop\MM26_FR.msi"=0x534143500100000000000000070000002800000000E60100BC93020001000000000000000000010500100000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B0850200000000000200000002000000
"C:\Users\Maxime\Desktop\videoeditor.exe"=0x534143500100000000000000070000002800000069B7FD0000000000010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000929E0000000000000100000001000000
"C:\Program Files (x86)\OpoSoft\Video Editor\Video Editor.exe"=0x534143500100000000000000070000002800000000C01D0000000000010000000000000000000006710000002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000004EBA0200000000000100000001000000
"C:\Users\Maxime\Desktop\VideoSpin_2_0_Setup.exe"=0x5341435001000000000000000700000028000000B018250A4546250A010000000000000000000006710200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000835D0300000000000100000001000000
"C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe"=0x534143500100000000000000070000002800000010E55200E0805300010000000000000000000006712200002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000F6C06B00000000000300000003000000
"C:\Program Files (x86)\TuneUp Utilities 2014\Integrator.exe"=0x5341435001000000000000000700000028000000380B1000D64F100001000000000000000000020600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000031ED7600000000000500000005000000
"SIGN.MEDIA=157EB00 Data\Bin\VisioLaunch.exe"=0x53414350010000000000000007000000280000000010040000000000010000000000000000000006712000002EF6C8A3A56ACD0100000000000000000200000028000000000000008000000000000000000000000000000000000000BB2C1100000000000100000001000000
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x534143500100000000000000070000002800000013F001005194020001000000000000000000020661220000E63F486B2AA0D201000000000000000002000000C80000000000000000000010000000000000000000000000000000005DDB5200000000002700000017000000000000000000005000000000000000000000000000000000BC339A0E000000008601000000000000000000008000005000000000000000000000000000000000C8B051000000000004000000000000000000000000000000000000000000000000000000000000006DA86100000000004900000000000000000000008000000000000000000000000000000000000000DCA61100000000000100000000000000
"C:\Users\Maxime\AppData\Local\Temp\{a2c69cba-542a-4a49-af31-b8a49349064d}\.be\GarminExpressInstaller.exe"=0x5341435001000000000000000700000028000000B85F0D0051B90D00010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000004000000000000000000000000000000000BA480800000000000100000001000000
"C:\Users\Maxime\Desktop\GarminExpress.exe"=0x5341435001000000000000000700000028000000281FD6019780D601010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000DFC23200000000000300000003000000
"C:\Users\Maxime\Desktop\CommunicatorPlugin_410.exe"=0x5341435001000000000000000700000028000000C8D71F01F5F11F01010000000000000000000206002100002EF6C8A3A56ACD0100000080000000000200000028000000000000000000004000000000000000000000000000000000CB4A0200000000000200000002000000
"C:\Users\Maxime\AppData\Local\Temp\AIR7194.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A092010044520200010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000F6F67900000000000100000001000000
"C:\Users\Maxime\Desktop\chromeinstall-7u55.exe"=0x5341435001000000000000000700000028000000A80F0E007BD50E00010000000000000000000106000100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000016A40200000000000100000001000000
"SIGN.MEDIA=224802 InstallNavi.exe"=0x53414350010000000000000007000000280000004048220067E62200010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000400000000000000000000000000000000097E51F00000000000100000001000000
"C:\Windows\twain_32\escndv\escndv.exe"=0x5341435001000000000000000700000028000000A05C03002267030001000000000000000000000671200000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000BE571F000000000014000000080000000000000000000040000000000000000000000000000000001140B600000000006600000000000000
"C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe"=0x534143500100000000000000070000002800000060EC0D0033720E0001000000000000000000010671200000975FD891C99ECE010000000000000000020000005000000000000000000000400000000000000000000000000000000020970000000000000100000001000000000000000000000000000000000000000000000000000000309C0000000000000100000000000000
"C:\Windows\twain_32\escndv\escfg.exe"=0x5341435001000000000000000700000028000000681E040078E7040001000000000000000000010671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000083234900000000000700000007000000
"C:\Program Files (x86)\EPSON Software\Epson Manual\Launcher\EPSMLAN.EXE"=0x5341435001000000000000000700000028000000400E090026300900010000000000000000000206712000002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000AB4A1600000000000100000001000000
"C:\Windows\twain_32\escndv\estcfg.exe"=0x534143500100000000000000070000002800000000900200720A03000100000000000000000001067120000033504C2B57DFD10100000000000000000200000050000000000000000000004000000000000000000000000000000000990B0000000000005A0000005A0000000000000000000000000000000000000000000000000000002D030000000000002B00000000000000
"C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe"=0x534143500100000000000000070000002800000020450200FA80020001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000071AC0900000000000300000003000000
"C:\Users\Maxime\Desktop\Install_Prezi_Desktop_4.7.5.exe"=0x5341435001000000000000000700000028000000C82C090065A8114A010000000000000000000106000100002EF6C8A3A56ACD01000000000000000002000000280000000000000000000000000000000000000000000000000000005A470000000000000100000001000000
"C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe"=0x534143500100000000000000070000002800000028442C00D3932C00010000000000000000000206F5220000647CA60EA56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000352E0000000000000200000002000000
"C:\Users\Maxime\AppData\Local\Temp\ICReinstall_Install_Prezi_Desktop_4.7.5.exe"=0x5341435001000000000000000700000028000000C82C090065A8114A010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000614B0000000000000100000001000000
"C:\Users\Maxime\Downloads\Install_Prezi_Desktop_4.7.5 [1].exe"=0x5341435001000000000000000700000028000000089E9D1693B29D16010000000000000000000206002100002EF6C8A3A56ACD010000000000000000020000002800000000000000000000100000000000000000000000000000000048B50300000000000300000003000000
"C:\Program Files (x86)\Prezi Desktop 4\Prezi Desktop.exe"=0x534143500100000000000000070000002800000000700300212D0100010000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000C3D36100000000000800000008000000
"C:\Program Files (x86)\MyPC Backup\uninst.exe"=0x5341435001000000000000000700000028000000664C01000AE19E00030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000B2B80000000000000100000001000000
"C:\Program Files (x86)\Greener Web\GreenerWebUninstall.exe"=0x534143500100000000000000070000002800000010AC0300B9702000030000000000000000000106000100002EF6C8A3A56ACD0100000000000000000200000028000000000000000000000000000000000000000000000000000000871C0200000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR67FE.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A09201006D870200010000000000000000000206712200002EF6C8A3A56ACD0100000080000000000200000028000000000000000000000000000000000000000000000000000000EE8F0600000000000100000001000000
"C:\Users\Maxime\Desktop\CommunicatorPlugin_420.exe"=0x534143500100000000000000070000002800000048CA1F018A77200101000000000000000000020600010000975FD891C99ECE0100000080000000000200000028000000000000000000004000000000000000000000000000000000E7EB0000000000000100000001000000
"C:\Program Files (x86)\Garmin\Express\Express.exe"=0x534143500100000000000000070000002800000058352C0019872C00010000000000000000000306F1220000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000003FF4201000000000100000001000000
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe"=0x534143500100000000000000050000001000000000000000000000000000000000000000070000002800000080BD0700BE9E080001000000000000000000020671220000E63F486B2AA0D20100000080000000000200000028000000000000000000004000000000000000000000000000000000AD481207000000000800000008000000
"C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"=0x53414350010000000000000007000000280000002041000035D50000010000000000000000000306F5220000B395E7CF049FCE01000000000000000002000000280000000000000000000000000000000000000000000000000000001D100000000000000100000001000000
"C:\Users\Maxime\Desktop\adwcleaner_3.310.exe"=0x534143500100000000000000070000002800000023F514000000000001000000000000000000010671020000975FD891C99ECE010000000000000000020000005000000000000000000000400000000000000000000000000000000082150F0000000000010000000100000000000000000000000000000000000000000000000000000064190000000000000100000000000000
"C:\Users\Maxime\Desktop\mbam-setup-2.0.2.1012.exe"=0x5341435001000000000000000700000028000000D8DD0701EB24080101000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000018163800000000000100000001000000
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000385B6A00CC9D6A0001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000521C0000000000000200000002000000
"C:\Users\Maxime\Desktop\mbam-setup-2.0.2.1012 (1).exe"=0x5341435001000000000000000700000028000000D8DD0701EB24080101000000000000000000020600010000975FD891C99ECE010000000000000000020000002800000000000000000000000000000000000000000000000000000011FC2800000000000200000002000000
"C:\Users\Maxime\Desktop\mbam-setup-1.70.0.1100.exe"=0x534143500100000000000000070000002800000038F99A0046CA9B0001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000112F3E00000000000200000002000000
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000A8930C00859B0C0001000000000000000000010671020000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000084260000000000000100000001000000
"D:\Docs Max\Administratif\Compte Bancaire\RIB et IBAN\ZHPDiag2.exe"=0x5341435001000000000000000700000028000000E8AC68000000000001000000000000000000030641220000975FD891C99ECE01000000000000000002000000280000000000000000000000000000000000000000000000000000009D7D0000000000000100000001000000
"C:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE"=0x534143500100000000000000070000002800000068012B00E6722B0001000000000000000000030600210000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000BFB7B000000000000900000008000000000000000000004000000000000000000000000000000000D4B1530A000000004B00000000000000
"D:\Docs Max\Administratif\Compte Bancaire\RIB et IBAN\AdsFix.exe"=0x534143500100000000000000070000002800000000F62800AA99290001000000000000000000030600210000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000036F85A00000000000100000001000000
"C:\Users\Maxime\Downloads\AdsFix.exe"=0x534143500100000000000000070000002800000000F62800AA99290001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A6930300000000000100000001000000
"C:\Users\Maxime\Desktop\QuickDiag.exe"=0x534143500100000000000000070000002800000000461500ABCE150001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D00B0800000000000100000001000000
"C:\Users\Maxime\Desktop\OTM.exe"=0x534143500100000000000000070000002800000000F807000E4C080001000000000000000000030641220000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000E2550300000000000100000001000000
"C:\Users\Maxime\Desktop\Réparation ordi\QuickDiag.exe"=0x534143500100000000000000070000002800000000461500ABCE150001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A75B1500000000000100000001000000
"C:\Program Files (x86)\TuneUp Utilities 2014\UninstallManager.exe"=0x534143500100000000000000070000002800000038F90300AAF8040001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000D31E0000000000000100000001000000
"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe"=0x53414350010000000000000007000000280000003809200062B1200001000000000000000000020673020000B395E7CF049FCE01000000000000000002000000280000000000000000000040000000000000000000000000000000008C000000000000000200000002000000
"C:\Program Files (x86)\StopClope\unins000.exe"=0x5341435001000000000000000700000028000000F9D309000000000003000000000000000000030641200000975FD891C99ECE0100000000000000000200000028000000000000000008004000000000000000000000000000000000D4810300000000000100000001000000
"C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"=0x53414350010000000000000007000000280000006A010B000000000001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000010000000000000000000000000F92F0000000000000100000001000000
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"=0x534143500100000000000000070000002800000068D70A00522B0B0003000000000000000000020600010000975FD891C99ECE010000000000000000
"C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe"=0x534143500100000000000000070000002800000040B612004B2B130001000000000000000000030671220000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000011285400000000000300000003000000
"C:\Users\Maxime\Documents\Docs Max\Meulan les Mureaux\Mémoire\Mémoire Tyss\Prezi.exe"=0x534143500100000000000000070000002800000000CA01000000000001000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000890B0000000000000100000001000000
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4e.exe"=0x5341435001000000000000000700000028000000F09E070068FB0700010000000000000000000106F5220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000200000000000000000000000000CC120000000000000100000001000000
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4d.exe"=0x5341435001000000000000000700000028000000F008040071DD0400010000000000000000000106F5220000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000200000000000000000000000000B7130000000000000100000001000000
"SIGN.MEDIA=1CA00 Meulan les Mureaux\Mémoire\Mémoire Tyss\Prezi.exe"=0x534143500100000000000000070000002800000000CA01000000000001000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000910F0000000000000100000001000000
"C:\Users\Maxime\AppData\Roaming\Dropbox\bin\Dropbox.exe"=0x5341435001000000000000000700000028000000A0A42B0289972C0201000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000CC3FB106000000000200000002000000
"C:\Users\Maxime\AppData\Local\Temp\AIRB5D1.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A0920100315F020001000000000000000000030671220000975FD891C99ECE010000008000000000020000002800000000000000000000400000000000000000000000000000000008120200000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR13EB.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A0920100315F020001000000000000000000030671220000975FD891C99ECE0100000080000000000200000028000000000000000000004000000000000000000000000000000000CADB2400000000000100000001000000
"C:\Users\Maxime\Desktop\FreeMind-Windows-Installer-1.0.0-max.exe"=0x5341435001000000000000000700000028000000FDE144020000000001000000000000000000020600010000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000BA920000000000000200000002000000
"C:\Program Files (x86)\FreeMind\FreeMind.exe"=0x5341435001000000000000000700000028000000006601007BBB010001000000000000000000020671000000975FD891C99ECE0100000000000000000200000028000000000000000000004000100000000000000000000000000000840D5F02000000000300000003000000
"C:\Users\Maxime\AppData\Local\Temp\AIR7372.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A09201008CC8010001000000000000000000030671220000975FD891C99ECE01000000800000000002000000280000000000000000000040000000000000000000000000000000008E012600000000000100000001000000
"C:\Users\Maxime\Desktop\SimpleMindPro165TrialSetup.exe"=0x5341435001000000000000000700000028000000329554000000000001000000000000000000010600010000975FD891C99ECE010000000000000000020000002800000000000000000000400000000000000000000000000000000081F93500000000000400000004000000
"C:\Windows\1.6.5\SimpleMindPro.exe"=0x534143500100000000000000070000002800000000EC13000000000001000000000000000000010671020000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000DC6F2901000000000800000008000000
"C:\Users\Maxime\Desktop\Dragon Naturally Speaking pro v11 FR\setup.exe"=0x5341435001000000000000000700000028000000984A1100F86A110001000000000000000000010600210000975FD891C99ECE0100000000000000000200000028000000000000000000005000000000000000000000000000000000BB900900000000000100000001000000
"C:\Users\Maxime\Desktop\Dragon Naturally Speaking pro v11 FR\WindowsInstaller-KB893803-x86.exe"=0x534143500100000000000000070000002800000010712700EC04280001000000000000000000000671000000975FD891C99ECE010000008000000000020000002800000000000000800900400000000000000000000000000000000009230000000000000100000001000000
"C:\Users\Maxime\Desktop\Dragon Naturally Speaking pro v11 FR\Dragon NaturallySpeaking 11.msi"=0x534143500100000000000000070000002800000000FC0000FB41010001000000000000000000010500100000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000095710A00000000000200000002000000
"C:\Windows\Program\natspeak.exe"=0x534143500100000000000000070000002800000068D536003EE3360001000000000000000000010671220000975FD891C99ECE010000000000000000020000002800000000000000000000500010000000000000000000000000000068D6C606000000000500000005000000
"C:\Users\Maxime\AppData\Local\Temp\AIR117F.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A09201004A0D020001000000000000000000030671220000975FD891C99ECE0100000080000000000200000028000000000000000000004000000000000000000000000000000000330E1500000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIRC825.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A09201004CC9010001000000000000000000030671220000975FD891C99ECE0100000080000000000200000028000000000000000000004000000000000000000000000000000000E1C40100000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\certutil.exe"=0x5341435001000000000000000700000028000000006001000000000001000000000000000000010571000000975FD891C99ECE0100000000000000000200000028000000000000000000004000040000000000000000000000000000E50E0000000000000200000002000000
"C:\Users\Maxime\AppData\Local\Temp\AIR2247.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000A07C05003A6C060001000000000000000000030671220000975FD891C99ECE010000008000000000
"C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x534143500100000000000000070000002800000080082D0355102D0301000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000C3952F00000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR694F.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B87C0500D874060001000000000000000000030671220000975FD891C99ECE010000008000000000020000002800000000000000000000400000000000000000000000000000000021050D00000000000100000001000000
"C:\Users\Maxime\Desktop\DemoTT55_fra.exe"=0x534143500100000000000000070000002800000045809C000000000001000000000000000000000671020000975FD891C99ECE010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400002000000000000000000000000000093330000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe"=0x534143500100000000000000070000002800000098101100C837110001000000000000000000030600210000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000A3340200000000008100000046000000000000000000004000000000000000000000000000000000A0F6B00700000000540B000000000000
"C:\Users\Maxime\AppData\Local\Temp\AIRC260.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B87C05009858060001000000000000000000030671220000975FD891C99ECE010000008000000000020000002800000000000000000000400000000000000000000000000000000090A80400000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B0FE2000BE48210001000000000000000000010600010000975FD891C99ECE010000000100000000
"C:\Users\Maxime\AppData\Local\Temp\AIRE31F.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B87C05000275060001000000000000000000030671220000975FD891C99ECE010000008000000000020000002800000000000000000000400000000000000000000000000000000079520600000000000100000001000000
"C:\Users\Maxime\Desktop\Sony Vegas Pro 12 Build 770 (64 bit) (patch-keygen DI)\vegaspro12.0.770.exe"=0x534143500100000000000000070000002800000078FA7C0EEA3A7D0E01000000000000000000010600010000B395E7CF049FCE010000000000000000020000002800000000000000000000400000000000000000000000000000000096CE0100000000000500000005000000
"D:\Sony vegas pro\Sony Vegas Pro 12 Build 770 (64 bit) (patch-keygen DI)\patch - keygen DI\Keygen.exe"=0x534143500100000000000000070000002800000000303900B66E390001000000000000000000010600010000975FD891C99ECE0100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100000000000000000000000000000ED200500000000000100000001000000
"D:\Sony vegas pro\vegas120.exe"=0x534143500100000000000000070000002800000020BB99016E869A0101000000000000000000010600010000B395E7CF049FCE0100000000000000000200000028000000000000000000004000000000000000000000000000000000A23B0000000000000100000001000000
"C:\Users\Maxime\Desktop\Sony Vegas Pro 12 Build 770 (64 bit) (patch-keygen DI)\patch - keygen DI\Keygen.exe"=0x534143500100000000000000070000002800000000303900B66E390001000000000000000000010600010000975FD891C99ECE01000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040001000000000000000000000000000000C890C00000000000600000006000000
"C:\Program Files\Sony\Vegas Pro 12.0\vegas120.exe"=0x534143500100000000000000070000002800000020BB99016E869A0101000000000000000000010600010000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000005F5EDD02000000002700000027000000
"C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe"=0x534143500100000000000000070000002800000040D912004791130001000000000000000000030671200000E63F486B2AA0D20100000000000000000200000028000000000000000000005000000000000000000000000000000000F73B0F00000000000F0000000F000000
"C:\Users\Maxime\AppData\Local\Temp\AIRA1EE.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B0880500BD03060001000000000000000000030600210000975FD891C99ECE010000008000000000
"C:\Users\Maxime\AppData\Local\Vistaprint Livres photo\apc.exe"=0x5341435001000000000000000700000028000000D8486C0032246D0001000000000000000000030600210000975FD891C99ECE0100000000000000000200000028000000000000000000004000000000000000000000000000000000BF049800000000000500000005000000
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"=0x5341435001000000000000000700000028000000C8340300A937030001000000000000000000030600010000E78E163C2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007B81480D000000004F0000004F000000
"C:\Program Files\AVAST Software\Avast\avastui.exe"=0x534143500100000000000000070000002800000050365D0036845D0001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001E2AEA01000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Maxime\AppData\Local\Temp\AIR1883.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B0880500E60E060001000000000000000000000A0021000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000081B14100000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR8A93.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B0880500CEF1050001000000000000000000000A0021000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000083BD1400000000000100000001000000
"C:\Users\Maxime\AppData\Local\Temp\AIR7580.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000B08805009A10060001000000000000000000000A0021000019B4C529E312D10100000080000000000200000028000000000000000000004000000000000000000000000000000000B24D3800000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Maxime\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe"=0x534143500100000000000000070000002800000000482D00A2D42D000100000000000000000001057120000033504C2B57DFD1010000000000000000
"C:\Users\Maxime\Desktop\Tor Browser\Browser\firefox.exe"=0x534143500100000000000000070000002800000000240500C33A050001000000000000000000000A0001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000069A15700000000000200000002000000
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe"=0x534143500100000000000000070000002800000060AD6401017A65010100000000000000000001067102000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000864A0000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000E07E03004B44040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Maxime\AppData\Local\Temp\AIRDF76.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000488C05001503060001000000000000000000000A0021000033504C2B57DFD1010000008000000000020000002800000000000000000000400000000000000000000000000000000055480300000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D87E030025C1030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe"=0x5341435001000000000000000700000028000000B8211400CD46140001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000308C0400000000000300000003000000
"C:\Users\Maxime\Desktop\PokerStarsInstallFR.exe"=0x5341435001000000000000000700000028000000E0E2F7040000000001000000000000000000000A7120000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000008000002000000280000000000000000080040000020000000000000002000000000000A350000000000000100000001000000010000000400000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88003007F30040001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02001930030001000000010000000000000A7122000033504C2B57DFD1010000000000000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D88203009CF3030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\SketchUp\SketchUp 2015\SketchUp.exe"=0x534143500100000000000000070000002800000000661401D84C150101000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000DEACDA03000000000400000004000000
"C:\Users\Maxime\AppData\Local\Temp\AIRCBA3.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000488C05007B37060001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000004000000000000000000000000000000000BF633700000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A7120000033504C2B57DFD1010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_2\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6943.0625_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x534143500100000000000000070000002800000060CA11002C5E120001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000050000000000000000000000000000000000000000000000000000000A560DF01000000001400000014000000000000000000004000000000000000000000000000000000FA700000000000000400000000000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6966.0824\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0B00300CDA9040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Temp\AIRA824.tmp\Adobe AIR Installer.exe"=0x5341435001000000000000000700000028000000F08D05007389060001000000000000000000000A00210000E63F486B2AA0D2010000008000000000020000002800000000000000000000400000000000000000000000000000000035B87300000000000100000001000000
"C:\Program Files\AVAST Software\Avast\VisthAux.exe"=0x5341435001000000000000000700000028000000008403007301040001000000000000000000000A00210000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000800000000200000028000000000000008000004000000000000000000000000000000000A60E0000000000000100000001000000
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe"=0x5341435001000000000000000700000028000000882A1400619D140001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000500000000000000000000000000000000000000000000000000000005976460D000000004300000043000000000000000000004000000000000000000000000000000000FB999608000000001600000000000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe"=0x534143500100000000000000070000002800000018AA1700DC95180001000000000000000000010600010000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\Desktop\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000800F2C00033A2C0001000000000000000000030600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EC6A1B00000000000500000005000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0A474012679750101000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0E20300117A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Program Files\AVAST Software\Avast\Setup\instup.exe"=0x534143500100000000000000070000002800000068DA14000000000001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000000FBB0400000000000200000002000000
"C:\Program Files (x86)\FreeMind\unins000.exe"=0x534143500100000000000000070000002800000021020B000000000001000000000000000000020600010000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000004F6F0100000000000200000002000000
"C:\ProgramData\Package Cache\{bd8bd200-9a60-4969-b267-6b565f36e3da}\GarminExpressInstaller.exe"=0x534143500100000000000000070000002800000078611000B9F0100001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000007A7C0200000000000500000005000000
"C:\Users\Maxime\Desktop\mb3-setup-consumer-3.2.2.2018.exe"=0x5341435001000000000000000700000028000000E860F403E7FEF40301000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000012040100000000000100000001000000
"C:\Users\Maxime\Desktop\Nettoyage ordi\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83D47002252470001000000000000000000000A00210000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000068D12B00000000000200000002000000
"C:\Users\Maxime\Desktop\quicktimeinstaller.exe"=0x534143500100000000000000070000002800000040497F02DDC37F0201000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000041670100000000000100000001000000
"C:\Users\Maxime\Desktop\Windows10Upgrade9252.exe"=0x5341435001000000000000000700000028000000B08862008E56630001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000F3640000000000000100000001000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\OneDrive.exe"=0x5341435001000000000000000700000028000000D0BC19009F9A1A0001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\Desktop\Nettoyage ordi\delfix_1.013.exe"=0x5341435001000000000000000700000028000000402C0C00C2D00C0001000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000002F710200000000000100000001000000
"C:\Users\Maxime\Desktop\Nettoyage ordi\unchecky_setup.exe"=0x5341435001000000000000000700000028000000D8BA1400593F150001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000E2110000000000000100000001000000
"C:\Users\Maxime\Desktop\EPSDNAVI_Temp\Download Navigator\Setup.msi"=0x53414350010000000000000007000000280000000002010013D4010001000000000000000000010500100000E78E163C2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000BA780000000000000100000001000000
"C:\Users\Maxime\Desktop\EPSDNAVI_Temp\Download Navigator\Setup.exe"=0x5341435001000000000000000700000028000000F8C10500C74C060001000000000000000000030600010000E63F486B2AA0D2010000008000000000020000002800000000000000000000400000000000000000000000000000000065EC0300000000000100000001000000
"C:\Users\Maxime\Desktop\pole emploi\uTorrent.exe"=0x5341435001000000000000000700000028000000607A2B0093CA2B0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000045440500000000000100000001000000
"C:\Users\Maxime\AppData\Roaming\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000C04D1E009D951E0001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000EB7E4700000000000A0000000A000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.7074.1023\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E0400B6AD040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8447B0131B57B0101000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Microsoft\OneDrive\17.3.7076.1026\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C80E040067ED040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058BF170046D8170001000000000000000000000A00210000E78E163C2AA0D2010000000100000000
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"=0x5341435001000000000000000700000028000000A8DA1500C7D5160001000000000000000000010600010000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\Downloads\Firefox Setup 57.0.1.exe"=0x5341435001000000000000000700000028000000A0A04002A3F6400201000000000000000000000A00210000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004BB10400000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000D0210700B947070001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Program Files (x86)\Mozilla Firefox\pingsender.exe"=0x5341435001000000000000000700000028000000D0D70000782C010001000000000000000000000A71200000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000DD0A0000000000000400000004000000
"C:\Users\Maxime\Downloads\mozilla-firefox_57-0-1_fr_11003_32.exe"=0x5341435001000000000000000700000028000000001A290288112A0201000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C5A41F00000000000200000002000000
"C:\Users\Maxime\Downloads\EIE11_FR-FR_WOL_WIN764.EXE"=0x5341435001000000000000000700000028000000904FA003E899A00301000000000000000000030671020000E63F486B2AA0D2010000000000000000020000002800000000000000800100400000000000000000000000000000000063BF0100000000000100000001000000
"C:\Users\Maxime\Desktop\torbrowser-install-6.0.5_fr.exe"=0x53414350010000000000000007000000280000000057FB02BC4FFC0201000000000000000000010600010000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000C6799700000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"=0x5341435001000000000000000700000028000000A87C3701F1DC370101000000000000000000010600010000E63F486B2AA0D2010000000100000000
"C:\Users\Maxime\Desktop\Nettoyage ordi\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000809F2D0016CD2D0001000000000000000000030600010000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000061FDAD00000000000200000002000000
"C:\Users\Maxime\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000809F2D0016CD2D0001000000000000000000030600010000E63F486B2AA0D2010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000003915600000000000200000002000000
"C:\Users\Maxime\Downloads\QuickDiag.exe"=0x5341435001000000000000000700000028000000A8C73C0092F63C0001000000000000000000000A00210000E63F486B2AA0D2010000000000000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x5341435001000000000000000700000028000000584D180031CA180001000000000000000000000A00210000E78E163C2AA0D2010000000100000000
"C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\Installer\setup.exe"=0x5341435001000000000000000700000028000000587F1D0054331E0003000000000000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Users\Maxime\AppData\Local\Google\Chrome\Application\62.0.3202.94\Installer\setup.exe"=0x5341435001000000000000000700000028000000582F1D007AD31D0003000000000000000000000A00210000E78E163C2AA0D2010000000000000000


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131452885027793743

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=0
"ProductType"=2
"ManagedDefenderProductType"=0
"ProductStatus"=0
"InstallTime"=0x07F2E37DE99ACD01
"DisableAntiVirus"=0
"InstallLocation"=C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\
"LastEnabledTime"=0xEC498E80E96CD301
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts

# unchecky_begin
# These rules were added by the Unchecky program in order to block advertising software modules
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
[64] More lines

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.22.142] avec 32 octets de donn?es?:
R?ponse de 172.217.22.142?: octets=32 temps=22 ms TTL=53
R?ponse de 172.217.22.142?: octets=32 temps=23 ms TTL=53
R?ponse de 172.217.22.142?: octets=32 temps=23 ms TTL=53
R?ponse de 172.217.22.142?: octets=32 temps=23 ms TTL=53

Statistiques Ping pour 172.217.22.142:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 22ms, Maximum = 23ms, Moyenne = 22ms

---------- | @

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Save_Session_History_On_Exit"=no
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Cache_Update_Frequency"=Once_Per_Session
"Local Page"=C:\WINDOWS\SysWOW64\blank.htm
"NoUpdateCheck"=1
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=www.google.com
"Default_Page_URL"=http://lenovo13.msn.com
"DisableFirstRunCustomize"=3
"Default_Secondary_Page_URL"=http://www.lenovo.com
"OperationalData"=13
"FullScreen"=no
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x150A3C75A8A1D201
"IconCache"=2b1zkjn
"CompatibilityFlags"=0
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000E80300003A020000
"ApplicationTileImmersiveActivation"=0
"AssociationActivationMode"=2
"Use FormSuggest"=yes
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0010000960000003004000076020000
"AutoHide"=yes
"ImageStoreRandomFolder"=323snl3
"Start Default_Page_URL"=http://www.google.com/
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"CustomizeSearch"=http://www.google.com/
"EdgeSwitchingOSBuildNumber"=10586.th2_release.160906-1759
"Secondary Start Pages"=http://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=fr-fr
"Start Page_TIMESTAMP"=0x3A8558954AE3D201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=0x0100000038000000773629A736E3F3D093FFF19FBF67DC8B18E233A9ED08741F4D95AD4547C2DF06F09D3D12DB8DED1E5C5E513AB6BB89D77815618BF8AA7597020000000E00000052456E36357A33336B6677253364
"NotifyDownloadComplete"=yes
"First Home Page"=http://g.msn.com/1me10IE11FRFR/WOL_WCP

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/
"Search Bar"=http://www.google.com/
"Start Page"=http://www.google.com/
"Start Default_Page_URL"=http://www.google.com/
"Local Page"=C:\WINDOWS\SysWOW64\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"CustomizeSearch"=http://www.google.com/

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Internet Explorer\SearchURL]
"Default"=http://www.google.com/

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Internet Explorer\AboutURLs]
"Tabs"=http://www.google.com/

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"ZonesSecurityUpgrade"=0x56AA10C9CF2FD301
"EmailName"=User@
"AutoConfigProxy"=wininet.dll
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"WarnOnPost"=0x01000000
"UseSchannelDirectly"=0x01000000
"EnableHttp1_1"=1
"UrlEncoding"=0
"WarnonZoneCrossing"=0
"GlobalUserOffline"=0
"EnableAutodial"=0
"NoNetAutodial"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Local Page"=C:\WINDOWS\SysWOW64\blank.htm
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"DoNotTrack"=1
"Search Bar"=http://www.google.com/
"Start Default_Page_URL"=http://www.google.com/
"CustomizeSearch"=http://www.google.com/

[HKLM\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/
"Search Bar"=http://www.google.com/
"Start Page"=http://www.google.com/
"Start Default_Page_URL"=http://www.google.com/
"Local Page"=C:\WINDOWS\SysWOW64\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"CustomizeSearch"=http://www.google.com/

[HKLM\Software\Microsoft\Internet Explorer\SearchURL]
"Default"=http://www.google.com/

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

---------- | Execution FileExts











---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} --  C:\Program Files (x86)\Google\Drive\googledrivesync64.dll   [10/11/2017 10:52:10]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} --  C:\Program Files (x86)\Google\Drive\googledrivesync64.dll   [10/11/2017 10:52:10]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} --  C:\Program Files (x86)\Google\Drive\googledrivesync64.dll   [10/11/2017 10:52:10]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [18/03/2017 21:57:23]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} --  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} --  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} --  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} --  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} --  C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:44:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp] - {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} --  C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending] - {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} --  C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot] - {A759AFF6-5851-457D-A540-F4ECED148351} --  C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared] - {1574C9EF-7D58-488F-B358-8B78C1538F51} --  C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"] - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"] - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"] - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"] - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} --  C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} --  C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} --  C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} --  C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:41:02]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} --  C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL   [19/12/2013 00:41:02]

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=Groove GFS Stub Execution Hook   


---------- | Toolbar

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000800600005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={AA1D8799-6AF9-4999-A437-C975155F764A}   
"KnownProvidersUpgradeTime"=0x32FAC90C6965D101   
"Version"=4   
"UpgradeTime"=0x5C51210E6965D101   
"DownloadRetries"=6   
"DefaultPackCorrection"=1   
"DefaultPackNTCorrection"=1   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=   
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"=avast! Online Security   
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=EPTBL   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}"=E-Web Print   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer à OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liées OneNote) -       []

---------- | SearchScopes

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA1D8799-6AF9-4999-A437-C975155F764A}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA1D8799-6AF9-4999-A437-C975155F764A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{AA1D8799-6AF9-4999-A437-C975155F764A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL  [19/12/2013 00:41:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL  [06/03/2013 07:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201CF130-E29C-4E5C-A73F-CD197DEFA6AE}] -> (E-Web Print) : C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll  
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] -> (Groove GFS Browser Helper) : C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL  [19/12/2013 00:41:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre7\bin\ssv.dll  
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL  [06/03/2013 07:37:48]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll  

---------- | Chrome

C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\blakpkgjpemejpbmfiglncklihnhjkij =  :     __MSG_extIntDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf =  : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom =  :     __MSG_description__ -    short_name: __MSG_name__ - permissions:[tabs\u003Call_urls>contextMenuswebRequestwebRequestBlockingwebNavigationstorageunlimitedStoragenotificationsidlealarms] - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Maxime\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox


[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"e-webprint@epson.com"=C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin] - (Facebook Video Calling Plugin) : C:\Users\Maxime\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Users\Maxime\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Users\Maxime\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 28.0.0.126 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 28.0.0.126 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2] - (Java™ Deployment Toolkit) : C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Users\Maxime\AppData\Roaming\Mozilla\Firefox\Profiles\g8ckada9.default\Prefs.js


C:\Users\Maxime\AppData\Roaming\Mozilla\Firefox\Profiles\owmdd1yo.default-1369816259357\Prefs.js

