--------------- QuickDiag | g3n-h@ckm@n | V4_27.04.18.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 18/05/2018 19:53:06

Updated 27/04/2018 | 14.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[user (Administrator)] - [USER-PC] (S-1-5-21-768028322-443926211-1286405372-1000)

System: Microsoft WindowsÂ 7 Ãdition Familiale Premium - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft WindowsÂ 7 Ãdition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: All Series - ASUS - IdNumber: System Serial Number - UUID: 2C77EDA0-D7DA-11DD-AA35-E03F499FBC68
Processor : X64 - 3192 Mhz - Intel(R) Core(TM) i5-4460  CPU @ 3.20GHz
BIOS Date: 10/29/13 14:48:14 Ver: 09.04 - fr|FR|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 0904 - ALASKA - 1072009
CoreTemp : 29.8 Celsius

----------| Quick


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10438576&REV_1003\4&29E4DF1&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000
Webcam C170 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_082B&MI_02\6&369CC303&0&0002
PÃ©riphÃ©rique audio USB - Status: OK - Manufacturer: (USB Audio gÃ©nÃ©rique) - PNPDeviceID: USB\VID_0D8C&PID_0134&MI_00\6&F99E95E&0&0000
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0042&SUBSYS_10438428&REV_1001\5&81246C8&0&0001

---------- | Video

NVIDIA GeForce GTX 650 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_0FC6&SUBSYS_84281043&REV_A1\4&3834D97&0&0008 - AdapterCompatibility: NVIDIA - RAM: 1073741824
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 650 - DriverVersion: 9.18.13.4725 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\frapsv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 71680 -  Manufacturer: Beepa P/L - Status: OK

---------- | CPU

CPU #1 value:6 %
CPU #2 value:0 %
CPU #3 value:6 %
CPU #4 value:0 %
Total Overall CPU Usage value:3 %

---------- | Network


WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_85541043&REV_0C\4&33CE3517&0&00E2
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
TAP-Windows Adapter V9 - Ethernet 802.3 - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000
RAS Async Adapter - RÃ©seau Ã©tendu (WAN) - Microsoft - Status: - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Microsoft Teredo Tunneling Adapter - - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000

---------- | Memory

RAM = Total (MB) : 8292 | Free (MB) : 3818
Pagefile = Total (MB) : 16583 | Free (MB) : 11853
Virtual = Total (MB) : 4194 | Free (MB) : 3988

Physical Memory 1 : Capacity: 8589934592 - ChannelA-DIMM1 - Posit.: - Manufacturer: Kingston - PartNumber: KHX1600C10D3/8G   - S/N: 10601122

---------- | SID Users

Administrateur : [S-1-5-21-768028322-443926211-1286405372-500]
HomeGroupUser$ : [S-1-5-21-768028322-443926211-1286405372-1003]
InvitÃ© : [S-1-5-21-768028322-443926211-1286405372-501]
user : [S-1-5-21-768028322-443926211-1286405372-1000]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]
HomeUsers : [S-1-5-21-768028322-443926211-1286405372-1002]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 626.16 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKWDC_WD10EZEX-22BN5A0____________________01.01A01\5&17F9CFFB&0&1.0.0

---------- | Windows updates - Activation - License

Last detection : 2017-12-03 07:53:57
Downloaded last ones : 2017-11-15 07:46:16
Installed last ones : 2017-11-16 07:34:37
Next search : 2018-05-18 17:47:23

Test 1 : Windows Is Activated

Volume License


---------- | Browsers

IE : 11.0.9600.18838     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)

Default : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- ""