user_pref("browser.newtab.url", "http://www.bing.com/?pc=COSP&ptag=D102817-A9FCDBB39EF&form=CONMHP&conlogo=CT3335799");
user_pref("browser.search.defaultenginename", "Bing®");
user_pref("browser.search.selectedEngine", "Bing®");
user_pref("browser.startup.homepage", "https://www.qwant.com/");
user_pref("browser.startup.homepage_override.buildID", "20171128222554");
user_pref("browser.startup.homepage_override.mstone", "57.0.1");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"unified-back-forward-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"downloads-button\",\"reload-button\",\"stop-button\",\"search-container\",\"customizableui-special-spring2\",\"webrtc-status-button\",\"library-button\",\"wrc-toolbar-button\",\"window-controls\",\"social-share-button\",\"button--skype_ff_extensionjetpack-c2c-options-button\",\"sidebar-button\",\"jid1-16aeif9oqirkxa_jetpack-browser-action\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\",\"tabs-closebutton\"],\"toolbar-menubar\":[\"menubar-items\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"button--skype_ff_extensionjetpack-c2c-options-button\",\"jid1-16aeif9oqirkxa_jetpack-browser-action\",\"developer-button\",\"webide-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":12,\"newElementCount\":2}");
user_pref("e10s.rollout.cohort", "webextensions-multiBucket4");
user_pref("extensions.a217e8200a3b343dfb9518ec01d483d7fb98c68091f3f41a1bb1c692cf84781e9com27096.27096.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f(\"<\"+a+\">\").appendTo(b),e=d.css(\"display\");d.remove();if(e===\"none\"||e===\"\"){cl||(cl=c.createElement(\"iframe\"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode===\"CSS1Compat\"?\"<!doctype html>\":\"\")+\"<html><body>\"),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,\"display\"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject(\"Microsoft.XMLHTTP\")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g++){if(g===1)for(h in a.converters)typeof h==\"string\"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k===\"*\")k=l;else if(l!==\"*\"&&l!==k){m=l+\" \"+k,n=e[m]||e[\"* \"+k];if(!n){p=b;for(o in e){j=o.split(\" \");if(j[0]===l||j[0]===\"*\"){p=e[j[1]+\" \"+k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error(\"No conversion from \"+m.replace(\" \",\" to \")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function cb(a,c,d){var e=a.contents,f=a.dataTypes,g=a.responseFields,h,i,j,k;for(i in g)i in d&&(c[g[i]]=d[i]);while(f[0]===\"*\")f.shift(),h===b&&(h=a.mimeType||c.getResponseHeader(\"content-type\"));if(h)for(i in e)if(e[i]&&e[i].test(h)){f.unshift(i);break}if(f[0]in d)j=f[0];else{for(i in d){if(\r\n!f[0]||a.converters[i+\" \"+f[0]]){j=i;break}k||(k=i)}j=j||k}if(j){j!==f[0]&&f.unshift(j);return d[j]}}function ca(a,b,c,d){if(f.isArray(b))f.each(b,function(b,e){c||bE.test(a)?d(a,e):ca(a+\"[\"+(typeof e==\"object\"||f.isArray(e)?b:\"\")+\"]\",e,c,d)});else if(!c&&b!=null&&typeof b==\"object\")for(var e in b)ca(a+\"[\"+e+\"]\",b[e],c,d);else d(a,b)}function b_(a,c){var d,e,g=f.ajaxSettings.flatOptions||{};for(d in c)c[d]!==b&&((g[d]?a:e||(e={}))[d]=c[d]);e&&f.extend(!0,a,e)}function b$(a,c,d,e,f,g){f=f||c.dataTypes[0],g=g||{},g[f]=!0;var h=a[f],i=0,j=h?h.length:0,k=a===bT,l;for(;i<j&&(k||!l);i++)l=h[i](c,d,e),typeof l==\"string\"&&(!k||g[l]?l=b:(c.dataTypes.unshift(l),l=b$(a,c,d,e,l,g)));(k||!l)&&!g[\"*\"]&&(l=b$(a,c,d,e,\"*\",g));return l}function bZ(a){return function(b,c){typeof b!=\"string\"&&(c=b,b=\"*\");if(f.isFunction(c)){var d=b.toLowerCase().split(bP),e=0,g=d.length,h,i,j;for(;e<g;e++)h=d[e],j=/^\\+/.test(h),j&&(h=h.substr(1)||\"*\"),i=a[h]=a[h]||[],i[j?\"unshift\":\"push\"](c)}}}function bC(a,b,c){var d=b===\"width\"?a.offsetWidth:a.offsetHeight,e=b===\"width\"?bx:by,g=0,h=e.length;if(d>0){if(c!==\"border\")for(;g<h;g++)c||(d-=parseFloat(f.css(a,\"padding\"+e[g]))||0),c===\"margin\"?d+=parseFloat(f.css(a,c+e[g]))||0:d-=parseFloat(f.css(a,\"border\"+e[g]+\"Width\"))||0;return d+\"px\"}d=bz(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0;if(c)for(;g<h;g++)d+=parseFloat(f.css(a,\"padding\"+e[g]))||0,c!==\"padding\"&&(d+=parseFloat(f.css(a,\"border\"+e[g]+\"Width\"))||0),c===\"margin\"&&(d+=parseFloat(f.css(a,c+e[g]))||0);return d+\"px\"}function bp(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:\"script\"}):f.globalEval((b.text||b.textContent||b.innerHTML||\"\").replace(bf,\"/*$0*/\")),b.parentNode&&b.parentNode.removeChild(b)}function bo(a){var b=c.createElement(\"div\");bh.appendChild(b),b.innerHTML=a.outerHTML;return b.firstChild}function bn(a){var b=(a.nodeName||\"\").toLowerCase();b===\"input\"?bm(a):b!==\"script\"&&typeof a.getElementsByTagName!=\"undefined\"&&f.grep(a.getElementsByTagNa\r\nme(\"input\"),bm)}function bm(a){if(a.type===\"checkbox\"||a.type===\"radio\")a.defaultChecked=a.checked}function bl(a){return typeof a.getElementsByTagName!=\"undefined\"?a.getElementsByTagName(\"*\"):typeof a.querySelectorAll!=\"undefined\"?a.querySelectorAll(\"*\"):[]}function bk(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c===\"object\")b.outerHTML=a.outerHTML;else if(c!==\"input\"||a.type!==\"checkbox\"&&a.type!==\"radio\"){if(c===\"option\")b.selected=a.defaultSelected;else if(c===\"input\"||c===\"textarea\")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bj(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c,d,e,g=f._data(a),h=f._data(b,g),i=g.events;if(i){delete h.handle,h.events={};for(c in i)for(d=0,e=i[c].length;d<e;d++)f.event.add(b,c+(i[c][d].namespace?\".\":\"\")+i[c][d].namespace,i[c][d],i[c][d].data)}h.data&&(h.data=f.extend({},h.data))}}function bi(a,b){return f.nodeName(a,\"table\")?a.getElementsByTagName(\"tbody\")[0]||a.appendChild(a.ownerDocument.createElement(\"tbody\")):a}function U(a){var b=V.split(\"|\"),c=a.createDocumentFragment();if(c.createElement)while(b.length)c.createElement(b.pop());return c}function T(a,b,c){b=b||0;if(f.isFunction(b))return f.grep(a,function(a,d){var e=!!b.call(a,d,a);return e===c});if(b.nodeType)return f.grep(a,function(a,d){return a===b===c});if(typeof b==\"string\"){var d=f.grep(a,function(a){return a.nodeType===1});if(O.test(b))return f.filter(b,d,!c);b=f.filter(b,d)}return f.grep(a,function(a,d){return f.inArray(a,b)>=0===c})}function S(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function K(){return!0}function J(){return!1}function n(a,b,c){var d=b+\"defer\",e=b+\"queue\",g=b+\"mark\",h=f._data(a,d);h&&(c===\"queue\"||!f._data(a,e))&&(c===\"mark\"||!f._data(a,g))&&setTimeout(function(){!f._data(a,e)&&!f._data(a,g)&&(f.removeData(a,d,!0),h.fire())},\r\n0)}function m(a){for(var b in a){if(b===\"data\"&&f.isEmptyObject(a[b]))continue;if(b!==\"toJSON\")return!1}return!0}function l(a,c,d){if(d===b&&a.nodeType===1){var e=\"data-\"+c.replace(k,\"-$1\").toLowerCase();d=a.getAttribute(e);if(typeof d==\"string\"){try{d=d===\"true\"?!0:d===\"false\"?!1:d===\"null\"?null:f.isNumeric(d)?parseFloat(d):j.test(d)?f.parseJSON(d):d}catch(g){}f.data(a,c,d)}else d=b}return d}function h(a){var b=g[a]={},c,d;a=a.split(/\\s+/);for(c=0,d=a.length;c<d;c++)b[a[c]]=!0;return b}var c=a.document,d=a.navigator,e=a.location,f=function(){function J(){if(!e.isReady){try{c.documentElement.doScroll(\"left\")}catch(a){setTimeout(J,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\\w\\W]+>)[^>]*$|#([\\w\\-]*)$)/,j=/\\S/,k=/^\\s+/,l=/\\s+$/,m=/^<(\\w+)\\s*\\/?>(?:<\\/\\1>)?$/,n=/^[\\],:{}\\s]*$/,o=/\\\\(?:[\"\\\\\\/bfnrt]|u[0-9a-fA-F]{4})/g,p=/\"[^\"\\\\\\n\\r]*\"|true|false|null|-?\\d+(?:\\.\\d*)?(?:[eE][+\\-]?\\d+)?/g,q=/(?:^|:|,)(?:\\s*\\[)+/g,r=/(webkit)[ \\/]([\\w.]+)/,s=/(opera)(?:.*version)?[ \\/]([\\w.]+)/,t=/(msie) ([\\w.]+)/,u=/(mozilla)(?:.*? rv:([\\w.]+))?/,v=/-([a-z]|[0-9])/ig,w=/^-ms-/,x=function(a,b){return(b+\"\").toUpperCase()},y=d.userAgent,z,A,B,C=Object.prototype.toString,D=Object.prototype.hasOwnProperty,E=Array.prototype.push,F=Array.prototype.slice,G=String.prototype.trim,H=Array.prototype.indexOf,I={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a===\"body\"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a==\"string\"){a.charAt(0)!==\"<\"||a.charAt(a.length-1)!==\">\"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=m.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).c\r\nhildNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:\"\",jquery:\"1.7.1\",length:0,size:function(){return this.length},toArray:function(){return F.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?E.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b===\"find\"?d.selector=this.selector+(this.selector?\" \":\"\")+c:b&&(d.selector=this.selector+\".\"+b+\"(\"+c+\")\");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),A.add(a);return this},eq:function(a){a=+a;return a===-1?this.slice(a):this.slice(a,a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(F.apply(this,arguments),\"slice\",F.call(arguments).join(\",\"))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:E,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i==\"boolean\"&&(l=i,i=arguments[1]||{},j=2),typeof i!=\"object\"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j<k;j++)if((a=arguments[j])!=null)for(c in a){d=i[c],f=a[c];if(i===f)continue;l&&f&&(e.isPlainObject(f)||(g=e.isArray(f)))?(g?(g=!1,h=d&&e.isArray(d)?d:[]):h=d&&e.isPlainObject(d)?d:{},i[c]=e.extend(l,h,f)):f!==b&&(i[c]=f)}return i},e.extend({noConflict:function(b){a.$===e&&(a.$=g),b&&a.jQuery===e&&(a.jQuery=f);return e},isReady:!1,readyWait:1,holdReady:function(a){a?e.readyWait++:e.ready(!0)},ready:function(a){if(a===!0&&!--e.readyWait||a!\r\n==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A.fireWith(c,[e]),e.fn.trigger&&e(c).trigger(\"ready\").off(\"ready\")}},bindReady:function(){if(!A){A=e.Callbacks(\"once memory\");if(c.readyState===\"complete\")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener(\"DOMContentLoaded\",B,!1),a.addEventListener(\"load\",e.ready,!1);else if(c.attachEvent){c.attachEvent(\"onreadystatechange\",B),a.attachEvent(\"onload\",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&J()}}},isFunction:function(a){return e.type(a)===\"function\"},isArray:Array.isArray||function(a){return e.type(a)===\"array\"},isWindow:function(a){return a&&typeof a==\"object\"&&\"setInterval\"in a},isNumeric:function(a){return!isNaN(parseFloat(a))&&isFinite(a)},type:function(a){return a==null?String(a):I[C.call(a)]||\"object\"},isPlainObject:function(a){if(!a||e.type(a)!==\"object\"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!D.call(a,\"constructor\")&&!D.call(a.constructor.prototype,\"isPrototypeOf\"))return!1}catch(c){return!1}var d;for(d in a);return d===b||D.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw new Error(a)},parseJSON:function(b){if(typeof b!=\"string\"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(n.test(b.replace(o,\"@\").replace(p,\"]\").replace(q,\"\")))return(new Function(\"return \"+b))();e.error(\"Invalid JSON: \"+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,\"text/xml\")):(d=new ActiveXObject(\"Microsoft.XMLDOM\"),d.async=\"false\",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName(\"parsererror\").length)&&e.error(\"Invalid XML: \"+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(w,\"ms-\").replace(v,x)},nodeName:function(a,b){return a.nodeName&&a.nodeN\r\name.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g<h;)if(c.apply(a[g++],d)===!1)break}else if(i){for(f in a)if(c.call(a[f],f,a[f])===!1)break}else for(;g<h;)if(c.call(a[g],g,a[g++])===!1)break;return a},trim:G?function(a){return a==null?\"\":G.call(a)}:function(a){return a==null?\"\":(a+\"\").replace(k,\"\").replace(l,\"\")},makeArray:function(a,b){var c=b||[];if(a!=null){var d=e.type(a);a.length==null||d===\"string\"||d===\"function\"||d===\"regexp\"||e.isWindow(a)?E.call(c,a):e.merge(c,a)}return c},inArray:function(a,b,c){var d;if(b){if(H)return H.call(b,a,c);d=b.length,c=c?c<0?Math.max(0,d+c):c:0;for(;c<d;c++)if(c in b&&b[c]===a)return c}return-1},merge:function(a,c){var d=a.length,e=0;if(typeof c.length==\"number\")for(var f=c.length;e<f;e++)a[d++]=c[e];else while(c[e]!==b)a[d++]=c[e++];a.length=d;return a},grep:function(a,b,c){var d=[],e;c=!!c;for(var f=0,g=a.length;f<g;f++)e=!!b(a[f],f),c!==e&&d.push(a[f]);return d},map:function(a,c,d){var f,g,h=[],i=0,j=a.length,k=a instanceof e||j!==b&&typeof j==\"number\"&&(j>0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i<j;i++)f=c(a[i],i,d),f!=null&&(h[h.length]=f);else for(g in a)f=c(a[g],g,d),f!=null&&(h[h.length]=f);return h.concat.apply([],h)},guid:1,proxy:function(a,c){if(typeof c==\"string\"){var d=a[c];c=a,a=d}if(!e.isFunction(a))return b;var f=F.call(arguments,2),g=function(){return a.apply(c,f.concat(F.call(arguments)))};g.guid=a.guid=a.guid||g.guid||e.guid++;return g},access:function(a,c,d,f,g,h){var i=a.length;if(typeof c==\"object\"){for(var j in c)e.access(a,j,c[j],f,g,d);return a}if(d!==b){f=!h&&f&&e.isFunction(d);for(var k=0;k<i;k++)g(a[k],c,f?d.call(a[k],k,g(a[k],c)):d,h);return a}return i?g(a[0],c):b},now:function(){return(new Date).getTime()},uaMatch:function(a){a=a.toLowerCase();var b=r.exec(a)||s.exec(a)||t.exec(a)||a.indexOf(\"compatible\")<0&&u.exec(a)||[];return{browser:b[1]||\"\",version:b[2]||\"0\"}},sub:function(){function a\r\n(b,c){return new a.fn.init(b,c)}e.extend(!0,a,this),a.superclass=this,a.fn=a.prototype=this(),a.fn.constructor=a,a.sub=this.sub,a.fn.init=function(d,f){f&&f instanceof e&&!(f instanceof a)&&(f=a(f));return e.fn.init.call(this,d,f,b)},a.fn.init.prototype=a.fn;var b=a(c);return a},browser:{}}),e.each(\"Boolean Number String Function Array Date RegExp Object\".split(\" \"),function(a,b){I[\"[object \"+b+\"]\"]=b.toLowerCase()}),z=e.uaMatch(y),z.browser&&(e.browser[z.browser]=!0,e.browser.version=z.version),e.browser.webkit&&(e.browser.safari=!0),j.test(\"???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? \")&&(k=/^[\\s\\xA0]+/,l=/[\\s\\xA0]+$/),h=e(c),c.addEventListener?B=function(){c.removeEventListener(\"DOMContentLoaded\",B,!1),e.ready()}:c.attachEvent&&(B=function(){c.readyState===\"complete\"&&(c.detachEvent(\"onreadystatechange\",B),e.ready())});return e}(),g={};f.Callbacks=function(a){a=a?g[a]||h(a):{};var c=[],d=[],e,i,j,k,l,m=function(b){var d,e,g,h,i;for(d=0,e=b.length;d<e;d++)g=b[d],h=f.type(g),h===\"array\"?m(g):h===\"function\"&&(!a.unique||!o.has(g))&&c.push(g)},n=function(b,f){f=f||[],e=!a.memory||[b,f],i=!0,l=j||0,j=0,k=c.length;for(;c&&l<k;l++)if(c[l].apply(b,f)===!1&&a.stopOnFalse){e=!0;break}i=!1,c&&(a.once?e===!0?o.disable():c=[]:d&&d.length&&(e=d.shift(),o.fireWith(e[0],e[1])))},o={add:function(){if(c){var a=c.length;m(arguments),i?k=c.length:e&&e!==!0&&(j=a,n(e[0],e[1]))}return this},remove:function(){if(c){var b=arguments,d=0,e=b.length;for(;d<e;d++)for(var f=0;f<c.length;f++)if(b[d]===c[f]){i&&f<=k&&(k--,f<=l&&l--),c.splice(f--,1);if(a.unique)break}}return this},has:function(a){if(c){var b=0,d=c.length;for(;b<d;b++)if(a===c[b])return!0}return!1},empty:function(){c=[];return this},disable:function(){c=d=e=b;return this},disabled:function(){return!c},lock:function(){d=b,(!e||e===!0)&&o.disable();return this},locked:function(){return!d},fireWith:function(b,c){d&&(i?a.once||d.push([b,c]):(!a.once||!e)&&n(b,c));return t\r\nhis},fire:function(){o.fireWith(this,arguments);return this},fired:function(){return!!e}};return o};var i=[].slice;f.extend({Deferred:function(a){var b=f.Callbacks(\"once memory\"),c=f.Callbacks(\"once memory\"),d=f.Callbacks(\"memory\"),e=\"pending\",g={resolve:b,reject:c,notify:d},h={done:b.add,fail:c.add,progress:d.add,state:function(){return e},isResolved:b.fired,isRejected:c.fired,then:function(a,b,c){i.done(a).fail(b).progress(c);return this},always:function(){i.done.apply(i,arguments).fail.apply(i,arguments);return this},pipe:function(a,b,c){return f.Deferred(function(d){f.each({done:[a,\"resolve\"],fail:[b,\"reject\"],progress:[c,\"notify\"]},function(a,b){var c=b[0],e=b[1],g;f.isFunction(c)?i[a](function(){g=c.apply(this,arguments),g&&f.isFunction(g.promise)?g.promise().then(d.resolve,d.reject,d.notify):d[e+\"With\"](this===i?d:this,[g])}):i[a](d[e])})}).promise()},promise:function(a){if(a==null)a=h;else for(var b in h)a[b]=h[b];return a}},i=h.promise({}),j;for(j in g)i[j]=g[j].fire,i[j+\"With\"]=g[j].fireWith;i.done(function(){e=\"resolved\"},c.disable,d.lock).fail(function(){e=\"rejected\"},b.disable,d.lock),a&&a.call(i,i);return i},when:function(a){function m(a){return function(b){e[a]=arguments.length>1?i.call(arguments,0):b,j.notifyWith(k,e)}}function l(a){return function(c){b[a]=arguments.length>1?i.call(arguments,0):c,--g||j.resolveWith(j,b)}}var b=i.call(arguments,0),c=0,d=b.length,e=Array(d),g=d,h=d,j=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred(),k=j.promise();if(d>1){for(;c<d;c++)b[c]&&b[c].promise&&f.isFunction(b[c].promise)?b[c].promise().then(l(c),j.reject,m(c)):--g;g||j.resolveWith(j,b)}else j!==a&&j.resolveWith(j,d?[a]:[]);return k}}),f.support=function(){var b,d,e,g,h,i,j,k,l,m,n,o,p,q=c.createElement(\"div\"),r=c.documentElement;q.setAttribute(\"className\",\"t\"),q.innerHTML=\"	 <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>\",d=q.getElementsByTagName(\"*\"),e=q.getElementsByTagName(\"a\")[0];if(!d||!d.length||!e)return{};g=c.\r\ncreateElement(\"select\"),h=g.appendChild(c.createElement(\"option\")),i=q.getElementsByTagName(\"input\")[0],b={leadingWhitespace:q.firstChild.nodeType===3,tbody:!q.getElementsByTagName(\"tbody\").length,htmlSerialize:!!q.getElementsByTagName(\"link\").length,style:/top/.test(e.getAttribute(\"style\")),hrefNormalized:e.getAttribute(\"href\")===\"/a\",opacity:/^0.55/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value===\"on\",optSelected:h.selected,getSetAttribute:q.className!==\"t\",enctype:!!c.createElement(\"form\").enctype,html5Clone:c.createElement(\"nav\").cloneNode(!0).outerHTML!==\"<:nav></:nav>\",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,b.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,b.optDisabled=!h.disabled;try{delete q.test}catch(s){b.deleteExpando=!1}!q.addEventListener&&q.attachEvent&&q.fireEvent&&(q.attachEvent(\"onclick\",function(){b.noCloneEvent=!1}),q.cloneNode(!0).fireEvent(\"onclick\")),i=c.createElement(\"input\"),i.value=\"t\",i.setAttribute(\"type\",\"radio\"),b.radioValue=i.value===\"t\",i.setAttribute(\"checked\",\"checked\"),q.appendChild(i),k=c.createDocumentFragment(),k.appendChild(q.lastChild),b.checkClone=k.cloneNode(!0).cloneNode(!0).lastChild.checked,b.appendChecked=i.checked,k.removeChild(i),k.appendChild(q),q.innerHTML=\"\",a.getComputedStyle&&(j=c.createElement(\"div\"),j.style.width=\"0\",j.style.marginRight=\"0\",q.style.width=\"2px\",q.appendChild(j),b.reliableMarginRight=(parseInt((a.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0);if(q.attachEvent)for(o in{submit:1,change:1,focusin:1})n=\"on\"+o,p=n in q,p||(q.setAttribute(n,\"return;\"),p=typeof q[n]==\"function\"),b[o+\"Bubbles\"]=p;k.removeChild(q),k=g=h=j=q=i=null,f(function(){var a,d,e,g,h,i,j,k,m,n,o,r=c.getElementsByTagName(\"body\")[0];!r||(j=1,k=\"position:absolute;top:0;left:0;width:1px;height:1px;margin:0;\",m=\"visibility:hidden;border:0;\",n=\"\r\nstyle='\"+k+\"border:5px solid #000;padding:0;'\",o=\"<div \"+n+\"><div></div></div>\"+\"<table \"+n+\" cellpadding='0' cellspacing='0'>\"+\"<tr><td></td></tr></table>\",a=c.createElement(\"div\"),a.style.cssText=m+\"width:0;height:0;position:static;top:0;margin-top:\"+j+\"px\",r.insertBefore(a,r.firstChild),q=c.createElement(\"div\"),a.appendChild(q),q.innerHTML=\"<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>\",l=q.getElementsByTagName(\"td\"),p=l[0].offsetHeight===0,l[0].style.display=\"\",l[1].style.display=\"none\",b.reliableHiddenOffsets=p&&l[0].offsetHeight===0,q.innerHTML=\"\",q.style.width=q.style.paddingLeft=\"1px\",f.boxModel=b.boxModel=q.offsetWidth===2,typeof q.style.zoom!=\"undefined\"&&(q.style.display=\"inline\",q.style.zoom=1,b.inlineBlockNeedsLayout=q.offsetWidth===2,q.style.display=\"\",q.innerHTML=\"<div style='width:4px;'></div>\",b.shrinkWrapBlocks=q.offsetWidth!==2),q.style.cssText=k+m,q.innerHTML=o,d=q.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,i={doesNotAddBorder:e.offsetTop!==5,doesAddBorderForTableAndCells:h.offsetTop===5},e.style.position=\"fixed\",e.style.top=\"20px\",i.fixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top=\"\",d.style.overflow=\"hidden\",d.style.position=\"relative\",i.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,i.doesNotIncludeMarginInBodyOffset=r.offsetTop!==j,r.removeChild(a),q=a=null,f.extend(b,i))});return b}();var j=/^(?:\\{.*\\}|\\[.*\\])$/,k=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:\"jQuery\"+(f.fn.jquery+Math.random()).replace(/\\D/g,\"\"),noData:{embed:!0,object:\"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000\",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!m(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i,j=f.expando,k=typeof c==\"string\",l=a.nodeType,m=l?f.cache:a,n=l?a[j]:a[j]&&j,o=c===\"events\";if((!n||!m[n]||!o&&!e&&!m[n].data)&&k&&d===b)return;n||(l?a[j]=n=++f.uuid:n=j),m[n]||(m[n]={},l||(m[n].toJSON=f.\r\nnoop));if(typeof c==\"object\"||typeof c==\"function\")e?m[n]=f.extend(m[n],c):m[n].data=f.extend(m[n].data,c);g=h=m[n],e||(h.data||(h.data={}),h=h.data),d!==b&&(h[f.camelCase(c)]=d);if(o&&!h[c])return g.events;k?(i=h[c],i==null&&(i=h[f.camelCase(c)])):i=h;return i}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e,g,h=f.expando,i=a.nodeType,j=i?f.cache:a,k=i?a[h]:h;if(!j[k])return;if(b){d=c?j[k]:j[k].data;if(d){f.isArray(b)||(b in d?b=[b]:(b=f.camelCase(b),b in d?b=[b]:b=b.split(\" \")));for(e=0,g=b.length;e<g;e++)delete d[b[e]];if(!(c?m:f.isEmptyObject)(d))return}}if(!c){delete j[k].data;if(!m(j[k]))return}f.support.deleteExpando||!j.setInterval?delete j[k]:j[k]=null,i&&(f.support.deleteExpando?delete a[h]:a.removeAttribute?a.removeAttribute(h):a[h]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute(\"classid\")===b}return!0}}),f.fn.extend({data:function(a,c){var d,e,g,h=null;if(typeof a==\"undefined\"){if(this.length){h=f.data(this[0]);if(this[0].nodeType===1&&!f._data(this[0],\"parsedAttrs\")){e=this[0].attributes;for(var i=0,j=e.length;i<j;i++)g=e[i].name,g.indexOf(\"data-\")===0&&(g=f.camelCase(g.substring(5)),l(this[0],g,h[g]));f._data(this[0],\"parsedAttrs\",!0)}}return h}if(typeof a==\"object\")return this.each(function(){f.data(this,a)});d=a.split(\".\"),d[1]=d[1]?\".\"+d[1]:\"\";if(c===b){h=this.triggerHandler(\"getData\"+d[1]+\"!\",[d[0]]),h===b&&this.length&&(h=f.data(this[0],a),h=l(this[0],a,h));return h===b&&d[1]?this.data(d[0]):h}return this.each(function(){var b=f(this),e=[d[0],c];b.triggerHandler(\"setData\"+d[1]+\"!\",e),f.data(this,a,c),b.triggerHandler(\"changeData\"+d[1]+\"!\",e)})},removeData:function(a){return this.each(function(){f.removeData(this,a)})}}),f.extend({_mark:function(a,b){a&&(b=(b||\"fx\")+\"mark\",f._data(a,b,(f._data(a,b)||0)+1))},_unmark:function(a,b,c){a!==!0&&(c=b,b=a,a=!1);if(b){c=c||\"fx\";var d=c+\"mark\",e=a?0:(f._data(b,d)||1)-1;e?f._data(b,\r\nd,e):(f.removeData(b,d,!0),n(b,c,\"mark\"))}},queue:function(a,b,c){var d;if(a){b=(b||\"fx\")+\"queue\",d=f._data(a,b),c&&(!d||f.isArray(c)?d=f._data(a,b,f.makeArray(c)):d.push(c));return d||[]}},dequeue:function(a,b){b=b||\"fx\";var c=f.queue(a,b),d=c.shift(),e={};d===\"inprogress\"&&(d=c.shift()),d&&(b===\"fx\"&&c.unshift(\"inprogress\"),f._data(a,b+\".run\",e),d.call(a,function(){f.dequeue(a,b)},e)),c.length||(f.removeData(a,b+\"queue \"+b+\".run\",!0),n(a,b,\"queue\"))}}),f.fn.extend({queue:function(a,c){typeof a!=\"string\"&&(c=a,a=\"fx\");if(c===b)return f.queue(this[0],a);return this.each(function(){var b=f.queue(this,a,c);a===\"fx\"&&b[0]!==\"inprogress\"&&f.dequeue(this,a)})},dequeue:function(a){return this.each(function(){f.dequeue(this,a)})},delay:function(a,b){a=f.fx?f.fx.speeds[a]||a:a,b=b||\"fx\";return this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){clearTimeout(d)}})},clearQueue:function(a){return this.queue(a||\"fx\",[])},promise:function(a,c){function m(){--h||d.resolveWith(e,[e])}typeof a!=\"string\"&&(c=a,a=b),a=a||\"fx\";var d=f.Deferred(),e=this,g=e.length,h=1,i=a+\"defer\",j=a+\"queue\",k=a+\"mark\",l;while(g--)if(l=f.data(e[g],i,b,!0)||(f.data(e[g],j,b,!0)||f.data(e[g],k,b,!0))&&f.data(e[g],i,f.Callbacks(\"once memory\"),!0))h++,l.add(m);m();return d.promise()}});var o=/[\\n\\t\\r]/g,p=/\\s+/,q=/\\r/g,r=/^(?:button|input)$/i,s=/^(?:button|input|object|select|textarea)$/i,t=/^a(?:rea)?$/i,u=/^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i,v=f.support.getSetAttribute,w,x,y;f.fn.extend({attr:function(a,b){return f.access(this,a,b,!0,f.attr)},removeAttr:function(a){return this.each(function(){f.removeAttr(this,a)})},prop:function(a,b){return f.access(this,a,b,!0,f.prop)},removeProp:function(a){a=f.propFix[a]||a;return this.each(function(){try{this[a]=b,delete this[a]}catch(c){}})},addClass:function(a){var b,c,d,e,g,h,i;if(f.isFunction(a))return this.each(function(b){f(this).addClass(a.call(this,b,t\r\nhis.className))});if(a&&typeof a==\"string\"){b=a.split(p);for(c=0,d=this.length;c<d;c++){e=this[c];if(e.nodeType===1)if(!e.className&&b.length===1)e.className=a;else{g=\" \"+e.className+\" \";for(h=0,i=b.length;h<i;h++)~g.indexOf(\" \"+b[h]+\" \")||(g+=b[h]+\" \");e.className=f.trim(g)}}}return this},removeClass:function(a){var c,d,e,g,h,i,j;if(f.isFunction(a))return this.each(function(b){f(this).removeClass(a.call(this,b,this.className))});if(a&&typeof a==\"string\"||a===b){c=(a||\"\").split(p);for(d=0,e=this.length;d<e;d++){g=this[d];if(g.nodeType===1&&g.className)if(a){h=(\" \"+g.className+\" \").replace(o,\" \");for(i=0,j=c.length;i<j;i++)h=h.replace(\" \"+c[i]+\" \",\" \");g.className=f.trim(h)}else g.className=\"\"}}return this},toggleClass:function(a,b){var c=typeof a,d=typeof b==\"boolean\";if(f.isFunction(a))return this.each(function(c){f(this).toggleClass(a.call(this,c,this.className,b),b)});return this.each(function(){if(c===\"string\"){var e,g=0,h=f(this),i=b,j=a.split(p);while(e=j[g++])i=d?i:!h.hasClass(e),h[i?\"addClass\":\"removeClass\"](e)}else if(c===\"undefined\"||c===\"boolean\")this.className&&f._data(this,\"__className__\",this.className),this.className=this.className||a===!1?\"\":f._data(this,\"__className__\")||\"\"})},hasClass:function(a){var b=\" \"+a+\" \",c=0,d=this.length;for(;c<d;c++)if(this[c].nodeType===1&&(\" \"+this[c].className+\" \").replace(o,\" \").indexOf(b)>-1)return!0;return!1},val:function(a){var c,d,e,g=this[0];{if(!!arguments.length){e=f.isFunction(a);return this.each(function(d){var g=f(this),h;if(this.nodeType===1){e?h=a.call(this,d,g.val()):h=a,h==null?h=\"\":typeof h==\"number\"?h+=\"\":f.isArray(h)&&(h=f.map(h,function(a){return a==null?\"\":a+\"\"})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!(\"set\"in c)||c.set(this,h,\"value\")===b)this.value=h}})}if(g){c=f.valHooks[g.nodeName.toLowerCase()]||f.valHooks[g.type];if(c&&\"get\"in c&&(d=c.get(g,\"value\"))!==b)return d;d=g.value;return typeof d==\"string\"?d.replace(q,\"\"):d==null?\"\r\n\":d}}}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c,d,e,g=a.selectedIndex,h=[],i=a.options,j=a.type===\"select-one\";if(g<0)return null;c=j?g:0,d=j?g+1:i.length;for(;c<d;c++){e=i[c];if(e.selected&&(f.support.optDisabled?!e.disabled:e.getAttribute(\"disabled\")===null)&&(!e.parentNode.disabled||!f.nodeName(e.parentNode,\"optgroup\"))){b=f(e).val();if(j)return b;h.push(b)}}if(j&&!h.length&&i.length)return f(i[g]).val();return h},set:function(a,b){var c=f.makeArray(b);f(a).find(\"option\").each(function(){this.selected=f.inArray(f(this).val(),c)>=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attr:function(a,c,d,e){var g,h,i,j=a.nodeType;if(!!a&&j!==3&&j!==8&&j!==2){if(e&&c in f.attrFn)return f(a)[c](d);if(typeof a.getAttribute==\"undefined\")return f.prop(a,c,d);i=j!==1||!f.isXMLDoc(a),i&&(c=c.toLowerCase(),h=f.attrHooks[c]||(u.test(c)?x:w));if(d!==b){if(d===null){f.removeAttr(a,c);return}if(h&&\"set\"in h&&i&&(g=h.set(a,d,c))!==b)return g;a.setAttribute(c,\"\"+d);return d}if(h&&\"get\"in h&&i&&(g=h.get(a,c))!==null)return g;g=a.getAttribute(c);return g===null?b:g}},removeAttr:function(a,b){var c,d,e,g,h=0;if(b&&a.nodeType===1){d=b.toLowerCase().split(p),g=d.length;for(;h<g;h++)e=d[h],e&&(c=f.propFix[e]||e,f.attr(a,e,\"\"),a.removeAttribute(v?e:c),u.test(e)&&c in a&&(a[c]=!1))}},attrHooks:{type:{set:function(a,b){if(r.test(a.nodeName)&&a.parentNode)f.error(\"type property can't be changed\");else if(!f.support.radioValue&&b===\"radio\"&&f.nodeName(a,\"input\")){var c=a.value;a.setAttribute(\"type\",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(w&&f.nodeName(a,\"button\"))return w.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(w&&f.nodeName(a,\"button\"))return w.set(a,b,c);a.value=b}}},propFix:{tabindex:\"tabIndex\",readonly:\"readOnly\",\"for\":\"htmlFor\",\"class\":\"className\",maxlength:\"maxLength\",cellspacing:\"\r\ncellSpacing\",cellpadding:\"cellPadding\",rowspan:\"rowSpan\",colspan:\"colSpan\",usemap:\"useMap\",frameborder:\"frameBorder\",contenteditable:\"contentEditable\"},prop:function(a,c,d){var e,g,h,i=a.nodeType;if(!!a&&i!==3&&i!==8&&i!==2){h=i!==1||!f.isXMLDoc(a),h&&(c=f.propFix[c]||c,g=f.propHooks[c]);return d!==b?g&&\"set\"in g&&(e=g.set(a,d,c))!==b?e:a[c]=d:g&&\"get\"in g&&(e=g.get(a,c))!==null?e:a[c]}},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode(\"tabindex\");return c&&c.specified?parseInt(c.value,10):s.test(a.nodeName)||t.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabindex=f.propHooks.tabIndex,x={get:function(a,c){var d,e=f.prop(a,c);return e===!0||typeof e!=\"boolean\"&&(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},v||(y={name:!0,id:!0},w=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&(y[c]?d.nodeValue!==\"\":d.specified)?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+\"\"}},f.attrHooks.tabindex.set=w.set,f.each([\"width\",\"height\"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===\"\"){a.setAttribute(b,\"auto\");return c}}})}),f.attrHooks.contenteditable={get:w.get,set:function(a,b,c){b===\"\"&&(b=\"false\"),w.set(a,b,c)}}),f.support.hrefNormalized||f.each([\"href\",\"src\",\"width\",\"height\"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=\"\"+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.enctype||(f.propFix.enctype=\"encoding\")\r\n,f.support.checkOn||f.each([\"radio\",\"checkbox\"],function(){f.valHooks[this]={get:function(a){return a.getAttribute(\"value\")===null?\"on\":a.value}}}),f.each([\"radio\",\"checkbox\"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var z=/^(?:textarea|input|select)$/i,A=/^([^\\.]*)?(?:\\.(.+))?$/,B=/\\bhover(\\.\\S+)?\\b/,C=/^key/,D=/^(?:mouse|contextmenu)|click/,E=/^(?:focusinfocus|focusoutblur)$/,F=/^(\\w*)(?:#([\\w\\-]+))?(?:\\.([\\w\\-]+))?$/,G=function(a){var b=F.exec(a);b&&(b[1]=(b[1]||\"\").toLowerCase(),b[3]=b[3]&&new RegExp(\"(?:^|\\\\s)\"+b[3]+\"(?:\\\\s|$)\"));return b},H=function(a,b){var c=a.attributes||{};return(!b[1]||a.nodeName.toLowerCase()===b[1])&&(!b[2]||(c.id||{}).value===b[2])&&(!b[3]||b[3].test((c[\"class\"]||{}).value))},I=function(a){return f.event.special.hover?a:a.replace(B,\"mouseenter$1 mouseleave$1\")};\nf.event={add:function(a,c,d,e,g){var h,i,j,k,l,m,n,o,p,q,r,s;if(!(a.nodeType===3||a.nodeType===8||!c||!d||!(h=f._data(a)))){d.handler&&(p=d,d=p.handler),d.guid||(d.guid=f.guid++),j=h.events,j||(h.events=j={}),i=h.handle,i||(h.handle=i=function(a){return typeof f!=\"undefined\"&&(!a||f.event.triggered!==a.type)?f.event.dispatch.apply(i.elem,arguments):b},i.elem=a),c=f.trim(I(c)).split(\" \");for(k=0;k<c.length;k++){l=A.exec(c[k])||[],m=l[1],n=(l[2]||\"\").split(\".\").sort(),s=f.event.special[m]||{},m=(g?s.delegateType:s.bindType)||m,s=f.event.special[m]||{},o=f.extend({type:m,origType:l[1],data:e,handler:d,guid:d.guid,selector:g,quick:G(g),namespace:n.join(\".\")},p),r=j[m];if(!r){r=j[m]=[],r.delegateCount=0;if(!s.setup||s.setup.call(a,e,n,i)===!1)a.addEventListener?a.addEventListener(m,i,!1):a.attachEvent&&a.attachEvent(\"on\"+m,i)}s.add&&(s.add.call(a,o),o.handler.guid||(o.handler.guid=d.guid)),g?r.splice(r.delegateCount++,0,o):r.push(o),f.event.global[m]=!0}a=null}},global:{},remove:function(a,b,c,d,e){var g=f.hasData(a)&&f._data(a),h,i,j,k,l,m,n,o,p,q,r,s;if(!!g&&!!(o=g.events)){b=f.tri\r\nm(I(b||\"\")).split(\" \");for(h=0;h<b.length;h++){i=A.exec(b[h])||[],j=k=i[1],l=i[2];if(!j){for(j in o)f.event.remove(a,j+b[h],c,d,!0);continue}p=f.event.special[j]||{},j=(d?p.delegateType:p.bindType)||j,r=o[j]||[],m=r.length,l=l?new RegExp(\"(^|\\\\.)\"+l.split(\".\").sort().join(\"\\\\.(?:.*\\\\.)?\")+\"(\\\\.|$)\"):null;for(n=0;n<r.length;n++)s=r[n],(e||k===s.origType)&&(!c||c.guid===s.guid)&&(!l||l.test(s.namespace))&&(!d||d===s.selector||d===\"**\"&&s.selector)&&(r.splice(n--,1),s.selector&&r.delegateCount--,p.remove&&p.remove.call(a,s));r.length===0&&m!==r.length&&((!p.teardown||p.teardown.call(a,l)===!1)&&f.removeEvent(a,j,g.handle),delete o[j])}f.isEmptyObject(o)&&(q=g.handle,q&&(q.elem=null),f.removeData(a,[\"events\",\"handle\"],!0))}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){if(!e||e.nodeType!==3&&e.nodeType!==8){var h=c.type||c,i=[],j,k,l,m,n,o,p,q,r,s;if(E.test(h+f.event.triggered))return;h.indexOf(\"!\")>=0&&(h=h.slice(0,-1),k=!0),h.indexOf(\".\")>=0&&(i=h.split(\".\"),h=i.shift(),i.sort());if((!e||f.event.customEvent[h])&&!f.event.global[h])return;c=typeof c==\"object\"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.isTrigger=!0,c.exclusive=k,c.namespace=i.join(\".\"),c.namespace_re=c.namespace?new RegExp(\"(^|\\\\.)\"+i.join(\"\\\\.(?:.*\\\\.)?\")+\"(\\\\.|$)\"):null,o=h.indexOf(\":\")<0?\"on\"+h:\"\";if(!e){j=f.cache;for(l in j)j[l].events&&j[l].events[h]&&f.event.trigger(c,d,j[l].handle.elem,!0);return}c.result=b,c.target||(c.target=e),d=d!=null?f.makeArray(d):[],d.unshift(c),p=f.event.special[h]||{};if(p.trigger&&p.trigger.apply(e,d)===!1)return;r=[[e,p.bindType||h]];if(!g&&!p.noBubble&&!f.isWindow(e)){s=p.delegateType||h,m=E.test(s+h)?e:e.parentNode,n=null;for(;m;m=m.parentNode)r.push([m,s]),n=m;n&&n===e.ownerDocument&&r.push([n.defaultView||n.parentWindow||a,s])}for(l=0;l<r.length&&!c.isPropagationStopped();l++)m=r[l][0],c.type=r[l][1],q=(f._data(m,\"events\")||{})[c.type]&&f._data(m,\"handle\"),q&&q.apply(m,d),q=o&&m[o],q&&f.acceptData(m)&&q.ap\r\nply(m,d)===!1&&c.preventDefault();c.type=h,!g&&!c.isDefaultPrevented()&&(!p._default||p._default.apply(e.ownerDocument,d)===!1)&&(h!==\"click\"||!f.nodeName(e,\"a\"))&&f.acceptData(e)&&o&&e[h]&&(h!==\"focus\"&&h!==\"blur\"||c.target.offsetWidth!==0)&&!f.isWindow(e)&&(n=e[o],n&&(e[o]=null),f.event.triggered=h,e[h](),f.event.triggered=b,n&&(e[o]=n));return c.result}},dispatch:function(c){c=f.event.fix(c||a.event);var d=(f._data(this,\"events\")||{})[c.type]||[],e=d.delegateCount,g=[].slice.call(arguments,0),h=!c.exclusive&&!c.namespace,i=[],j,k,l,m,n,o,p,q,r,s,t;g[0]=c,c.delegateTarget=this;if(e&&!c.target.disabled&&(!c.button||c.type!==\"click\")){m=f(this),m.context=this.ownerDocument||this;for(l=c.target;l!=this;l=l.parentNode||this){o={},q=[],m[0]=l;for(j=0;j<e;j++)r=d[j],s=r.selector,o[s]===b&&(o[s]=r.quick?H(l,r.quick):m.is(s)),o[s]&&q.push(r);q.length&&i.push({elem:l,matches:q})}}d.length>e&&i.push({elem:this,matches:d.slice(e)});for(j=0;j<i.length&&!c.isPropagationStopped();j++){p=i[j],c.currentTarget=p.elem;for(k=0;k<p.matches.length&&!c.isImmediatePropagationStopped();k++){r=p.matches[k];if(h||!c.namespace&&!r.namespace||c.namespace_re&&c.namespace_re.test(r.namespace))c.data=r.data,c.handleObj=r,n=((f.event.special[r.origType]||{}).handle||r.handler).apply(p.elem,g),n!==b&&(c.result=n,n===!1&&(c.preventDefault(),c.stopPropagation()))}}return c.result},props:\"attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which\".split(\" \"),fixHooks:{},keyHooks:{props:\"char charCode key keyCode\".split(\" \"),filter:function(a,b){a.which==null&&(a.which=b.charCode!=null?b.charCode:b.keyCode);return a}},mouseHooks:{props:\"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement\".split(\" \"),filter:function(a,d){var e,f,g,h=d.button,i=d.fromElement;a.pageX==null&&d.clientX!=null&&(e=a.target.ownerDocument||c,f=e.documentElement,g=e.body,a.pageX=d.clientX+(f&&f.scrollLeft\r\n||g&&g.scrollLeft||0)-(f&&f.clientLeft||g&&g.clientLeft||0),a.pageY=d.clientY+(f&&f.scrollTop||g&&g.scrollTop||0)-(f&&f.clientTop||g&&g.clientTop||0)),!a.relatedTarget&&i&&(a.relatedTarget=i===a.target?d.toElement:i),!a.which&&h!==b&&(a.which=h&1?1:h&2?3:h&4?2:0);return a}},fix:function(a){if(a[f.expando])return a;var d,e,g=a,h=f.event.fixHooks[a.type]||{},i=h.props?this.props.concat(h.props):this.props;a=f.Event(g);for(d=i.length;d;)e=i[--d],a[e]=g[e];a.target||(a.target=g.srcElement||c),a.target.nodeType===3&&(a.target=a.target.parentNode),a.metaKey===b&&(a.metaKey=a.ctrlKey);return h.filter?h.filter(a,g):a},special:{ready:{setup:f.bindReady},load:{noBubble:!0},focus:{delegateType:\"focusin\"},blur:{delegateType:\"focusout\"},beforeunload:{setup:function(a,b,c){f.isWindow(this)&&(this.onbeforeunload=c)},teardown:function(a,b){this.onbeforeunload===b&&(this.onbeforeunload=null)}}},simulate:function(a,b,c,d){var e=f.extend(new f.Event,c,{type:a,isSimulated:!0,originalEvent:{}});d?f.event.trigger(e,null,b):f.event.dispatch.call(b,e),e.isDefaultPrevented()&&c.preventDefault()}},f.event.handle=f.event.dispatch,f.removeEvent=c.removeEventListener?function(a,b,c){a.removeEventListener&&a.removeEventListener(b,c,!1)}:function(a,b,c){a.detachEvent&&a.detachEvent(\"on\"+b,c)},f.Event=function(a,b){if(!(this instanceof f.Event))return new f.Event(a,b);a&&a.type?(this.originalEvent=a,this.type=a.type,this.isDefaultPrevented=a.defaultPrevented||a.returnValue===!1||a.getPreventDefault&&a.getPreventDefault()?K:J):this.type=a,b&&f.extend(this,b),this.timeStamp=a&&a.timeStamp||f.now(),this[f.expando]=!0},f.Event.prototype={preventDefault:function(){this.isDefaultPrevented=K;var a=this.originalEvent;!a||(a.preventDefault?a.preventDefault():a.returnValue=!1)},stopPropagation:function(){this.isPropagationStopped=K;var a=this.originalEvent;!a||(a.stopPropagation&&a.stopPropagation(),a.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=K,this.stopPropagation()},isDefaultPrevented:J,isPropagatio\r\nnStopped:J,isImmediatePropagationStopped:J},f.each({mouseenter:\"mouseover\",mouseleave:\"mouseout\"},function(a,b){f.event.special[a]={delegateType:b,bindType:b,handle:function(a){var c=this,d=a.relatedTarget,e=a.handleObj,g=e.selector,h;if(!d||d!==c&&!f.contains(c,d))a.type=e.origType,h=e.handler.apply(this,arguments),a.type=b;return h}}}),f.support.submitBubbles||(f.event.special.submit={setup:function(){if(f.nodeName(this,\"form\"))return!1;f.event.add(this,\"click._submit keypress._submit\",function(a){var c=a.target,d=f.nodeName(c,\"input\")||f.nodeName(c,\"button\")?c.form:b;d&&!d._submit_attached&&(f.event.add(d,\"submit._submit\",function(a){this.parentNode&&!a.isTrigger&&f.event.simulate(\"submit\",this.parentNode,a,!0)}),d._submit_attached=!0)})},teardown:function(){if(f.nodeName(this,\"form\"))return!1;f.event.remove(this,\"._submit\")}}),f.support.changeBubbles||(f.event.special.change={setup:function(){if(z.test(this.nodeName)){if(this.type===\"checkbox\"||this.type===\"radio\")f.event.add(this,\"propertychange._change\",function(a){a.originalEvent.propertyName===\"checked\"&&(this._just_changed=!0)}),f.event.add(this,\"click._change\",function(a){this._just_changed&&!a.isTrigger&&(this._just_changed=!1,f.event.simulate(\"change\",this,a,!0))});return!1}f.event.add(this,\"beforeactivate._change\",function(a){var b=a.target;z.test(b.nodeName)&&!b._change_attached&&(f.event.add(b,\"change._change\",function(a){this.parentNode&&!a.isSimulated&&!a.isTrigger&&f.event.simulate(\"change\",this.parentNode,a,!0)}),b._change_attached=!0)})},handle:function(a){var b=a.target;if(this!==b||a.isSimulated||a.isTrigger||b.type!==\"radio\"&&b.type!==\"checkbox\")return a.handleObj.handler.apply(this,arguments)},teardown:function(){f.event.remove(this,\"._change\");return z.test(this.nodeName)}}),f.support.focusinBubbles||f.each({focus:\"focusin\",blur:\"focusout\"},function(a,b){var d=0,e=function(a){f.event.simulate(b,a.target,f.event.fix(a),!0)};f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e\r\n,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.fn.extend({on:function(a,c,d,e,g){var h,i;if(typeof a==\"object\"){typeof c!=\"string\"&&(d=c,c=b);for(i in a)this.on(i,c,d,a[i],g);return this}d==null&&e==null?(e=c,d=c=b):e==null&&(typeof c==\"string\"?(e=d,d=b):(e=d,d=c,c=b));if(e===!1)e=J;else if(!e)return this;g===1&&(h=e,e=function(a){f().off(a);return h.apply(this,arguments)},e.guid=h.guid||(h.guid=f.guid++));return this.each(function(){f.event.add(this,a,e,d,c)})},one:function(a,b,c,d){return this.on.call(this,a,b,c,d,1)},off:function(a,c,d){if(a&&a.preventDefault&&a.handleObj){var e=a.handleObj;f(a.delegateTarget).off(e.namespace?e.type+\".\"+e.namespace:e.type,e.selector,e.handler);return this}if(typeof a==\"object\"){for(var g in a)this.off(g,c,a[g]);return this}if(c===!1||typeof c==\"function\")d=c,c=b;d===!1&&(d=J);return this.each(function(){f.event.remove(this,a,d,c)})},bind:function(a,b,c){return this.on(a,null,b,c)},unbind:function(a,b){return this.off(a,null,b)},live:function(a,b,c){f(this.context).on(a,this.selector,b,c);return this},die:function(a,b){f(this.context).off(a,this.selector||\"**\",b);return this},delegate:function(a,b,c,d){return this.on(b,a,c,d)},undelegate:function(a,b,c){return arguments.length==1?this.off(a,\"**\"):this.off(b,a,c)},trigger:function(a,b){return this.each(function(){f.event.trigger(a,b,this)})},triggerHandler:function(a,b){if(this[0])return f.event.trigger(a,b,this[0],!0)},toggle:function(a){var b=arguments,c=a.guid||f.guid++,d=0,e=function(c){var e=(f._data(this,\"lastToggle\"+a.guid)||0)%d;f._data(this,\"lastToggle\"+a.guid,e+1),c.preventDefault();return b[e].apply(this,arguments)||!1};e.guid=c;while(d<b.length)b[d++].guid=c;return this.click(e)},hover:function(a,b){return this.mouseenter(a).mouseleave(b||a)}}),f.each(\"blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu\".split(\" \"),function\r\n(a,b){f.fn[b]=function(a,c){c==null&&(c=a,a=null);return arguments.length>0?this.on(b,null,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0),C.test(b)&&(f.event.fixHooks[b]=f.event.keyHooks),D.test(b)&&(f.event.fixHooks[b]=f.event.mouseHooks)}),function(){function x(a,b,c,e,f,g){for(var h=0,i=e.length;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];while(j){if(j[d]===c){k=e[j.sizset];break}if(j.nodeType===1){g||(j[d]=c,j.sizset=h);if(typeof b!=\"string\"){if(j===b){k=!0;break}}else if(m.filter(b,[j]).length>0){k=j;break}}j=j[a]}e[h]=k}}}function w(a,b,c,e,f,g){for(var h=0,i=e.length;h<i;h++){var j=e[h];if(j){var k=!1;j=j[a];while(j){if(j[d]===c){k=e[j.sizset];break}j.nodeType===1&&!g&&(j[d]=c,j.sizset=h);if(j.nodeName.toLowerCase()===b){k=j;break}j=j[a]}e[h]=k}}}var a=/((?:\\((?:\\([^()]+\\)|[^()]+)+\\)|\\[(?:\\[[^\\[\\]]*\\]|['\"][^'\"]*['\"]|[^\\[\\]'\"]+)+\\]|\\\\.|[^ >+~,(\\[\\\\]+)+|[>+~])(\\s*,\\s*)?((?:.|\\r|\\n)*)/g,d=\"sizcache\"+(Math.random()+\"\").replace(\".\",\"\"),e=0,g=Object.prototype.toString,h=!1,i=!0,j=/\\\\/g,k=/\\r\\n/g,l=/\\W/;[0,0].sort(function(){i=!1;return 0});var m=function(b,d,e,f){e=e||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!=\"string\")return e;var i,j,k,l,n,q,r,t,u=!0,v=m.isXML(d),w=[],x=b;do{a.exec(\"\"),i=a.exec(x);if(i){x=i[3],w.push(i[1]);if(i[2]){l=i[3];break}}}while(i);if(w.length>1&&p.exec(b))if(w.length===2&&o.relative[w[0]])j=y(w[0]+w[1],d,f);else{j=o.relative[w[0]]?[d]:m(w.shift(),d);while(w.length)b=w.shift(),o.relative[b]&&(b+=w.shift()),j=y(b,j,f)}else{!f&&w.length>1&&d.nodeType===9&&!v&&o.match.ID.test(w[0])&&!o.match.ID.test(w[w.length-1])&&(n=m.find(w.shift(),d,v),d=n.expr?m.filter(n.expr,n.set)[0]:n.set[0]);if(d){n=f?{expr:w.pop(),set:s(f)}:m.find(w.pop(),w.length===1&&(w[0]===\"~\"||w[0]===\"+\")&&d.parentNode?d.parentNode:d,v),j=n.expr?m.filter(n.expr,n.set):n.set,w.length>0?k=s(j):u=!1;while(w.length)q=w.pop(),r=q,o.relative[q]?r=w.pop():q=\"\",r==null&&(r=d),o.relative[q](k,r,v)}else k=w=[]}k||(k=j),k||m.error(q||b);if(g.call(k)==\r\n=\"[object Array]\")if(!u)e.push.apply(e,k);else if(d&&d.nodeType===1)for(t=0;k[t]!=null;t++)k[t]&&(k[t]===!0||k[t].nodeType===1&&m.contains(d,k[t]))&&e.push(j[t]);else for(t=0;k[t]!=null;t++)k[t]&&k[t].nodeType===1&&e.push(j[t]);else s(k,e);l&&(m(l,h,e,f),m.uniqueSort(e));return e};m.uniqueSort=function(a){if(u){h=i,a.sort(u);if(h)for(var b=1;b<a.length;b++)a[b]===a[b-1]&&a.splice(b--,1)}return a},m.matches=function(a,b){return m(a,null,null,b)},m.matchesSelector=function(a,b){return m(b,null,null,[a]).length>0},m.find=function(a,b,c){var d,e,f,g,h,i;if(!a)return[];for(e=0,f=o.order.length;e<f;e++){h=o.order[e];if(g=o.leftMatch[h].exec(a)){i=g[1],g.splice(1,1);if(i.substr(i.length-1)!==\"\\\\\"){g[1]=(g[1]||\"\").replace(j,\"\"),d=o.find[h](g,b,c);if(d!=null){a=a.replace(o.match[h],\"\");break}}}}d||(d=typeof b.getElementsByTagName!=\"undefined\"?b.getElementsByTagName(\"*\"):[]);return{set:d,expr:a}},m.filter=function(a,c,d,e){var f,g,h,i,j,k,l,n,p,q=a,r=[],s=c,t=c&&c[0]&&m.isXML(c[0]);while(a&&c.length){for(h in o.filter)if((f=o.leftMatch[h].exec(a))!=null&&f[2]){k=o.filter[h],l=f[1],g=!1,f.splice(1,1);if(l.substr(l.length-1)===\"\\\\\")continue;s===r&&(r=[]);if(o.preFilter[h]){f=o.preFilter[h](f,s,d,r,e,t);if(!f)g=i=!0;else if(f===!0)continue}if(f)for(n=0;(j=s[n])!=null;n++)j&&(i=k(j,f,n,s),p=e^i,d&&i!=null?p?g=!0:s[n]=!1:p&&(r.push(j),g=!0));if(i!==b){d||(s=r),a=a.replace(o.match[h],\"\");if(!g)return[];break}}if(a===q)if(g==null)m.error(a);else break;q=a}return s},m.error=function(a){throw new Error(\"Syntax error, unrecognized expression: \"+a)};var n=m.getText=function(a){var b,c,d=a.nodeType,e=\"\";if(d){if(d===1||d===9){if(typeof a.textContent==\"string\")return a.textContent;if(typeof a.innerText==\"string\")return a.innerText.replace(k,\"\");for(a=a.firstChild;a;a=a.nextSibling)e+=n(a)}else if(d===3||d===4)return a.nodeValue}else for(b=0;c=a[b];b++)c.nodeType!==8&&(e+=n(c));return e},o=m.selectors={order:[\"ID\",\"NAME\",\"TAG\"],match:{ID:/#((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)/,CLASS:/\\.((?:[\\w\\u\r\n00c0-\\uFFFF\\-]|\\\\.)+)/,NAME:/\\[name=['\"]*((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)['\"]*\\]/,ATTR:/\\[\\s*((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)\\s*(?:(\\S?=)\\s*(?:(['\"])(.*?)\\3|(#?(?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)*)|)|)\\s*\\]/,TAG:/^((?:[\\w\\u00c0-\\uFFFF\\*\\-]|\\\\.)+)/,CHILD:/:(only|nth|last|first)-child(?:\\(\\s*(even|odd|(?:[+\\-]?\\d+|(?:[+\\-]?\\d*)?n\\s*(?:[+\\-]\\s*\\d+)?))\\s*\\))?/,POS:/:(nth|eq|gt|lt|first|last|even|odd)(?:\\((\\d*)\\))?(?=[^\\-]|$)/,PSEUDO:/:((?:[\\w\\u00c0-\\uFFFF\\-]|\\\\.)+)(?:\\((['\"]?)((?:\\([^\\)]+\\)|[^\\(\\)]*)+)\\2\\))?/},leftMatch:{},attrMap:{\"class\":\"className\",\"for\":\"htmlFor\"},attrHandle:{href:function(a){return a.getAttribute(\"href\")},type:function(a){return a.getAttribute(\"type\")}},relative:{\"+\":function(a,b){var c=typeof b==\"string\",d=c&&!l.test(b),e=c&&!d;d&&(b=b.toLowerCase());for(var f=0,g=a.length,h;f<g;f++)if(h=a[f]){while((h=h.previousSibling)&&h.nodeType!==1);a[f]=e||h&&h.nodeName.toLowerCase()===b?h||!1:h===b}e&&m.filter(b,a,!0)},\">\":function(a,b){var c,d=typeof b==\"string\",e=0,f=a.length;if(d&&!l.test(b)){b=b.toLowerCase();for(;e<f;e++){c=a[e];if(c){var g=c.parentNode;a[e]=g.nodeName.toLowerCase()===b?g:!1}}}else{for(;e<f;e++)c=a[e],c&&(a[e]=d?c.parentNode:c.parentNode===b);d&&m.filter(b,a,!0)}},\"\":function(a,b,c){var d,f=e++,g=x;typeof b==\"string\"&&!l.test(b)&&(b=b.toLowerCase(),d=b,g=w),g(\"parentNode\",b,f,a,d,c)},\"~\":function(a,b,c){var d,f=e++,g=x;typeof b==\"string\"&&!l.test(b)&&(b=b.toLowerCase(),d=b,g=w),g(\"previousSibling\",b,f,a,d,c)}},find:{ID:function(a,b,c){if(typeof b.getElementById!=\"undefined\"&&!c){var d=b.getElementById(a[1]);return d&&d.parentNode?[d]:[]}},NAME:function(a,b){if(typeof b.getElementsByName!=\"undefined\"){var c=[],d=b.getElementsByName(a[1]);for(var e=0,f=d.length;e<f;e++)d[e].getAttribute(\"name\")===a[1]&&c.push(d[e]);return c.length===0?null:c}},TAG:function(a,b){if(typeof b.getElementsByTagName!=\"undefined\")return b.getElementsByTagName(a[1])}},preFilter:{CLASS:function(a,b,c,d,e,f){a=\r\n\" \"+a[1].replace(j,\"\")+\" \";if(f)return a;for(var g=0,h;(h=b[g])!=null;g++)h&&(e^(h.className&&(\" \"+h.className+\" \").replace(/[\\t\\n\\r]/g,\" \").indexOf(a)>=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(j,\"\")},TAG:function(a,b){return a[1].replace(j,\"\").toLowerCase()},CHILD:function(a){if(a[1]===\"nth\"){a[2]||m.error(a[0]),a[2]=a[2].replace(/^\\+|\\s*/g,\"\");var b=/(-?)(\\d*)(?:n([+\\-]?\\d*))?/.exec(a[2]===\"even\"&&\"2n\"||a[2]===\"odd\"&&\"2n+1\"||!/\\D/.test(a[2])&&\"0n+\"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&m.error(a[0]);a[0]=e++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(j,\"\");!f&&o.attrMap[g]&&(a[1]=o.attrMap[g]),a[4]=(a[4]||a[5]||\"\").replace(j,\"\"),a[2]===\"~=\"&&(a[4]=\" \"+a[4]+\" \");return a},PSEUDO:function(b,c,d,e,f){if(b[1]===\"not\")if((a.exec(b[3])||\"\").length>1||/^\\w/.test(b[3]))b[3]=m(b[3],null,null,c);else{var g=m.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(o.match.POS.test(b[0])||o.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!==\"hidden\"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!m(c[3],a).length},header:function(a){return/h\\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute(\"type\"),c=a.type;return a.nodeName.toLowerCase()===\"input\"&&\"text\"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()===\"input\"&&\"radio\"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()===\"input\"&&\"checkbox\"===a.type},file:function(a){return a.nodeName.toLowerCase()===\"input\"&&\"file\"===a.type},password:function(a){return a.nodeName.toLowerCase()===\"input\"&&\"password\"===a.type},submit:function(a){var b=a.nodeName.t\r\noLowerCase();return(b===\"input\"||b===\"button\")&&\"submit\"===a.type},image:function(a){return a.nodeName.toLowerCase()===\"input\"&&\"image\"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b===\"input\"||b===\"button\")&&\"reset\"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b===\"input\"&&\"button\"===a.type||b===\"button\"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return b<c[3]-0},gt:function(a,b,c){return b>c[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=o.filters[e];if(f)return f(a,c,b,d);if(e===\"contains\")return(a.textContent||a.innerText||n([a])||\"\").indexOf(b[3])>=0;if(e===\"not\"){var g=b[3];for(var h=0,i=g.length;h<i;h++)if(g[h]===a)return!1;return!0}m.error(e)},CHILD:function(a,b){var c,e,f,g,h,i,j,k=b[1],l=a;switch(k){case\"only\":case\"first\":while(l=l.previousSibling)if(l.nodeType===1)return!1;if(k===\"first\")return!0;l=a;case\"last\":while(l=l.nextSibling)if(l.nodeType===1)return!1;return!0;case\"nth\":c=b[2],e=b[3];if(c===1&&e===0)return!0;f=b[0],g=a.parentNode;if(g&&(g[d]!==f||!a.nodeIndex)){i=0;for(l=g.firstChild;l;l=l.nextSibling)l.nodeType===1&&(l.nodeIndex=++i);g[d]=f}j=a.nodeIndex-e;return c===0?j===0:j%c===0&&j/c>=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute(\"id\")===b},TAG:function(a,b){return b===\"*\"&&a.nodeType===1||!!a.nodeName&&a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(\" \"+(a.className||a.getAttribute(\"class\"))+\" \").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=m.attr?m.attr(a,c):o.attrHandle[c]?o.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+\"\",f=b[2],g=b[4];return d==null?f===\"!=\":!f&&m.attr?d!=null:f===\"=\"?e===g:f===\"*=\"?e.ind\r\nexOf(g)>=0:f===\"~=\"?(\" \"+e+\" \").indexOf(g)>=0:g?f===\"!=\"?e!==g:f===\"^=\"?e.indexOf(g)===0:f===\"$=\"?e.substr(e.length-g.length)===g:f===\"|=\"?e===g||e.substr(0,g.length+1)===g+\"-\":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=o.setFilters[e];if(f)return f(a,c,b,d)}}},p=o.match.POS,q=function(a,b){return\"\\\\\"+(b-0+1)};for(var r in o.match)o.match[r]=new RegExp(o.match[r].source+/(?![^\\[]*\\])(?![^\\(]*\\))/.source),o.leftMatch[r]=new RegExp(/(^(?:.|\\r|\\n)*?)/.source+o.match[r].source.replace(/\\\\(\\d+)/g,q));var s=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(t){s=function(a,b){var c=0,d=b||[];if(g.call(a)===\"[object Array]\")Array.prototype.push.apply(d,a);else if(typeof a.length==\"number\")for(var e=a.length;c<e;c++)d.push(a[c]);else for(;a[c];c++)d.push(a[c]);return d}}var u,v;c.documentElement.compareDocumentPosition?u=function(a,b){if(a===b){h=!0;return 0}if(!a.compareDocumentPosition||!b.compareDocumentPosition)return a.compareDocumentPosition?-1:1;return a.compareDocumentPosition(b)&4?-1:1}:(u=function(a,b){if(a===b){h=!0;return 0}if(a.sourceIndex&&b.sourceIndex)return a.sourceIndex-b.sourceIndex;var c,d,e=[],f=[],g=a.parentNode,i=b.parentNode,j=g;if(g===i)return v(a,b);if(!g)return-1;if(!i)return 1;while(j)e.unshift(j),j=j.parentNode;j=i;while(j)f.unshift(j),j=j.parentNode;c=e.length,d=f.length;for(var k=0;k<c&&k<d;k++)if(e[k]!==f[k])return v(e[k],f[k]);return k===c?v(a,f[k],-1):v(e[k],b,1)},v=function(a,b,c){if(a===b)return c;var d=a.nextSibling;while(d){if(d===b)return-1;d=d.nextSibling}return 1}),function(){var a=c.createElement(\"div\"),d=\"script\"+(new Date).getTime(),e=c.documentElement;a.innerHTML=\"<a name='\"+d+\"'/>\",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(o.find.ID=function(a,c,d){if(typeof c.getElementById!=\"undefined\"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!=\"undefined\"&&e.getAttribut\r\neNode(\"id\").nodeValue===a[1]?[e]:b:[]}},o.filter.ID=function(a,b){var c=typeof a.getAttributeNode!=\"undefined\"&&a.getAttributeNode(\"id\");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement(\"div\");a.appendChild(c.createComment(\"\")),a.getElementsByTagName(\"*\").length>0&&(o.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]===\"*\"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML=\"<a href='#'></a>\",a.firstChild&&typeof a.firstChild.getAttribute!=\"undefined\"&&a.firstChild.getAttribute(\"href\")!==\"#\"&&(o.attrHandle.href=function(a){return a.getAttribute(\"href\",2)}),a=null}(),c.querySelectorAll&&function(){var a=m,b=c.createElement(\"div\"),d=\"__sizzle__\";b.innerHTML=\"<p class='TEST'></p>\";if(!b.querySelectorAll||b.querySelectorAll(\".TEST\").length!==0){m=function(b,e,f,g){e=e||c;if(!g&&!m.isXML(e)){var h=/^(\\w+$)|^\\.([\\w\\-]+$)|^#([\\w\\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return s(e.getElementsByTagName(b),f);if(h[2]&&o.find.CLASS&&e.getElementsByClassName)return s(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b===\"body\"&&e.body)return s([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return s([],f);if(i.id===h[3])return s([i],f)}try{return s(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!==\"object\"){var k=e,l=e.getAttribute(\"id\"),n=l||d,p=e.parentNode,q=/^\\s*[+~]/.test(b);l?n=n.replace(/'/g,\"\\\\$&\"):e.setAttribute(\"id\",n),q&&p&&(e=e.parentNode);try{if(!q||p)return s(e.querySelectorAll(\"[id='\"+n+\"'] \"+b),f)}catch(r){}finally{l||k.removeAttribute(\"id\")}}}return a(b,e,f,g)};for(var e in a)m[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement(\"div\"),\"div\"),e=!1;try{b.call(c.documentElement,\"[test!='']:sizzle\")}catch(f){e=!0}m.matchesSele\r\nctor=function(a,c){c=c.replace(/\\=\\s*([^'\"\\]]*)\\s*\\]/g,\"='$1']\");if(!m.isXML(a))try{if(e||!o.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return m(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement(\"div\");a.innerHTML=\"<div class='test e'></div><div class='test'></div>\";if(!!a.getElementsByClassName&&a.getElementsByClassName(\"e\").length!==0){a.lastChild.className=\"e\";if(a.getElementsByClassName(\"e\").length===1)return;o.order.splice(1,0,\"CLASS\"),o.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!=\"undefined\"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?m.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?m.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:m.contains=function(){return!1},m.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!==\"HTML\":!1};var y=function(a,b,c){var d,e=[],f=\"\",g=b.nodeType?[b]:b;while(d=o.match.PSEUDO.exec(a))f+=d[0],a=a.replace(o.match.PSEUDO,\"\");a=o.relative[a]?a+\"*\":a;for(var h=0,i=g.length;h<i;h++)m(a,g[h],e,c);return m.filter(f,e)};m.attr=f.attr,m.selectors.attrMap={},f.find=m,f.expr=m.selectors,f.expr[\":\"]=f.expr.filters,f.unique=m.uniqueSort,f.text=m.getText,f.isXMLDoc=m.isXML,f.contains=m.contains}();var L=/Until$/,M=/^(?:parents|prevUntil|prevAll)/,N=/,/,O=/^.[^:#\\[\\.,]*$/,P=Array.prototype.slice,Q=f.expr.match.POS,R={children:!0,contents:!0,next:!0,prev:!0};f.fn.extend({find:function(a){var b=this,c,d;if(typeof a!=\"string\")return f(a).filter(function(){for(c=0,d=b.length;c<d;c++)if(f.contains(b[c],this))return!0});var e=this.pushStack(\"\",\"find\",a),g,h,i;for(c=0,d=this.length;c<d;c++){g=e.length,f.find(a,this[c],e);if(c>0)for(h=g;h<e.length;h++)for(i=0;i<g;i++)if(e[i]===e[h]){e.splice(h--,1);break}}return e},has:function(a){var b=f(a);return this.filter(function(){for(var a=0,c=b.length;a<c;a++\r\n)if(f.contains(this,b[a]))return!0})},not:function(a){return this.pushStack(T(this,a,!1),\"not\",a)},filter:function(a){return this.pushStack(T(this,a,!0),\"filter\",a)},is:function(a){return!!a&&(typeof a==\"string\"?Q.test(a)?f(a,this.context).index(this[0])>=0:f.filter(a,this).length>0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h=1;while(g&&g.ownerDocument&&g!==b){for(d=0;d<a.length;d++)f(g).is(a[d])&&c.push({selector:a[d],elem:g,level:h});g=g.parentNode,h++}return c}var i=Q.test(a)||typeof a!=\"string\"?f(a,b||this.context):0;for(d=0,e=this.length;d<e;d++){g=this[d];while(g){if(i?i.index(g)>-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,\"closest\",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a==\"string\")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a==\"string\"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(S(c[0])||S(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,\"parentNode\")},parentsUntil:function(a,b,c){return f.dir(a,\"parentNode\",c)},next:function(a){return f.nth(a,2,\"nextSibling\")},prev:function(a){return f.nth(a,2,\"previousSibling\")},nextAll:function(a){return f.dir(a,\"nextSibling\")},prevAll:function(a){return f.dir(a,\"previousSibling\")},nextUntil:function(a,b,c){return f.dir(a,\"nextSibling\",c)},prevUntil:function(a,b,c){return f.dir(a,\"previousSibling\",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,\"iframe\")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function\r\n(c,d){var e=f.map(this,b,c);L.test(a)||(d=c),d&&typeof d==\"string\"&&(e=f.filter(d,e)),e=this.length>1&&!R[a]?f.unique(e):e,(this.length>1||N.test(d))&&M.test(a)&&(e=e.reverse());return this.pushStack(e,a,P.call(arguments).join(\",\"))}}),f.extend({filter:function(a,b,c){c&&(a=\":not(\"+a+\")\");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var V=\"abbr|article|aside|audio|canvas|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video\",W=/ jQuery\\d+=\"(?:\\d+|null)\"/g,X=/^\\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\\w:]+)[^>]*)\\/>/ig,Z=/<([\\w:]+)/,$=/<tbody/i,_=/<|&#?\\w+;/,ba=/<(?:script|style)/i,bb=/<(?:script|object|embed|option|style)/i,bc=new RegExp(\"<(?:\"+V+\")\",\"i\"),bd=/checked\\s*(?:[^=]|=\\s*.checked.)/i,be=/\\/(java|ecma)script/i,bf=/^\\s*<!(?:\\[CDATA\\[|\\-\\-)/,bg={option:[1,\"<select multiple='multiple'>\",\"</select>\"],legend:[1,\"<fieldset>\",\"</fieldset>\"],thead:[1,\"<table>\",\"</table>\"],tr:[2,\"<table><tbody>\",\"</tbody></table>\"],td:[3,\"<table><tbody><tr>\",\"</tr></tbody></table>\"],col:[2,\"<table><tbody></tbody><colgroup>\",\"</colgroup></table>\"],area:[1,\"<map>\",\"</map>\"],_default:[0,\"\",\"\"]},bh=U(c);bg.optgroup=bg.option,bg.tbody=bg.tfoot=bg.colgroup=bg.caption=bg.thead,bg.th=bg.td,f.support.htmlSerialize||(bg._default=[1,\"div<div>\",\"</div>\"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!=\"object\"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a)\r\n{if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){var b=f.isFunction(a);return this.each(function(c){f(this).wrapAll(b?a.call(this,c):a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,\"body\")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f.clean(arguments);a.push.apply(a,this.toArray());return this.pushStack(a,\"before\",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,\"after\",arguments);a.push.apply(a,f.clean(arguments));return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName(\"*\")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function()\n{for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName(\"*\"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[\r\n0].nodeType===1?this[0].innerHTML.replace(W,\"\"):null;if(typeof a==\"string\"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!bg[(Z.exec(a)||[\"\",\"\"])[1].toLowerCase()]){a=a.replace(Y,\"<$1></$2>\");try{for(var c=0,d=this.length;c<d;c++)this[c].nodeType===1&&(f.cleanData(this[c].getElementsByTagName(\"*\")),this[c].innerHTML=a)}catch(e){this.empty().append(a)}}else f.isFunction(a)?this.each(function(b){var c=f(this);c.html(a.call(this,b,c.html()))}):this.empty().append(a);return this},replaceWith:function(a){if(this[0]&&this[0].parentNode){if(f.isFunction(a))return this.each(function(b){var c=f(this),d=c.html();c.replaceWith(a.call(this,b,d))});typeof a!=\"string\"&&(a=f(a).detach());return this.each(function(){var b=this.nextSibling,c=this.parentNode;f(this).remove(),b?f(b).before(a):f(c).append(a)})}return this.length?this.pushStack(f(f.isFunction(a)?a():a),\"replaceWith\",a):this},detach:function(a){return this.remove(a,!0)},domManip:function(a,c,d){var e,g,h,i,j=a[0],k=[];if(!f.support.checkClone&&arguments.length===3&&typeof j==\"string\"&&bd.test(j))return this.each(function(){f(this).domManip(a,c,d,!0)});if(f.isFunction(j))return this.each(function(e){var g=f(this);a[0]=j.call(this,e,c?g.html():b),g.domManip(a,c,d)});if(this[0]){i=j&&j.parentNode,f.support.parentNode&&i&&i.nodeType===11&&i.childNodes.length===this.length?e={fragment:i}:e=f.buildFragment(a,this,k),h=e.fragment,h.childNodes.length===1?g=h=h.firstChild:g=h.firstChild;if(g){c=c&&f.nodeName(g,\"tr\");for(var l=0,m=this.length,n=m-1;l<m;l++)d.call(c?bi(this[l],g):this[l],e.cacheable||m>1&&l<n?f.clone(h,!0,!0):h)}k.length&&f.each(k,bp)}return this}}),f.buildFragment=function(a,b,d){var e,g,h,i,j=a[0];b&&b[0]&&(i=b[0].ownerDocument||b[0]),i.createDocumentFragment||(i=c),a.length===1&&typeof j==\"string\"&&j.length<512&&i===c&&j.charAt(0)===\"<\"&&!bb.test(j)&&(f.support.checkClone||!bd.test(j))&&(f.support.html5Clone||!bc.test(j))&&(g=!0,h=f.fragments[j],h&&h!==1&&(e=h)),e||(e=i.createDocumentFragment(),f.clean(a,i,e,d)),g&&(f.fragm\r\nents[j]=h?e:1);return{fragment:e,cacheable:g}},f.fragments={},f.each({appendTo:\"append\",prependTo:\"prepend\",insertBefore:\"before\",insertAfter:\"after\",replaceAll:\"replaceWith\"},function(a,b){f.fn[a]=function(c){var d=[],e=f(c),g=this.length===1&&this[0].parentNode;if(g&&g.nodeType===11&&g.childNodes.length===1&&e.length===1){e[b](this[0]);return this}for(var h=0,i=e.length;h<i;h++){var j=(h>0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d,e,g,h=f.support.html5Clone||!bc.test(\"<\"+a.nodeName)?a.cloneNode(!0):bo(a);if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bk(a,h),d=bl(a),e=bl(h);for(g=0;d[g];++g)e[g]&&bk(d[g],e[g])}if(b){bj(a,h);if(c){d=bl(a),e=bl(h);for(g=0;d[g];++g)bj(d[g],e[g])}}d=e=null;return h},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement==\"undefined\"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k==\"number\"&&(k+=\"\");if(!k)continue;if(typeof k==\"string\")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,\"<$1></$2>\");var l=(Z.exec(k)||[\"\",\"\"])[1].toLowerCase(),m=bg[l]||bg._default,n=m[0],o=b.createElement(\"div\");b===c?bh.appendChild(o):U(b).appendChild(o),o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l===\"table\"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===\"<table>\"&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],\"tbody\")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)==\"number\")for(i=0;i<r;i++)bn(k[i]);else bn(k);k.nodeType?h.push(k):h=f.merge(h,k)}if(d){g=function(a){return!a.type||be.test(a.type)};for(j=0;h[j];j++)if(e&&f.nodeName(h[j],\"script\")&&(!h[j].type||h[j].type.toLowerCase()===\"text/javascrip\r\nt\"))e.push(h[j].parentNode?h[j].parentNode.removeChild(h[j]):h[j]);else{if(h[j].nodeType===1){var s=f.grep(h[j].getElementsByTagName(\"script\"),g);h.splice.apply(h,[j+1,0].concat(s))}d.appendChild(h[j])}}return h},cleanData:function(a){var b,c,d=f.cache,e=f.event.special,g=f.support.deleteExpando;for(var h=0,i;(i=a[h])!=null;h++){if(i.nodeName&&f.noData[i.nodeName.toLowerCase()])continue;c=i[f.expando];if(c){b=d[c];if(b&&b.events){for(var j in b.events)e[j]?f.event.remove(i,j):f.removeEvent(i,j,b.handle);b.handle&&(b.handle.elem=null)}g?delete i[f.expando]:i.removeAttribute&&i.removeAttribute(f.expando),delete d[c]}}}});var bq=/alpha\\([^)]*\\)/i,br=/opacity=([^)]*)/,bs=/([A-Z]|^ms)/g,bt=/^-?\\d+(?:px)?$/i,bu=/^-?\\d/,bv=/^([\\-+])=([\\-+.\\de]+)/,bw={position:\"absolute\",visibility:\"hidden\",display:\"block\"},bx=[\"Left\",\"Right\"],by=[\"Top\",\"Bottom\"],bz,bA,bB;f.fn.css=function(a,c){if(arguments.length===2&&c===b)return this;return f.access(this,a,c,!0,function(a,c,d){return d!==b?f.style(a,c,d):f.css(a,c)})},f.extend({cssHooks:{opacity:{get:function(a,b){if(b){var c=bz(a,\"opacity\",\"opacity\");return c===\"\"?\"1\":c}return a.style.opacity}}},cssNumber:{fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{\"float\":f.support.cssFloat?\"cssFloat\":\"styleFloat\"},style:function(a,c,d,e){if(!!a&&a.nodeType!==3&&a.nodeType!==8&&!!a.style){var g,h,i=f.camelCase(c),j=a.style,k=f.cssHooks[i];c=f.cssProps[i]||i;if(d===b){if(k&&\"get\"in k&&(g=k.get(a,!1,e))!==b)return g;return j[c]}h=typeof d,h===\"string\"&&(g=bv.exec(d))&&(d=+(g[1]+1)*+g[2]+parseFloat(f.css(a,c)),h=\"number\");if(d==null||h===\"number\"&&isNaN(d))return;h===\"number\"&&!f.cssNumber[i]&&(d+=\"px\");if(!k||!(\"set\"in k)||(d=k.set(a,d))!==b)try{j[c]=d}catch(l){}}},css:function(a,c,d){var e,g;c=f.camelCase(c),g=f.cssHooks[c],c=f.cssProps[c]||c,c===\"cssFloat\"&&(c=\"float\");if(g&&\"get\"in g&&(e=g.get(a,!0,d))!==b)return e;if(bz)return bz(a,c)},swap:function(a,b,c){var d={};for(var e in b\r\n)d[e]=a.style[e],a.style[e]=b[e];c.call(a);for(e in b)a.style[e]=d[e]}}),f.curCSS=f.css,f.each([\"height\",\"width\"],function(a,b){f.cssHooks[b]={get:function(a,c,d){var e;if(c){if(a.offsetWidth!==0)return bC(a,b,d);f.swap(a,bw,function(){e=bC(a,b,d)});return e}},set:function(a,b){if(!bt.test(b))return b;b=parseFloat(b);if(b>=0)return b+\"px\"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return br.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||\"\")?parseFloat(RegExp.$1)/100+\"\":b?\"1\":\"\"},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNumeric(b)?\"alpha(opacity=\"+b*100+\")\":\"\",g=d&&d.filter||c.filter||\"\";c.zoom=1;if(b>=1&&f.trim(g.replace(bq,\"\"))===\"\"){c.removeAttribute(\"filter\");if(d&&!d.filter)return}c.filter=bq.test(g)?g.replace(bq,e):g+\" \"+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:\"inline-block\"},function(){b?c=bz(a,\"margin-right\",\"marginRight\"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bA=function(a,b){var c,d,e;b=b.replace(bs,\"-$1\").toLowerCase(),(d=a.ownerDocument.defaultView)&&(e=d.getComputedStyle(a,null))&&(c=e.getPropertyValue(b),c===\"\"&&!f.contains(a.ownerDocument.documentElement,a)&&(c=f.style(a,b)));return c}),c.documentElement.currentStyle&&(bB=function(a,b){var c,d,e,f=a.currentStyle&&a.currentStyle[b],g=a.style;f===null&&g&&(e=g[b])&&(f=e),!bt.test(f)&&bu.test(f)&&(c=g.left,d=a.runtimeStyle&&a.runtimeStyle.left,d&&(a.runtimeStyle.left=a.currentStyle.left),g.left=b===\"fontSize\"?\"1em\":f||0,f=g.pixelLeft+\"px\",g.left=c,d&&(a.runtimeStyle.left=d));return f===\"\"?\"auto\":f}),bz=bA||bB,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style&&a.style.display||f.css(a,\"display\"))===\"none\"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bD=/%20/g,bE=/\\[\\]$/,bF=/\\r?\\n/g,bG=/#.*\r\n$/,bH=/^(.*?):[ \\t]*([^\\r\\n]*)\\r?$/mg,bI=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bJ=/^(?:about|app|app\\-storage|.+\\-extension|file|res|widget):$/,bK=/^(?:GET|HEAD)$/,bL=/^\\/\\//,bM=/\\?/,bN=/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi,bO=/^(?:select|textarea)/i,bP=/\\s+/,bQ=/([?&])_=[^&]*/,bR=/^([\\w\\+\\.\\-]+:)(?:\\/\\/([^\\/?#:]*)(?::(\\d+))?)?/,bS=f.fn.load,bT={},bU={},bV,bW,bX=[\"*/\"]+[\"*\"];try{bV=e.href}catch(bY){bV=c.createElement(\"a\"),bV.href=\"\",bV=bV.href}bW=bR.exec(bV.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!=\"string\"&&bS)return bS.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(\" \");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h=\"GET\";c&&(f.isFunction(c)?(d=c,c=b):typeof c==\"object\"&&(c=f.param(c,f.ajaxSettings.traditional),h=\"POST\"));var i=this;f.ajax({url:a,type:h,dataType:\"html\",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f(\"<div>\").append(c.replace(bN,\"\")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bO.test(this.nodeName)||bI.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bF,\"\\r\\n\")}}):{name:b.name,value:c.replace(bF,\"\\r\\n\")}}).get()}}),f.each(\"ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend\".split(\" \"),function(a,b){f.fn[b]=function(a){return this.on(b,a)}}),f.each([\"get\",\"post\"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,\"script\")},getJSON:function(a,b,c){return f.get(a,\r\nb,c,\"json\")},ajaxSetup:function(a,b){b?b_(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),b_(a,b);return a},ajaxSettings:{url:bV,isLocal:bJ.test(bW[1]),global:!0,type:\"GET\",contentType:\"application/x-www-form-urlencoded\",processData:!0,async:!0,accepts:{xml:\"application/xml, text/xml\",html:\"text/html\",text:\"text/plain\",json:\"application/json, text/javascript\",\"*\":bX},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:\"responseXML\",text:\"responseText\"},converters:{\"* text\":a.String,\"text html\":!0,\"text json\":f.parseJSON,\"text xml\":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bZ(bT),ajaxTransport:bZ(bU),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||\"\",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?cb(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader(\"Last-Modified\"))f.lastModified[k]=y;if(z=v.getResponseHeader(\"Etag\"))f.etag[k]=z}if(a===304)w=\"notmodified\",o=!0;else try{r=cc(d,x),w=\"success\",o=!0}catch(A){w=\"parsererror\",u=A}}else{u=w;if(!w||a)w=\"error\",a<0&&(a=0)}v.status=a,v.statusText=\"\"+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger(\"ajax\"+(o?\"Success\":\"Error\"),[v,d,o?r:u]),i.fireWith(e,[v,w]),t&&(g.trigger(\"ajaxComplete\",[v,d]),--f.active||f.event.trigger(\"ajaxStop\"))}}typeof a==\"object\"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f.Callbacks(\"once memory\"),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bH.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||\"abort\",p&&p.abort(a),w(0,a);return this}};h.promise(v),v\r\n.success=v.done,v.error=v.fail,v.complete=i.add,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+\"\").replace(bG,\"\").replace(bL,bW[1]+\"//\"),d.dataTypes=f.trim(d.dataType||\"*\").toLowerCase().split(bP),d.crossDomain==null&&(r=bR.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bW[1]&&r[2]==bW[2]&&(r[3]||(r[1]===\"http:\"?80:443))==(bW[3]||(bW[1]===\"http:\"?80:443)))),d.data&&d.processData&&typeof d.data!=\"string\"&&(d.data=f.param(d.data,d.traditional)),b$(bT,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bK.test(d.type),t&&f.active++===0&&f.event.trigger(\"ajaxStart\");if(!d.hasContent){d.data&&(d.url+=(bM.test(d.url)?\"&\":\"?\")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bQ,\"$1_=\"+x);d.url=y+(y===d.url?(bM.test(d.url)?\"&\":\"?\")+\"_=\"+x:\"\")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader(\"Content-Type\",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader(\"If-Modified-Since\",f.lastModified[k]),f.etag[k]&&v.setRequestHeader(\"If-None-Match\",f.etag[k])),v.setRequestHeader(\"Accept\",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!==\"*\"?\", \"+bX+\"; q=0.01\":\"\"):d.accepts[\"*\"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=b$(bU,d,c,v);if(!p)w(-1,\"No Transport\");else{v.readyState=1,t&&g.trigger(\"ajaxSend\",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort(\"timeout\")},d.timeout));try{s=1,p.send(l,w)}catch(z){if(s<2)w(-1,z);else throw z}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+\"=\"+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.v\r\nalue)});else for(var g in a)ca(g,a[g],c,e);return d.join(\"&\").replace(bD,\"+\")}}),f.extend({active:0,lastModified:{},etag:{}});var cd=f.now(),ce=/(\\=)\\?(&|$)|\\?\\?/i;f.ajaxSetup({jsonp:\"callback\",jsonpCallback:function(){return f.expando+\"_\"+cd++}}),f.ajaxPrefilter(\"json jsonp\",function(b,c,d){var e=b.contentType===\"application/x-www-form-urlencoded\"&&typeof b.data==\"string\";if(b.dataTypes[0]===\"jsonp\"||b.jsonp!==!1&&(ce.test(b.url)||e&&ce.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l=\"$1\"+h+\"$2\";b.jsonp!==!1&&(j=j.replace(ce,l),b.url===j&&(e&&(k=k.replace(ce,l)),b.data===k&&(j+=(/\\?/.test(j)?\"&\":\"?\")+b.jsonp+\"=\"+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters[\"script json\"]=function(){g||f.error(h+\" was not called\");return g[0]},b.dataTypes[0]=\"json\";return\"script\"}}),f.ajaxSetup({accepts:{script:\"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript\"},contents:{script:/javascript|ecmascript/},converters:{\"text script\":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter(\"script\",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type=\"GET\",a.global=!1)}),f.ajaxTransport(\"script\",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName(\"head\")[0]||c.documentElement;return{send:function(f,g){d=c.createElement(\"script\"),d.async=\"async\",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,\"success\")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cf=a.ActiveXObject?function(){for(var a in ch)ch[a](0,1)}:!1,cg=0,ch;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ci()||cj()}:ci,function(a){f.extend(f.support,{ajax:!!a,cors:!\r\n!a&&\"withCredentials\"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e[\"X-Requested-With\"]&&(e[\"X-Requested-With\"]=\"XMLHttpRequest\");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cf&&delete ch[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=\"\"}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cg,cf&&(ch||(ch={},f(a).unload(cf)),ch[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var ck={},cl,cm,cn=/^(?:toggle|show|hide)$/,co=/^([+\\-]=)?([\\d+.\\-]+)([a-z%]*)$/i,cp,cq=[[\"height\",\"marginTop\",\"marginBottom\",\"paddingTop\",\"paddingBottom\"],[\"width\",\"marginLeft\",\"marginRight\",\"paddingLeft\",\"paddingRight\"],[\"opacity\"]],cr;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cu(\"show\",3),a,b,c);for(var g=0,h=this.length;g<h;g++)d=this[g],d.style&&(e=d.style.display,!f._data(d,\"olddisplay\")&&e===\"none\"&&(e=d.style.display=\"\"),e===\"\"&&f.css(d,\"display\")===\"none\"&&f._data(d,\"olddisplay\",cv(d.nodeName)));for(g=0;g<h;g++){d=this[g];if(d.style){e=d.style.display;if(e===\"\"||e===\"none\")d.style.display=f._data(d,\"olddisplay\")||\"\"}}return this},hide:function(a,b,c){if(a||a===0)return this.animate(cu(\"hide\",3),a,b,c);var d,e,g=0,h=this.length;for(;g<h;g++)d=this[g],d.style&&(e=f.css(d,\"display\"),e!==\"none\"&&!f._data(d,\"olddisplay\")&&f._data(d,\r\n\"olddisplay\",e));for(g=0;g<h;g++)this[g].style&&(this[g].style.display=\"none\");return this},_toggle:f.fn.toggle,toggle:function(a,b,c){var d=typeof a==\"boolean\";f.isFunction(a)&&f.isFunction(b)?this._toggle.apply(this,arguments):a==null||d?this.each(function(){var b=d?a:f(this).is(\":hidden\");f(this)[b?\"show\":\"hide\"]()}):this.animate(cu(\"toggle\",3),a,b,c);return this},fadeTo:function(a,b,c,d){return this.filter(\":hidden\").css(\"opacity\",0).show().end().animate({opacity:b},a,c,d)},animate:function(a,b,c,d){function g(){e.queue===!1&&f._mark(this);var b=f.extend({},e),c=this.nodeType===1,d=c&&f(this).is(\":hidden\"),g,h,i,j,k,l,m,n,o;b.animatedProperties={};for(i in a){g=f.camelCase(i),i!==g&&(a[g]=a[i],delete a[i]),h=a[g],f.isArray(h)?(b.animatedProperties[g]=h[1],h=a[g]=h[0]):b.animatedProperties[g]=b.specialEasing&&b.specialEasing[g]||b.easing||\"swing\";if(h===\"hide\"&&d||h===\"show\"&&!d)return b.complete.call(this);c&&(g===\"height\"||g===\"width\")&&(b.overflow=[this.style.overflow,this.style.overflowX,this.style.overflowY],f.css(this,\"display\")===\"inline\"&&f.css(this,\"float\")===\"none\"&&(!f.support.inlineBlockNeedsLayout||cv(this.nodeName)===\"inline\"?this.style.display=\"inline-block\":this.style.zoom=1))}b.overflow!=null&&(this.style.overflow=\"hidden\");for(i in a)j=new f.fx(this,b,i),h=a[i],cn.test(h)?(o=f._data(this,\"toggle\"+i)||(h===\"toggle\"?d?\"show\":\"hide\":0),o?(f._data(this,\"toggle\"+i,o===\"show\"?\"hide\":\"show\"),j[o]()):j[h]()):(k=co.exec(h),l=j.cur(),k?(m=parseFloat(k[2]),n=k[3]||(f.cssNumber[i]?\"\":\"px\"),n!==\"px\"&&(f.style(this,i,(m||1)+n),l=(m||1)/j.cur()*l,f.style(this,i,l+n)),k[1]&&(m=(k[1]===\"-=\"?-1:1)*m+l),j.custom(l,m,n)):j.custom(l,h,\"\"));return!0}var e=f.speed(b,c,d);if(f.isEmptyObject(a))return this.each(e.complete,[!1]);a=f.extend({},a);return e.queue===!1?this.each(g):this.queue(e.queue,g)},stop:function(a,c,d){typeof a!=\"string\"&&(d=c,c=a,a=b),c&&a!==!1&&this.queue(a||\"fx\",[]);return this.each(function(){function h(a,b,c){var e=b[c];\r\nf.removeData(a,c,!0),e.stop(d)}var b,c=!1,e=f.timers,g=f._data(this);d||f._unmark(!0,this);if(a==null)for(b in g)g[b]&&g[b].stop&&b.indexOf(\".run\")===b.length-4&&h(this,g,b);else g[b=a+\".run\"]&&g[b].stop&&h(this,g,b);for(b=e.length;b--;)e[b].elem===this&&(a==null||e[b].queue===a)&&(d?e[b](!0):e[b].saveState(),c=!0,e.splice(b,1));(!d||!c)&&f.dequeue(this,a)})}}),f.each({slideDown:cu(\"show\",1),slideUp:cu(\"hide\",1),slideToggle:cu(\"toggle\",1),fadeIn:{opacity:\"show\"},fadeOut:{opacity:\"hide\"},fadeToggle:{opacity:\"toggle\"}},function(a,b){f.fn[a]=function(a,c,d){return this.animate(b,a,c,d)}}),f.extend({speed:function(a,b,c){var d=a&&typeof a==\"object\"?f.extend({},a):{complete:c||!c&&b||f.isFunction(a)&&a,duration:a,easing:c&&b||b&&!f.isFunction(b)&&b};d.duration=f.fx.off?0:typeof d.duration==\"number\"?d.duration:d.duration in f.fx.speeds?f.fx.speeds[d.duration]:f.fx.speeds._default;if(d.queue==null||d.queue===!0)d.queue=\"fx\";d.old=d.complete,d.complete=function(a){f.isFunction(d.old)&&d.old.call(this),d.queue?f.dequeue(this,d.queue):a!==!1&&f._unmark(this)};return d},easing:{linear:function(a,b,c,d){return c+d*a},swing:function(a,b,c,d){return(-Math.cos(a*Math.PI)/2+.5)*d+c}},timers:[],fx:function(a,b,c){this.options=b,this.elem=a,this.prop=c,b.orig=b.orig||{}}}),f.fx.prototype={update:function(){this.options.step&&this.options.step.call(this.elem,this.now,this),(f.fx.step[this.prop]||f.fx.step._default)(this)},cur:function(){if(this.elem[this.prop]!=null&&(!this.elem.style||this.elem.style[this.prop]==null))return this.elem[this.prop];var a,b=f.css(this.elem,this.prop);return isNaN(a=parseFloat(b))?!b||b===\"auto\"?0:b:a},custom:function(a,c,d){function h(a){return e.step(a)}var e=this,g=f.fx;this.startTime=cr||cs(),this.end=c,this.now=this.start=a,this.pos=this.state=0,this.unit=d||this.unit||(f.cssNumber[this.prop]?\"\":\"px\"),h.queue=this.options.queue,h.elem=this.elem,h.saveState=function(){e.options.hide&&f._data(e.elem,\"fxshow\"+e.prop)===b&&f._data(e.elem,\"fxshow\"+e.prop,e.start)},h()&&\r\nf.timers.push(h)&&!cp&&(cp=setInterval(g.tick,g.interval))},show:function(){var a=f._data(this.elem,\"fxshow\"+this.prop);this.options.orig[this.prop]=a||f.style(this.elem,this.prop),this.options.show=!0,a!==b?this.custom(this.cur(),a):this.custom(this.prop===\"width\"||this.prop===\"height\"?1:0,this.cur()),f(this.elem).show()},hide:function(){this.options.orig[this.prop]=f._data(this.elem,\"fxshow\"+this.prop)||f.style(this.elem,this.prop),this.options.hide=!0,this.custom(this.cur(),0)},step:function(a){var b,c,d,e=cr||cs(),g=!0,h=this.elem,i=this.options;if(a||e>=i.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),i.animatedProperties[this.prop]=!0;for(b in i.animatedProperties)i.animatedProperties[b]!==!0&&(g=!1);if(g){i.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each([\"\",\"X\",\"Y\"],function(a,b){h.style[\"overflow\"+b]=i.overflow[a]}),i.hide&&f(h).hide();if(i.hide||i.show)for(b in i.animatedProperties)f.style(h,b,i.orig[b]),f.removeData(h,\"fxshow\"+b,!0),f.removeData(h,\"toggle\"+b,!0);d=i.complete,d&&(i.complete=!1,d.call(h))}return!1}i.duration==Infinity?this.now=e:(c=e-this.startTime,this.state=c/i.duration,this.pos=f.easing[i.animatedProperties[this.prop]](this.state,c,0,1,i.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){var a,b=f.timers,c=0;for(;c<b.length;c++)a=b[c],!a()&&b[c]===a&&b.splice(c--,1);b.length||f.fx.stop()},interval:13,stop:function(){clearInterval(cp),cp=null},speeds:{slow:600,fast:200,_default:400},step:{opacity:function(a){f.style(a.elem,\"opacity\",a.now)},_default:function(a){a.elem.style&&a.elem.style[a.prop]!=null?a.elem.style[a.prop]=a.now+a.unit:a.elem[a.prop]=a.now}}}),f.each([\"width\",\"height\"],function(a,b){f.fx.step[b]=function(a){f.style(a.elem,b,Math.max(0,a.now)+a.unit)}}),f.expr&&f.expr.filters&&(f.expr.filters.animated=function(a){return f.grep(f.timers,function(b){return a===b.elem}).length});var cw=/^t(?:able|d|h)$/i,cx=/^(?:body|html)$/i;\"getBoundingClientR\r\nect\"in c.documentElement?f.fn.offset=function(a){var b=this[0],c;if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);try{c=b.getBoundingClientRect()}catch(d){}var e=b.ownerDocument,g=e.documentElement;if(!c||!f.contains(g,b))return c?{top:c.top,left:c.left}:{top:0,left:0};var h=e.body,i=cy(e),j=g.clientTop||h.clientTop||0,k=g.clientLeft||h.clientLeft||0,l=i.pageYOffset||f.support.boxModel&&g.scrollTop||h.scrollTop,m=i.pageXOffset||f.support.boxModel&&g.scrollLeft||h.scrollLeft,n=c.top+l-j,o=c.left+m-k;return{top:n,left:o}}:f.fn.offset=function(a){var b=this[0];if(a)return this.each(function(b){f.offset.setOffset(this,a,b)});if(!b||!b.ownerDocument)return null;if(b===b.ownerDocument.body)return f.offset.bodyOffset(b);var c,d=b.offsetParent,e=b,g=b.ownerDocument,h=g.documentElement,i=g.body,j=g.defaultView,k=j?j.getComputedStyle(b,null):b.currentStyle,l=b.offsetTop,m=b.offsetLeft;while((b=b.parentNode)&&b!==i&&b!==h){if(f.support.fixedPosition&&k.position===\"fixed\")break;c=j?j.getComputedStyle(b,null):b.currentStyle,l-=b.scrollTop,m-=b.scrollLeft,b===d&&(l+=b.offsetTop,m+=b.offsetLeft,f.support.doesNotAddBorder&&(!f.support.doesAddBorderForTableAndCells||!cw.test(b.nodeName))&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),e=d,d=b.offsetParent),f.support.subtractsBorderForOverflowNotVisible&&c.overflow!==\"visible\"&&(l+=parseFloat(c.borderTopWidth)||0,m+=parseFloat(c.borderLeftWidth)||0),k=c}if(k.position===\"relative\"||k.position===\"static\")l+=i.offsetTop,m+=i.offsetLeft;f.support.fixedPosition&&k.position===\"fixed\"&&(l+=Math.max(h.scrollTop,i.scrollTop),m+=Math.max(h.scrollLeft,i.scrollLeft));return{top:l,left:m}},f.offset={bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.support.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,\"marginTop\"))||0,c+=parseFloat(f.css(a,\"marginLeft\"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,\"posi\r\ntion\");d===\"static\"&&(a.style.position=\"relative\");var e=f(a),g=e.offset(),h=f.css(a,\"top\"),i=f.css(a,\"left\"),j=(d===\"absolute\"||d===\"fixed\")&&f.inArray(\"auto\",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),\"using\"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=cx.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,\"marginTop\"))||0,c.left-=parseFloat(f.css(a,\"marginLeft\"))||0,d.top+=parseFloat(f.css(b[0],\"borderTopWidth\"))||0,d.left+=parseFloat(f.css(b[0],\"borderLeftWidth\"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!cx.test(a.nodeName)&&f.css(a,\"position\")===\"static\")a=a.offsetParent;return a})}}),f.each([\"Left\",\"Top\"],function(a,c){var d=\"scroll\"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cy(e);return g?\"pageXOffset\"in g?g[a?\"pageYOffset\":\"pageXOffset\"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cy(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each([\"Height\",\"Width\"],function(a,c){var d=c.toLowerCase();f.fn[\"inner\"+c]=function(){var a=this[0];return a?a.style?parseFloat(f.css(a,d,\"padding\")):this[d]():null},f.fn[\"outer\"+c]=function(a){var b=this[0];return b?b.style?parseFloat(f.css(b,d,a?\"margin\":\"border\")):this[d]():null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement[\"client\"+c],h=e.document.body;return e.document.compatMode===\"CSS1Compat\"&&g||h&&h[\"client\"+c]||g}if(e.nodeType===9)return Math.max(e.do\r\ncumentElement[\"client\"+c],e.body[\"scroll\"+c],e.documentElement[\"scroll\"+c],e.body[\"offset\"+c],e.documentElement[\"offset\"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNumeric(j)?j:i}return this.css(d,typeof a==\"string\"?a:a+\"px\")}}),a.jQuery=a.$=f,typeof define==\"function\"&&define.amd&&define.amd.jQuery&&define(\"jquery\",[],function(){return f})})(window);\njQuery = $jquery_171 = $jquery = window.jQuery.noConflict(true); \n\n}");
user_pref("extensions.adblockplus.currentVersion", "2.4");
user_pref("extensions.adblockplus.notificationdata", "{\"lastCheck\":1387660133460,\"softExpiration\":1387661082716,\"hardExpiration\":1387738837631,\"data\":{\"notifications\":[],\"version\":\"201312201900\"},\"lastError\":0,\"downloadStatus\":\"synchronize_ok\",\"shown\":[]}");
user_pref("extensions.avastwrc.settings", "{\"siteCorrect\":{\"declined\":{}},\"safeZone\":{\"declined\":{}},\"phishing\":{\"trusted\":{}},\"safeShop\":{\"noCouponDomains\":{},\"hideDomains\":{},\"hideAll\":0},\"features\":{\"phishing\":true,\"dnt\":false,\"dntSocial\":false,\"dntAdTracking\":false,\"dntWebAnalytics\":false,\"dntOthers\":false,\"siteCorrect\":false,\"siteCorrectAuto\":false,\"safeZone\":false,\"communityIQ\":false,\"serp\":true,\"serpPopup\":true,\"safeShop\":false},\"current\":{\"callerId\":2016,\"userId\":\"b64b3a815bf095b87f7ed784e470e5b1\",\"lastApplicationEventSent\":1442950428593}}");
user_pref("extensions.avastwrc.whiteList", "{\"trk\":{\"apps.facebook.com\":{\"703\":false},\"avast.com\":{\"779\":false}}}");
user_pref("extensions.blocklist.pingCountTotal", 203);
user_pref("extensions.blocklist.pingCountVersion", 2);
user_pref("extensions.bootstrappedAddons", "{\"firefox-hotfix@mozilla.org\":{\"version\":\"20150311.01\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Maxime\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\owmdd1yo.default-1369816259357\\\\extensions\\\\firefox-hotfix@mozilla.org.xpi\"}}");
user_pref("extensions.databaseSchema", 23);
user_pref("extensions.e-webprint@epson.com.install-event-fired", true);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1");
user_pref("extensions.getAddons.cache.lastUpdate", 1513266136);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20150311.01");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"e-webprint@epson.com\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Epson Software\\\\E-Web Print\\\\Firefox Add-on\",\"mtime\":1410609418180,\"rdfTime\":1408346982000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1401197342867,\"rdfTime\":1401197340018}}}]");
user_pref("extensions.installedDistroAddon.jid1-16aeif9OQIRKxA@jetpack", true);
user_pref("extensions.lastAppBuildId", "20171128222554");
user_pref("extensions.lastAppVersion", "57.0.1");
user_pref("extensions.lastPlatformVersion", "57.0.1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shield-recipe-client.first_run", false);
user_pref("extensions.shield-recipe-client.user_id", "1f8c1011-529e-44bd-b5af-86b77560ccdd");
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{fcca511c-a634-4496-9d33-0d8c842cc655}\",\"addons\":{\"disable-media-wmf-nv12@mozilla.org\":{\"version\":\"1.1\"}}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/plugin");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.webextensions.uuids", "{\"jid1-16aeif9OQIRKxA@jetpack\":\"6a0d8d04-e06b-4650-98e9-e2eea43143cf\",\"screenshots@mozilla.org\":\"8f0e9a9e-a828-4001-bdfd-3d91af17ea3e\"}");
user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*");
user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*");
user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*");
user_pref("extensions.wrc@avast.com.install-event-fired", true);
user_pref("extensions.{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.install-event-fired", true);
user_pref("extensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.install-event-fired", true);
user_pref("network.proxy.backup.ftp", "squid");
user_pref("network.proxy.backup.ftp_port", 3128);
user_pref("network.proxy.backup.socks", "squid");
user_pref("network.proxy.backup.socks_port", 3128);
user_pref("network.proxy.backup.ssl", "squid");
user_pref("network.proxy.backup.ssl_port", 3128);
user_pref("network.proxy.ftp", "squid");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "squid");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "squid");
user_pref("network.proxy.socks_port", 3128);
user_pref("network.proxy.ssl", "squid");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 4);