---------- | FlashPlayer


---------- | Security

FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

364 | [Owner : SystÃ¨me | Parent : 4(System) | 1.27 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23915) = C:\Windows\System32\smss.exe     [13/10/2017 15:52:17]    CPU Usage:0 % --> Command Line : 
552 | [Owner : SystÃ¨me | Parent : 544() | 5.08 Mo] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
640 | [Owner : SystÃ¨me | Parent : 544() | 4.76 Mo] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [14/07/2009 01:52:37]    CPU Usage:0 % --> Command Line : 
676 | [Owner : SystÃ¨me | Parent : 648() | 9.53 Mo] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
700 | [Owner : SystÃ¨me | Parent : 640(wininit.exe) | 9.75 Mo] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [13/05/2015 12:12:40]    CPU Usage:0 % --> Command Line : 
732 | [Owner : SystÃ¨me | Parent : 640(wininit.exe) | 13.32 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23915) = C:\Windows\System32\lsass.exe     [13/10/2017 15:52:17]    CPU Usage:0 % --> Command Line : 
748 | [Owner : SystÃ¨me | Parent : 640(wininit.exe) | 4.74 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [21/11/2010 05:23:53]    CPU Usage:0 % --> Command Line : 
756 | [Owner : SystÃ¨me | Parent : 648() | 7.7 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [15/10/2014 08:14:27]    CPU Usage:0 % --> Command Line : 
872 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 10.52 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
956 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 8.04 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 347.25.) - (8.17.13.4725) = C:\Windows\System32\nvvsvc.exe     [19/08/2014 09:06:01]    CPU Usage:0 % --> Command Line : 
980 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 6.1 Mo] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4725) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe     [27/01/2015 13:26:47]    CPU Usage:0 % --> Command Line : 
156 | [Owner : SERVICE RÃSEAU | Parent : 700(services.exe) | 8.81 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
836 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 22.78 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1028 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 192.64 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1060 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 39.19 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1184 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 6.41 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1220 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 18.19 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1328 | [Owner : SERVICE RÃSEAU | Parent : 700(services.exe) | 18.26 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1400 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 211.57 Mo] - (.AVAST Software - Avast Service.) - (18.4.3895.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe     [17/05/2018 12:12:14]    CPU Usage:0 % --> Command Line : 
1444 | [Owner : SystÃ¨me | Parent : 956(nvvsvc.exe) | 20.86 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4725) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe     [19/08/2014 09:06:01]    CPU Usage:0 % --> Command Line : 
1452 | [Owner : SystÃ¨me | Parent : 956(nvvsvc.exe) | 13.84 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 347.25.) - (8.17.13.4725) = C:\Windows\System32\nvvsvc.exe     [19/08/2014 09:06:01]    CPU Usage:0 % --> Command Line : 
1572 | [Owner : user | Parent : 1028(svchost.exe) | 35.88 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [14/07/2009 01:37:38]    CPU Usage:0 % --> Command Line : 
1648 | [Owner : user | Parent : 1564() | 71.06 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe     [12/10/2016 12:13:23]    CPU Usage:0 % --> Command Line : 
1788 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 13.86 Mo] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe     [20/08/2014 17:07:55]    CPU Usage:0 % --> Command Line : 
1844 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 18.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1208 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 4.17 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [09/02/2018 19:02:50]    CPU Usage:0 % --> Command Line : 
1416 | [Owner : user | Parent : 700(services.exe) | 24.51 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [19/08/2014 20:01:12]    CPU Usage:0 % --> Command Line : 
1512 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 8.1 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (4.5.0.814) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe     [27/02/2017 09:55:02]    CPU Usage:0 % --> Command Line : 