[Profile0] - Name=default-1369816259357 -> Profiles/owmdd1yo.default-1369816259357

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{48a3a2f7-58d1-420b-a101-3f4c98e328b3}]
"DhcpNameServer"=89.2.0.1 89.2.0.2
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{81b3e3a5-9525-428f-b726-1234168caf97}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{48a3a2f7-58d1-420b-a101-3f4c98e328b3}]
"DhcpNameServer"=89.2.0.1 89.2.0.2
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{81b3e3a5-9525-428f-b726-1234168caf97}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Classes\Applications\Skype.exe] : "C:\Program Files (x86)\Skype\Phone\Skype.exe" "%1"
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\Maxime\AppData\Roaming\uTorrent\uTorrent.exe" "%1" /SHELLASSOC
[HKLM\SOFTWARE\Classes\Applications\chrome.exe] : "C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"
[HKLM\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\chrome.exe] : "C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\firefox.exe] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoGallery.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"DevicesFlow"=DevicesFlowUserSvc
"smbsvcs"=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Addictive Software]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Adobe]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\AppDataLow]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Apple Inc.]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ASProtect]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Atheros]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\BitTorrent]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Bugsplat]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\CanonBJ]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Chromium]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Clients]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Conexant]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\CyberLink]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\DirectShow]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\DivXNetworks]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Dragon Systems]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Dropbox]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\EPSON]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\EPSON Software Updater]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Facebook]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\FLEXnet]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\foobar2000]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Garmin]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Google]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\IM Providers]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\InstallShield]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Intel]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\JavaSoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\kde.org]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Lake]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Lavasoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\LDM]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Lenovo]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Macromedia]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Malwarebytes]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Malwarebytes' Anti-Malware]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Mine]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ModelMaker]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Mozilla]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Netscape]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ODBC]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\PCTuneUp]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\PhotoFiltre 7]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Pinnacle Systems]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Policies]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ProtectedStorage]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ScanSoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\SEIKO EPSON CORPORATION]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\SketchUp]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Skype]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\SkypeRS]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Sony Creative Software]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Spotify]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Synaptics]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\SyncEngines]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Sysinternals]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Trolltech]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\TuneUp]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Unchecky]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\VB and VBA Program Settings]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\WinRAR]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Wow6432Node]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\ZHP]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AdsFix]
[HKLM\Software\Atheros]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVAST Software]
[HKLM\Software\Clients]
[HKLM\Software\CnxtCoinst]
[HKLM\Software\Cnxt_Uiu_Parms]
[HKLM\Software\Conexant]
[HKLM\Software\CyberLink]
[HKLM\Software\Dolby]
[HKLM\Software\EPSON]
[HKLM\Software\EpsonNet]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Lenovo]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\Synaptics]
[HKLM\Software\Sysinternals]
[HKLM\Software\TuneUp]
[HKLM\Software\UIU]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Apple Computer, Inc.]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Atheros]
[HKLM\Software\WOW6432Node\Atheros Communications Inc.]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\CDDB]
[HKLM\Software\WOW6432Node\Conexant]
[HKLM\Software\WOW6432Node\Corel]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\DivX]
[HKLM\Software\WOW6432Node\Dragon Systems]
[HKLM\Software\WOW6432Node\EPSON]
[HKLM\Software\WOW6432Node\EpsonNet]
[HKLM\Software\WOW6432Node\FAST Multimedia]
[HKLM\Software\WOW6432Node\FNET]
[HKLM\Software\WOW6432Node\foobar2000]
[HKLM\Software\WOW6432Node\Garmin]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Lavasoft]
[HKLM\Software\WOW6432Node\LDM]
[HKLM\Software\WOW6432Node\Lenovo]
[HKLM\Software\WOW6432Node\Lenovo EasyCamera]
[HKLM\Software\WOW6432Node\Licenses]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\ModelMaker]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Pegasus Imaging]
[HKLM\Software\WOW6432Node\Pinnacle Systems]
[HKLM\Software\WOW6432Node\Qualcomm Atheros]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\ScanSoft]
[HKLM\Software\WOW6432Node\SEIKO EPSON CORPORATION]
[HKLM\Software\WOW6432Node\Sensory Software]
[HKLM\Software\WOW6432Node\SketchUp]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Sony Creative Software]
[HKLM\Software\WOW6432Node\SuppHelpDir]
[HKLM\Software\WOW6432Node\Sysinternals]
[HKLM\Software\WOW6432Node\TuneUp]
[HKLM\Software\WOW6432Node\Unchecky]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Voice]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\ZSMC]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


D:


---------- | C:

[22/08/2013 16:36:31] - |SHD| - [282446] - C:\$Recycle.Bin
[11/09/2017 15:20:11] - |HD| - [355280351] - C:\$SysReset
[13/12/2017 14:06:52] - |HD| - [84421296] - C:\$WINDOWS.~BT
[10/09/2015 18:19:19] - |D| - [134848792] - C:\112de475a9c84d4ea4f9
[13/10/2015 21:40:16] - |D| - [15388001] - C:\2f9e89bc6e4697521145090d86b434af
[01/08/2012 17:50:27] - |SHD| - [18191644] - C:\Boot
[MD5.21BF183C15AFE62A8D1137BB9007B2A3] - [26/07/2012 09:18:43] - |RASH| - (.-.) - [398156] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [26/07/2012 09:18:43] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[MD5.8739A7786F973BDA7959C8AF8D3FA043] - [01/08/2012 17:50:29] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK
[13/11/2015 23:44:14] - |D| - [9896087] - C:\c130d0b77b677eccb0fb
[22/08/2017 09:20:17] - |SHD| - [0] - C:\Config.Msi
[MD5.D3FE950342307C99C61631610133934A] - [04/10/2017 18:02:02] - |A| - (.-.) - [1232] - (0.0.0.0) - C:\DelFix.txt
[22/08/2013 15:45:52] - |SHD| - [0] - C:\Documents and Settings
[30/11/2013 13:32:43] - |D| - [1958141045] - C:\drivers
[20/11/2017 16:40:47] - |SHD| - [49120] - C:\found.000
[20/11/2017 16:40:47] - |SHD| - [4902] - C:\found.001
[20/11/2017 16:40:47] - |SHD| - [7419] - C:\found.002
[20/11/2017 16:40:47] - |SHD| - [5091] - C:\found.003
[20/11/2017 16:40:47] - |SHD| - [5061] - C:\found.004
[20/11/2017 16:40:47] - |SHD| - [4034] - C:\found.005
[20/11/2017 16:40:47] - |SHD| - [7092] - C:\found.006
[20/11/2017 16:40:47] - |SHD| - [7092] - C:\found.007
[20/11/2017 16:40:47] - |SHD| - [499367] - C:\found.008
[20/11/2017 16:40:47] - |SHD| - [78002] - C:\found.009
[20/11/2017 16:40:47] - |SHD| - [5091] - C:\found.010
[20/11/2017 16:40:47] - |SHD| - [4023] - C:\found.011
[20/11/2017 16:40:47] - |SHD| - [4670] - C:\found.012
[20/11/2017 16:40:47] - |SHD| - [5090] - C:\found.013
[20/11/2017 16:40:47] - |SHD| - [3600] - C:\found.014
[20/11/2017 16:40:47] - |SHD| - [5061] - C:\found.015
[20/11/2017 16:40:47] - |SHD| - [4670] - C:\found.016
[20/11/2017 16:40:47] - |SHD| - [6640] - C:\found.017
[20/11/2017 16:40:47] - |SHD| - [6640] - C:\found.018
[20/11/2017 16:40:47] - |SHD| - [3372] - C:\found.019
[05/12/2017 10:03:03] - |SHD| - [7900496] - C:\found.020
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/07/2017 13:32:48] - |ASH| - (.-.) - [1660846080] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2014 18:17:02] - |D| - [84282] - C:\Intel
[13/02/2016 14:18:25] - |D| - [16355328] - C:\Logs
[09/04/2013 11:14:49] - |RHD| - [743365225] - C:\MSOCache
[MD5.C8B884A07482F1D1768D9C15718638F4] - [11/04/2015 14:48:07] - |A| - (.-.) - [921] - (0.0.0.0) - C:\Musique - Raccourci.lnk
[07/11/2017 19:32:09] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/09/2016 00:24:34] - |ASH| - (.-.) - [1073741824] - (0.0.0.0) - C:\pagefile.sys
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/06/2016 23:16:49] - |A| - (.-.) - [0] - (0.0.0.0) - C:\PDVDIPC.d2m
[18/03/2017 22:03:28] - |D| - [0] - C:\PerfLogs
[18/03/2017 22:03:28] - |RD| - [4716360850] - C:\Program Files
[18/03/2017 22:03:28] - |RD| - [5771469602] - C:\Program Files (x86)
[18/03/2017 22:03:29] - |HD| - [96328405117] - C:\ProgramData
[16/03/2013 16:25:42] - |D| - [443530046] - C:\Programmes de base
[14/12/2017 16:36:36] - |D| - [68685] - C:\QuickDiag
[MD5.5DC445C41263E636E792C4218C431255] - [14/12/2017 16:37:14] - |A| - (.-.) - [344110] - (0.0.0.0) - C:\QuickDiag.txt
[23/07/2017 14:05:41] - |SHD| - [1006] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/09/2016 00:24:38] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[25/09/2012 17:35:00] - |SHD| - [2005415260] - C:\System Volume Information
[25/09/2012 08:20:34] - |D| - [175835426] - C:\UserGuidePDF
[18/03/2017 12:40:20] - |RD| - [580431100964] - C:\Users
[18/03/2017 12:40:20] - |D| - [53126054946] - C:\Windows
[04/10/2017 12:21:32] - |D| - [20703572] - C:\Windows10Upgrade

---------- | C:\WINDOWS

[11/04/2015 16:41:09] - |AD| - [13635792] - C:\WINDOWS\1.6.5
[18/03/2017 22:03:29] - |D| - [802] - C:\WINDOWS\addins
[18/03/2017 22:03:29] - |D| - [18014860] - C:\WINDOWS\appcompat
[18/03/2017 22:03:29] - |D| - [12472354] - C:\WINDOWS\AppPatch
[18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness
[18/03/2017 22:03:28] - |RSD| - [1001333293] - C:\WINDOWS\assembly
[26/07/2012 09:12:59] - |D| - [0] - C:\WINDOWS\AUInstallAgent
[MD5.9257EC77C794C27432C63B96A4FBE098] - [10/04/2013 16:31:32] - |A| - (.-.) - [27729] - (0.0.0.0) - C:\WINDOWS\AutoKMS.log
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [01/10/2016 10:39:53] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr
[18/03/2017 22:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr
[MD5.293283CF350E00AF8C4A2770BDBF4D50] - [23/07/2017 13:44:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe
[18/03/2017 22:03:29] - |D| - [38059399] - C:\WINDOWS\Boot
[MD5.6CB97871BBC9BB38FBF48C1AF8A3C799] - [23/07/2017 13:08:51] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[18/03/2017 22:03:29] - |D| - [2447960] - C:\WINDOWS\Branding
[MD5.96AB5888BC087FACFDB69D0956738724] - [11/08/2013 23:26:28] - |A| - (.-.) - [434] - (0.0.0.0) - C:\WINDOWS\BRWMARK.INI
[18/03/2017 21:51:24] - |D| - [740270] - C:\WINDOWS\CbsTemp
[MD5.B73F7F401F082080B114DAC1DBAAE103] - [23/07/2017 13:38:11] - |A| - (.-.) - [29539] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[MD5.F471CF70EE6D49C5650A4D5295531435] - [20/03/2017 06:12:07] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml
[MD5.A59F3E4CFD0FFC84FEBCFB548EC0F064] - [26/07/2012 08:53:12] - |A| - (.-.) - [31497] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml
[MD5.127A7DB75E9835E45A4224703B7A4A31] - [25/09/2012 00:59:49] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\CSUP.TXT
[18/03/2017 22:03:29] - |D| - [9011137] - C:\WINDOWS\Cursors
[18/03/2017 22:03:29] - |D| - [7492134] - C:\WINDOWS\debug
[MD5.847CF188342ED29F037E3B2B5A3FF4F1] - [25/09/2012 08:29:22] - |A| - (.-.) - [22486] - (0.0.0.0) - C:\WINDOWS\Desktop-fav-icon.ico
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [23/07/2017 13:58:42] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[18/03/2017 22:03:29] - |D| - [4451066] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [23/07/2017 13:58:42] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[20/03/2017 06:10:26] - |D| - [0] - C:\WINDOWS\DigitalLocker
[MD5.F5420896161B645E4411814E32176C6B] - [30/07/2013 19:03:15] - |A| - (.-.) - [197] - (0.0.0.0) - C:\WINDOWS\DirectX.log
[25/09/2012 08:28:29] - |D| - [213294080] - C:\WINDOWS\Downloaded Installations
[18/03/2017 22:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.15F0FEB6EBC5D05B472B8163CB101ABD] - [25/09/2012 07:50:36] - |A| - (.-.) - [16320] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.6419736D584CEB46E0E431F9380D8A9F] - [18/03/2017 22:05:44] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [24/09/2014 11:12:08] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\EEventManager.INI
[18/03/2017 22:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP
[30/07/2013 19:15:01] - |D| - [116720] - C:\WINDOWS\en
[20/03/2017 06:10:26] - |D| - [0] - C:\WINDOWS\en-US
[13/04/2015 23:44:39] - |D| - [1042667] - C:\WINDOWS\Ereg
[04/10/2017 18:02:11] - |D| - [146967652] - C:\WINDOWS\ERUNT
[MD5.01078D46C77CE0D7DC584A29062A799D] - [11/10/2017 13:54:19] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [4848952] - (10.0.15063.674) - C:\WINDOWS\explorer.exe
[18/03/2017 22:03:29] - |RSD| - [399265476] - C:\WINDOWS\Fonts
[30/07/2013 19:14:51] - |D| - [117232] - C:\WINDOWS\fr
[20/03/2017 06:10:26] - |D| - [109056] - C:\WINDOWS\fr-FR
[MD5.83A4B0A1E4C9ECAC869FB3884ABCD408] - [25/09/2012 17:35:22] - |A| - (.-.) - [10599670] - (0.0.0.0) - C:\WINDOWS\fr-fr.log
[18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[18/03/2017 22:03:29] - |D| - [45968493] - C:\WINDOWS\Globalization
[MD5.A75A03E2FE261297C3CBB128C32BE3D8] - [29/01/2014 10:23:09] - |A| - (.- GP-Install.) - [796672] - (5.0.3.32) - C:\WINDOWS\GPInstall.exe
[18/03/2017 22:03:29] - |D| - [97131535] - C:\WINDOWS\Help
[MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [23/07/2017 13:44:45] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe
[MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 21:57:33] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe
[20/03/2017 06:11:49] - |D| - [14071088] - C:\WINDOWS\HoloShell
[MD5.61E57566A14A23C21925D5610AD0B670] - [05/12/2017 16:50:48] - |A| - (.-.) - [7595] - (0.0.0.0) - C:\WINDOWS\IE11_main.log
[18/03/2017 22:03:29] - |D| - [173056880] - C:\WINDOWS\IME
[18/03/2017 22:03:29] - |RD| - [8336344] - C:\WINDOWS\ImmersiveControlPanel
[18/03/2017 22:01:21] - |D| - [79823167] - C:\WINDOWS\INF
[18/03/2017 22:03:29] - |D| - [1362102450] - C:\WINDOWS\InfusedApps
[18/03/2017 22:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod
[18/03/2017 22:03:29] - |SHD| - [12780516106] - C:\WINDOWS\Installer
[MD5.68997DCC017B8F0A1675452476A03300] - [29/01/2014 11:39:12] - |A| - (.Copyright© 1990-1997 InstallShield Software Corporation Phone : (847) 240-9111  - InstallShield® unInstaller.) - [305664] - (5.10.146.0) - C:\WINDOWS\IsUn040c.exe
[18/03/2017 22:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas
[MD5.CAF24DD33DCEA668693DD6802A61A172] - [25/09/2012 08:29:22] - |A| - (.-.) - [22486] - (0.0.0.0) - C:\WINDOWS\Lenovo telephony.ico
[18/03/2017 22:03:29] - |D| - [2949027] - C:\WINDOWS\LiveKernelReports
[18/03/2017 12:40:24] - |D| - [984830332] - C:\WINDOWS\Logs
[18/03/2017 22:03:29] - |RSD| - [20329759] - C:\WINDOWS\Media
[22/08/2013 16:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer
[MD5.2236371BDDB1BDDE4E2A44B2D3ABB5E5] - [20/06/2016 15:24:47] - |A| - (.-.) - [527256497] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.6AC65E18B8E982DE8BB1E719A14D3030] - [25/09/2012 08:33:29] - |A| - (.-.) - [2160780] - (0.0.0.0) - C:\WINDOWS\MFGSTAT.zip
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 21:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[18/03/2017 22:03:28] - |RD| - [791606738] - C:\WINDOWS\Microsoft.NET
[18/03/2017 22:03:29] - |D| - [2938] - C:\WINDOWS\Migration
[12/09/2017 09:12:15] - |D| - [2674436] - C:\WINDOWS\Minidump
[18/03/2017 22:03:29] - |RD| - [487312] - C:\WINDOWS\MiracastView
[18/03/2017 22:03:29] - |D| - [2090] - C:\WINDOWS\ModemLogs
[MD5.83D4C7EA8AB39A820532130F28887BAD] - [25/09/2012 18:37:12] - |AH| - (.-.) - [87468] - (0.0.0.0) - C:\WINDOWS\MODULES.LOG
[05/12/2017 16:51:11] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 21:58:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe
[20/03/2017 06:11:22] - |D| - [199472] - C:\WINDOWS\OCR
[18/03/2017 22:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[25/09/2012 08:08:27] - |D| - [7443036] - C:\WINDOWS\Options
[22/07/2017 11:26:55] - |DC| - [352557894] - C:\WINDOWS\Panther
[14/09/2017 14:10:20] - |D| - [0] - C:\WINDOWS\PCHEALTH
[18/03/2017 22:03:29] - |D| - [29354287] - C:\WINDOWS\Performance
[MD5.E2E77AC89CDA5C5967128FACA4C4B96B] - [01/10/2016 22:18:10] - |A| - (.-.) - [892754] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[18/03/2017 22:03:29] - |D| - [1136442] - C:\WINDOWS\PLA
[18/03/2017 22:03:29] - |D| - [2730616] - C:\WINDOWS\PolicyDefinitions
[23/07/2017 13:08:13] - |D| - [15047911] - C:\WINDOWS\Prefetch
[18/03/2017 22:03:29] - |RD| - [2168604] - C:\WINDOWS\PrintDialog
[13/04/2015 23:40:55] - |D| - [302972465] - C:\WINDOWS\Program
[18/03/2017 22:03:29] - |D| - [2884229] - C:\WINDOWS\Provisioning
[MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 21:57:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe
[18/03/2017 22:03:29] - |D| - [1117876] - C:\WINDOWS\registration
[18/03/2017 22:03:29] - |D| - [9695881] - C:\WINDOWS\rescache
[18/03/2017 22:03:29] - |D| - [4442444] - C:\WINDOWS\Resources
[18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\SchCache
[18/03/2017 22:03:29] - |D| - [121229] - C:\WINDOWS\schemas
[18/03/2017 22:03:29] - |D| - [5552674] - C:\WINDOWS\security
[MD5.EA156A8B970262707070AF70ABC4EF0F] - [29/01/2014 11:19:39] - |A| - (.-.) - [1410953] - (0.0.0.0) - C:\WINDOWS\Sensory.CAB
[23/07/2017 13:37:22] - |D| - [63403929] - C:\WINDOWS\ServiceProfiles
[18/03/2017 12:40:20] - |D| - [270224819] - C:\WINDOWS\servicing
[18/03/2017 22:06:43] - |D| - [42] - C:\WINDOWS\Setup
[MD5.7BE764954D442B80202C8342D0306A89] - [29/01/2014 11:19:42] - |A| - (.Copyright (C) 1987-1999 Microsoft Corporation - Jeu d'outils d'installation de Visual Basic 6.0.) - [253952] - (6.0.0.8804) - C:\WINDOWS\Setup1.exe
[MD5.DB96BB890B0E4C894BE92CFD1D0B4673] - [23/07/2017 13:10:18] - |A| - (.-.) - [33648] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D060131CD55776F1C058590263CFF30E] - [23/07/2017 13:10:18] - |A| - (.-.) - [168] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[18/03/2017 22:03:29] - |D| - [41939968] - C:\WINDOWS\ShellExperiences
[13/02/2016 14:01:38] - |D| - [98104] - C:\WINDOWS\ShellNew
[20/03/2017 06:11:06] - |D| - [3070736] - C:\WINDOWS\SKB
[25/09/2012 08:32:13] - |D| - [15268519665] - C:\WINDOWS\SoftwareDistribution
[18/03/2017 22:03:29] - |D| - [88558058] - C:\WINDOWS\Speech
[18/03/2017 22:03:29] - |D| - [58890509] - C:\WINDOWS\Speech_OneCore
[MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 21:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe
[MD5.3D543E82331184DA66AD03DF3719D19F] - [29/01/2014 11:19:38] - |A| - (.-.) - [2009] - (0.0.0.0) - C:\WINDOWS\ST6UNST.000
[MD5.92C97F3D105A2E689F37C857485F1A44] - [29/01/2014 11:19:40] - |A| - (.Copyright © 1987-1998 Microsoft Corp. - Programme de désinstallation du Jeu d'outils d'installation Visual Basic.) - [74752] - (6.0.84.50) - C:\WINDOWS\ST6UNST.EXE
[25/09/2014 21:31:05] - |D| - [0] - C:\WINDOWS\Sun
[MD5.2396B18463BEDD0C16DCB338C19B1719] - [25/09/2012 08:05:44] - |A| - (.-.) - [1384] - (0.0.0.0) - C:\WINDOWS\Synaptics.log
[18/03/2017 22:03:29] - |D| - [31395] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 14:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[18/03/2017 12:40:20] - |D| - [5355009912] - C:\WINDOWS\System32
[18/03/2017 22:03:29] - |D| - [189857044] - C:\WINDOWS\SystemApps
[18/03/2017 22:03:29] - |D| - [19474095] - C:\WINDOWS\SystemResources
[18/03/2017 12:40:24] - |D| - [1368508482] - C:\WINDOWS\SysWOW64
[18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\TAPI
[22/08/2013 16:36:30] - |D| - [8820] - C:\WINDOWS\Tasks
[18/03/2017 22:03:29] - |D| - [277256261] - C:\WINDOWS\Temp
[22/08/2013 16:36:30] - |RD| - [0] - C:\WINDOWS\ToastData
[18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\tracing
[13/04/2015 23:40:55] - |D| - [26898819] - C:\WINDOWS\Tutorial
[18/03/2017 22:03:29] - |D| - [54108378] - C:\WINDOWS\twain_32
[MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 21:58:54] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[24/06/2017 16:30:56] - |SD| - [6561752] - C:\WINDOWS\UpdateAssistantV2
[MD5.98E550C48C7135BFA9CFCF67E9620AC5] - [12/06/2015 13:57:16] - |A| - (.-.) - [3134] - (0.0.0.0) - C:\WINDOWS\vm331Rmv.ini
[22/08/2013 16:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins
[18/03/2017 22:03:29] - |D| - [12420] - C:\WINDOWS\Vss
[18/03/2017 22:03:30] - |D| - [17004965] - C:\WINDOWS\Web
[MD5.6CBAF3ABDA43BE5DF24E8A072D119A2E] - [26/07/2012 06:26:52] - |A| - (.-.) - [293] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 21:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [01/08/2014 19:09:54] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 21:58:42] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe
[MD5.74B18B6D0AF5E5B281ABB86228C14A55] - [13/04/2015 23:40:51] - |A| - (.-.) - [60] - (0.0.0.0) - C:\WINDOWS\wininit.ini
[18/03/2017 12:40:20] - |D| - [10455642721] - C:\WINDOWS\WinSxS
[MD5.F3D39FB1DBF3914B9673814D858F2DC0] - [05/02/2013 21:56:16] - |A| - (.© 2012 Microsoft Corporation. Tous droits réservés. - Écran de veille de la Galerie de photos.) - [322048] - (16.4.3508.205) - C:\WINDOWS\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 21:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 21:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System

[12/06/2015 13:57:14] - |A| - [356] - C:\WINDOWS\System\vm331avs.rsf     () - ()

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[03/06/2013 19:19:41] - C:\WINDOWS\Installer\10921ad6.msi : ( - Kreapixel)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/04/2015 23:25:29] - C:\WINDOWS\Installer\14880a3.msi : (Blank Project Template - Nuance Communications Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/12/2010 18:36:42] - C:\WINDOWS\Installer\14880a7.msi : (Blank Project Template - Nuance Communications Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/10/2013 15:59:58] - C:\WINDOWS\Installer\14b2e210.msi : (Java SE Runtime Environment 7.0 - Oracle)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/10/2013 16:02:11] - C:\WINDOWS\Installer\14b2e21e.msi : (Additional Font and Media Support - The J2SE Runtime Environment with European languages.  This requires [Core]MB on your hard drive.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/12/2015 15:03:34] - C:\WINDOWS\Installer\14f8eeda.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/12/2015 16:43:26] - C:\WINDOWS\Installer\14f8eedf.msi : (Apple Software Update Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/12/2015 15:18:36] - C:\WINDOWS\Installer\14f8eee2.msi : (QuickTime Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/11/2017 14:49:02] - C:\WINDOWS\Installer\153aaf2.msi : (Google Drive - Google, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/09/2012 08:10:51] - C:\WINDOWS\Installer\189b6.msi : (Blank Project Template - Qualcomm Atheros Communications)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/04/2012 04:23:42] - C:\WINDOWS\Installer\191d2.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/05/2012 09:50:08] - C:\WINDOWS\Installer\1ca4b.msi : (UserGuide - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/08/2012 03:45:16] - C:\WINDOWS\Installer\1ca57.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/07/2012 10:43:32] - C:\WINDOWS\Installer\1ca6a.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/07/2012 11:37:16] - C:\WINDOWS\Installer\1ca8f.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/09/2012 08:31:42] - C:\WINDOWS\Installer\1ca93.msi : (Blank Project Template - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/12/2014 10:31:30] - C:\WINDOWS\Installer\1e8cb564.msi : (ANT Drivers Installer x64 - Garmin Ltd or its subsidiaries)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2014 09:24:54] - C:\WINDOWS\Installer\1fffba.msi : (Dolby Digital Plus Advanced Audio - Dolby Laboratories Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/09/2012 04:48:11] - C:\WINDOWS\Installer\2cd5292.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/08/2014 13:39:24] - C:\WINDOWS\Installer\2d444380.msi : (Facebook Video Calling 3.1.0.521 - Skype Limited)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/01/2014 08:24:44] - C:\WINDOWS\Installer\3cf7d35d.msi : ( -)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2014 09:24:54] - C:\WINDOWS\Installer\5054b.msi : (Dolby Digital Plus Advanced Audio - Dolby Laboratories Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/05/2012 00:48:11] - C:\WINDOWS\Installer\60a69330.msi : (Google SketchUp 8 Installer - Google, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/08/2017 11:25:21] - C:\WINDOWS\Installer\61649119.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/11/2014 17:46:16] - C:\WINDOWS\Installer\6222b38.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2017 11:12:27] - C:\WINDOWS\Installer\80241e.msi : (Adobe AIR Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/11/2013 23:45:13] - C:\WINDOWS\Installer\a771b36.msi : (MSVCRT Redists - Sony Creative Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/11/2017 18:41:55] - C:\WINDOWS\Installer\af4f1c.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2013 16:21:39] - C:\WINDOWS\Installer\b6c1e99.msi : (TuneUp Utilities 2014 (fr-FR) - TuneUp Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2013 16:21:28] - C:\WINDOWS\Installer\b6c1e9c.msi : (TuneUp Utilities 2014 - TuneUp Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/08/2014 09:53:48] - C:\WINDOWS\Installer\e6e7ed2.msi : (Epson E-Web Print - SEIKO EPSON CORPORATION)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/05/2014 14:59:40] - C:\WINDOWS\Installer\e7bcaab.msi : (Epson Event Manager - Seiko Epson Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/01/2016 19:24:36] - C:\WINDOWS\Installer\f301b75.msi : (Vegas Pro 12.0 (64-bit) - Sony)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2017 15:23:07] - C:\WINDOWS\Installer\f9f335.msi : (Lenovo Solution Center - Lenovo)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[25/09/2012 08:08:27] - [326379] - C:\WINDOWS\System32\athw8x.inf
[13/12/2017 17:15:28] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[23/07/2017 13:41:56] - [1550288] - C:\WINDOWS\System32\PerfStringBackup.INI
[18/03/2017 21:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[18/03/2017 21:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[13/12/2017 17:27:56] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[12/03/2013 18:03:09] - [954] - C:\WINDOWS\Syswow64\InstallUtil.InstallLog
[12/06/2015 13:57:16] - [3134] - C:\WINDOWS\Syswow64\vm331Rmv.ini
[18/03/2017 21:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 21:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.E5D7B16B4C8AECA217E8F5B1CFA5DC97] - |A| - [16/09/2017 08:00:57] - (.-.) - [553.78 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:43] - [145237.79 Ko] - C:\WINDOWS\Temp\5974927f0
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:58] - [12475.15 Ko] - C:\WINDOWS\Temp\5974928e0
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:05] - [13192.17 Ko] - C:\WINDOWS\Temp\597492950
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:08] - [12656.23 Ko] - C:\WINDOWS\Temp\597492980
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:13] - [53450.33 Ko] - C:\WINDOWS\Temp\5974929d0
[MD5.00000000000000000000000000000000] - |D| - [21/11/2017 19:20:40] - [0 Ko] - C:\WINDOWS\Temp\654968E6-87F5-446E-A04B-EF7C3360DAA7-Sigs
[MD5.00000000000000000000000000000000] - |D| - [18/08/2017 18:39:24] - [0 Ko] - C:\WINDOWS\Temp\9F0DE99C-4E74-435C-9E27-5267C1AC6922-Sigs
[MD5.67704DF827315B8ABCEA94431D93B4A8] - |A| - [11/08/2017 11:25:19] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AdobeARM.log
[MD5.9327DD9FFD70B6386FA7F79DE85055DB] - |A| - [23/07/2017 13:14:08] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00000.log
[MD5.39AFC5FC6875FED85AD2063913103549] - |A| - [23/07/2017 13:14:10] - (.-.) - [0.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ASPNETSetup_00001.log
[MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [30/08/2017 10:38:29] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\asw-3c37981c-567d-4c73-a249-887a9c571417.tmp
[MD5.978C90A7494002FE0D0F7AF071A4CCA6] - |A| - [23/07/2017 13:12:05] - (.-.) - [2.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AudioFilterAgent.INI
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:36:23] - [271.43 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.CB78ACB157B92A2A9465F86740F74339] - |A| - [23/07/2017 13:12:48] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\BM.INI
[MD5.1D4523E820D8A38AC145D5673838CA17] - |A| - [14/12/2017 13:49:47] - (.-.) - [11.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/07/2017 14:04:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser1.51.2220.62SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/08/2017 11:50:20] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.609SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [24/08/2017 14:51:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser4.58.2552.909SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/09/2017 18:02:17] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CProgram FilesAVAST SoftwareSZBrowser4.58.2552.909_0SZBrowser_autoupdate.download.lock
[MD5.00000000000000000000000000000000] - |D| - [05/12/2017 17:21:00] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [14/12/2017 13:49:25] - [305.7 Ko] - C:\WINDOWS\Temp\CR_9F287.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:32] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492741fa
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:32] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492743b0
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:33] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492751bc
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:33] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492752a6
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:33] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749275d2
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:34] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927618d
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:34] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492762b6
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:34] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927693
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:35] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927718d
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:36] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927816
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:36] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749278268
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:37] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492791bc
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:37] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749279343
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:38] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927a314
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:38] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927af1
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:39] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974927be1
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:11:47] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749283140
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:02] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749292121
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:05] - [0 Ko] - C:\WINDOWS\Temp\CustomINI5974929524a
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:08] - [0 Ko] - C:\WINDOWS\Temp\CustomINI59749298289
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:24] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492a81af
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:25] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492a93d2
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:26] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492aa132
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:46] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492be1ee
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:48] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c026b
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:48] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c077
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:48] - [0.21 Ko] - C:\WINDOWS\Temp\CustomINI597492c097
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:49] - [6.03 Ko] - C:\WINDOWS\Temp\CustomINI597492c129a
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:49] - [5.29 Ko] - C:\WINDOWS\Temp\CustomINI597492c148
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:50] - [5.75 Ko] - C:\WINDOWS\Temp\CustomINI597492c2191
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:50] - [3.53 Ko] - C:\WINDOWS\Temp\CustomINI597492c229
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:50] - [0.52 Ko] - C:\WINDOWS\Temp\CustomINI597492c23e2
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:50] - [0.22 Ko] - C:\WINDOWS\Temp\CustomINI597492c287
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:51] - [2.67 Ko] - C:\WINDOWS\Temp\CustomINI597492c3123
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:51] - [0.26 Ko] - C:\WINDOWS\Temp\CustomINI597492c3181
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:52] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c497
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:52] - [11.12 Ko] - C:\WINDOWS\Temp\CustomINI597492c4e5
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:53] - [7.27 Ko] - C:\WINDOWS\Temp\CustomINI597492c587
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:54] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c668
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:54] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c6a6
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:54] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c6c6
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:12:54] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492c6d5
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:13:22] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492e22ea
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:13:22] - [0 Ko] - C:\WINDOWS\Temp\CustomINI597492e23b5
[MD5.62BFFCC23816E6E2F5D979E3B9C66780] - |A| - [23/07/2017 13:12:08] - (.-.) - [3.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CxAudMsg.ini
[MD5.B8040C22B57E216289C43ED0F56F6EDB] - |A| - [23/07/2017 13:11:47] - (.-.) - [19.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\DolbyGUI.ini
[MD5.8883F7265E8B0A4F77441BEC2AAB3674] - |A| - [23/07/2017 13:12:02] - (.-.) - [37.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ForteConfig.ini
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/07/2017 13:37:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/07/2017 13:37:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.A36D98E3C69FF236B9923533A9BE010E] - |A| - [20/08/2017 21:57:26] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\His2FF.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:36:17] - [0 Ko] - C:\WINDOWS\Temp\hsperfdata_JACK$
[MD5.F3F6A3CA70C275A837F088B225A21D78] - |A| - [23/07/2017 14:03:41] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170723-150341-0.log
[MD5.1BDA7D5A8DBB724CD234D85BE94225AC] - |A| - [13/08/2017 14:32:22] - (.-.) - [1.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170813-153222-0.log
[MD5.F801F864673B51254142537823ACCC7A] - |A| - [13/08/2017 14:44:34] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170813-154434-0.log
[MD5.43F86E6EB5240A22D6563E37DA32B5BF] - |A| - [22/08/2017 09:05:48] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170822-100548-0.log
[MD5.144FD238F136665215DA80471BEDFCAB] - |A| - [12/09/2017 09:15:49] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170912-101549-0.log
[MD5.8DEA502ABCA4299AD6B0CC1248E47AC0] - |A| - [14/09/2017 10:56:42] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170914-115642-0.log
[MD5.D41B4720938A5B61B9869F983A9F1494] - |A| - [14/09/2017 17:48:37] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170914-184837-0.log
[MD5.65D98C0677D5058926BB9B5F9394A704] - |A| - [17/09/2017 18:06:04] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170917-190604-0.log
[MD5.CF3E8428EE163DE0119CA26E09316B31] - |A| - [27/09/2017 20:08:43] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170927-210843-0.log
[MD5.94CC80C9F56E23A4843386BA72AB98B7] - |A| - [27/09/2017 20:25:49] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170927-212549-0.log
[MD5.2FFEEE885A1484A451D4E2EE2E27615F] - |A| - [28/09/2017 11:40:22] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170928-124022-0.log
[MD5.45D7F4471B0A2A2D4E50E35B94C81B50] - |A| - [28/09/2017 15:13:11] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170928-161311-0.log
[MD5.63C7B573F81753DD762B46FF073C0180] - |A| - [10/10/2017 10:48:06] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171010-114806-0.log
[MD5.C94AF9DDB77E4DCE6C064C5BDA36CE0B] - |A| - [12/10/2017 11:08:52] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171012-120852-0.log
[MD5.9A5D9AAB5D9CE35F6A02490C922CA878] - |A| - [16/10/2017 11:43:07] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171016-124307-0.log
[MD5.537D621718F790D5D87C0F2CA5D449C1] - |A| - [28/10/2017 10:46:15] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171028-114615-0.log
[MD5.AE4BEA77413B0440A4CF4B1A1A4EC6F3] - |A| - [16/11/2017 08:07:07] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171116-080704-0.log
[MD5.B21720F35D7FDC3833F362416B2C55D5] - |A| - [16/11/2017 15:36:20] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171116-153620-0.log
[MD5.C200CD6349402AA11B0ADDC189532EFA] - |A| - [16/11/2017 21:48:40] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171116-214840-0.log
[MD5.AEA69D6EEEE4DBC243CE7EDE4909B7CD] - |A| - [17/11/2017 13:52:39] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171117-135239-0.log
[MD5.63FB8D0A030E2D031C914102EC42E90C] - |A| - [19/11/2017 11:13:37] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171119-111337-0.log
[MD5.6F170A8AC522CF0F7539E3076726FEAE] - |A| - [19/11/2017 19:51:20] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171119-195119-0.log
[MD5.797E83E158CB65785D2B388CAE6CEA64] - |A| - [20/11/2017 08:40:18] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171120-084018-0.log
[MD5.64999A957F8DE8E62F5A527528A7E859] - |A| - [21/11/2017 10:05:14] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171121-100514-0.log
[MD5.B2CCC3092D6F91884275C5E246ACDF24] - |A| - [21/11/2017 18:26:21] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171121-182618-0.log
[MD5.EA711D4BF96CAFFD97D1C11CF7C7DFC3] - |A| - [22/11/2017 11:30:07] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171122-113000-0.log
[MD5.5ABD010A872600CC0D606A8C06B13820] - |A| - [24/11/2017 11:16:17] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171124-111617-0.log
[MD5.7F145A1B4BE8C0DD139844C04D1805D0] - |A| - [26/11/2017 18:50:42] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171126-185042-0.log
[MD5.3669D4E614A21A2082638D1F5F366A6C] - |A| - [28/11/2017 11:30:52] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171128-113052-0.log
[MD5.584D29CA2980387E6CA0AB38535FF679] - |A| - [28/11/2017 14:30:48] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171128-143048-0.log
[MD5.8930C861DD5BED24C07BD8717FDDDF58] - |A| - [30/11/2017 08:42:21] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171130-084221-0.log
[MD5.8FB8981E9BD10B332C80A1E2763C2B49] - |A| - [04/12/2017 11:16:22] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171204-111622-0.log
[MD5.6AAEF244A2AE698B2B2D0213D225B206] - |A| - [04/12/2017 13:24:40] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171204-132440-0.log
[MD5.68E9FF2477FBAAA56C10FC4800A2C53C] - |A| - [05/12/2017 09:13:34] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171205-091334-0.log
[MD5.B8D8C74996DD09E2BB11A2DE15129696] - |A| - [05/12/2017 10:07:52] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171205-100752-0.log
[MD5.8F326EE24A5C5143A38F5EB428092651] - |A| - [05/12/2017 16:11:55] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171205-161155-0.log
[MD5.179C49F15325B7670B695DA1175721A4] - |A| - [05/12/2017 16:54:39] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171205-165439-0.log
[MD5.6557088EC77F0E541F69712E265DC341] - |A| - [09/12/2017 13:20:12] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171209-132012-0.log
[MD5.50DA1F66C991EE1DAE1933970D2E747B] - |A| - [13/12/2017 19:19:47] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171213-191947-0.log
[MD5.9644115CF428E449BF72A5B9638924B9] - |A| - [14/12/2017 08:46:19] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171214-084619-0.log
[MD5.7EB8B0D4B583E8953957C9CD9FCF61CA] - |A| - [14/12/2017 10:43:25] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171214-104325-0.log
[MD5.F7D83D7C0D22179D1F77CBBBABDB929E] - |A| - [14/12/2017 11:06:43] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20171214-110643-0.log
[MD5.D32084189B9EE043C8C00393C4F38A2A] - |A| - [23/07/2017 14:01:19] - (.-.) - [385.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [13/09/2017 17:35:48] - [0 Ko] - C:\WINDOWS\Temp\MPInstrumentation
[MD5.F1FC13ED9678F55E1712C4128205BC62] - |A| - [13/08/2017 14:54:11] - (.-.) - [603.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [22/08/2017 09:09:50] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.846F7ABA654AA8F0876E1262D52672DE] - |A| - [11/08/2017 11:39:14] - (.-.) - [1054.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI12b51.LOG
[MD5.3A17BFE6702D467E1F4B8C5BA6BEF3EA] - |A| - [11/08/2017 11:41:04] - (.-.) - [53.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI12b52.LOG
[MD5.F9EC8F3757738A764D6DFF917C724CBA] - |A| - [29/09/2017 08:42:19] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132b6.LOG
[MD5.F9EC8F3757738A764D6DFF917C724CBA] - |A| - [29/09/2017 08:42:21] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132b7.LOG
[MD5.F5D84864ECD5C3B7227E28358ACB6E90] - |A| - [29/09/2017 08:42:21] - (.-.) - [817.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132b8.LOG
[MD5.8B3A77310110E23F6F6E0748CDF993E0] - |A| - [29/09/2017 08:42:43] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132b9.LOG
[MD5.C616364576FCA0FD3BC00EC80258EEE9] - |A| - [29/09/2017 08:42:44] - (.-.) - [13.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ba.LOG
[MD5.C12DB6250F7E7CD53CD94F91EC5C44F7] - |A| - [29/09/2017 08:42:44] - (.-.) - [13.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132bb.LOG
[MD5.5225308F7FBFB835E6EABC016DAEA6AA] - |A| - [29/09/2017 08:42:44] - (.-.) - [14.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132bc.LOG
[MD5.7CE1AB01817C64EA2C2FB65B2FCADFFC] - |A| - [29/09/2017 08:42:45] - (.-.) - [16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132bd.LOG
[MD5.63156CADAD7ABDA057D85BA22A995A86] - |A| - [29/09/2017 08:42:45] - (.-.) - [13.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132be.LOG
[MD5.A58FC5164A6F4E8816DEA0999D755D11] - |A| - [29/09/2017 08:42:45] - (.-.) - [16.36 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132bf.LOG
[MD5.CCC968AC4CDB23844C95118BD3E7560A] - |A| - [29/09/2017 08:42:46] - (.-.) - [206.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c0.LOG
[MD5.CCBC9B3D2E2A8A5B4623D5358076FB25] - |A| - [29/09/2017 08:42:47] - (.-.) - [1.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c1.LOG
[MD5.3179136E17345AE94D60375F479F3D1F] - |A| - [29/09/2017 08:42:47] - (.-.) - [13.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c2.LOG
[MD5.B6A7D80DA8C77DDE77CF525D8D1C957B] - |A| - [29/09/2017 08:42:47] - (.-.) - [18.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c3.LOG
[MD5.EABF4EF907687A7DF7538559281109EF] - |A| - [29/09/2017 08:42:47] - (.-.) - [1.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c4.LOG
[MD5.D3C98B55F7AE5CC12619B9735F83CAD5] - |A| - [29/09/2017 08:42:48] - (.-.) - [51.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c5.LOG
[MD5.53B252C6C9E5100914C5877E1FC962B3] - |A| - [29/09/2017 08:42:48] - (.-.) - [2.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c6.LOG
[MD5.F8D28A0D3984A50188D8E34C6564EF7A] - |A| - [29/09/2017 08:42:48] - (.-.) - [1.87 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c7.LOG
[MD5.9F296E23379B038BCE458091608D18BC] - |A| - [29/09/2017 08:42:49] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c8.LOG
[MD5.619FB2686F7648AFE928F34BA7427AC2] - |A| - [29/09/2017 08:42:49] - (.-.) - [3.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132c9.LOG
[MD5.8C4B4A4C2108CD1873804C6AB672854F] - |A| - [29/09/2017 08:42:49] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ca.LOG
[MD5.866B9E3CDBEC19B314D9C0DC092891B5] - |A| - [29/09/2017 08:42:50] - (.-.) - [2.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132cb.LOG
[MD5.5BE732F37723A639E0E9A98532788959] - |A| - [29/09/2017 08:42:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132cc.LOG
[MD5.83E95F3675B51D46120EF7218F1066FB] - |A| - [29/09/2017 08:42:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132cd.LOG
[MD5.D6113AE7C61DB979C2642FCEB694EB9E] - |A| - [29/09/2017 08:42:51] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ce.LOG
[MD5.83E95F3675B51D46120EF7218F1066FB] - |A| - [29/09/2017 08:42:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132cf.LOG
[MD5.BA19E569899995C2807C60A8EFAB5D08] - |A| - [29/09/2017 08:42:51] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d0.LOG
[MD5.BA19E569899995C2807C60A8EFAB5D08] - |A| - [29/09/2017 08:42:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d1.LOG
[MD5.B16EF173BB30213D8AAFD9A7FDABF765] - |A| - [29/09/2017 08:42:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d2.LOG
[MD5.B16EF173BB30213D8AAFD9A7FDABF765] - |A| - [29/09/2017 08:42:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d3.LOG
[MD5.F601CCC835D0CBF3C2DE66180381CBC5] - |A| - [29/09/2017 08:42:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d4.LOG
[MD5.AA22A36616FCF5A5F493941A362BBA51] - |A| - [29/09/2017 08:42:53] - (.-.) - [0.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d5.LOG
[MD5.099108E623E6E64874BB5141EDE97C3C] - |A| - [29/09/2017 08:42:53] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d6.LOG
[MD5.BE34199354293EC8E328AAE439610FBB] - |A| - [29/09/2017 08:42:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d7.LOG
[MD5.EC0C3EBF38D666572EEED47535095FA6] - |A| - [29/09/2017 08:42:54] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d8.LOG
[MD5.D8014ACE0D9BB6BB6A1B7669F422DC76] - |A| - [29/09/2017 08:42:54] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132d9.LOG
[MD5.7A5A4DB797E46550110161D7DDD83C06] - |A| - [29/09/2017 08:42:54] - (.-.) - [0.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132da.LOG
[MD5.933E7837CBA594EC792E464425561F11] - |A| - [29/09/2017 08:42:55] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132db.LOG
[MD5.933E7837CBA594EC792E464425561F11] - |A| - [29/09/2017 08:42:55] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132dc.LOG
[MD5.117601FDFFB5B34A22609E7A786CBB44] - |A| - [29/09/2017 08:42:55] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132dd.LOG
[MD5.352678EC2109EFCB4BD43461AC9B73CF] - |A| - [29/09/2017 08:42:55] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132de.LOG
[MD5.A454C352825EB1A4D49FC547FAF663D1] - |A| - [29/09/2017 08:43:05] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132df.LOG
[MD5.622A7580436B76E001C362C84C3D2778] - |A| - [29/09/2017 08:43:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e0.LOG
[MD5.0F47C89E732B11A0CEC13DAF8A0CC3A1] - |A| - [29/09/2017 08:43:05] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e1.LOG
[MD5.B66980E7DDD53D6CC39878EAF2B6C7A2] - |A| - [29/09/2017 08:43:06] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e2.LOG
[MD5.53D2109116B843A40B354D7B14265E33] - |A| - [29/09/2017 08:43:06] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e3.LOG
[MD5.A378B27A904E12D98E570BB87FCF2F5E] - |A| - [29/09/2017 08:43:07] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e4.LOG
[MD5.DE8148A683684EA65B769202FCFD5403] - |A| - [29/09/2017 08:43:16] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e5.LOG
[MD5.A378B27A904E12D98E570BB87FCF2F5E] - |A| - [29/09/2017 08:43:16] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e6.LOG
[MD5.51642371F91A5AFEA25F53E87D1DEA69] - |A| - [29/09/2017 08:43:16] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e7.LOG
[MD5.51642371F91A5AFEA25F53E87D1DEA69] - |A| - [29/09/2017 08:43:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e8.LOG
[MD5.63C79740F0DD841E1B8B04223A9E92CE] - |A| - [29/09/2017 08:43:17] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132e9.LOG
[MD5.8A52C54F7ADCAC0AD691D449F80CB014] - |A| - [29/09/2017 08:43:33] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ea.LOG
[MD5.074B304421E938B7FF827CFF1403BCBE] - |A| - [29/09/2017 08:43:42] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132eb.LOG
[MD5.074B304421E938B7FF827CFF1403BCBE] - |A| - [29/09/2017 08:43:42] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ec.LOG
[MD5.B2ACB845F9DBE56230D31D595BE35ABB] - |A| - [29/09/2017 08:43:42] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ed.LOG
[MD5.B2ACB845F9DBE56230D31D595BE35ABB] - |A| - [29/09/2017 08:43:42] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ee.LOG
[MD5.8B5EA880C31881145D55116F41D1D0F1] - |A| - [29/09/2017 08:43:42] - (.-.) - [132.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ef.LOG
[MD5.62CD9C31999D214BC65AE585AA73EFCB] - |A| - [29/09/2017 08:43:45] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f0.LOG
[MD5.A91081B53EB04C1B4D9A62B535D052E8] - |A| - [29/09/2017 08:43:45] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f1.LOG
[MD5.23C7E75DEA36A01338CE0D81C8EF3E78] - |A| - [29/09/2017 08:43:45] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f2.LOG
[MD5.94E78C45B696F5027D055A8B1280984C] - |A| - [29/09/2017 08:43:46] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f3.LOG
[MD5.B87C1F4B8DDB765F118504740D1D7C99] - |A| - [29/09/2017 08:43:46] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f4.LOG
[MD5.8099396A292BF284FD9BAF50910B4839] - |A| - [29/09/2017 08:43:46] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f5.LOG
[MD5.8099396A292BF284FD9BAF50910B4839] - |A| - [29/09/2017 08:43:47] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f6.LOG
[MD5.8BE1DDA65A23FF272458ED78B109CE74] - |A| - [29/09/2017 08:43:47] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f7.LOG
[MD5.8BE1DDA65A23FF272458ED78B109CE74] - |A| - [29/09/2017 08:43:47] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f8.LOG
[MD5.8099396A292BF284FD9BAF50910B4839] - |A| - [29/09/2017 08:43:47] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132f9.LOG
[MD5.CD81C16C184F68908A09F3E26E11BB1B] - |A| - [29/09/2017 08:43:47] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132fa.LOG
[MD5.D1D16753C3CD3EBDBEAE68A0E0DBFECA] - |A| - [29/09/2017 08:43:48] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132fb.LOG
[MD5.B8F91CA29420F7884484570FFF50609F] - |A| - [29/09/2017 08:43:48] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132fc.LOG
[MD5.BE50C1A75B42F8E063AA25C9EA606902] - |A| - [29/09/2017 08:43:49] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132fd.LOG
[MD5.676F7214B13F733E2ABD644CA04E0E75] - |A| - [29/09/2017 08:43:49] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132fe.LOG
[MD5.010052BB6B73883A9EF7681568CBF432] - |A| - [29/09/2017 08:43:49] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI132ff.LOG
[MD5.AC467684457CA5605A4AB8452609B793] - |A| - [29/09/2017 08:43:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13300.LOG
[MD5.AC467684457CA5605A4AB8452609B793] - |A| - [29/09/2017 08:43:50] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13301.LOG
[MD5.9FA1D4BDF1A6BF56A92B3C4A92370391] - |A| - [29/09/2017 08:43:50] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13302.LOG
[MD5.B4DD9BB3E43D2119F20AAC2761AD86CC] - |A| - [29/09/2017 08:43:51] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13303.LOG
[MD5.1F93035F7505E25FC572C425CC9BD699] - |A| - [29/09/2017 08:43:52] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13304.LOG
[MD5.3A9D9F71892A02CF0BF2AD4104D67B7F] - |A| - [29/09/2017 08:43:53] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13305.LOG
[MD5.1EFDBA19311C51DA54903DB713E131C2] - |A| - [29/09/2017 08:43:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13306.LOG
[MD5.3A9D9F71892A02CF0BF2AD4104D67B7F] - |A| - [29/09/2017 08:43:53] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13307.LOG
[MD5.1EFDBA19311C51DA54903DB713E131C2] - |A| - [29/09/2017 08:43:53] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13308.LOG
[MD5.9924FBA1BBB99B9892289414CD11C512] - |A| - [29/09/2017 08:43:53] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13309.LOG
[MD5.9924FBA1BBB99B9892289414CD11C512] - |A| - [29/09/2017 08:43:54] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330a.LOG
[MD5.9924FBA1BBB99B9892289414CD11C512] - |A| - [29/09/2017 08:43:54] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330b.LOG
[MD5.9924FBA1BBB99B9892289414CD11C512] - |A| - [29/09/2017 08:43:54] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330c.LOG
[MD5.BED9703542C01696768CF4F1542A1C7D] - |A| - [29/09/2017 08:43:54] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330d.LOG
[MD5.DD572FE70E1CA585718A7C2B695BC155] - |A| - [29/09/2017 08:43:55] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330e.LOG
[MD5.54DD81A428360712D46A0CBC850F667B] - |A| - [29/09/2017 08:44:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1330f.LOG
[MD5.54DD81A428360712D46A0CBC850F667B] - |A| - [29/09/2017 08:44:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13310.LOG
[MD5.660A56A9F0F4007FA8248BA57A99B108] - |A| - [29/09/2017 08:44:05] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13311.LOG
[MD5.3B3EBE7BDA9B02CC7F6047EA0C946915] - |A| - [29/09/2017 08:44:07] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13312.LOG
[MD5.B9811182BCA3E3CD8D8C88E7A1565A1B] - |A| - [29/09/2017 08:44:08] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13313.LOG
[MD5.2886F6D92FB19CA60667E799A81CF611] - |A| - [29/09/2017 08:44:08] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13314.LOG
[MD5.7482538BCBB4F15981D7F5D9C04FEFD8] - |A| - [29/09/2017 08:44:09] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13315.LOG
[MD5.CE38C9EB702833CFC0B5C76A872501DD] - |A| - [29/09/2017 08:44:09] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13316.LOG
[MD5.288B35809688060F90E05CD6E57F514E] - |A| - [29/09/2017 08:44:11] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13317.LOG
[MD5.288B35809688060F90E05CD6E57F514E] - |A| - [29/09/2017 08:44:11] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13318.LOG
[MD5.28CE9E1B73FA549BB1B5770E680C9084] - |A| - [29/09/2017 08:44:12] - (.-.) - [0.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI13319.LOG
[MD5.36536817B7F347FDCCF1BD222E0DF1BA] - |A| - [29/09/2017 08:44:13] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1331a.LOG
[MD5.2B311ABDF475F3C0E908C15086A8B433] - |A| - [29/09/2017 08:44:13] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1331b.LOG
[MD5.11CAA6E2370083496D8CB34C40353202] - |A| - [29/09/2017 08:44:14] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1331c.LOG
[MD5.559C9F1299693FD7176D4479282236DA] - |A| - [14/09/2017 14:07:02] - (.-.) - [118.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI1c815.LOG
[MD5.6AC79BBCF5488AD8BDDE5AC66F4B48F0] - |A| - [14/09/2017 14:08:08] - (.-.) - [1053.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI2c9f5.LOG
[MD5.444F85ACC62CDD0DA77BA7CA3026B092] - |A| - [01/12/2017 13:12:53] - (.-.) - [166.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI3ff75.LOG
[MD5.5B075263639B386D3A478AFFEE2E1D4F] - |A| - [14/09/2017 14:09:53] - (.-.) - [1055.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI46575.LOG
[MD5.C4C9E464BCAEAA8BD55DD146720D6856] - |A| - [11/08/2017 11:25:23] - (.-.) - [30.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI47b74.LOG
[MD5.A919C2866F3D452358C62D994B5E958E] - |A| - [14/09/2017 14:10:55] - (.-.) - [1053.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI55802.LOG
[MD5.92D1CF59CB21281275BE462D51BACAFF] - |A| - [15/11/2017 18:05:52] - (.-.) - [1055.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI57141.LOG
[MD5.7C1EAF8860202AA01B5E8B45A8D230EA] - |A| - [09/12/2017 13:41:09] - (.-.) - [1053.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI57846.LOG
[MD5.135113498010BDA5B2D3BAF86BDFFCC7] - |A| - [14/09/2017 14:12:03] - (.-.) - [1054.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI66164.LOG
[MD5.97559676B93F3723824D76D41F2ACC0E] - |A| - [14/09/2017 14:13:19] - (.-.) - [1054.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI78c09.LOG
[MD5.F275FEFDC48FB16DDFD588C3390F5BF9] - |A| - [15/11/2017 18:08:43] - (.-.) - [1053.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI80c5e.LOG
[MD5.30D2F7BFFA8789891C20815D1BD1E0E1] - |A| - [11/10/2017 14:02:25] - (.-.) - [1071.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI8f34c.LOG
[MD5.C57C7C874AF0F5BE8BCA029460A9EEA8] - |A| - [11/10/2017 14:03:40] - (.-.) - [166.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSI8f34d.LOG
[MD5.EA603263095D3A8427A39D29511B5790] - |A| - [16/11/2017 12:04:39] - (.-.) - [1054.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIa2229.LOG
[MD5.39E65A280EEDB9C911D952A8AACD2BFE] - |A| - [11/10/2017 14:04:13] - (.-.) - [1052.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIa9813.LOG
[MD5.7B40F7898F57835FC7EE0E9E1A40345C] - |A| - [13/12/2017 17:41:50] - (.-.) - [1053.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIb43c6.LOG
[MD5.23170904DF504710ABB4D09B0C1D4AAF] - |A| - [11/10/2017 14:05:16] - (.-.) - [1053.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIb8e0c.LOG
[MD5.AF100E96B7C526AB43686D960473C90D] - |A| - [11/10/2017 14:06:01] - (.-.) - [54.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIb8e0d.LOG
[MD5.46AF36B11B15C6780679231B06E62BFF] - |A| - [12/10/2017 11:24:30] - (.-.) - [1053.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIf1208.LOG
[MD5.9791CD7A9F07D65146AAA57B77770D44] - |A| - [16/11/2017 18:47:16] - (.-.) - [1.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIf460e.LOG
[MD5.2C778204AA8A748DC17D3CD038222C3E] - |A| - [16/11/2017 18:47:22] - (.-.) - [3.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MSIf460f.LOG
[MD5.9F116A135B8FCFACA913A0126E8C2654] - |A| - [23/07/2017 13:12:46] - (.-.) - [1.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2Cmd.ini
[MD5.4B33E537263A1225C64C8AEAAB829723] - |A| - [23/07/2017 13:12:48] - (.-.) - [1.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2EnFlt.ini
[MD5.B3639DD551656866E5B20AD6B0F4DB7D] - |A| - [23/07/2017 13:12:52] - (.-.) - [6.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2LnApp.ini
[MD5.32E353E6FA9DEE48EA8F1D80C9B708E8] - |A| - [23/07/2017 13:12:54] - (.-.) - [0.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2NGEN.ini
[MD5.7E254FF56C4C4ABAE77D3FB2B08C7A0A] - |A| - [23/07/2017 13:13:22] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2OptReg.ini
[MD5.ADD8D87A7D350CA74867650175563DF9] - |A| - [23/07/2017 13:12:54] - (.-.) - [7.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2SAM.ini
[MD5.AF5C1200E0EF2FAB45A2565B987E1AEF] - |A| - [23/07/2017 13:13:22] - (.-.) - [3.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2Setup.ini
[MD5.21B405585F404D6E0CC9AE2B0A335D9A] - |A| - [23/07/2017 13:12:25] - (.-.) - [53.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2SmEq.INI
[MD5.3BCC9CD1C5CB8996F2417F07BB9705B3] - |A| - [23/07/2017 13:12:48] - (.-.) - [0.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2SrchBr.ini
[MD5.D4C1AF1BB265C968580C837DA511D821] - |A| - [23/07/2017 13:12:26] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2Srv.ini
[MD5.B7728E3ADC59BB4835B13AF56146F6EA] - |A| - [23/07/2017 13:12:54] - (.-.) - [0.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SA2VER.INI
[MD5.00000000000000000000000000000000] - |D| - [22/08/2017 09:04:29] - [26.76 Ko] - C:\WINDOWS\Temp\SafeZone Installer
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/08/2017 09:04:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\safezone_crashreporter.log
[MD5.957EF56ECF275B444CFAA03850F7D7E7] - |A| - [23/07/2017 13:12:24] - (.-.) - [5.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SAII.ini
[MD5.5A2167E71BA101C9E3A5A1DAD8480EC4] - |A| - [23/07/2017 13:12:54] - (.-.) - [0.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SASettings.ini
[MD5.00000000000000000000000000000000] - |D| - [16/11/2017 14:22:35] - [179.57 Ko] - C:\WINDOWS\Temp\SDIAG_6679518e-6dde-4090-a350-faca1a7aa87d
[MD5.46C985281A155021BE9FB901AE3D51EE] - |A| - [23/07/2017 13:11:56] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SETUP.LOG
[MD5.6FC17349D494A232871FD0FBFD252E1A] - |AT| - [12/08/2017 21:17:36] - (.-.) - [2036.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SPLA9B.tmp
[MD5.6FC17349D494A232871FD0FBFD252E1A] - |AT| - [13/08/2017 14:33:36] - (.-.) - [2036.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\SPLCDD0.tmp
[MD5.B13AF738AA8BE55154B2752979D76827] - |A| - [23/07/2017 13:18:17] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\tem505C.tmp
[MD5.E9B9D59EF457A5E6499C0DDB8C424C83] - |A| - [21/11/2017 10:05:48] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_1C9E.tmp
[MD5.83D1DE4CAC373C71492DA99038AA9D41] - |A| - [21/11/2017 10:05:49] - (.-.) - [192 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_1E07.tmp
[MD5.9855F476C45C439B6A022E3F85AD278C] - |A| - [21/11/2017 10:03:59] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_6E7F.tmp
[MD5.77EF8E30196DACD3D00BC1E66FC928DD] - |A| - [21/11/2017 10:04:00] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\TS_73CF.tmp
[MD5.00000000000000000000000000000000] - |D| - [17/09/2017 20:09:13] - [0 Ko] - C:\WINDOWS\Temp\tw699E.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:22:59] - [0 Ko] - C:\WINDOWS\Temp\tw6D1C.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:22:59] - [0 Ko] - C:\WINDOWS\Temp\tw6F12.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:00] - [0 Ko] - C:\WINDOWS\Temp\tw704C.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:00] - [0 Ko] - C:\WINDOWS\Temp\tw70DB.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:00] - [0 Ko] - C:\WINDOWS\Temp\tw72A2.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:00] - [0 Ko] - C:\WINDOWS\Temp\tw7331.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw73BF.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw7400.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw7450.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw7490.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw751F.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw759E.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw75CF.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw7600.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw7660.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:01] - [0 Ko] - C:\WINDOWS\Temp\tw76B0.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:02] - [0 Ko] - C:\WINDOWS\Temp\tw7867.tmp
[MD5.00000000000000000000000000000000] - |D| - [22/11/2017 16:23:02] - [0 Ko] - C:\WINDOWS\Temp\tw79E0.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/11/2017 12:49:43] - [0 Ko] - C:\WINDOWS\Temp\tw8A81.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/11/2017 12:49:44] - [0 Ko] - C:\WINDOWS\Temp\tw8B2F.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/11/2017 12:49:44] - [0 Ko] - C:\WINDOWS\Temp\tw8BAE.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/11/2017 12:49:44] - [0 Ko] - C:\WINDOWS\Temp\tw8C7B.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9CB1.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9D11.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9D51.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9D92.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9E01.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9E51.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9E92.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9F30.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9F80.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\tw9FD0.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:06] - [0 Ko] - C:\WINDOWS\Temp\twA030.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA09F.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA0EF.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA13F.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA19F.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA1E0.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA24F.tmp
[MD5.00000000000000000000000000000000] - |D| - [05/10/2017 10:23:07] - [0 Ko] - C:\WINDOWS\Temp\twA2AF.tmp
[MD5.4A2077418696DF347936D198026EF880] - |AT| - [13/08/2017 14:37:33] - (.-.) - [9136 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WAX6C32.tmp
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [14/09/2017 10:59:42] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER10CC.tmp.WERDataCollectionStatus.txt
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [29/11/2017 14:16:23] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER2476.tmp.WERDataCollectionStatus.txt
[MD5.04B4F3E4FDB74C3190AEE7276E3803D2] - |A| - [13/08/2017 14:37:34] - (.-.) - [17.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER6D8B.tmp.appcompat.txt
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [28/11/2017 14:34:39] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER81B7.tmp.WERDataCollectionStatus.txt
[MD5.2F805F781C6ABB9DDCED0CE021C92094] - |A| - [14/09/2017 14:05:40] - (.-.) - [0.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WER88D0.tmp.WERDataCollectionStatus.txt
[MD5.4579DC0DEB4F28D81E547B692F4C5D1F] - |A| - [12/09/2017 09:48:11] - (.-.) - [0.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WERB3AF.tmp.WERDataCollectionStatus.txt
[MD5.8EFA530A92F29A2B2F7593962D31C270] - |A| - [23/07/2017 13:28:57] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\wmsetup.log
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:34:19] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [24/09/2017 17:34:45] - [0 Ko] - C:\WINDOWS\Temp\_MEI26922
[MD5.00000000000000000000000000000000] - |D| - [24/09/2017 17:35:11] - [0 Ko] - C:\WINDOWS\Temp\_MEI66922
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:26] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [25/09/2012 17:40:49] - [0 Ko] - C:\WINDOWS\System32\040C
[MD5.86540B4C0049C94BA63477F3C92423E0] - |A| - [12/06/2015 14:04:00] - (.Copyright 2007 - vmprp331 Module.) - [1061.51 Ko] - (1.0.0.7) - C:\WINDOWS\System32\331prx64.ax
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 21:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 21:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 21:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 21:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 21:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 21:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 21:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 21:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 21:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 21:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 21:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 21:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:24] - [2979.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 21:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [2486.25 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.C6D7C400858CD93C49CDB02647A0E311] - |A| - [19/08/2012 20:55:32] - (.Copyright (c) 2001-2010 Qualcomm Atheros Communications, Inc. - Bluetooth Credential Provider.) - [352.63 Ko] - (8.0.0.206) - C:\WINDOWS\System32\AthCredentialProvider.dll
[MD5.2CD17B29DDE4ACC35EDD3EFE86BD7280] - |A| - [25/09/2012 08:08:27] - (.-.) - [77.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw8x.cat
[MD5.EECE1EF3F84CE33CFD6678BF1FB9CA10] - |A| - [25/09/2012 08:08:27] - (.-.) - [318.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw8x.inf
[MD5.F17ABC4AA1FE4989E812858261414FE5] - |A| - [25/09/2012 08:08:27] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [3533.5 Ko] - (10.0.0.75) - C:\WINDOWS\System32\athw8x.sys
[MD5.59047E785256E9A83C614A56D74FDD22] - |A| - [26/10/2013 11:58:20] - (.Copyright © AVG Netherlands B. V. 2011 - TuneUp WinLogon Extension.) - [28.8 Ko] - (14.0.1000.148) - C:\WINDOWS\System32\authuitu.dll
[MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 21:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [255.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4547.65 Ko] - C:\WINDOWS\System32\Boot