2076 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 11.92 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
2220 | [Owner : user | Parent : 1648(explorer.exe) | 35.16 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe     [19/08/2014 09:38:48]    CPU Usage:0 % --> Command Line : 
2344 | [Owner : user | Parent : 1444(nvxdsync.exe) | 12.46 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4725) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe     [19/08/2014 09:06:01]    CPU Usage:0 % --> Command Line : 
2684 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 10.24 Mo] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.9.1.22) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe     [27/01/2015 13:27:38]    CPU Usage:0 % --> Command Line : 
2732 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 39.98 Mo] - (.Hi-Rez Studios - HiPatchService.) - (6.0.2.4) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe     [23/09/2016 22:18:21]    CPU Usage:0 % --> Command Line : 
2752 | [Owner : user | Parent : 1648(explorer.exe) | 10.82 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.378.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe     [11/08/2015 16:33:50]    CPU Usage:0 % --> Command Line : 
2860 | [Owner : user | Parent : 2788() | 37 Mo] - (.AVAST Software - Avast Antivirus.) - (18.4.3895.325) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [17/05/2018 12:12:32]    CPU Usage:0 % --> Command Line : 
2904 | [Owner : SystÃ¨me | Parent : 1500() | 0.53 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe     [12/04/2018 12:07:08]    CPU Usage:0 % --> Command Line : 
2924 | [Owner : SystÃ¨me | Parent : 1500() | 0.53 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.136.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe     [12/04/2018 12:07:08]    CPU Usage:0 % --> Command Line : 
1920 | [Owner : user | Parent : 3044(chrome.exe) | 5.76 Mo] - (.Intel Corporation - iusb3mon.) - (2.5.0.19) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe     [19/08/2014 09:22:03]    CPU Usage:0 % --> Command Line : 
2308 | [Owner : user | Parent : 3044(chrome.exe) | 8.57 Mo] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.101.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe     [22/06/2016 02:13:02]    CPU Usage:0 % --> Command Line : 
2340 | [Owner : user | Parent : 2332() | 1.1 Mo] - (.Piriform Ltd - CCleaner.) - (5.41.129.6446) = C:\Program Files\CCleaner\CCleaner64.exe     [26/09/2014 16:04:08]    CPU Usage:0 % --> Command Line : 
2476 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 5.88 Mo] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe     [27/08/2013 14:32:14]    CPU Usage:0 % --> Command Line : 
2564 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 22.24 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.7.190) = C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe     [01/05/2018 18:21:51]    CPU Usage:0 % --> Command Line : 
2800 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 9.53 Mo] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe     [19/08/2014 09:38:45]    CPU Usage:0 % --> Command Line : 
3060 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 12.06 Mo] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (4.1.2032.8372) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe     [30/07/2015 11:45:45]    CPU Usage:0 % --> Command Line : 
2508 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 5.98 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
3156 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 48.6 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.667) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [17/05/2018 19:46:52]    CPU Usage:0 % --> Command Line : 
3660 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 20.82 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe     [14/11/2017 20:41:22]    CPU Usage:0 % --> Command Line : 
3956 | [Owner : SERVICE RÃSEAU | Parent : 700(services.exe) | 6.22 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
4008 | [Owner : SERVICE LOCAL | Parent : 1028(svchost.exe) | 6.18 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hÃ´te de lÂinfrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe     [19/08/2014 09:33:04]    CPU Usage:0 % --> Command Line : 
4168 | [Owner : SERVICE RÃSEAU | Parent : 700(services.exe) | 18.09 Mo] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) - (4.1.2032.8372) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe     [22/04/2015 23:57:55]    CPU Usage:0 % --> Command Line : 
4544 | [Owner : SystÃ¨me | Parent : 3060(NvStreamService.exe) | 19.81 Mo] - (.NVIDIA Corporation - NVIDIA Streamer User Agent.) - (4.1.2032.8372) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe     [30/07/2015 11:45:45]    CPU Usage:0 % --> Command Line : 