[MD5.F78AC33303598C388F3D3628A42EE31B] - |A| - [26/07/2012 04:15:28] - (.Copyright (C) Brother Industries. 1996-2011 - Brother MFC WIA minidriver(for 64Bit).) - [185.5 Ko] - (8.0.4.4) - C:\WINDOWS\System32\BrMf4Wia.dll
[MD5.9999824B528901A9113724BB7D1760E8] - |A| - [26/07/2012 05:31:06] - (.Copyright(C) 2008-2011 Brother Industries, Ltd. - Scanning module for Brother Scanner (64bit).) - [26.5 Ko] - (8.0.1.1) - C:\WINDOWS\System32\BrMfJDec.dll
[MD5.553A4DEFA744D6AF3C0C9995410EADE3] - |A| - [26/07/2012 05:31:06] - (.Copyright(C) 2001-2010 Brother Industries, Ltd. - USB STI device accessing module for Brother MFC(for 64Bit).) - [49.5 Ko] - (8.0.0.0) - C:\WINDOWS\System32\BrUs3Sti.dll
[MD5.3B7D067144F242117B7DE592B9466BC7] - |A| - [13/07/2016 16:47:38] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [262.74 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll
[MD5.62AF8B80DD43C5F6576E68B987BC9217] - |A| - [13/07/2016 16:47:38] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [265.23 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll
[MD5.DCC2E4D9E18D28D6B9EA0830418A5FCE] - |A| - [13/07/2016 16:47:38] - (.© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [96.24 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US
[MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 21:57:03] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 21:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp
[MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 21:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp
[MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 21:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:20] - [91144.57 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [47338.21 Ko] - C:\WINDOWS\System32\catroot2
[MD5.7655EB239E44FF3C0144BEE459C76DD3] - |A| - [14/07/2009 01:40:20] - (.Copyright CANON INC. 2006-2008 All Rights Reserved - Canon Inkjet Printer Driver.) - [206.5 Ko] - (0.3.1536.1) - C:\WINDOWS\System32\CNBLM3_2.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [2762.53 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:20] - [452256.85 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [51.27 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.3F20DC3B3E2EA3B6B8790C6241F1B24B] - |A| - [05/08/2015 02:20:34] - (.(c) Conexant Systems, Inc. - Conexant Speaker Property Page Extensions.) - [420.95 Ko] - (1.0.0.0) - C:\WINDOWS\System32\CSpkExt64.dll
[MD5.20403F7A595AA5B3DE0C479528C475BA] - |A| - [05/08/2015 02:20:34] - (.Conexant Systems Inc. - Conexant Audio Processing Objects.) - [1027.55 Ko] - (4.81.16.0) - C:\WINDOWS\System32\CX64BP16.dll
[MD5.4E6337DE03F36BCE168110E6B59F6A5B] - |A| - [23/07/2017 13:12:08] - (.© Conexant Systems Inc. - Conexant Audio Message Service.) - [201.71 Ko] - (1.12.0.0) - C:\WINDOWS\System32\CxAudMsg64.exe
[MD5.2FB043CA42C826C22E0A4E3F0B79A425] - |A| - [05/08/2015 02:20:34] - (.Conexant Systems Inc. - Conexant PageMaster.) - [69.36 Ko] - (1.1.0.0) - C:\WINDOWS\System32\CxPageMaster64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK
[MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 21:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs
[MD5.A04BD71BA609D24AC0DF2440059689C3] - |A| - [05/08/2015 02:20:34] - (.©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [277.27 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.3C5BC3FF1CDC02286229030421E33CD7] - |A| - [05/08/2015 02:20:34] - (.©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1945.1 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.E787A2BF4D1848AB3E6A30110B9168FF] - |A| - [05/08/2015 02:20:34] - (.©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [332.67 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.C7AB8CB7BA5DC3E946D395D95A13116D] - |A| - [05/08/2015 02:20:34] - (.©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [7061.91 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 21:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 22:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [18/03/2014 11:10:42] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 21:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:22] - [7526.04 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:02:55] - [93736.07 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:20] - [1513539.4 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [159 Ko] - C:\WINDOWS\System32\dsc
[MD5.580440DB5255D163F835FD4EC982C44F] - |A| - [16/09/2017 07:36:44] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.10FEDF144C0CF9DAB1371E603F20DB29] - |A| - [01/08/2014 19:08:58] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:26] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [2162.53 Ko] - C:\WINDOWS\System32\en-US
[MD5.01E0D3508E6E6F4497A242BE8DDBCC14] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [545.5 Ko] - (2.6.0.6) - C:\WINDOWS\System32\enppmon.dll
[MD5.DFE3AD07E87194DD7F10C8C10E64B5AA] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [523 Ko] - (2.6.0.6) - C:\WINDOWS\System32\enppui.dll
[MD5.74984FC408BF5BB10A0660B321E4BC5D] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [214.5 Ko] - (2.6.0.3) - C:\WINDOWS\System32\enpres.dll
[MD5.01E0D3508E6E6F4497A242BE8DDBCC14] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [545.5 Ko] - (2.6.0.6) - C:\WINDOWS\System32\ensppmon.dll
[MD5.DFE3AD07E87194DD7F10C8C10E64B5AA] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [523 Ko] - (2.6.0.6) - C:\WINDOWS\System32\ensppui.dll
[MD5.74984FC408BF5BB10A0660B321E4BC5D] - |A| - [29/05/2014 15:48:46] - (.Copyright (C) SEIKO EPSON CORPORATION 2004-2012. - EpsonNet Print Component.) - [214.5 Ko] - (2.6.0.3) - C:\WINDOWS\System32\enspres.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX
[MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [29/05/2014 15:39:28] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL
[MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [29/05/2014 15:39:24] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_ID4BLEE.DLL
[MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [29/05/2014 15:39:25] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\WINDOWS\System32\E_ILMBLEE.DLL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [28452.16 Ko] - C:\WINDOWS\System32\F12
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [15/11/2017 17:40:38] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.A3A93845F369ED4B8D1ACBFA8216B19F] - |A| - [23/07/2017 13:06:42] - (.-.) - [390.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:26] - [3402.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [44664.25 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 21:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.E67DA43B4CF8E15291E4F0D5C42EA1A0] - |A| - [19/05/2016 10:44:42] - (.-.) - [162.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ar-SA.resources
[MD5.51470B9F0EFCBE5A80A8B501197CA0E2] - |A| - [19/05/2016 10:44:42] - (.-.) - [138.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.cs-CZ.resources
[MD5.A2BCCE562367DCDA44797A6431155E9D] - |A| - [19/05/2016 10:44:42] - (.-.) - [133.93 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.da-DK.resources
[MD5.2FC2E0417502F50636DE03818AC83E37] - |A| - [19/05/2016 10:44:42] - (.-.) - [143.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.de-DE.resources
[MD5.78C2B4C49F955534DDDFDCA2C46BE843] - |A| - [19/05/2016 10:44:42] - (.-.) - [205.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.el-GR.resources
[MD5.EBD3437D5EDB8404E1E86F2552F4E458] - |A| - [19/05/2016 10:44:42] - (.-.) - [129.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.en-US.resources
[MD5.1D724422FD031FC348380DF30565F378] - |A| - [19/05/2016 10:44:42] - (.-.) - [143.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.es-ES.resources
[MD5.167C2A4CF15A1A6A6192798B0BBA64B5] - |A| - [19/05/2016 10:44:42] - (.-.) - [138.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fi-FI.resources
[MD5.F3EB742B8D75E8BAB4DB0271BEFBFA65] - |A| - [19/05/2016 10:44:42] - (.-.) - [142.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.fr-FR.resources
[MD5.1924F5EE8CCA6761850DA2A1FB5E9233] - |A| - [19/05/2016 10:44:42] - (.-.) - [155.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.he-IL.resources
[MD5.1AD276140AC09C73466542E197DFFBDC] - |A| - [19/05/2016 10:44:42] - (.-.) - [137.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hr-HR.resources
[MD5.2FFAE506730EF37784F3667CA4EA121E] - |A| - [19/05/2016 10:44:42] - (.-.) - [140.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.hu-HU.resources
[MD5.2112A985F703196DB48042E2C3478849] - |A| - [19/05/2016 10:44:42] - (.-.) - [146.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.it-IT.resources
[MD5.3D16226F3B3C353C8DED165C93881CD7] - |A| - [19/05/2016 10:44:42] - (.-.) - [159.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ja-JP.resources
[MD5.F848E84794792910171CB966CACD5869] - |A| - [19/05/2016 10:44:42] - (.-.) - [144.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ko-KR.resources
[MD5.D4F9A73A2D7A53B33B79B25D2C7F54A8] - |A| - [19/05/2016 10:44:42] - (.-.) - [134.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nb-NO.resources
[MD5.2CB895F3DD7239DF6785796E56FFF6EE] - |A| - [19/05/2016 10:44:42] - (.-.) - [140.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.nl-NL.resources
[MD5.C22FC0D4D4DA401026C55BCF142E9EAA] - |A| - [19/05/2016 10:44:42] - (.-.) - [139.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pl-PL.resources
[MD5.61884D76B03DE138C45CE6BC826B261A] - |A| - [19/05/2016 10:44:42] - (.-.) - [140.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-BR.resources
[MD5.0345103583BA5A28A74297C583D6B72B] - |A| - [19/05/2016 10:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.pt-PT.resources
[MD5.740CFD4AEDA63ED5A902C4012F634811] - |A| - [19/05/2016 10:44:42] - (.-.) - [142.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ro-RO.resources
[MD5.3B98DE17467E57264FB67BAAE9FC99D1] - |A| - [19/05/2016 10:44:42] - (.-.) - [189.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.ru-RU.resources
[MD5.9AD3600A8802547DCA1395BF01F17D0C] - |A| - [19/05/2016 10:44:42] - (.-.) - [138.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sk-SK.resources
[MD5.ABA254E3CD5D35E6BDC98E21B754E46B] - |A| - [19/05/2016 10:44:42] - (.-.) - [134.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sl-SI.resources
[MD5.077B93A3728B0ED69F752D467EB5C432] - |A| - [19/05/2016 10:44:42] - (.-.) - [139.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.sv-SE.resources
[MD5.96AAA779DA7D78893479BD24969E7644] - |A| - [19/05/2016 10:44:42] - (.-.) - [218.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.th-TH.resources
[MD5.602AD24EE7F5C071C5F59EC6E510F10D] - |A| - [19/05/2016 10:44:42] - (.-.) - [141.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.tr-TR.resources
[MD5.93A5633BA17BBE1726871BD5EA2B15CD] - |A| - [19/05/2016 10:44:42] - (.-.) - [121.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-CN.resources
[MD5.E5FC52A12691FB17D790C08E21150AEC] - |A| - [19/05/2016 10:44:42] - (.-.) - [123.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxres.zh-TW.resources
[MD5.12BCB2A86CB2570F3603D68AE695E970] - |A| - [19/05/2016 10:44:42] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxUI.exe.config
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 21:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 21:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [304.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:11:49] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 21:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.19A800CAA49DFE29BABC1BAF7723A044] - |A| - [09/03/2017 01:16:04] - (.-.) - [109.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.DD6A58ACF58557F6546BED42D7ED0B40] - |A| - [09/03/2017 01:16:06] - (.-.) - [116.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdde64.dll
[MD5.925C5390A68D279D9E84101D82D1969A] - |A| - [09/03/2017 01:16:06] - (.Copyright (C) 2012 - CM Runtime Dynamic Link Library (DX11).) - [579.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.47E704080C9F891AA2F176E8F31CAF91] - |A| - [09/03/2017 01:16:08] - (.Copyright (C) 2010 - 2011 - CM JIT Dynamic Link Library.) - [3446.63 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.E0C1A56B986E2B0E7C9F59C7FD2522A1] - |A| - [09/03/2017 01:17:06] - (.Copyright (C) 2010 - 2012 - CM Runtime Dynamic Link Library.) - [1060.95 Ko] - (2.4.0.1020) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.504889BC256227C8E1B54CD80E55388A] - |A| - [14/08/2012 09:56:22] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [113.5 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v2828.dll
[MD5.F5490A23C96AC4C6C825B5392F7FAA40] - |A| - [01/06/2015 20:00:38] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [122 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v4229.dll
[MD5.63AB75BD87466A6CFE6B18DC308C478D] - |A| - [09/03/2017 01:16:10] - (.Copyright (C) 2009 - Intel(R) Graphics Media Accelerator Driver Coinstaller.) - [131.13 Ko] - (1.2.30.0) - C:\WINDOWS\System32\igfxCoIn_v4459.dll
[MD5.8935F0C8CD09D0520AF28A0E63D5BB00] - |A| - [09/03/2017 01:16:08] - (.-.) - [27.13 Ko] - (1.0.0.0) - C:\WINDOWS\System32\IGFXDEVLib.dll
[MD5.40DFD4CFB98AB5E4666B0F607CB64921] - |A| - [19/05/2016 10:41:40] - (.-.) - [1935.25 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.828C46F74BB7248FF401471D072BB751] - |A| - [19/05/2016 10:41:40] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.55632EAD6A6C6708C6671D4622454EDB] - |A| - [19/05/2016 10:41:40] - (.-.) - [57.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.555B90CAEC4AE1D3140338CF2D16A11B] - |A| - [19/05/2016 10:41:40] - (.-.) - [57.72 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.6FBF733E8ACB2F13407DD9582217F720] - |A| - [19/05/2016 10:41:40] - (.-.) - [58.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.ECE7DBF87A6E24AC8A680064FFAE5A58] - |A| - [19/05/2016 10:41:40] - (.-.) - [57.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.48434EAFE70409D261DAF5AD244F03CA] - |A| - [19/05/2016 10:41:40] - (.-.) - [58.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.9D068CF01FC9A74EF3ACAEC779962B0C] - |A| - [19/05/2016 10:41:40] - (.-.) - [56.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.40EA0A3BBDBAE952D47B433090B0F031] - |A| - [19/05/2016 10:58:18] - (.-.) - [16.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 21:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [25851.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 21:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [6541 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 21:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.9A6B161FF7A7901D337E2A3A25B3CA0B] - |A| - [25/09/2012 07:50:57] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lendrvchk.scp
[MD5.D0CD5E29BB92C70430C92018EDC8A829] - |A| - [25/09/2012 08:32:00] - (.Copyright (C) 2010 - Lenovo Energy Management Software SubSystem Dynamic Link Library.) - [19.41 Ko] - (1.0.0.2) - C:\WINDOWS\System32\LenovoSDKEmSubSystem.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [14996.89 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [58987.45 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.FFED99DB5805637345A0FCF68BB0F99F] - |A| - [15/09/2017 17:54:29] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 21:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:37:22] - [1134.26 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [5497.13 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [47457.12 Ko] - C:\WINDOWS\System32\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/08/2013 14:21:32] - [37.48 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4276.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [19.15 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [384 Ko] - C:\WINDOWS\System32\NDF
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 16:51:13] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-113843.txt
[MD5.3CDC5B2D8C9FF4F9B9FED944FC1D3436] - |A| - [25/09/2012 08:08:38] - (.-.) - [1.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-126703.txt
[MD5.822A1BB518498BB1D492061B42399ED5] - |A| - [25/09/2012 08:08:40] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-128531.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:51:29] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-131343.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:51:29] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-131406.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 09:44:45] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-147309125.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 09:44:46] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-147309859.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 09:44:47] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-147310484.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 09:44:50] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-147313281.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 20:56:34] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14831046.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 20:56:34] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-14831328.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [01/08/2012 16:51:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15156.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [01/08/2012 16:51:23] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15312.txt
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [01/08/2012 16:51:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15437.txt
[MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [01/08/2012 16:51:23] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15625.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [01/08/2012 16:51:24] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-15750.txt
[MD5.F931FA566001F046F3642B511DF0D4DE] - |A| - [01/08/2012 16:51:24] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-16093.txt
[MD5.5FE80EDCD68F34707A5A547E69D64D79] - |A| - [25/09/2012 08:11:57] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-163968.txt
[MD5.CB913F33B19502E29D667530D6289582] - |A| - [25/09/2012 08:11:57] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-164171.txt
[MD5.87B1129F5190448B46885F8EF3CFC90B] - |A| - [01/08/2012 16:51:24] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-16437.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:52:03] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-164750.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [01/08/2012 16:51:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-16796.txt
[MD5.7D4DFC5FB3310122AEDAD84E6ECED849] - |A| - [25/09/2012 08:12:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-168062.txt
[MD5.A333413D63F97C17EC3EF6E79DA20ACD] - |A| - [25/09/2012 08:12:01] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-168562.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:52:07] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-169000.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [01/08/2012 16:51:25] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-17000.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [01/08/2012 16:51:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-17187.txt
[MD5.FC2AE0A6CD9E5604723A4D73E3485D1B] - |A| - [01/08/2012 16:51:25] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-17328.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [01/08/2012 16:51:25] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-17453.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177277078.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177277531.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177277687.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:18] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177277921.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:19] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177278890.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [13/03/2013 18:04:22] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-177281968.txt
[MD5.13023F9E995E4B023CA0E6DF12863157] - |A| - [01/08/2012 16:51:26] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-18406.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 21:09:52] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-242203.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:05:15] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-289843.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:05:15] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-289968.txt
[MD5.E0B26EE83029F9430D4190072C987407] - |A| - [25/09/2012 08:05:15] - (.-.) - [0.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-290000.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:05:16] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-291062.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:05:20] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-295046.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 21:11:31] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-341046.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 21:11:33] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-343343.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 15:12:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-346406.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 15:12:15] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-347078.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 16:12:14] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-3946093.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 16:12:21] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-3953062.txt
[MD5.41D5697B37939B4606554A61D3687225] - |A| - [01/08/2012 17:06:56] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-418953.txt
[MD5.41D5697B37939B4606554A61D3687225] - |A| - [01/08/2012 17:06:56] - (.-.) - [1.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-419281.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 08:09:45] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-55217265.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 08:09:45] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-55217359.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 08:09:54] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-55226531.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 08:09:54] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-55226687.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:50:16] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-57968.txt
[MD5.0A742EBDEC323A1C158125EDDCD0ECB9] - |A| - [25/09/2012 07:46:36] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-59921.txt
[MD5.E39F5B5F2F8E17B44BC73BFD6F5EEFE8] - |A| - [25/09/2012 07:46:36] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-60734.txt
[MD5.363AB3B147EC26DE764E2FB32EA2041C] - |A| - [25/09/2012 07:46:37] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-61062.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [11/03/2013 16:48:54] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-6145968.txt
[MD5.EC3F2258DC5247436CF829AA405523A7] - |A| - [25/09/2012 07:46:37] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-61671.txt
[MD5.670571AEA7547824368AAFF1210E5219] - |A| - [25/09/2012 07:46:38] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-61968.txt
[MD5.876860348EF677B24E4070B6F0D0434B] - |A| - [25/09/2012 07:46:38] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-62312.txt
[MD5.D9DF4A50BBA7175DDD31647FDD2E1C1E] - |A| - [25/09/2012 07:46:38] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-62640.txt
[MD5.6B60C5E72A98FFD8AA3C3E79EB9EBC37] - |A| - [25/09/2012 07:46:39] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-63015.txt
[MD5.8CC3614DB50EB8B061D80657A5E43793] - |A| - [25/09/2012 07:46:40] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-64015.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 07:50:22] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-64328.txt
[MD5.FDB0784D17DFE0A75362586CD112D440] - |A| - [25/09/2012 07:46:42] - (.-.) - [1.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-66250.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 15:36:31] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-82018765.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 15:36:31] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-82018875.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 15:36:33] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-82020562.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [12/03/2013 15:36:36] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-82023640.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:32:38] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-844250.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:32:39] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-845671.txt
[MD5.A4CCA3A4BF67AB524296657119B925C4] - |A| - [25/09/2012 07:47:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-88015.txt
[MD5.FD4BB3450580C0B3328B4EC4753A4F2D] - |A| - [25/09/2012 07:47:04] - (.-.) - [1.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-88500.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:08:08] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-96187.txt
[MD5.52EF6BEF7ED66F60B8E6F6C9E66CE07A] - |A| - [25/09/2012 08:08:08] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\netcfg-96390.txt
[MD5.EF1A77A08B75C64921D59E286AB07993] - |A| - [23/07/2017 13:07:05] - (.-.) - [26.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 21:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 22:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.69F492F69D2F54EFB307814AA51328E4] - |A| - [01/08/2012 17:50:19] - (.-.) - [56.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMLOGO.bmp
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [11/10/2017 13:55:18] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [11/10/2017 13:55:19] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [11/10/2017 13:55:18] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 21:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [17446.94 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 21:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.3EFA5BCA3EBD568E79E798171402C95E] - |A| - [18/03/2017 22:05:34] - (.-.) - [441.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.8FEACE4295DF79D0C534BB38E4A77F11] - |A| - [20/03/2017 06:10:29] - (.-.) - [497.99 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 22:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [20/03/2017 06:10:29] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.64DAB9FD093458FDE32A937CA7AC6038] - |A| - [18/03/2017 22:05:34] - (.-.) - [1041.61 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.F91BF07EB5E6E2A032EC54DF2A1EF0C5] - |A| - [20/03/2017 06:10:29] - (.-.) - [1993.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.5376B5F9B5D5BCA901688249155955FC] - |A| - [23/07/2017 13:41:56] - (.-.) - [1513.95 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [634.5 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 21:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [2.19 Ko] - C:\WINDOWS\System32\Recovery
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 21:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 21:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 21:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.F1201740A91025AB41CC30E9400AF72E] - |A| - [25/09/2012 07:59:57] - (.-.) - [15.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [251.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [304.5 Ko] - C:\WINDOWS\System32\ru-RU
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 21:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [11/10/2017 13:55:19] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [11/10/2017 13:55:19] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [11/10/2017 13:55:19] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 21:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:06:50] - [95674.3 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 21:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:20] - [14465.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [11/10/2017 13:55:20] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 21:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [7504.91 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [11677.73 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [189173.3 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [6056.87 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [367.23 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 21:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4824 Ko] - C:\WINDOWS\System32\sru
[MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 21:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.093006FF0E695AF04BEEC1A9F5B5F9B8] - |A| - [03/06/2015 02:16:46] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynCOM.) - [746.7 Ko] - (19.0.9.5) - C:\WINDOWS\System32\SynCOM.dll
[MD5.B22E84AD0E7FDD2A2F8F9E52005ACB07] - |A| - [03/06/2015 02:16:46] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynTPAPI.) - [261.7 Ko] - (19.0.9.5) - C:\WINDOWS\System32\SynTPAPI.dll
[MD5.EBCFA3F7E651CBFB82C2936888B848BE] - |A| - [03/06/2015 02:16:46] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [249.2 Ko] - (19.0.9.5) - C:\WINDOWS\System32\SynTPCo29.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:22] - [1595.22 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [906.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [690.08 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [637.84 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 21:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 21:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 21:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.28268F5DD1535D2A6EE46D42CBAEFC51] - |A| - [17/09/2013 16:24:20] - (.Copyright © AVG Netherlands B. V. 2011 - TuneUp Registry Optimization Boot Application.) - [39.8 Ko] - (14.0.1000.148) - C:\WINDOWS\System32\TURegOpt.exe
[MD5.038B1330D2EB371E3C49F782DFE51195] - |A| - [05/08/2015 02:20:06] - (.Copyright© Conexant Systems, Inc. 2013 - Conexant Unified x64 Device CoInstaller.) - [3079.36 Ko] - (7.96.0.0) - C:\WINDOWS\System32\UCI64A96.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [07/07/2017 13:47:13] - [2199.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.D45F17FEA6B94CC54E6C18264DCFEDC8] - |A| - [26/10/2013 11:58:17] - (.Copyright © AVG Netherlands B. V. 2011 - TuneUp Theme Extension.) - [42.3 Ko] - (14.0.1000.148) - C:\WINDOWS\System32\uxtuneup.dll
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 21:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [76166.45 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 21:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 16:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [9310.21 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [143932 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4753.58 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 21:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 21:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [23/07/2017 13:44:45] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [25/09/2012 17:40:50] - [0 Ko] - C:\WINDOWS\SysWOW64\040C
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 21:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 21:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 21:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 12:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [25/09/2012 08:04:47] - [791.18 Ko] - C:\WINDOWS\SysWOW64\Atheros_L1e
[MD5.76A3CCD3E82D11206C7DE19884A20C22] - |A| - [06/07/2005 17:24:58] - (.Copyright © 1995, Bennet-Tec Information Systems - Bennet-Tec AllText 4.5 Control.) - [786 Ko] - (1.72.0.0) - C:\WINDOWS\SysWOW64\atx45.ocx
[MD5.201475A3379B154F4916198F9646614C] - |A| - [06/07/2005 17:24:58] - (.Copyright © 1996 - ATX45OLE DLL.) - [25 Ko] - (1.3.0.1) - C:\WINDOWS\SysWOW64\Atx45ole.dll
[MD5.4C9F6C2CF80D7C58D3952E2D461C6E9C] - |A| - [06/07/2005 17:24:59] - (.Copyright © 1996 - Atx45pic DLL.) - [73 Ko] - (1.8.0.1) - C:\WINDOWS\SysWOW64\atx45pic.dll
[MD5.C0352A2B0358B7B757A0BC64C21E60D6] - |A| - [26/10/2013 11:58:19] - (.Copyright © AVG Netherlands B. V. 2011 - TuneUp WinLogon Extension.) - [24.8 Ko] - (14.0.1000.148) - C:\WINDOWS\SysWOW64\authuitu.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.5D5EFCC2A149FCAB8DF932514124B155] - |A| - [06/07/2005 17:24:59] - (.Copyright (C) 1999 - testdll DLL.) - [152 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\bookuse.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.57741342CB514072D26EF56B9EF95C86] - |A| - [11/04/2013 12:55:56] - (.Copyright 1999 - 2007 - CDDBControl Core Module.) - [777.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CDDBControl.dll
[MD5.99A44759C589DF319376B29724DFBAEB] - |A| - [11/04/2013 12:55:56] - (.Copyright © 2003-2007 - CddbLangDE.) - [101.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CddbLangDE.dll
[MD5.889293D30D3F7A459EA4C00FAF006B1B] - |A| - [11/04/2013 12:55:56] - (.Copyright © 2003-2007 - CddbLangES.) - [101.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CddbLangES.dll
[MD5.C69B5427BCCA7BD1ABEE933B9CD41989] - |A| - [11/04/2013 12:55:56] - (.Copyright © 2003-2007 - CddbLangFR.) - [101.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CddbLangFR.dll
[MD5.1E4ADA579CF04AAE901F14970604078E] - |A| - [11/04/2013 12:55:56] - (.Copyright © 2003-2007 - CddbLangJA.) - [81.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CddbLangJA.dll
[MD5.CDF4D8D1717F22F9BD5DFA9E44842757] - |A| - [11/04/2013 12:55:56] - (.Copyright © 2003-2007 - CddbLangRU.) - [165.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CddbLangRU.dll
[MD5.F525176D64D23A4C4B27DD6BCCD96F4E] - |A| - [11/04/2013 12:55:56] - (.Copyright 2001 - 2007 - CDDBUIControl Module.) - [789.49 Ko] - (2.5.0.104) - C:\WINDOWS\SysWOW64\CDDBUI.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [938.78 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/03/2013 15:47:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\config.nt
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [51.27 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.8097CB55C5B769BD3C3489D31DFD19D5] - |A| - [25/09/2012 07:52:59] - (.Copyright  2011 - CSVer.) - [52 Ko] - (9.3.0.1021) - C:\WINDOWS\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [5929.02 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [1077.55 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [3395.67 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [1550.03 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [04/08/2013 00:50:36] - [0 Ko] - C:\WINDOWS\SysWOW64\Extensions
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [24159.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:27] - [3149 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [37334.79 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.896E4C45F27E6317DEE3F847DC5028AC] - |A| - [21/02/2015 09:57:07] - (.-.) - [4.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Garmin_Express_0_GarminExpress.log
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 21:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 21:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.297CD5255C8E1754848522B14AB754FD] - |A| - [12/03/2013 18:03:09] - (.-.) - [0.93 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
[MD5.0B5A6B858A92A8BE5B81D746DD472AC1] - |A| - [06/07/2005 17:24:55] - (.-.) - [128 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ita_client_v10_dll.dll
[MD5.1DF7410788CB4B00A4949681C07E87FF] - |A| - [20/04/2012 12:59:44] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\IusEventLog.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [222.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.9533FE0A942E00114047140B42DF8E3D] - |A| - [23/05/2014 16:59:26] - (.Copyright © 2014 - Java(TM) Platform SE binary.) - [170.91 Ko] - (7.0.550.14) - C:\WINDOWS\SysWOW64\java.exe
[MD5.37C15684482B4D596316735DCEEE939A] - |A| - [23/05/2014 16:59:26] - (.Copyright © 2014 - Java(TM) Platform SE binary.) - [171.41 Ko] - (7.0.550.14) - C:\WINDOWS\SysWOW64\javaw.exe
[MD5.6EA69D2312F3571F6F8BEADD224165E8] - |A| - [23/05/2014 16:59:30] - (.Copyright © 2014 - Java(TM) Web Start Launcher.) - [258.41 Ko] - (10.55.2.14) - C:\WINDOWS\SysWOW64\javaws.exe
[MD5.2453C7BF88C95E5035194E4E0FDC4F5B] - |A| - [06/07/2005 17:24:52] - (.© 1998 - Jan Krumsiek - JK Joystick Contro l2.) - [26 Ko] - (2.0.0.0) - C:\WINDOWS\SysWOW64\jkjoystick2.ocx
[MD5.43E1DADA8C90A43B44B4EC978596709A] - |A| - [29/05/2013 09:29:36] - (.-.) - [3.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_21-b11.log
[MD5.4816E6DA225F2A0F8351418E18B93235] - |A| - [17/01/2014 17:53:49] - (.-.) - [5.16 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_51-b13.log
[MD5.94DE15B263CF97D6EE68F794F2CAF15A] - |A| - [23/05/2014 16:58:55] - (.-.) - [4.04 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [220.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR
[MD5.C13EE6FC9DA71E581756E415CD876A30] - |A| - [16/09/2010 13:13:42] - (.Copyright (C) 2010 - Lenovo Energy Management Software SubSystem Dynamic Link Library.) - [16.91 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\LenovoSDKEmSubSystem.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [79.18 Ko] - C:\WINDOWS\SysWOW64\Licenses
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/09/2012 07:55:03] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\log.txt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [224.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.330A8642DCAEB99F5C5C46B02131B76E] - |A| - [26/01/2007 01:04:12] - (.-.) - [27 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ma32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [50275.5 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.4D479B6F1473712E16D9103F6DD5361E] - |A| - [26/01/2007 01:04:12] - (.-.) - [135.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\mase32.dll
[MD5.00000000000000000000000000000000] - |SD| - [13/08/2017 14:32:31] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [3042.39 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.D19FBEA85FFD1C2CE25DAE7599583DB0] - |A| - [06/02/2009 00:35:46] - (.©  1998-2002 by Pinnacle Systems GmbH - MLPag DLL - Memory Page Allocator.) - [37.27 Ko] - (1.2.0.113) - C:\WINDOWS\SysWOW64\MLPagAx.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 22:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [635.23 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.CADCB8DA00F949B8D446666D8436F789] - |A| - [06/02/2009 00:33:56] - (.Copyright © 2000 - Guid_dll.) - [53.27 Ko] - (2.0.0.5) - C:\WINDOWS\SysWOW64\PCLEGetGuid.dll
[MD5.1BAF25005F9077AA8BAE09D6E64FD0B1] - |A| - [06/07/2005 17:24:56] - (.Copyright 2000, Edward Grubb III -.) - [36 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\picformat32.ocx
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [288 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:28] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.F0F2922A9779B4A31B41DC9FF88E66A9] - |A| - [22/03/2010 09:31:46] - (.Copyright (C) 2006 - PSPGRU.) - [392.5 Ko] - (14.0.230.20) - C:\WINDOWS\SysWOW64\PSPGRU.acm
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [290.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [285.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.CACA2F4EE4804370B5B72A1F563C2E47] - |A| - [06/02/2009 00:35:58] - (.©  1998-2005 by Pinnacle Systems GmbH - Register Abstraction Layer - main interface to RAL.) - [185.27 Ko] - (2.0.0.282) - C:\WINDOWS\SysWOW64\RALMain.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [230.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.C726A4820272D89E85D12FE3294561D7] - |A| - [23/07/2017 13:12:44] - (.© 2011,2012 Conexant Systems, Inc. - SmartAudio Service Application.) - [417.21 Ko] - (1.0.6.0) - C:\WINDOWS\SysWOW64\SASrv.exe
[MD5.00000000000000000000000000000000] - |D| - [25/09/2012 08:04:32] - [67.6 Ko] - C:\WINDOWS\SysWOW64\sda
[MD5.00000000000000000000000000000000] - |D| - [04/08/2013 00:50:36] - [0 Ko] - C:\WINDOWS\SysWOW64\searchplugins
[MD5.91A1AB276E363F8DEBFF0C0FAC46F2F2] - |A| - [06/07/2005 17:24:56] - (.-.) - [24 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\SensoryMouseInput.dll
[MD5.D08836CB11A197DF5C8B0680786E77C6] - |A| - [06/07/2005 17:24:56] - (.-.) - [80 Ko] - (0.9.0.3) - C:\WINDOWS\SysWOW64\SensoryScanner.exe
[MD5.D9C4E8D3BACF18FB47949570A6DF9D7D] - |A| - [06/07/2005 17:24:57] - (.-.) - [120 Ko] - (1.3.0.4) - C:\WINDOWS\SysWOW64\sensoryspeech.exe
[MD5.B8692138B30A71D3E0014375117F451B] - |A| - [06/07/2005 17:24:57] - (.-.) - [48 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\sensoryswitchinput.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [231 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [228.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:28] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4128.41 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [8255.1 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [1271.66 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.0DC5AF80D059DEC792B665ED598C6567] - |A| - [22/09/2014 18:38:32] - (.2000-2010 Public Domain - SQLite Dynamic Link Library (No TCL).) - [524 Ko] - (3.7.2.0) - C:\WINDOWS\SysWOW64\sqlite3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [347.23 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.C23EFE4FE65423E6C1D21EE40E90B514] - |A| - [06/07/2005 17:24:57] - (.Copyright © 1996 Wintertree Software Inc. - Sentry Spelling-Checker Engine.) - [84 Ko] - (4.22.0.0) - C:\WINDOWS\SysWOW64\ssce4332.dll
[MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 21:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.2B028F4BEFF9A068EC98E223E42682BD] - |A| - [06/07/2005 17:24:57] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\sspred02.dll
[MD5.2B028F4BEFF9A068EC98E223E42682BD] - |A| - [06/07/2005 17:24:57] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\sspred03.dll
[MD5.C9A733DF4B5066BBDB23DCA860891F16] - |A| - [06/07/2005 17:24:57] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\sspred04.dll
[MD5.2B028F4BEFF9A068EC98E223E42682BD] - |A| - [06/07/2005 17:24:57] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\sspred32.dll
[MD5.90C34787F181708DC15233E06A275CBE] - |A| - [06/07/2005 17:24:57] - (.Info-ZIP 1996-1998 - Info-ZIP's UnZip DLL for Win32.) - [140 Ko] - (1.1.0.0) - C:\WINDOWS\SysWOW64\ssUnzip.dll
[MD5.CEFD956A1EF122CDA4D53007BAB6C694] - |A| - [06/07/2005 17:24:52] - (.Copyright (C) 1998, 1999 Almeida & Andrade Ltda - aamd532 DLL.) - [10.5 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\ssutils2.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.CCA09A5B135487DEEAB79AF1001CC07E] - |A| - [03/06/2015 02:16:46] - (.Copyright (C) Synaptics Incorporated 1996-2015 - SynCOM.) - [409.7 Ko] - (19.0.9.5) - C:\WINDOWS\SysWOW64\SynCom.dll
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.AD12C05CB2AF2CCD9D65886A4FCC9292] - |A| - [06/07/2005 17:24:58] - (.-.) - [364 Ko] - (2.0.0.1) - C:\WINDOWS\SysWOW64\toolbar2.ocx
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.6670F8ADA80AF9603FE82F334DD540BA] - |A| - [26/10/2013 11:58:17] - (.Copyright © AVG Netherlands B. V. 2011 - TuneUp Theme Extension.) - [35.3 Ko] - (14.0.1000.148) - C:\WINDOWS\SysWOW64\uxtuneup.dll
[MD5.98E550C48C7135BFA9CFCF67E9620AC5] - |A| - [12/06/2015 13:57:16] - (.-.) - [3.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\vm331Rmv.ini
[MD5.1387F9AE7C133CAA0AD5F797024B4E88] - |A| - [12/06/2015 14:04:00] - (.Copyright 2007 - vmprp331 Module.) - [660.51 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\vmprp331.ax
[MD5.CF2B89CD147519657CA087B180B5A884] - |A| - [20/01/2003 20:58:14] - (.Copyright (C)2001 H.Mutsuki - Ogg Vorbis CODEC for MSACM.) - [1264 Ko] - (0.0.3.6) - C:\WINDOWS\SysWOW64\vorbis.acm
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [15582.66 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:28] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 21:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [7477.85 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [4753.59 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [20/03/2017 06:10:28] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [23/07/2017 13:45:11] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.2807CBABA428E02CFAE1328317CD2F29] - |A| - [22/03/2010 09:31:18] - (.Copyright (c) Philips Austria GmbH - Speech Processing, 2008 - LOG is a logging library.) - [112.5 Ko] - (2.7.230.20) - C:\WINDOWS\SysWOW64\XPSPLOG.dll
[MD5.00000000000000000000000000000000] - |D| - [23/07/2017 13:34:07] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 12:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Maxime\AppData\Roaming   [23/07/2017 13:14:50]
"Local AppData"=C:\Users\Maxime\AppData\Local   [23/07/2017 13:14:50]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Libraries   [11/03/2013 15:18:42]
"My Video"=C:\Users\Maxime\Videos   [11/03/2013 15:17:36]
"My Pictures"=C:\Users\Maxime\Pictures   [11/03/2013 15:17:36]
"Desktop"=C:\Users\Maxime\Desktop   [01/08/2014 18:27:12]
"History"=C:\Users\Maxime\AppData\Local\Microsoft\Windows\History   [11/03/2013 15:17:36]
"NetHood"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [23/07/2017 13:14:50]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Maxime\Contacts   [11/03/2013 15:18:42]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Maxime\AppData\Local\Microsoft\Windows\RoamingTiles   [11/03/2013 15:18:42]
"Cookies"=C:\Users\Maxime\AppData\Local\Microsoft\Windows\INetCookies   [11/03/2013 15:17:36]
"Favorites"=C:\Users\Maxime\Favorites   [01/08/2014 18:27:12]
"SendTo"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\SendTo   [27/09/2016 18:25:09]
"Start Menu"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu   [27/09/2016 18:25:09]
"My Music"=C:\Users\Maxime\Music   [11/03/2013 15:17:36]
"Programs"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [27/09/2016 18:25:09]
"Recent"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Recent   [11/03/2013 15:17:36]
"CD Burning"=C:\Users\Maxime\AppData\Local\Microsoft\Windows\Burn\Burn   [23/07/2017 14:09:23]
"PrintHood"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [23/07/2017 13:14:50]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Maxime\Searches   [11/03/2013 15:18:42]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Maxime\Downloads   [11/03/2013 15:17:36]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Maxime\AppData\LocalLow   [11/03/2013 15:17:36]
"Startup"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [11/03/2013 15:18:42]
"Administrative Tools"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [11/03/2013 15:18:42]
"Personal"=C:\Users\Maxime\Documents   [01/08/2014 18:27:12]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Maxime\Links   [11/03/2013 15:17:36]
"Cache"=C:\Users\Maxime\AppData\Local\Microsoft\Windows\INetCache   [23/07/2017 13:14:50]
"Templates"=C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Templates   [23/07/2017 13:14:50]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Maxime\Saved Games   [11/03/2013 15:17:36]
"Fonts"=C:\WINDOWS\Fonts   [18/03/2017 22:03:29]

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache   
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"{339719B5-8C47-4894-94C2-D8F77ADD44A6}"=C:\Users\Maxime\OneDrive\Documents\Images   [03/08/2014 22:41:48]
"{767E6811-49CB-4273-87C2-20F355E1085B}"=C:\Users\Maxime\OneDrive\Images\Pellicule   [14/03/2015 11:43:24]
"{C3F2459E-80D6-45DC-BFEF-1F769F2BE730}"=C:\Users\Maxime\OneDrive\Musique   [04/10/2017 16:56:03]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 22:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 22:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [22/08/2013 16:36:30]
"Common Documents"=C:\Users\Public\Documents   [22/08/2013 16:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 22:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 22:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 22:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [26/07/2012 09:12:59]
"CommonMusic"=C:\Users\Public\Music   [22/08/2013 16:36:30]
"CommonPictures"=C:\Users\Public\Pictures   [22/08/2013 16:36:30]
"CommonVideo"=C:\Users\Public\Videos   [22/08/2013 16:36:30]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/03/2017 22:03:29]
"Common AppData"=C:\ProgramData   [18/03/2017 22:03:29]
"Common Desktop"=C:\Users\Public\Desktop   [22/08/2013 16:36:30]
"Common Documents"=C:\Users\Public\Documents   [22/08/2013 16:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [18/03/2017 22:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [18/03/2017 22:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [18/03/2017 22:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [26/07/2012 09:12:59]
"CommonMusic"=C:\Users\Public\Music   [22/08/2013 16:36:30]
"CommonPictures"=C:\Users\Public\Pictures   [22/08/2013 16:36:30]
"CommonVideo"=C:\Users\Public\Videos   [22/08/2013 16:36:30]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [Administrateur]

[13/02/2016 14:14:31] - |D| - [1434580180] - C:\Users\Administrateur\AppData\Local
[13/02/2016 14:14:32] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow
[13/02/2016 14:14:31] - |D| - [158913] - C:\Users\Administrateur\AppData\Roaming
[13/02/2016 14:16:50] - |D| - [0] - C:\Users\Administrateur\AppData\Local\ActiveSync
[13/02/2016 14:14:32] - |SHD| - [1307243404] - C:\Users\Administrateur\AppData\Local\Application Data
[13/02/2016 14:14:32] - |SHD| - [130] - C:\Users\Administrateur\AppData\Local\Historique
[13/02/2016 14:21:05] - |AH| - [3368] - C:\Users\Administrateur\AppData\Local\IconCache.db
[13/02/2016 14:14:31] - |D| - [112978172] - C:\Users\Administrateur\AppData\Local\Microsoft
[13/02/2016 14:14:37] - |D| - [3271330] - C:\Users\Administrateur\AppData\Local\Packages
[13/02/2016 14:14:31] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp
[13/02/2016 14:14:32] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files
[13/02/2016 14:14:36] - |D| - [11083776] - C:\Users\Administrateur\AppData\Local\TileDataLayer
[13/02/2016 14:18:33] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe
[13/02/2016 14:14:31] - |SD| - [158913] - C:\Users\Administrateur\AppData\Roaming\Microsoft
[13/02/2016 14:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[13/02/2016 14:14:32] - |SHD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[13/02/2016 14:14:31] - |RD| - [22466] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[13/02/2016 14:14:31] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[13/02/2016 14:14:31] - |RD| - [2925] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[13/02/2016 14:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[13/02/2016 14:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/02/2016 14:14:31] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[13/02/2016 14:19:52] - |A| - [2405] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[13/02/2016 14:18:35] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[13/02/2016 14:14:31] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[13/02/2016 14:14:31] - |RSD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[13/02/2016 14:18:35] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Maxime]

[23/07/2017 13:14:50] - |D| - [84436396797] - C:\Users\Maxime\AppData\Local
[11/03/2013 15:17:36] - |D| - [198007181] - C:\Users\Maxime\AppData\LocalLow
[23/07/2017 13:14:50] - |D| - [2077236666] - C:\Users\Maxime\AppData\Roaming
[28/05/2016 15:08:36] - |D| - [0] - C:\Users\Maxime\AppData\Local\ActiveSync
[11/03/2013 17:08:27] - |D| - [20155822] - C:\Users\Maxime\AppData\Local\Adobe
[11/01/2016 22:22:35] - |D| - [0] - C:\Users\Maxime\AppData\Local\Apple
[11/01/2016 22:29:07] - |D| - [2527] - C:\Users\Maxime\AppData\Local\Apple Computer
[23/07/2017 13:14:50] - |SHD| - [76631102351] - C:\Users\Maxime\AppData\Local\Application Data
[24/10/2013 07:23:22] - |D| - [665964] - C:\Users\Maxime\AppData\Local\Avg2014
[15/09/2013 21:58:49] - |D| - [104650] - C:\Users\Maxime\AppData\Local\avgchrome
[11/03/2013 15:19:51] - |D| - [307] - C:\Users\Maxime\AppData\Local\BMExplorer
[13/01/2014 15:32:01] - |D| - [133278] - C:\Users\Maxime\AppData\Local\cache
[02/09/2015 20:43:04] - |D| - [0] - C:\Users\Maxime\AppData\Local\CEF
[28/05/2016 15:08:38] - |D| - [32212661] - C:\Users\Maxime\AppData\Local\Comms
[29/01/2014 11:17:15] - |D| - [20163] - C:\Users\Maxime\AppData\Local\Conexant
[30/09/2016 19:53:09] - |D| - [2657489] - C:\Users\Maxime\AppData\Local\ConnectedDevicesPlatform
[11/03/2013 21:16:08] - |D| - [35148136] - C:\Users\Maxime\AppData\Local\CrashDumps
[11/03/2013 16:24:45] - |D| - [65855] - C:\Users\Maxime\AppData\Local\CyberLink
[13/08/2017 14:55:01] - |D| - [0] - C:\Users\Maxime\AppData\Local\DBG
[18/05/2013 11:17:00] - |D| - [0] - C:\Users\Maxime\AppData\Local\Diagnostics
[16/03/2014 17:07:51] - |D| - [141069824] - C:\Users\Maxime\AppData\Local\Downloaded Installations
[10/04/2013 13:57:12] - |D| - [0] - C:\Users\Maxime\AppData\Local\ElevatedDiagnostics
[13/11/2014 21:25:52] - |SHD| - [0] - C:\Users\Maxime\AppData\Local\EmieBrowserModeList
[10/09/2014 17:47:58] - |SHD| - [0] - C:\Users\Maxime\AppData\Local\EmieSiteList
[10/09/2014 17:47:58] - |SHD| - [0] - C:\Users\Maxime\AppData\Local\EmieUserList
[09/06/2013 16:34:52] - |D| - [15836275] - C:\Users\Maxime\AppData\Local\Facebook
[08/05/2013 18:34:08] - |D| - [5337] - C:\Users\Maxime\AppData\Local\Garmin
[03/08/2015 19:09:46] - |D| - [6396] - C:\Users\Maxime\AppData\Local\Garmin_Ltd._or_its_subsid
[15/07/2013 07:57:35] - |D| - [1177558266] - C:\Users\Maxime\AppData\Local\Google
[18/07/2015 09:05:08] - |D| - [71] - C:\Users\Maxime\AppData\Local\GWX
[23/07/2017 13:14:50] - |SHD| - [130] - C:\Users\Maxime\AppData\Local\Historique
[23/07/2017 21:01:02] - |AH| - [19326] - C:\Users\Maxime\AppData\Local\IconCache.db
[28/10/2017 10:41:59] - |D| - [4220] - C:\Users\Maxime\AppData\Local\Lavasoft
[27/09/2017 20:18:25] - |D| - [0] - C:\Users\Maxime\AppData\Local\Lenovo
[11/03/2013 15:28:18] - |D| - [0] - C:\Users\Maxime\AppData\Local\LSC
[11/03/2013 21:23:55] - |D| - [0] - C:\Users\Maxime\AppData\Local\Macromedia
[23/07/2017 13:14:50] - |D| - [3175622596] - C:\Users\Maxime\AppData\Local\Microsoft
[09/04/2013 11:15:19] - |D| - [72756] - C:\Users\Maxime\AppData\Local\Microsoft Help
[15/08/2017 15:14:28] - |D| - [78565] - C:\Users\Maxime\AppData\Local\MicrosoftEdge
[11/03/2013 15:49:17] - |D| - [33126754] - C:\Users\Maxime\AppData\Local\Mozilla
[28/05/2016 15:41:38] - |D| - [0] - C:\Users\Maxime\AppData\Local\NetworkTiles
[11/03/2013 15:17:54] - |D| - [1435570222] - C:\Users\Maxime\AppData\Local\Packages
[06/02/2017 20:20:07] - |D| - [1139377] - C:\Users\Maxime\AppData\Local\PokerStars.FR
[30/07/2013 18:54:29] - |D| - [0] - C:\Users\Maxime\AppData\Local\Programs
[28/05/2016 15:10:58] - |D| - [0] - C:\Users\Maxime\AppData\Local\Publishers
[02/04/2015 18:52:32] - |D| - [0] - C:\Users\Maxime\AppData\Local\Qualcomm Atheros
[29/09/2014 20:40:27] - |A| - [7605] - C:\Users\Maxime\AppData\Local\Resmon.ResmonCfg
[24/06/2015 21:27:14] - |D| - [0] - C:\Users\Maxime\AppData\Local\Skype
[22/09/2015 20:16:31] - |D| - [5882725] - C:\Users\Maxime\AppData\Local\SkypePlugin
[09/01/2016 21:41:20] - |D| - [5180458] - C:\Users\Maxime\AppData\Local\Sony
[18/07/2015 10:07:31] - |D| - [122089904] - C:\Users\Maxime\AppData\Local\Spotify
[23/07/2017 13:14:50] - |D| - [1089317018] - C:\Users\Maxime\AppData\Local\Temp
[23/07/2017 13:14:50] - |SHD| - [133043384] - C:\Users\Maxime\AppData\Local\Temporary Internet Files
[28/05/2016 15:06:16] - |D| - [14049280] - C:\Users\Maxime\AppData\Local\TileDataLayer
[07/07/2017 13:53:03] - |D| - [0] - C:\Users\Maxime\AppData\Local\UNP
[11/03/2013 15:18:07] - |D| - [6824756] - C:\Users\Maxime\AppData\Local\VirtualStore
[06/04/2016 18:45:22] - |D| - [151860305] - C:\Users\Maxime\AppData\Local\Vistaprint Livres photo
[30/07/2013 18:54:40] - |D| - [205596397] - C:\Users\Maxime\AppData\Local\Windows Live
[16/03/2014 16:52:08] - |D| - [0] - C:\Users\Maxime\AppData\Local\WMTools Downloaded Files
[18/09/2017 11:52:43] - |D| - [158397] - C:\Users\Maxime\AppData\Local\ZHP
[22/04/2013 11:58:29] - |D| - [7398828] - C:\Users\Maxime\AppData\LocalLow\Adobe
[11/01/2016 22:21:09] - |D| - [261465] - C:\Users\Maxime\AppData\LocalLow\Apple Computer
[10/09/2014 17:47:29] - |SHD| - [0] - C:\Users\Maxime\AppData\LocalLow\EmieSiteList
[10/09/2014 17:50:22] - |SHD| - [0] - C:\Users\Maxime\AppData\LocalLow\EmieUserList
[11/03/2013 15:17:59] - |SD| - [156784752] - C:\Users\Maxime\AppData\LocalLow\Microsoft
[05/12/2017 12:21:57] - |D| - [0] - C:\Users\Maxime\AppData\LocalLow\Mozilla
[10/04/2013 13:36:09] - |D| - [33562136] - C:\Users\Maxime\AppData\LocalLow\Sun
[25/03/2013 18:41:25] - |D| - [0] - C:\Users\Maxime\AppData\LocalLow\Temp
[11/03/2013 15:18:38] - |D| - [6835208] - C:\Users\Maxime\AppData\Roaming\Adobe
[11/01/2016 22:38:20] - |D| - [24639] - C:\Users\Maxime\AppData\Roaming\Apple Computer
[11/03/2013 15:19:18] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Atheros
[29/01/2014 10:42:41] - |D| - [2962134] - C:\Users\Maxime\AppData\Roaming\Civikey
[18/06/2014 18:23:13] - |D| - [1265087088] - C:\Users\Maxime\AppData\Roaming\com.prezi.PreziDesktop
[11/03/2013 16:24:55] - |D| - [27426] - C:\Users\Maxime\AppData\Roaming\CyberLink
[18/06/2013 11:49:21] - |D| - [178204003] - C:\Users\Maxime\AppData\Roaming\Dropbox
[25/04/2013 22:50:25] - |D| - [407] - C:\Users\Maxime\AppData\Roaming\dvdcss
[29/05/2014 16:32:14] - |D| - [9130] - C:\Users\Maxime\AppData\Roaming\EPSON
[13/04/2015 23:47:46] - |D| - [585] - C:\Users\Maxime\AppData\Roaming\FLEXnet
[11/03/2013 16:09:56] - |D| - [11146001] - C:\Users\Maxime\AppData\Roaming\foobar2000
[08/05/2013 18:35:08] - |D| - [2432] - C:\Users\Maxime\AppData\Roaming\Garmin
[24/03/2013 13:58:27] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Google
[03/08/2014 22:30:12] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Identities
[26/10/2013 12:04:20] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\IrfanView
[28/10/2017 10:41:45] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Lavasoft
[11/03/2013 15:19:17] - |D| - [2889] - C:\Users\Maxime\AppData\Roaming\Lenovo
[11/03/2013 15:27:55] - |D| - [68998479] - C:\Users\Maxime\AppData\Roaming\LSC
[11/03/2013 15:17:36] - |D| - [315983] - C:\Users\Maxime\AppData\Roaming\Macromedia
[01/12/2013 18:42:35] - |D| - [2142] - C:\Users\Maxime\AppData\Roaming\Malwarebytes
[23/07/2017 13:14:50] - |SD| - [62419427] - C:\Users\Maxime\AppData\Roaming\Microsoft
[11/04/2015 16:41:18] - |D| - [10321] - C:\Users\Maxime\AppData\Roaming\ModelMakerTools
[11/03/2013 15:49:17] - |D| - [95028695] - C:\Users\Maxime\AppData\Roaming\Mozilla
[13/04/2015 23:47:45] - |D| - [955842] - C:\Users\Maxime\AppData\Roaming\Nuance
[21/10/2013 17:36:22] - |D| - [4346] - C:\Users\Maxime\AppData\Roaming\PhotoFiltre 7
[04/07/2017 18:31:25] - |D| - [155] - C:\Users\Maxime\AppData\Roaming\PluginHost
[10/01/2016 19:31:26] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Publish Providers
[14/04/2015 00:16:37] - |A| - [1595] - C:\Users\Maxime\AppData\Roaming\SAS7_000.DAT
[12/06/2017 08:50:05] - |D| - [1703184] - C:\Users\Maxime\AppData\Roaming\SketchUp
[17/03/2013 16:43:45] - |D| - [11731861] - C:\Users\Maxime\AppData\Roaming\Skype
[09/01/2016 21:22:54] - |D| - [1209574] - C:\Users\Maxime\AppData\Roaming\Sony
[18/07/2015 10:06:57] - |D| - [117072216] - C:\Users\Maxime\AppData\Roaming\Spotify
[28/10/2017 10:40:01] - |D| - [6470112] - C:\Users\Maxime\AppData\Roaming\uTorrent
[11/03/2013 18:09:52] - |D| - [1670424] - C:\Users\Maxime\AppData\Roaming\vlc
[18/02/2014 21:00:23] - |D| - [27] - C:\Users\Maxime\AppData\Roaming\WebApp
[12/03/2013 18:02:20] - |D| - [12] - C:\Users\Maxime\AppData\Roaming\WinRAR
[23/09/2014 18:14:54] - |D| - [245340329] - C:\Users\Maxime\AppData\Roaming\ZHP
[11/03/2013 15:18:42] - |SH| - [174] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[06/02/2017 20:20:07] - |A| - [2080] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.fr.lnk
[23/07/2017 13:14:50] - |SHD| - [49901] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[27/09/2016 18:25:09] - |RD| - [49901] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[28/10/2017 10:40:03] - |A| - [923] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
[23/07/2017 13:14:50] - |RD| - [4456] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[23/07/2017 13:14:50] - |RD| - [2936] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[11/03/2013 15:18:42] - |RD| - [174] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[29/11/2013 07:19:06] - |A| - [1863] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
[20/06/2013 22:11:20] - |A| - [295] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Corbeille.lnk
[23/07/2017 14:06:36] - |SH| - [174] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[18/06/2013 11:50:24] - |D| - [2233] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[15/07/2013 07:57:44] - |A| - [2518] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[11/03/2013 15:17:36] - |D| - [5149] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[23/07/2017 13:14:50] - |D| - [170] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[28/05/2016 15:27:47] - |A| - [2456] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[21/10/2013 17:36:19] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[06/02/2017 20:20:05] - |D| - [6318] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.FR
[29/01/2014 11:20:35] - |D| - [0] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sensory Software
[18/07/2015 10:07:29] - |A| - [1850] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[08/10/2016 08:19:32] - |A| - [959] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[11/03/2013 15:18:42] - |RD| - [1370] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[23/07/2017 13:14:50] - |RD| - [4554] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[06/04/2016 18:45:23] - |D| - [2003] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vistaprint Livres photo
[23/07/2017 13:14:50] - |RD| - [7238] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[12/03/2013 18:02:20] - |D| - [3185] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[11/03/2013 15:18:42] - |SH| - [174] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[18/06/2013 11:50:44] - |A| - [1196] - C:\Users\Maxime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

---------- | [Public]


---------- | C:\ProgramData

[25/09/2012 08:28:27] - |D| - [301374950] - C:\ProgramData\Adobe
[11/01/2016 22:21:59] - |D| - [23726080] - C:\ProgramData\Apple
[11/01/2016 22:24:26] - |D| - [28397568] - C:\ProgramData\Apple Computer
[23/07/2017 14:02:35] - |SHD| - [88126324891] - C:\ProgramData\Application Data
[11/03/2013 15:19:30] - |D| - [26] - C:\ProgramData\Atheros
[11/03/2013 15:45:37] - |D| - [6104372] - C:\ProgramData\AVAST Software
[11/03/2013 21:06:40] - |SHD| - [3326] - C:\ProgramData\Bureau
[16/03/2013 09:44:14] - |HD| - [156812] - C:\ProgramData\CanonBJ
[29/01/2014 10:42:31] - |D| - [1240] - C:\ProgramData\Civikey
[17/09/2013 16:21:28] - |HD| - [288] - C:\ProgramData\Common Files
[16/07/2016 12:47:48] - |D| - [0] - C:\ProgramData\Comms
[23/07/2017 13:11:12] - |D| - [2486249] - C:\ProgramData\Conexant
[25/09/2012 08:28:12] - |D| - [107599] - C:\ProgramData\CyberLink
[23/07/2017 14:02:35] - |SHD| - [41295554] - C:\ProgramData\Documents
[25/09/2012 08:31:42] - |D| - [71534340] - C:\ProgramData\Downloaded Installations
[23/07/2017 13:11:22] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[11/03/2013 15:18:35] - |D| - [370097] - C:\ProgramData\eBay
[11/03/2013 15:19:26] - |D| - [106] - C:\ProgramData\Energy Management
[29/05/2014 15:36:04] - |D| - [11686709] - C:\ProgramData\Epson
[13/04/2015 23:40:55] - |D| - [3991877] - C:\ProgramData\FLEXnet
[12/03/2013 20:50:26] - |D| - [2963968] - C:\ProgramData\FNET
[08/05/2013 18:33:42] - |D| - [1128] - C:\ProgramData\Garmin
[24/03/2013 13:58:27] - |D| - [0] - C:\ProgramData\Google
[25/09/2012 07:55:01] - |D| - [2664245] - C:\ProgramData\Intel
[28/10/2017 10:40:32] - |D| - [69728201] - C:\ProgramData\Lavasoft
[26/09/2015 09:24:15] - |D| - [166653] - C:\ProgramData\LDM
[18/02/2014 20:24:27] - |D| - [65200501] - C:\ProgramData\Lenovo
[01/12/2013 18:42:20] - |D| - [355630357] - C:\ProgramData\Malwarebytes
[11/03/2013 21:06:40] - |SHD| - [515194] - C:\ProgramData\Menu Démarrer
[18/03/2017 22:03:29] - |SD| - [1935902699] - C:\ProgramData\Microsoft
[09/04/2013 11:15:05] - |D| - [283630] - C:\ProgramData\Microsoft Help
[12/03/2013 22:09:48] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[11/03/2013 21:06:40] - |SHD| - [0] - C:\ProgramData\Modèles
[11/03/2013 15:49:06] - |D| - [37727] - C:\ProgramData\Mozilla
[13/04/2015 23:40:55] - |D| - [3093988301] - C:\ProgramData\Nuance
[25/09/2012 08:31:31] - |D| - [12468] - C:\ProgramData\OneKey Recovery
[17/10/2013 16:02:07] - |D| - [0] - C:\ProgramData\Oracle
[08/05/2014 17:08:22] - |D| - [66919435] - C:\ProgramData\Package Cache
[16/03/2014 17:08:06] - |D| - [26320] - C:\ProgramData\Pinnacle
[16/03/2014 17:08:52] - |D| - [1901980458] - C:\ProgramData\Pinnacle VideoSpin
[01/08/2012 16:53:04] - |D| - [41008] - C:\ProgramData\PRICache
[25/09/2012 08:08:18] - |D| - [22521] - C:\ProgramData\Qualcomm Atheros
[18/03/2017 22:03:29] - |AD| - [4210] - C:\ProgramData\regid.1991-06.com.microsoft
[12/06/2017 08:34:10] - |AD| - [238] - C:\ProgramData\Reprise
[12/06/2017 08:32:50] - |D| - [8414214] - C:\ProgramData\SketchUp
[17/03/2013 16:43:05] - |D| - [199459504] - C:\ProgramData\Skype
[18/03/2017 22:03:29] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[09/01/2016 21:23:22] - |D| - [3127109] - C:\ProgramData\Sony
[23/09/2014 19:08:29] - |D| - [645] - C:\ProgramData\Sony Corporation
[14/04/2013 17:36:07] - |D| - [224] - C:\ProgramData\Sun
[25/09/2012 08:22:53] - |AD| - [0] - C:\ProgramData\Temp
[28/09/2014 09:34:17] - |D| - [0] - C:\ProgramData\TuneUp Software
[29/05/2014 16:07:04] - |D| - [4680] - C:\ProgramData\UDL
[04/10/2017 18:07:43] - |D| - [2103] - C:\ProgramData\Unchecky
[18/03/2017 22:03:29] - |D| - [15231] - C:\ProgramData\USOPrivate
[23/07/2017 13:18:15] - |D| - [2363392] - C:\ProgramData\USOShared
[20/03/2017 06:11:49] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[17/09/2013 16:21:28] - |SHD| - [0] - C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[18/03/2017 22:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/04/2015 23:46:03] - |A| - [2743] - C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking 11.0.lnk
[11/03/2013 21:06:40] - |SHD| - [255190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[18/03/2017 22:03:29] - |RD| - [255190] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/04/2015 23:46:03] - |A| - [1897] - C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[18/03/2017 22:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[18/03/2017 22:03:29] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[18/03/2017 22:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[22/04/2013 11:55:41] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[11/01/2016 22:22:32] - |A| - [2535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[04/10/2017 12:21:35] - |A| - [742] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise à jour de Windows 10.lnk
[29/01/2014 10:42:31] - |D| - [2085] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Civikey
[23/07/2017 13:13:22] - |D| - [1990] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
[18/03/2017 22:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/04/2015 23:46:02] - |D| - [32515] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
[29/05/2014 15:41:49] - |D| - [2046] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[29/05/2014 15:42:00] - |D| - [5717] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
[11/03/2013 16:09:51] - |A| - [1124] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[05/12/2017 17:21:12] - |A| - [2281] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[25/11/2013 16:11:04] - |D| - [7582] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[11/06/2017 13:26:00] - |D| - [2127] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[18/03/2017 21:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[25/09/2012 08:30:53] - |D| - [2176] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
[23/05/2014 16:59:26] - |D| - [8206] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[28/10/2017 10:41:58] - |D| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[29/01/2014 11:42:10] - |D| - [1075] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Le coffre du Pirate
[25/09/2012 08:22:46] - |D| - [8004] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[18/03/2017 22:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[14/09/2017 16:10:42] - |D| - [3918] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[09/04/2013 11:21:55] - |D| - [45967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[03/08/2013 18:27:59] - |D| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[26/10/2013 11:58:11] - |D| - [1930] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miniphoto
[18/03/2017 21:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[30/07/2013 19:14:45] - |A| - [1316] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[11/03/2013 15:49:08] - |A| - [1239] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[25/09/2012 08:31:33] - |RD| - [2330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
[16/03/2014 17:00:28] - |D| - [3081] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpoSoft
[30/07/2013 19:14:42] - |A| - [1385] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[21/10/2013 17:36:19] - |D| - [4372] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
[16/03/2014 17:09:24] - |D| - [6424] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[18/06/2014 18:22:37] - |A| - [1954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi Desktop.lnk
[18/03/2017 21:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[29/01/2014 11:20:39] - |D| - [3871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sensory Software
[09/04/2013 11:21:55] - |D| - [3181] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[11/04/2015 16:40:02] - |D| - [1014] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimpleMind
[12/06/2017 08:33:49] - |D| - [6621] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015
[10/01/2016 19:25:31] - |D| - [3472] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[18/03/2017 22:03:29] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[18/03/2017 22:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[26/09/2015 09:24:19] - |D| - [12662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tap'Touche 5.5 démo
[04/10/2017 18:07:44] - |D| - [2201] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky
[17/10/2013 15:58:26] - |D| - [7767] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[23/07/2017 13:28:57] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[16/03/2014 16:37:52] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[12/03/2013 18:02:20] - |D| - [3131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[18/03/2017 22:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[25/09/2012 08:28:26] - |D| - [186559042] - C:\Program Files (x86)\Adobe
[11/01/2016 22:22:32] - |AD| - [2428606] - C:\Program Files (x86)\Apple Software Update
[25/09/2012 08:16:14] - |D| - [184320] - C:\Program Files (x86)\BisonCam
[25/09/2012 08:10:59] - |AD| - [56896280] - C:\Program Files (x86)\Bluetooth Suite
[29/01/2014 10:42:02] - |D| - [93988342] - C:\Program Files (x86)\Civikey
[18/03/2017 22:03:28] - |D| - [480407994] - C:\Program Files (x86)\Common Files
[25/09/2012 08:25:04] - |D| - [11007334] - C:\Program Files (x86)\Cyberlink
[18/03/2017 22:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[29/05/2014 15:41:34] - |D| - [2977622] - C:\Program Files (x86)\epson
[29/05/2014 15:41:59] - |AD| - [120062524] - C:\Program Files (x86)\EPSON Software
[11/03/2013 16:09:48] - |AD| - [9820746] - C:\Program Files (x86)\foobar2000
[08/05/2013 18:33:39] - |AD| - [1013734] - C:\Program Files (x86)\Garmin
[24/03/2013 13:43:26] - |D| - [646487979] - C:\Program Files (x86)\Google
[14/04/2017 12:27:37] - |D| - [8700136] - C:\Program Files (x86)\GUMD0C3.tmp
[14/04/2017 12:27:37] - |A| - [7639040] - C:\Program Files (x86)\GUTE853.tmp
[25/09/2012 07:54:34] - |HD| - [159879572] - C:\Program Files (x86)\InstallShield Installation Information
[25/09/2012 07:52:59] - |D| - [240861659] - C:\Program Files (x86)\Intel
[18/03/2017 22:03:28] - |D| - [2018060] - C:\Program Files (x86)\Internet Explorer
[17/10/2013 16:01:29] - |D| - [128277839] - C:\Program Files (x86)\Java
[28/10/2017 10:41:39] - |D| - [24478348] - C:\Program Files (x86)\Lavasoft
[29/01/2014 11:42:05] - |D| - [752966] - C:\Program Files (x86)\Le coffre du Pirate
[25/09/2012 08:22:45] - |D| - [672788990] - C:\Program Files (x86)\Lenovo
[09/04/2013 11:15:22] - |D| - [39848379] - C:\Program Files (x86)\Microsoft Analysis Services
[25/09/2012 08:20:33] - |AD| - [998499662] - C:\Program Files (x86)\Microsoft Office
[03/08/2013 18:26:48] - |AD| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[12/03/2013 22:10:12] - |D| - [5659096] - C:\Program Files (x86)\Microsoft SkyDrive
[09/04/2013 11:18:53] - |AD| - [3635637] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[09/04/2013 11:18:53] - |D| - [793991] - C:\Program Files (x86)\Microsoft Sync Framework
[09/04/2013 11:19:49] - |D| - [326800] - C:\Program Files (x86)\Microsoft Synchronization Services
[09/04/2013 11:16:09] - |AD| - [1378033] - C:\Program Files (x86)\Microsoft Visual Studio 8
[18/03/2017 22:03:28] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[26/10/2013 11:58:11] - |D| - [94208] - C:\Program Files (x86)\Miniphoto
[11/04/2015 16:39:59] - |D| - [13637181] - C:\Program Files (x86)\ModelMakerTools
[16/03/2014 16:37:47] - |D| - [9336778] - C:\Program Files (x86)\Movie Maker 2.6
[27/05/2014 14:28:42] - |AD| - [133541278] - C:\Program Files (x86)\Mozilla Firefox
[11/03/2013 15:49:04] - |D| - [266701] - C:\Program Files (x86)\Mozilla Maintenance Service
[23/07/2017 13:34:06] - |D| - [26521] - C:\Program Files (x86)\MSBuild
[16/03/2014 17:00:17] - |D| - [68189944] - C:\Program Files (x86)\OpoSoft
[21/10/2013 17:36:17] - |D| - [8324967] - C:\Program Files (x86)\PhotoFiltre 7
[16/03/2014 17:08:52] - |AD| - [149402892] - C:\Program Files (x86)\Pinnacle
[06/02/2017 20:17:54] - |AD| - [204661779] - C:\Program Files (x86)\PokerStars.FR
[18/06/2014 18:21:09] - |AD| - [555469897] - C:\Program Files (x86)\Prezi Desktop 4
[25/09/2012 08:08:44] - |AD| - [37400] - C:\Program Files (x86)\Qualcomm Atheros
[25/09/2012 08:04:28] - |D| - [14854755] - C:\Program Files (x86)\Realtek
[23/07/2017 13:34:06] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[29/01/2014 11:20:35] - |AD| - [1255318] - C:\Program Files (x86)\Sensory Software
[12/06/2017 08:32:49] - |D| - [269707351] - C:\Program Files (x86)\SketchUp
[18/03/2017 10:32:31] - |RD| - [1926632] - C:\Program Files (x86)\Skype
[09/01/2016 21:41:20] - |D| - [97008291] - C:\Program Files (x86)\Sony
[26/09/2015 09:24:15] - |D| - [18454456] - C:\Program Files (x86)\Tap'Touche 5.5
[04/10/2017 18:07:43] - |AD| - [5224108] - C:\Program Files (x86)\Unchecky
[23/07/2017 13:13:50] - |D| - [1036878] - C:\Program Files (x86)\USB Camera
[01/08/2014 18:17:42] - |D| - [0] - C:\Program Files (x86)\USB Camera2
[11/03/2013 18:08:56] - |D| - [100374564] - C:\Program Files (x86)\VideoLAN
[18/03/2017 22:03:28] - |D| - [2001344] - C:\Program Files (x86)\Windows Defender
[30/07/2013 19:03:39] - |AD| - [91046211] - C:\Program Files (x86)\Windows Live
[18/03/2017 22:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail
[20/03/2017 06:10:55] - |D| - [3254937] - C:\Program Files (x86)\Windows Media Player
[18/03/2017 22:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[18/03/2017 22:03:28] - |D| - [7569090] - C:\Program Files (x86)\Windows NT
[18/03/2017 22:03:28] - |D| - [5365568] - C:\Program Files (x86)\Windows Photo Viewer
[18/03/2017 22:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[18/03/2017 22:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[18/03/2017 22:03:28] - |D| - [2184102] - C:\Program Files (x86)\WindowsPowerShell
[12/03/2013 18:02:12] - |AD| - [4309988] - C:\Program Files (x86)\WinRAR

---------- | C:\Program Files

[18/03/2017 22:03:28] - |D| - [114372599] - C:\Program Files\Common Files
[23/07/2017 13:11:04] - |D| - [497970664] - C:\Program Files\CONEXANT
[18/03/2017 22:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini
[25/09/2012 08:32:02] - |D| - [1638608] - C:\Program Files\DIFX
[10/01/2016 19:30:22] - |A| - [2510] - C:\Program Files\Enregistrer Vegas Pro.htm
[29/05/2014 15:48:45] - |D| - [3622184] - C:\Program Files\EpsonNet
[11/03/2013 21:06:41] - |SHD| - [114372599] - C:\Program Files\Fichiers communs
[25/09/2012 07:55:00] - |D| - [12960547] - C:\Program Files\Intel
[18/03/2017 22:03:28] - |D| - [2645239] - C:\Program Files\Internet Explorer
[25/09/2012 08:28:30] - |AD| - [188292781] - C:\Program Files\Lenovo
[14/09/2017 16:10:18] - |D| - [219597809] - C:\Program Files\Malwarebytes
[09/04/2013 11:15:42] - |D| - [22846729] - C:\Program Files\Microsoft Office
[03/08/2013 18:26:48] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight
[23/07/2017 13:34:06] - |D| - [25757] - C:\Program Files\MSBuild
[23/07/2017 13:34:06] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[09/01/2016 21:41:20] - |D| - [633243717] - C:\Program Files\Sony
[23/07/2017 13:10:17] - |D| - [73494909] - C:\Program Files\Synaptics
[23/07/2017 13:11:41] - |HD| - [0] - C:\Program Files\Uninstall Information
[07/07/2017 13:47:13] - |AD| - [14179395] - C:\Program Files\UNP
[18/03/2017 22:03:28] - |RD| - [16330682] - C:\Program Files\Windows Defender
[18/03/2017 22:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail
[20/03/2017 06:10:55] - |D| - [4782269] - C:\Program Files\Windows Media Player
[18/03/2017 22:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform
[18/03/2017 22:03:28] - |D| - [7835330] - C:\Program Files\Windows NT
[18/03/2017 22:03:28] - |D| - [6169408] - C:\Program Files\Windows Photo Viewer
[18/03/2017 22:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices
[18/03/2017 22:03:28] - |D| - [95352] - C:\Program Files\Windows Security
[18/03/2017 22:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[18/03/2017 22:03:28] - |HD| - [2680622317] - C:\Program Files\WindowsApps
[18/03/2017 22:03:28] - |D| - [2433872] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[22/04/2013 11:55:06] - |AD| - [10860779] - C:\Program Files (x86)\Common Files\Adobe
[25/09/2012 08:28:26] - |AD| - [28768459] - C:\Program Files (x86)\Common Files\Adobe AIR
[11/01/2016 22:21:59] - |D| - [66304366] - C:\Program Files (x86)\Common Files\Apple
[25/09/2012 08:11:33] - |D| - [104560] - C:\Program Files (x86)\Common Files\Atheros
[03/12/2015 18:05:09] - |D| - [2] - C:\Program Files (x86)\Common Files\AV
[12/03/2013 22:08:59] - |AD| - [113968] - C:\Program Files (x86)\Common Files\DESIGNER
[25/09/2012 08:26:09] - |D| - [1150965] - C:\Program Files (x86)\Common Files\InstallShield
[13/04/2015 23:44:39] - |AD| - [1509601] - C:\Program Files (x86)\Common Files\IVA
[17/10/2013 16:02:16] - |D| - [2855795] - C:\Program Files (x86)\Common Files\Java
[18/03/2017 22:03:28] - |D| - [236529605] - C:\Program Files (x86)\Common Files\Microsoft Shared
[13/04/2015 23:43:32] - |AD| - [564006] - C:\Program Files (x86)\Common Files\Nuance
[25/09/2012 07:54:39] - |D| - [193596] - C:\Program Files (x86)\Common Files\postureAgent
[25/09/2012 08:11:00] - |D| - [802729] - C:\Program Files (x86)\Common Files\QCA_Bluetooth
[18/03/2017 22:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[18/03/2017 22:03:28] - |D| - [10222475] - C:\Program Files (x86)\Common Files\System
[30/07/2013 18:54:06] - |D| - [120107539] - C:\Program Files (x86)\Common Files\Windows Live
[16/03/2014 17:08:53] - |D| - [316847] - C:\Program Files (x86)\Common Files\Yahoo!