4712 | [Owner : user | Parent : 2564(mcsacore.exe) | 29.05 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.7.190) = C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe     [01/05/2018 18:21:53]    CPU Usage:0 % --> Command Line : 
4724 | [Owner : SystÃ¨me | Parent : 872(svchost.exe) | 5.7 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe     [14/07/2009 01:47:12]    CPU Usage:0 % --> Command Line : 
4732 | [Owner : SystÃ¨me | Parent : 676(csrss.exe) | 4.94 Mo] - (.Microsoft Corporation - HÃ´te de la fenÃªtre de la console.) - (6.1.7601.23915) = C:\Windows\System32\conhost.exe     [13/10/2017 15:52:17]    CPU Usage:0 % --> Command Line : 
5052 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 9.86 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
4540 | [Owner : SERVICE LOCAL | Parent : 700(services.exe) | 14.26 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
4156 | [Owner : user | Parent : 3156(MBAMService.exe) | 26.28 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1490) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [17/05/2018 19:46:43]    CPU Usage:0 % --> Command Line : 
2180 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 4.88 Mo] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe     [19/08/2014 10:08:40]    CPU Usage:0 % --> Command Line : 
3772 | [Owner : SystÃ¨me | Parent : 700(services.exe) | 16.12 Mo] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe     [19/08/2014 10:07:46]    CPU Usage:0 % --> Command Line : 
2812 | [Owner : user | Parent : 1620() | 17.42 Mo] - (.Intel Corporation - Intel(R) Management and Security Status.) - (9.5.20.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe     [19/08/2014 10:07:47]    CPU Usage:0 % --> Command Line : 
4640 | [Owner : user | Parent : 2308(jusched.exe) | 13.74 Mo] - (.Oracle Corporation - Java Update Checker.) - (2.8.101.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe     [22/06/2016 02:12:44]    CPU Usage:0 % --> Command Line : 
2416 | [Owner : user | Parent : 1648(explorer.exe) | 200.65 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:2 % --> Command Line : 
6092 | [Owner : user | Parent : 2416(chrome.exe) | 5.29 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
5928 | [Owner : user | Parent : 2416(chrome.exe) | 152.81 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:2 % --> Command Line : 
4176 | [Owner : user | Parent : 2416(chrome.exe) | 53.54 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
5996 | [Owner : user | Parent : 2416(chrome.exe) | 135.37 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
5952 | [Owner : user | Parent : 2416(chrome.exe) | 91.04 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
3044 | [Owner : user | Parent : 2416(chrome.exe) | 164.97 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
5572 | [Owner : user | Parent : 2416(chrome.exe) | 13.12 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
5460 | [Owner : user | Parent : 2416(chrome.exe) | 568.82 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
3264 | [Owner : SERVICE LOCAL | Parent : 836(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de pÃ©riphÃ©rique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe     [12/10/2016 12:14:13]    CPU Usage:0 % --> Command Line : 
1472 | [Owner : user | Parent : 2416(chrome.exe) | 135.16 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
3948 | [Owner : user | Parent : 2416(chrome.exe) | 116.82 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
2436 | [Owner : user | Parent : 2416(chrome.exe) | 154.8 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
2900 | [Owner : user | Parent : 2416(chrome.exe) | 173.55 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
6408 | [Owner : SERVICE RÃSEAU | Parent : 872(svchost.exe) | 13.46 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [21/11/2010 05:24:15]    CPU Usage:0 % --> Command Line : 
6268 | [Owner : user | Parent : 2416(chrome.exe) | 72.84 Mo] - (.SRWare - SRWare Iron.) - (51.0.2700.0) = C:\Program Files (x86)\SRWare Iron\chrome.exe     [23/07/2016 11:26:15]    CPU Usage:0 % --> Command Line : 
7124 | [Owner : user | Parent : 1648(explorer.exe) | 36.2 Mo] - (.SosVirus - QuickDiag.) - (27.4.18.1) = C:\Users\user\Desktop\QuickDiag.exe     [18/05/2018 19:50:16]    CPU Usage:0 % --> Command Line : 
5020 | [Owner : SystÃ¨me | Parent : 872(svchost.exe) | 6.86 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [21/11/2010 05:24:15]    CPU Usage:0 % --> Command Line : 
7072 | [Owner : SERVICE RÃSEAU | Parent : 872(svchost.exe) | 7.33 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [21/11/2010 05:24:27]    CPU Usage:0 % --> Command Line : 
4112 | [Owner : SERVICE RÃSEAU | Parent : 700(services.exe) | 13.08 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [21/11/2010 05:23:56]    CPU Usage:0 % --> Command Line : 

---------- | MD5

[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 12:13:23] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3154 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [21/11/2010 05:23:55] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - InterprÃ©teur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus dÂexÃ©cution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.Â© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.DFBB8D70152995D249D687A3A4A239C3] - [13/10/2017 15:52:17] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23915) : C:\Windows\System32\Kernel32.dll
[MD5.62056ADD38513A86C4866E912371B56B] - [13/10/2017 15:52:17] - (.Â© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23915) : C:\Windows\System32\lsass.exe
[MD5.3F1A199859B4F3F8357B2A0AF5666A54] - [13/09/2017 12:47:30] - (.Â© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.23889) : C:\Windows\System32\rpcss.dll
[MD5.C36BB659F08F046B139C8D1B980BF1AC] - [15/06/2017 17:58:53] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te Windows (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\Windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [13/05/2015 12:12:40] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Applications Services et ContrÃ´leur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.34BA256FBF83457F9D5E51A56DB54542] - [14/12/2016 17:04:11] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL client de lÂAPI uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [21/11/2010 05:24:28] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application de dÃ©marrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [15/10/2014 08:14:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [10/05/2017 12:48:57] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.Â© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [19/08/2014 20:14:27] - (.Â© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.Â© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [21/11/2010 05:23:47] - (.Â© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.9B38580063D281A99E68EF5813022A5F] - [12/10/2016 12:14:13] - (.Â© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [21/11/2010 05:23:47] - (.Â© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.Â© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.767C6DF04C5758B9F0790D400541B44F] - [13/10/2017 15:52:17] - (.Â© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23915) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.F7309F42555F8AAB7144A51A1F2585B0] - [11/11/2015 11:59:34] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.734837208CAFD6E0959A7A0333C95C9D] - [13/09/2017 12:47:32] - (.Â© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\Windows\System32\Drivers\netbt.sys
[MD5.1065D9AFE491706EB00AD3CBB76C9E54] - [14/11/2017 20:41:28] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote du systÃ¨me de fichiers NT.) - [1641.23 Ko] - (6.1.7601.23932) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port parallÃ¨le.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [21/11/2010 05:24:33] - (.Â© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.Â© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.7FB36A0A036ADDACE0A868E4A43C1C27] - [12/07/2017 14:48:24] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote TCP/IP.) - [1851.23 Ko] - (6.1.7601.23821) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - [08/08/2017 22:20:13] - (.Â© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\Windows\System32\Drivers\tdx.sys
[MD5.DF8126BD41180351A093A3AD2FC8903B] - [19/08/2014 09:16:00] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de clichÃ© instantanÃ© du volume.) - [289.38 Ko] - (6.1.7601.17567) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.AVAST Software.-.Avast Shell Extension.) - (18.4.3895.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Fraunhofer Institut Integrierte Schaltungen IIS.-.MPEG Layer-3 Audio Codec for MSACM.) - (1.9.0.401) -- C:\Windows\System32\l3codeca.acm
(.Alexander Roshal.-.WinRAR shell extension.) - (5.31.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.57) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Copyright (c) 2014 Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.373) -- C:\Windows\system32\RltkAPO64.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\...\Run]) - User: user-PC\user
NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\SOFTWARE\...\Run]) - User: Public
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public
AdobeGCInvoker-1.0 - ("C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   
"DelayedExpansion"=0   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"UserSelectedDefault"=1   
"Device"=\\ORDINATEUR-FIXE\Brother DCP-150C Printer,winspool,Ne02:   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   
"DelayedExpansion"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"   
"ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart   
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui   
"AdobeGCInvoker-1.0"="C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"RequireSignedAppInit_DLLs"=1   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   
"DelayedExpansion"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"   
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"   
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"LoadAppInit_DLLs"=0   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player PPAPI Notifier
Adobe Flash Player Updater
AdobeGCInvoker-1.0-user-PC-user
Avast Emergency Update
AvastUpdateTaskMachineCore
AvastUpdateTaskMachineUA
CCleaner Update
CCleanerSkipUAC
{275B388B-80D1-4B1F-B9DA-94BB37982A54}
{533E72F0-4AC0-4140-B1EC-FF788AFEE1A8}
{59675EE7-1E89-41D0-8545-9D9877CB0F32}
{D86EE1C9-C50A-4CA8-BC64-6E0B73590769}

---------- | Startings up registry ? Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite] : "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LWS] : C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSUAMain] : "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] : "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"  

---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN  NUMPROC=4   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=732   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"enabledcom"=y   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *   
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"AutoChkTimeOut"=5   
"SetupExecute"=   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=025c50f8-cc1d-45a9-8ac6-b0d321c   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=0   
"LeftOverlapChars"=3   
"MenuShowDelay"=0   
"PaintDesktopVersion"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=0   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [18/08/2014 17:48:33]
"WaitToKillAppTimeout"=200   
"HungAppTimeout"=200   
"AutoEndTasks"=1   
"Pattern Upgrade"=TRUE   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLowDiskSpaceChecks"=1   
"NoDriveTypeAutoRun"=221   
"NoDrives"=0   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"Browse For Folder Width"=347   
"Browse For Folder Height"=288   
"DesktopProcess"=1   
"link"=0x1E000000   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=4   
"AlwaysShowMenus"=1   
"ExtendedUIHoverTime"=0   
"DesktopLivePreviewHoverTime"=0   
"Start_ShowRun"=1   
"Start_MinMFU"=10   
"Start_JumpListItems"=10   
"Start_AdminToolsRoot"=0   
"StartMenuAdminTools"=0   
"Start_PowerButtonAction"=2   
""=0   
"TaskbarSizeMove"=0   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x050000000400000003000000020000000100000000000000FFFFFFFF   
"0"=0x770069006E0064006F00770073000000   
"1"=0x6D0061006D0061006E000000   
"2"=0x3100300031000000   
"3"=0x3100300031003000300033000000   
"4"=0x31003000310030000000   
"5"=0x3200300031000000   