---------- | C:\Program Files\Common files

[23/07/2017 13:13:47] - |D| - [148] - C:\Program Files\Common files\Atheros
[03/12/2015 18:05:09] - |D| - [2] - C:\Program Files\Common files\AV
[29/05/2014 15:46:51] - |D| - [152640] - C:\Program Files\Common files\EPSON
[18/03/2017 22:03:28] - |D| - [103899400] - C:\Program Files\Common files\microsoft shared
[18/03/2017 22:03:28] - |D| - [2702] - C:\Program Files\Common files\Services
[18/03/2017 22:03:28] - |D| - [10317707] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.3414753527C60AE29539FA3CE919A9F2] - [29/05/2014 15:50:47] - |A| - [743] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {3C606750-BB97-42A2-AF7C-3BD83A76FF03}.job
[MD5.72D8177427813D97D69658D517246431] - [12/09/2017 09:39:05] - |A| - [743] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}.job
[MD5.781CF8B0C83EF463551CE66A4A516B4F] - [13/09/2014 12:22:04] - |A| - [743] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {602EACDE-32D6-4A04-800C-40473B983AAC}.job
[MD5.D57DC54F10B9FC4BCB672FD1E9348473] - [29/05/2014 15:46:58] - |A| - [743] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Invitation {FC64140B-E2DA-4554-870A-1A85E0C5C308}.job
[MD5.4DB2855E4200D4C0ACBD4BF802EC7281] - [29/05/2014 15:50:41] - |A| - [929] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {3C606750-BB97-42A2-AF7C-3BD83A76FF03}.job
[MD5.0AC6E72F752396B0B7BC048A9C5010EC] - [12/09/2017 09:39:04] - |A| - [929] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}.job
[MD5.70A6DB62C869DC260924DA05E655F3B4] - [13/09/2014 12:22:03] - |A| - [929] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {602EACDE-32D6-4A04-800C-40473B983AAC}.job
[MD5.346D3AE40D0E3F3A7E7C58EA66C9351B] - [29/05/2014 15:46:51] - |A| - [929] - C:\WINDOWS\Tasks\EPSON XP-412 413 415 Series Update {FC64140B-E2DA-4554-870A-1A85E0C5C308}.job
[MD5.27AD6E3E9709A03F6B62A2C20C63984A] - [09/06/2013 16:34:56] - |A| - [920] - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core.job
[MD5.61B972889DC0BB1D92389CB780C979E5] - [09/06/2013 16:34:57] - |A| - [942] - C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [23/07/2017 13:48:17] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.42B281FE976C5AF719A67F837E564B64] - [01/08/2014 18:17:36] - |A| - [264] - C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
[MD5.442E611A8F6BA4C07E9349E64374ED7E] - [23/07/2017 13:48:12] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.A29DD3E531B12CE3B51FDD795AD52910] - [23/07/2017 13:48:12] - |A| - [4558] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater         :   C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.3FFE8A0D569D46FFC516A15547DE81EF] - [23/07/2017 13:48:12] - |A| - [3070] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {3C606750-BB97-42A2-AF7C-3BD83A76FF03}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.E4425B69FB95F816985A63EF6748AA6C] - [12/09/2017 09:39:05] - |A| - [3964] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.8C166172689A800273F7E60F417B6E9E] - [23/07/2017 13:48:12] - |A| - [3070] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {602EACDE-32D6-4A04-800C-40473B983AAC}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.E2E48CA63A20792FDEA1F7C8CED1BB8C] - [23/07/2017 13:48:12] - |A| - [3070] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Invitation {FC64140B-E2DA-4554-870A-1A85E0C5C308}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.5B648D80C24A9BE866A42A0A2528F381] - [23/07/2017 13:48:12] - |A| - [3256] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {3C606750-BB97-42A2-AF7C-3BD83A76FF03}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.B5E473E32ADA836BCD9B95213FAD073D] - [12/09/2017 09:39:05] - |A| - [4142] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {42F04F6A-FFCF-44A2-BF1F-BF13CC11B6E7}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.3FF0AA343281E783DD2A8BFF386BEEBB] - [23/07/2017 13:48:12] - |A| - [3256] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {602EACDE-32D6-4A04-800C-40473B983AAC}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.4B6FC590661A8DF1D85A0E1D2B1A73FE] - [23/07/2017 13:48:12] - |A| - [3256] - C:\WINDOWS\System32\Tasks\EPSON XP-412 413 415 Series Update {FC64140B-E2DA-4554-870A-1A85E0C5C308}         :   C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLEE.EXE
[MD5.5C37D54843D7A376DC7F60D933301F43] - [23/07/2017 13:48:12] - |A| - [3132] - C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core         :   C:\Users\Maxime\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.1A2C5774D72CF4644C5A65EDCC21DF48] - [23/07/2017 13:48:12] - |A| - [3374] - C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA         :   C:\Users\Maxime\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.B342FAD3C130F1F4783509AFF80587C8] - [23/07/2017 13:48:12] - |A| - [3462] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.48435347D4C54FC1A835F248305222CF] - [23/07/2017 13:48:12] - |A| - [3586] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.8B5C73A89A6925057FA5461C07F7AD8F] - [23/07/2017 13:48:12] - |A| - [3418] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core         :   C:\Users\Maxime\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.9140B91FF815E3D7C2C11E039786FE15] - [15/11/2017 16:03:36] - |A| - [3606] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001Core1d35e22e940f17a         :   C:\Users\Maxime\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.B0E7DF8524985009DC42871A2FDF8893] - [23/07/2017 13:48:12] - |A| - [3686] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA         :   C:\Users\Maxime\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.FFD51B083CF10E3FAD4B721AF7BB124F] - [15/11/2017 16:03:36] - |A| - [3874] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60461441-1236719898-3972887004-1001UA1d35e22e965ebcc         :   C:\Users\Maxime\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.706EC5B93940A298994E5DC675DCBDDB] - [23/07/2017 13:48:12] - |A| - [2942] - C:\WINDOWS\System32\Tasks\Java Update Scheduler         :   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
[MD5.00000000000000000000000000000000] - [23/07/2017 13:48:12] - |D| - [21972] - C:\WINDOWS\System32\Tasks\Lenovo
[MD5.00000000000000000000000000000000] - [18/03/2017 22:03:29] - |D| - [595542] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.5EFF30F59E3AAD9D974592B6D733568C] - [23/07/2017 13:48:17] - |A| - [2334] - C:\WINDOWS\System32\Tasks\MirageAgent         :   C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
[MD5.00000000000000000000000000000000] - [23/07/2017 13:48:17] - |D| - [0] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.E0EE5D5098B5029397BC912FE699B784] - [11/08/2017 11:06:04] - |A| - [3354] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-60461441-1236719898-3972887004-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.7D922F417AEDEB53CAAC887526E5FBBA] - [23/07/2017 13:48:17] - |A| - [2748] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-60461441-1236719898-3972887004-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.BB71309CD3ABF34BFF8A0B36A9894981] - [23/07/2017 13:48:17] - |A| - [2932] - C:\WINDOWS\System32\Tasks\Programme de mise à jour en ligne de Adobe         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.D63B02E61055BF42F1A64FD03BAA73BA] - [23/07/2017 13:48:17] - |A| - [2040] - C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements         :   \Program Files\Synaptics\SynTP\SynTPEnh.exe
[MD5.B94956E9F354803B451E8E5C80BE1E55] - [23/07/2017 13:48:17] - |A| - [4154] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{705B7F45-E8EE-4A4E-98D3-1F2168150387}         :   C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [23/07/2017 13:48:17] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.C1EFEC7C236FF1365623B0A506C76A3F] - [23/07/2017 13:48:17] - |A| - [2174] - C:\WINDOWS\System32\Tasks\{7A763036-D193-4834-8A73-9B2E252F76CD}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.E67138755329B0EE3166C9A40C453F80] - [23/07/2017 13:48:17] - |A| - [2110] - C:\WINDOWS\System32\Tasks\{A08C5381-A8AA-41F7-80F2-0DFB7EA5C2AD}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 22:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"{6EBC3A51-C506-47E1-8C42-B9919A1CEF9D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-60461441-1236719898-3972887004-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{7CA91DC1-8BA7-4967-9A82-73F04C80A41F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe|Name=WebKit|Edge=TRUE|
"{B99E7751-110F-4DB7-82EE-36E856625C0D}"=v2.20|Action=Block|Active=TRUE|Dir=Out|App=%ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe|Name=sony vegas|
"UDP Query User{59A36E65-0134-4476-8C12-2EB93B7FEAA6}C:\users\maxime\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\maxime\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"TCP Query User{2C9111DD-FD77-468B-8D1D-97AA6D4163EA}C:\users\maxime\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\maxime\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{5EB5B202-5A36-44F3-A3A6-9E18D581554F}C:\users\maxime\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\maxime\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"TCP Query User{D98B34E6-5FC1-471A-BD94-82381B126A48}C:\users\maxime\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\maxime\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"{D15724EC-733E-45E4-8931-6472D203C029}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E7E286B2-9CA7-47FD-9516-DBF5490C79B3}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{3F7F0FE0-AE4E-4E14-95BD-2F9E98BC17F7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{0EC0EC5E-E12A-4A1A-AE4B-3E78B99EA604}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL Mobile Connect|Desc=SonicWALL Mobile Connect|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL Mobile Connect|Platform=2:6:2|Platform2=GTEQ|
"{43F283E1-281A-46F5-A51E-B037AC16E50E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F46FBF72-167A-449B-96CD-A0F8C609ABA9}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Juniper Networks Junos Pulse|Desc=Juniper Networks Junos Pulse|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=Juniper Networks Junos Pulse|Platform=2:6:2|Platform2=GTEQ|
"{C11345DA-F788-4F09-9583-0CCF9E74A5F8}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{72FAA7BC-146C-4CB4-AB18-E69FF2B5D9AE}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=F5 VPN|Desc=F5 VPN|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=F5 VPN|Platform=2:6:2|Platform2=GTEQ|
"{B49A51B1-9A11-4AF9-8C7D-5DE2A1BD9532}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{400C4F32-19BC-406D-AD13-B17589B786B5}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Check Point VPN|Desc=Check Point VPN|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=Check Point VPN|Platform=2:6:2|Platform2=GTEQ|
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E7985E1D-C36F-4787-80A8-6350D07E9266}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-60461441-1236719898-3972887004-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{6F2272A5-C99E-4DB7-99E8-A4C2A32467F5}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
"{39B0897F-3FBE-456A-B4DA-5343C4617C4D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE|Name=CyberLink PowerDVD 10.0|Desc=CyberLink PowerDVD 10.0|
"{A3FB30BA-ACE7-409E-84AE-90208D80FE50}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Maxime\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe|Name=Microsoft SkyDrive|
"TCP Query User{ABF3B07B-4BB3-41DE-94BB-B2CE80FD70B7}C:\program files (x86)\java\jre7\bin\java.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\java\jre7\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{4BA493F7-C5CB-49D3-B148-1044501D7ECB}C:\program files (x86)\java\jre7\bin\java.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\java\jre7\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"{DDFAB322-749F-45C8-BBD9-8D087E0B80FE}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-143|Desc=@hnetcfg.dll,-10142|EmbedCtxt=@hnetcfg.dll,-140|
"{E68E0F0E-1CCD-4099-B2AB-CECDF03C7F57}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-144|Desc=@hnetcfg.dll,-10143|EmbedCtxt=@hnetcfg.dll,-140|
"{68FA6EA4-F307-4C88-AA34-F5A80CEA8416}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-145|Desc=@hnetcfg.dll,-10144|EmbedCtxt=@hnetcfg.dll,-140|
"{D939796B-97C1-40C4-9A4F-B4E5B05CA7EA}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@hnetcfg.dll,-147|Desc=@hnetcfg.dll,-10146|EmbedCtxt=@hnetcfg.dll,-140|
"{014F02FA-7EF7-4DFC-925A-0949ED9D8638}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@hnetcfg.dll,-150|Desc=@hnetcfg.dll,-10150|EmbedCtxt=@hnetcfg.dll,-140|
"{0CBB49F6-4642-4625-8502-621B17D42E1F}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=System|Name=@hnetcfg.dll,-146|Desc=@hnetcfg.dll,-10145|EmbedCtxt=@hnetcfg.dll,-140|
"{7FCA2170-6309-4D36-93DE-2A760B510CC3}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=System|Name=@hnetcfg.dll,-152|Desc=@hnetcfg.dll,-10151|EmbedCtxt=@hnetcfg.dll,-140|
"{C179068C-A512-481A-89CE-03EA9EAAA7B5}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-142|Desc=@hnetcfg.dll,-10141|EmbedCtxt=@hnetcfg.dll,-140|
"{B76C8071-C235-4554-9139-84C8B152281D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|Name=@hnetcfg.dll,-148|Desc=@hnetcfg.dll,-10147|EmbedCtxt=@hnetcfg.dll,-140|
"{36C334D3-F5D9-4332-8A9E-4B9625355525}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@hnetcfg.dll,-149|Desc=@hnetcfg.dll,-10148|EmbedCtxt=@hnetcfg.dll,-140|
"{E435EDFF-E946-4AA7-8CBA-43EF756BB8CB}"=v2.20|Action=Allow|Active=TRUE|Dir=Out|IF={5ABE2A16-7265-4812-96B0-706A206E3894}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-151|Desc=@hnetcfg.dll,-10149|EmbedCtxt=@hnetcfg.dll,-140|
"{502157E2-E05E-4EC8-B6A8-6B33E6CDB238}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Maxime\AppData\Roaming\Dropbox\bin\Dropbox.exe|Name=Dropbox|
"{CF50A248-F58F-4394-B93E-B6725773A406}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Maxime\AppData\Roaming\Dropbox\bin\Dropbox.exe|Name=Dropbox|
"TCP Query User{7B79C74A-6C48-4E2A-9105-31847DC08479}C:\users\maxime\appdata\roaming\dropbox\bin\dropbox.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\maxime\appdata\roaming\dropbox\bin\dropbox.exe|Name=dropbox.exe|Desc=dropbox.exe|
"UDP Query User{C87E0139-B46F-418C-B235-A9F0F662E720}C:\users\maxime\appdata\roaming\dropbox\bin\dropbox.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\maxime\appdata\roaming\dropbox\bin\dropbox.exe|Name=dropbox.exe|Desc=dropbox.exe|
"{7F6AE154-F56A-4593-B5B1-1DCBBC89B369}"=v2.20|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE|
"{F53C8A78-FF63-4B19-A38E-E390B7932821}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|
"{F0874160-8104-48DB-8B18-6CE1B42D7681}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|
"TCP Query User{DD7CF886-802D-42B5-BFB8-EFB18E557906}C:\program files (x86)\java\jre7\bin\java.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\java\jre7\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"UDP Query User{9A81A553-92B4-4DA5-8B61-FABDAC21246D}C:\program files (x86)\java\jre7\bin\java.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\java\jre7\bin\java.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User|
"{6AA60B8C-DA7D-486F-8946-52786A9A0632}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe|Name=Render Manager|
"{78890A4D-BAD2-4A8E-AEF8-DD5E6221A568}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe|Name=Render Manager|
"{D468BCE3-C83E-4BD3-8845-010AAF6E3B94}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe|Name=umi|
"{EC707F88-B4ED-410A-A96D-FB008826C0A2}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe|Name=umi|
"{9B57D8AE-783B-4EDC-B858-7A62FE10D26D}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe|Name=Pinnacle VideoSpin|
"{BA22B522-8EC9-4922-AE99-C03382940998}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe|Name=Pinnacle VideoSpin|
"{26AEF486-A3CD-4BFC-BEDC-B12B61BDB0DA}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Maxime\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup3_6_1_2200\ENEasyApp.exe|Name=EpsonNet Setup|
"{C4E52A98-C3D6-46D3-A70E-46B9BB8C138B}"=v2.20|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Maxime\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\EpsonNetSetup3_6_1_2200\ENEasyApp.exe|Name=EpsonNet Setup|
"TCP Query User{F4AB8573-71B6-4991-B997-B40F4D68EE9F}C:\program files (x86)\epson software\event manager\eeventmanager.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\epson software\event manager\eeventmanager.exe|Name=EEventManager Application|Desc=EEventManager Application|Defer=User|
"UDP Query User{FB60AF46-9558-41BA-854B-B5611FB1130B}C:\program files (x86)\epson software\event manager\eeventmanager.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\epson software\event manager\eeventmanager.exe|Name=EEventManager Application|Desc=EEventManager Application|Defer=User|
"TCP Query User{EA2865B8-D4EA-4BEB-9D8E-6D990DB66D9D}C:\program files (x86)\epson software\event manager\eeventmanager.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\epson software\event manager\eeventmanager.exe|Name=EEventManager Application|Desc=EEventManager Application|
"UDP Query User{0EDBFDCD-225B-4DEC-A3FA-C3A3FBA998DA}C:\program files (x86)\epson software\event manager\eeventmanager.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\epson software\event manager\eeventmanager.exe|Name=EEventManager Application|Desc=EEventManager Application|
"{22B35585-0679-460A-81B3-6AD4EAB2DD2C}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-60461441-1236719898-3972887004-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|
"{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|
"{1BF67B17-0F88-4AA1-8161-B31AF24DA832}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{F4FD0CF0-2D90-42F5-A432-1552796CEEE2}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{C3EB263C-5346-4C43-BF7F-22F4AF27630B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Maxime\AppData\Local\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{45F736EE-D439-4D1C-9442-A59E0BCFD357}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Maxime\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{5590ECF2-A766-4C6F-A653-3F66E7DCCE1A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Maxime\AppData\Roaming\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{2586465B-1AA0-4946-BE8D-41507829F50C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{887AA241-D5BD-4816-8C9D-C9582C527C59}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{21E5FC9A-82C7-47B0-BCE7-BCCE48BE26B0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{1B38A74E-7467-41C5-9D06-42BC510903D6}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{89A65CD1-9A09-48DE-ACAA-C51ECC10FF24}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{1E97727F-7E17-4AF8-8724-2D8731C4D3FE}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{83076E16-3319-4D14-9B35-CD0C798F2F41}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{A1D19F0B-ED3F-47F5-954F-A83E4FF587AD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{7C05DAFC-45DB-4C14-A458-7E7067AC01F5}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{D49139FA-BE9F-4BB3-884D-0305C32CE217}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Lexmark Printer Home|Desc=Lexmark Printer Home|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-2588702738-3644573767-1273330119-2246823097-1027692552-3844524133-1115639885|EmbedCtxt=Lexmark Printer Home|Platform=2:6:2|Platform2=GTEQ|
"{37261BA9-FE36-46D8-A53D-3D1869FC6474}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Lexmark Printer Home|Desc=Lexmark Printer Home|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-2588702738-3644573767-1273330119-2246823097-1027692552-3844524133-1115639885|EmbedCtxt=Lexmark Printer Home|Platform=2:6:2|Platform2=GTEQ|
"{2760449F-EAEA-4266-ACD0-61AFE00BE599}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ|
"{29637078-9E27-43C0-90D4-61544AF789D9}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|
"{9A08283E-0168-44E7-AF4C-3966BF30C011}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK=Proximity|
"{DDA469E5-88F3-49C5-ACC3-5B72DB461E73}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|TTK2_22=WFDDevices|
"{0C6FE5A2-7521-40A9-A37E-A68A0971287C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Name=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|TTK=Proximity|
"{243BE1D3-DEAC-4061-8F66-1FA4126DBA06}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Desc=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4089219695-2918877493-2298198654-3910773282-1202009102-2725390625-3479975918|EmbedCtxt=@{E046963F.LenovoCompanion_4.5.3.0_x86__k1h2ywk1493x8?ms-resource://E046963F.LenovoCompanion/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices|
"{7E5DE490-D04E-4F74-9FC1-506ECD3EC80A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ|
"{487FAFC4-C813-4594-B7D1-22FA2EFAFC69}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ|
"{27ACB54E-7A0C-49C8-9779-2FECCAB187CC}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{9699A1B5-77E3-4DCB-B855-670AEA7B5F68}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{02BB73DF-9E1A-48DC-8CF3-851F672FDD62}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=AccuWeather - Weather for Life|Desc=AccuWeather - Weather for Life|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-359386925-4037696881-724898997-1416845164-233709623-2974364301-3644279824|EmbedCtxt=AccuWeather - Weather for Life|Platform=2:6:2|Platform2=GTEQ|
"{7BCD7C07-0F4D-4BE6-8C25-C36213C041D1}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=AccuWeather - Weather for Life|Desc=AccuWeather - Weather for Life|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-359386925-4037696881-724898997-1416845164-233709623-2974364301-3644279824|EmbedCtxt=AccuWeather - Weather for Life|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{CE3B7A07-B2A7-4206-88FB-F986D7833B54}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=WD|Desc=WD|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1697389750-1319481329-887510871-3040779052-2567832149-3103208648-1962121563|EmbedCtxt=WD|Platform=2:6:2|Platform2=GTEQ|
"{37406D71-E57C-4E5D-83CB-9607C250D4A7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=WD|Desc=WD|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1697389750-1319481329-887510871-3040779052-2567832149-3103208648-1962121563|EmbedCtxt=WD|Platform=2:6:2|Platform2=GTEQ|
"{67E00210-1821-42A5-8494-310CCAE12951}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=rara music|Desc=rara|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1914951386-3637363065-692615045-2566199436-2338004355-547400532-3496301334|EmbedCtxt=rara music|Platform=2:6:2|Platform2=GTEQ|
"{285CCBA5-85E5-4A95-827B-FBB72BAF3F1B}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=rara music|Desc=rara|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1914951386-3637363065-692615045-2566199436-2338004355-547400532-3496301334|EmbedCtxt=rara music|Platform=2:6:2|Platform2=GTEQ|
"{3FDF5940-DFEF-4F62-B77C-7B1CDA28B0B0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=McAfee® Central for Lenovo|Desc=McAfee® Central for Lenovo|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3278776214-1635354653-2314643131-251295766-804234917-407627331-3835975369|EmbedCtxt=McAfee® Central for Lenovo|Platform=2:6:2|Platform2=GTEQ|
"{A5AB2AFC-6FDF-4AC0-877C-BCCD2B62E5FE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfee® Central for Lenovo|Desc=McAfee® Central for Lenovo|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3278776214-1635354653-2314643131-251295766-804234917-407627331-3835975369|EmbedCtxt=McAfee® Central for Lenovo|Platform=2:6:2|Platform2=GTEQ|
"{6242979D-5BE6-4FA7-882A-CE9E93139E4E}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{27774721-F3E7-44DA-BD02-F2CBF5093D8B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Lenovo Support|Desc=Support|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-4264087343-2214062867-2661736621-3000988259-479504941-2900800329-84474072|EmbedCtxt=Lenovo Support|Platform=2:6:2|Platform2=GTEQ|
"{25C4635A-A529-4E35-A512-83FD9054831B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=PowerDVD for Lenovo Idea|Desc=@{CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a?ms-resource://CyberLinkCorp.id.PowerDVDforLenovoIdea/resources/appname_description}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1899398013-1943671510-1280159110-508353781-1081571046-2929705774-3037414948|EmbedCtxt=PowerDVD for Lenovo Idea|Platform=2:6:2|Platform2=GTEQ|
"{6D42E4F7-B8F9-4DE9-93B0-CB1700577DAA}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=PowerDVD for Lenovo Idea|Desc=@{CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a?ms-resource://CyberLinkCorp.id.PowerDVDforLenovoIdea/resources/appname_description}|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-1899398013-1943671510-1280159110-508353781-1081571046-2929705774-3037414948|EmbedCtxt=PowerDVD for Lenovo Idea|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{66EF0F30-166F-4D08-A094-1CD758FD13FA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Kindle|Desc=KindleMetroApp|LUOwn=S-1-5-21-60461441-1236719898-3972887004-1001|AppPkgId=S-1-15-2-3914994936-2000556978-535238140-3661956287-2904456864-4241685056-2997331440|EmbedCtxt=Kindle|Platform=2:6:2|Platform2=GTEQ|
"{35D25A9A-4C70-4A0D-B3DC-5B659C433F4F}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Règle de trafic entrant pour Google Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{177b1d2a-679c-4093-98bf-fd6999695d3b}] : (LenovoVhid) [] -> @oem8.inf,%ClassName%;Lenovo Vhid Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}] : (WDC_SAM) [] -> @oem36.inf,%WDC_SAM_ClassName%;WD Drive Management devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eb781aaf-9c70-4523-a5df-642a87eca567}] : (libusb-win32 devices) [] -> libusb-win32 devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[25/09/2012 08:32:00] - (1.10.0.0) - (Lenovo. - HD Disk Driver) - C:\WINDOWS\System32\DRIVERS\LhdX64.sys
[18/03/2017 21:56:25] - (2.1.0.16) - (Qualcomm Atheros Co., Ltd. - Qualcomm Atheros Ar81xx series PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys
[18/03/2017 21:56:19] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys
[03/06/2015 02:16:46] - (19.0.9.5) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
[15/05/2012 08:22:08] - (6.1.2601.3) - (Lenovo Corporation - ACPI Virtual Power Controller Driver) - C:\WINDOWS\System32\drivers\AcpiVpc.sys
[03/06/2015 02:16:44] - (19.0.9.5) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[25/09/2012 08:11:51] - (8.0.0.200) - (Qualcomm Atheros - Qualcomm Atheros BUS driver) - C:\WINDOWS\System32\drivers\btath_bus.sys
[05/08/2015 02:20:06] - (8.54.50.1) - (Conexant Systems Inc. - 64-bit High Definition Audio Function Driver) - C:\WINDOWS\system32\drivers\CHDRT64.sys
[13/07/2016 16:47:38] - (10.0.1.7) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[12/06/2015 14:04:00] - (1.15.414.1) - (Vimicro Corporation - VM0331 Digital Camera Driver) - C:\WINDOWS\System32\Drivers\vm331avs.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - iaStorA () -> System32\drivers\iaStorA.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - LHDmgr (LHDmgr) -> System32\DRIVERS\LhdX64.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> system32\drivers\wd\WdBoot.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> system32\drivers\wd\WdFilter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - MpKsld78dece8 () -> \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7C9196A0-7A70-41AD-B77F-149E403B72EF}\MpKsld78dece8.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - MpKslf7512c28 () -> \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DE7AE467-0C87-4386-8B14-F683B30BA68B}\MpKslf7512c28.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\foobar2000] : (.-.) -> 
[HKU\S-1-5-21-60461441-1236719898-3972887004-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{70B0F1A3-D243-4FB9-B2C8-074350115F98}_is1] : (Vistaprint Livres photo.-.Vistaprint) -> "C:\Users\Maxime\AppData\Local\Vistaprint Livres photo\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Branding] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DOLBY Config] : (.-.Conexant Systems) -> MsiExec.exe /X{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613} /QUIET
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{22B06B3E-3029-4342-B12F-5D6D5636914A}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3E31400D-274E-4647-916C-2CACC3741799}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}] : (Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64).-.Nuance Communications Inc.) -> MsiExec.exe /I{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4AE2138C-8A0F-4C68-B7D2-722A5F6327F5}] : (ANT Drivers Installer x64.-.Garmin Ltd or its subsidiaries) -> MsiExec.exe /I{4AE2138C-8A0F-4C68-B7D2-722A5F6327F5}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{67DC8027-2FC4-4A47-989A-F81A7E9D9280}] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Nom de votre société) -> MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AFDE512F-7BCD-46B6-91C0-230812139EEF}] : (Lenovo Solution Center.-.Lenovo) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BD91AC8F-5232-11E3-B420-F04DA23A5C58}] : (Vegas Pro 12.0 (64-bit).-.Sony) -> MsiExec.exe /X{BD91AC8F-5232-11E3-B420-F04DA23A5C58}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}] : (MSVCRT Redists.-.Sony Creative Software Inc.) -> MsiExec.exe /I{C2B8CBDE-5232-11E3-B494-F04DA23A5C58}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 28 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_Plugin.exe -maintain plugin
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Philip's Large Red Cursors] : (Philip's Large Red Cursors.-.) -> C:\WINDOWS\GPInstall.exe "/UNINST=C:\WINDOWS\Cursors\Philip's Large Red Cursors\\UnInst.log" "/APPNAME=Philip's Large Red Cursors"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sensory Software] : (Sensory Software.-.Sensory Software International Ltd) -> C:\Program Files (x86)\Sensory Software\ssUtils\ssUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SMPRO1_is1] : (SimpleMind desktop Pro 1.6.5d.-.ModelMaker Tools BV) -> "C:\Windows\1.6.5\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ST6UNST #1] : (Le coffre du Pirate.-.) -> C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\Le coffre du Pirate\ST6UNST.LOG"  
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Tap'Touche 5.5] : (Tap'Touche 5.5 démo.-.De Marque inc.) -> C:\Program Files (x86)\Tap'Touche 5.5\désinstaller.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Video Editor_is1] : (OpoSoft Video Editor v5.1.-.OpoSoft.com Inc) -> "C:\Program Files (x86)\OpoSoft\Video Editor\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}] : (Epson Event Manager.-.Seiko Epson Corporation) -> MsiExec.exe /X{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{165D8FEC-4FAE-4527-96E7-359A39FF90C4}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A1940AF-774B-450B-864E-1CB2A1BE0951}] : (TuneUp Utilities 2014 (fr-FR).-.TuneUp Software) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2091F234-EB58-4B80-8C96-8EB78C808CF7}] : (Facebook Video Calling 3.1.0.521.-.Skype Limited) -> MsiExec.exe /X{2091F234-EB58-4B80-8C96-8EB78C808CF7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF}] : (Java 7 Update 55.-.Oracle) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217045FF}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FB}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217055FB}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3966320F-A37D-496C-A274-2AA985E8A0AE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{42B70DEB-600A-4A1C-86A3-2F2877276720}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{46F044A5-CE8B-4196-984E-5BD6525E361D}] : (Apple Application Support.-.Apple Inc.) -> MsiExec.exe /I{46F044A5-CE8B-4196-984E-5BD6525E361D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{48F22622-1CC2-4A83-9C1E-644DD96F832D}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Sun Microsystems, Inc.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A0549A9-1B96-498C-ACBC-3943001FEB19}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{709316AD-161C-4D5C-9AE7-0B3A822DA271}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{739A853C-D71F-404B-9E6A-012D3918ED57}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{739A853C-D71F-404B-9E6A-012D3918ED57}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79CA0471-5C7D-4E7E-949D-5B29BBB4E960}}_is1] : (Civikey-Std version 2.6.1.-.Invenietis) -> "C:\Program Files (x86)\Civikey\Std\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7FAE73A4-F0BC-4B65-81CF-52C417383407}] : (Prezi Desktop.-.Nom de votre société) -> MsiExec.exe /I{7FAE73A4-F0BC-4B65-81CF-52C417383407}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}] : (Manuels EPSON.-.SEIKO EPSON CORPORATION) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{896667C8-53F8-47B8-B6B0-B113B10F05BC}] : (Epson E-Web Print.-.SEIKO EPSON CORPORATION) -> MsiExec.exe /X{896667C8-53F8-47B8-B6B0-B113B10F05BC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9BC95947-92FD-438B-A168-C01F9A5B7292}] : (Google Drive.-.Google, Inc.) -> MsiExec.exe /X{9BC95947-92FD-438B-A168-C01F9A5B7292}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A1391613-0694-43DF-A4FC-144CC26BCDCB}] : (SketchUp 2015.-.Trimble Navigation Limited) -> MsiExec.exe /X{A1391613-0694-43DF-A4FC-144CC26BCDCB}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824237067}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AB0000000001}] : (Adobe Reader XI (11.0.22) - Français.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AB0000000001}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}] : (Lenovo EasyCamera.-.Vimicro) -> "C:\Program Files (x86)\USB Camera\vm331Rmv.exe" vm331Rmv.ini
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}] : (Lenovo EasyCamera.-.Vimicro) -> C:\Program Files (x86)\USB Camera2\vm332Rmv.exe vm332Rmv.ini
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C084F421-2102-45F2-9BAF-7CFAD4FE831A}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CAE86049-E7B8-4B2D-8ADF-3BB3F4F1628A}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0956C11-0F60-43FE-99AD-524E833471BB}] : (Energy Management.-.Lenovo) -> MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D4755DEE-8BB7-48C8-912D-B0AD6B847815}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E3F4EA31-41D7-4789-9AC4-F26CDAF797BA}] : (Google SketchUp 8.-.Google, Inc.) -> MsiExec.exe /X{E3F4EA31-41D7-4789-9AC4-F26CDAF797BA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}] : (Dragon NaturallySpeaking 11.-.Nuance Communications Inc.) -> MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}] : (Guide de l’utilisateur.-.Lenovo) -> MsiExec.exe /I{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}] : (TuneUp Utilities 2014.-.TuneUp Software) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}] : (Pinnacle VideoSpin.-.Pinnacle Systems) -> MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}] : (QuickTime 7.-.Apple Inc.) -> MsiExec.exe /I{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00005109C80000000000000000F01FEC] : Office 15 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00005109C800C0400000000000F01FEC] : Office 15 Click-to-Run Localization Component
[HKCR\Installer\Products\00005109F80000000100000000F01FEC] : Office 15 Click-to-Run Licensing Component
[HKCR\Installer\Products\07189854C86E20F4AA532C81B63F743A] : Movie Maker
[HKCR\Installer\Products\080BD25A544DBE94092D309BDC975411] : Photo Common
[HKCR\Installer\Products\11C6590D06F0EF3499DA25E4384317BB] : Energy Management -> C:\WINDOWS\Installer\{D0956C11-0F60-43FE-99AD-524E833471BB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\13AE4F3E7D149874A94C2FC6AD7F79AB] : Google SketchUp 8
[HKCR\Installer\Products\156929F0615F6594092FFFDBC25D3DE0] : Photo Gallery
[HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : Qualcomm Atheros Bluetooth Suite (64) -> C:\WINDOWS\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1CF5C7DD5ACDA784FA3256B8C10042F3] : Photo Common
[HKCR\Installer\Products\3161931A4960FD344ACF41C42CB6DCBC] : SketchUp 2015 -> C:\WINDOWS\Installer\{A1391613-0694-43DF-A4FC-144CC26BCDCB}\SketchUpARPIcon
[HKCR\Installer\Products\31A99D4FA36F1CF47899FCDF7BD8FD3B] : Galerie de photos
[HKCR\Installer\Products\421D4F645E0221D4EB25CE71A7A7B424] : OneKey Recovery -> C:\WINDOWS\Installer\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\46B5A9879DD95AB419A50FCFA0B1B7EF] : Apple Software Update -> C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico
[HKCR\Installer\Products\4A37EAF7CB0F56B418FC254C71834370] : Prezi Desktop -> C:\WINDOWS\Installer\{7FAE73A4-F0BC-4B65-81CF-52C417383407}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF238120754FF] : Java 7 Update 55
[HKCR\Installer\Products\5286A93B02AEAE34BAD26ACB20899D1A] : Movie Maker
[HKCR\Installer\Products\57DB95FFA664A5D4DA32AA8DC7F54DC4] : QuickTime 7 -> C:\WINDOWS\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\Installer.ico
[HKCR\Installer\Products\5A440F64B8EC691489E4B56D25E563D1] : Apple Application Support -> C:\WINDOWS\Installer\{46F044A5-CE8B-4196-984E-5BD6525E361D}\WinInstall.ico
[HKCR\Installer\Products\68AB67CA408033019195008142320776] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824237067}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744BA0000000010] : Adobe Reader XI (11.0.22) - Français -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico
[HKCR\Installer\Products\6C9B2DF019BDAE845981BAB586ACE182] : Movie Maker
[HKCR\Installer\Products\74959CB9DF29B8341A860CF1A9B52729] : Google Drive -> C:\WINDOWS\Installer\{9BC95947-92FD-438B-A168-C01F9A5B7292}\DriveIcon
[HKCR\Installer\Products\78851BEF2390D2D4BB58A60CF3FBA18A] : Pinnacle VideoSpin -> C:\WINDOWS\Installer\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}\VideoSpin.exe
[HKCR\Installer\Products\7A0E7C98D9D4CCD488439A2A9BD2E7BB] : Photo Gallery
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
[HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5] : YouCam -> C:\WINDOWS\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8C7666988F358B746B0B1B311BF050CB] : Epson E-Web Print -> C:\WINDOWS\Installer\{896667C8-53F8-47B8-B6B0-B113B10F05BC}\icon.exe
[HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110
[HKCR\Installer\Products\8FC2C70F35C43CE418266A22E163BE88] : Guide de l’utilisateur -> C:\WINDOWS\Installer\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A374D8EF60F699F45B4FEB7DB2A230C8] : TuneUp Utilities 2014
[HKCR\Installer\Products\A42C31F02EFF0DC4E8B0CD08E4A0E0B0] : Epson Event Manager -> C:\WINDOWS\Installer\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}\icon.exe
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
[HKCR\Installer\Products\B1CCEC48FE121B14A919E327E4D5993D] : Manuels EPSON -> C:\WINDOWS\Installer\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}\EPSMICO.ICO
[HKCR\Installer\Products\C358A937F17DB404E9A610D29381DE75] : Adobe AIR
[HKCR\Installer\Products\C8312EA4F0A886C47B2D27A2F536725F] : ANT Drivers Installer x64
[HKCR\Installer\Products\CB35AFFE40C812E2D3091AB361790BAC] : Dragon NaturallySpeaking 11 -> C:\WINDOWS\Installer\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE532CED4A8571542A874CE1D8EABAB3] : PowerDVD -> C:\WINDOWS\Installer\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DFA4044F3FE21C04C890925E3F6B79B2] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\EDBC8B2C23253E114B490FD42AA3C585] : MSVCRT Redists
[HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64
[HKCR\Installer\Products\F215EDFADCB76B64190C32802131E9FE] : Lenovo Solution Center -> C:\WINDOWS\Installer\{AFDE512F-7BCD-46B6-91C0-230812139EEF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F274703B9DB704042955ECD6A611693A] : Software Updater -> C:\WINDOWS\Installer\{B307472F-7BD9-4040-9255-CE6D6A1196A3}\icon.ico
[HKCR\Installer\Products\F45FAD3B52BD6854E91F692DB41B0488] : Windows Movie Maker 2.6
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\F724A5A493AB0FB47777A974BF6EC0F9] : Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) -> C:\WINDOWS\Installer\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\F8CA19DB23253E114B020FD42AA3C585] : Vegas Pro 12.0 (64-bit) -> C:\WINDOWS\Installer\{BD91AC8F-5232-11E3-B420-F04DA23A5C58}\vegas.ico
[HKCR\Installer\Products\FA0491A1B477B05468E4C12B1AEB9015] : TuneUp Utilities 2014 (fr-FR)

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de l’application défaillante svchost.exe_OneSyncSvc, version : 10.0.15063.0, horodatage : 0x02799ef5
Nom du module défaillant : SYNCUTIL.dll, version : 10.0.15063.0, horodatage : 0xe4183750
Code d’exception : 0xe0464645
Décalage d’erreur : 0x000000000000da32
ID du processus défaillant : 0x12e4
Heure de début de l’application défaillante : 0x01d374efe9d1d8ff
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\SYNCUTIL.dll
ID de rapport : 5a9aad6a-0084-4b73-a885-a9611d4f9ab1
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Nom de l’application défaillante svchost.exe_OneSyncSvc, version : 10.0.15063.0, horodatage : 0x02799ef5
Nom du module défaillant : SYNCUTIL.dll, version : 10.0.15063.0, horodatage : 0xe4183750
Code d’exception : 0xe0464645
Décalage d’erreur : 0x000000000000da32
ID du processus défaillant : 0x928
Heure de début de l’application défaillante : 0x01d374c3bb128b7c
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\SYNCUTIL.dll
ID de rapport : 4ef82dd1-8fb3-449f-80e9-8f4a0954e97b
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------

Nom de l’application défaillante svchost.exe_OneSyncSvc, version : 10.0.15063.0, horodatage : 0x02799ef5
Nom du module défaillant : SYNCUTIL.dll, version : 10.0.15063.0, horodatage : 0xe4183750
Code d’exception : 0xe0464645
Décalage d’erreur : 0x000000000000da32
ID du processus défaillant : 0x78c
Heure de début de l’application défaillante : 0x01d374b01c4f86c1
Chemin d’accès de l’application défaillante : c:\windows\system32\svchost.exe
Chemin d’accès du module défaillant: c:\windows\system32\SYNCUTIL.dll
ID de rapport : f9608fc1-9076-4171-895f-c67317666a48
Nom complet du package défaillant : 
ID de l’application relative au package défaillant : 
------------

Une vérification de stratégie d’unmarshaling a été effectuée lors de l’unmarshaling d’un objet marshalé personnalisé et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a été refusée
------------


----------( EOF)---------- - 5091 | 17:13:22