[HKLM\Software\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"DisableRegistryTools"=0   
"MaxGPOScriptWait"=600   
"SoftwareSASGeneration"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=32   
"SmartScreenEnabled"=Off   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"EnableSmartScreen"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"DisableRegistryTools"=0   
"MaxGPOScriptWait"=600   
"SoftwareSASGeneration"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=256   
"Max Cached Icons"=2000   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=Explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=39   
"LegalNotice Text"=   
"SFCDisable"=0   
"System"=   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=ComFile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\System32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=ComFile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\System32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command]
""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"   
[HKLM\Software\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\Shell\open\Command]
""="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avast Secure Browser\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=6F8100 Bin\ASSETUP.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1
"SIGN.MEDIA=14025784 Setup.exe"=1
"SIGN.MEDIA=D734FECF Installer.exe"=1
"C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe"=1
"C:\Program Files (x86)\WinRAR\uninstall.exe"=1
"SIGN.MEDIA=7EF9A4D3 setup.exe"=1
"SIGN.MEDIA=47511F90 setup.exe"=1
"SIGN.MEDIA=81F01D44 setup.exe"=1
"SIGN.MEDIA=64919777 setup.exe"=1
"SIGN.MEDIA=C52E5F1A setup.exe"=1
"SIGN.MEDIA=15E54627 setup.exe"=1
"C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe"=1
"C:\Program Files (x86)\ZHPFix\ZHPhep.exe"=1
"SIGN.MEDIA=9025EF8C setup.exe"=1
"SIGN.MEDIA=8758C817 install.exe"=1
"C:\Users\user\Desktop\Keycraft.exe"=1
"C:\Users\user\AppData\Local\Temp\7zS1258.tmp\setup.exe"=1
"C:\Users\user\Downloads\srware-iron_51-0-2700-0_fr_312540.exe"=1
"C:\Users\user\AppData\Local\Temp\jre-8u101-windows-au.exe"=1
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=1
"C:\Users\user\Desktop\zhpfix_2015.10.19.9.exe"=1
"C:\Users\user\Downloads\Firefox Setup 50.1.0.exe"=1
"C:\Users\user\Desktop\rcsetup153.exe"=1
"C:\Users\user\Desktop\android-data-recovery.exe"=1
"C:\Users\user\AppData\Local\Adobe\OOBE\PDApp\DECore\Setup.exe"=1
"C:\Users\user\AppData\Local\Temp\AAMHelper.exe"=1
"C:\Users\user\Downloads\bd-studio-pratic.exe"=1
"C:\Users\user\Desktop\RPG Maker XP 1.03.exe"=1


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
""=@SYS:DoesNotExist   
"bak"=@SYS:Software\Swearware\dump   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=0
"UpdatesDisableNotify"=0

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1
"FirewallDisableNotify"=0
"AntiVirusDisableNotify"=0
"UpdatesDisableNotify"=0

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0xD1D80B31FBBACF01

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

127.0.0.1       localhost

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.204.110] avec 32 octets de donn?es?:
R?ponse de 216.58.204.110?: octets=32 temps=96 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=118 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=120 ms TTL=55
R?ponse de 216.58.204.110?: octets=32 temps=77 ms TTL=55

Statistiques Ping pour 216.58.204.110:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 77ms, Maximum = 120ms, Moyenne = 102ms

---------- | @

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"XMLHTTP"=1
"NoUpdateCheck"=1
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://www.google.com/
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF92020000C9000000B2050000F5020000
"Start Page Redirect Cache_TIMESTAMP"=0xA4A11CB98DBBCF01
"Start Page Redirect Cache AcceptLangs"=fr
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0x6C9FB4BF8DBBCF01
"IE8TourShown"=1
"IE8TourShownTime"=0x09B4B5C08DBBCF01
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"ImageStoreRandomFolder"=4yntyra
"OperationalData"=517
"Friendly http errors"=no
"IE10TourNoShow"=1
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0xD27A96CBE9EACF01
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"DoNotTrack"=1
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x32E515C454D0D101
"RunOnceHasShown"=1
"RunOnceComplete"=1
"Start Page_TIMESTAMP"=0x8FB2C96092BFD201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"SearchBandRestoreBarCount"=1
"SearchBandMigrationVersion"=1

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x07E907574CBCCF01
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=0
"WarnOnHTTPSToHTTPRedirect"=1
"GlobalUserOffline"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://google.fr
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"CustomizeSearch"=about:blank
"SearchAssistant"=about:blank

[HKLM\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://
"gopher"=gopher://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"WarnOnPost"=0x01000000
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=0
"WarnOnZoneCrossing"=1
"WarnOnHTTPSToHTTPRedirect"=1
"ProxyEnable"=0
"GlobalUserOffline"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=about:blank
"Default_Page_URL"=about:blank
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=about:blank
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=about:blank
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"CustomizeSearch"=about:blank
"SearchAssistant"=about:blank

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"ProxyEnable"=0
"GlobalUserOffline"=0


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [23/02/2017 09:29:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [23/02/2017 09:29:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL   [23/02/2017 09:29:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [17/05/2018 12:12:39]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [17/05/2018 12:12:39]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL   [23/02/2017 09:34:16]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL   [23/02/2017 09:34:16]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL   [23/02/2017 09:34:16]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   
"ShowDiscussionButton"=Yes   

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"DownloadRetries"=0   
"ShowSearchSuggestionsInAddressGlobal"=1   
"KnownProvidersUpgradeTime"=0x4DB5E2A7BFCBD201   
"Version"=4   
"UpgradeTime"=0x6910B9A8BFCBD201   
"DefaultPackCorrection"=1   
"DefaultPackNTCorrection"=1   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping] : () -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer Ã  OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liÃ©es OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (&Envoyer Ã  OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Cliquer pour appeler Lync) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (Notes &liÃ©es OneNote) -       []

---------- | SearchScopes

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll  [24/08/2017 19:21:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll  [17/05/2018 12:12:14]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll  [01/05/2018 18:21:53]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL  [22/01/2014 04:11:44]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL  [23/02/2017 09:34:16]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Skype for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll  [24/08/2017 19:21:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll  [01/08/2016 19:45:13]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll  [17/05/2018 12:12:14]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll  [01/05/2018 18:21:53]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL  [22/01/2014 04:11:44]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft SkyDrive Pro Browser Helper) : C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL  [23/02/2017 09:34:16]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll  [01/08/2016 19:45:13]

---------- | Chrome


[HKLM\Software\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
[HKLM\Software\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]

---------- | Opera


---------- | Firefox


[HKLM\Software\mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
[HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.101.2] - (JavaÂ Deployment Toolkit) : C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2] - (OracleÂ® Next Generation JavaÂ Plug-In) : C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll



---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{949702A1-FEAA-4F2C-A64E-48A929E02C1D}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{949702A1-FEAA-4F2C-A64E-48A929E02C1D}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{949702A1-FEAA-4F2C-A64E-48A929E02C1D}]
"DhcpNameServer"=192.168.1.1 192.168.1.1

---------- | Applications

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Classes\Applications\RPG Maker XP.exe] : "C:\Program Files (x86)\Bodom-Child - RaBBi\RMXP\RPG Maker XP.exe" "%1"
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\SC2Editor.exe] : "C:\Program Files (x86)\StarCraft II\Support\SC2Editor.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\StarCraft II.exe] : "C:\Program Files (x86)\StarCraft II\StarCraft II.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\SC2Editor.exe] : "C:\Program Files (x86)\StarCraft II\Support\SC2Editor.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\StarCraft II.exe] : "C:\Program Files (x86)\StarCraft II\StarCraft II.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"GPSvcGroup"=GPSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
PlugPlay
DcomLaunch


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Activision]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Adobe]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Ankama]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\AppDataLow]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Artplant]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ASUS]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\AVAST Software]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Battle.net]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\BitTorrent]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Blizzard Entertainment]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Browser Cleanup]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\CarbonGames]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Chromium]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Clients]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Clubic]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\CMP]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\CNC Labs]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ControlKids]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\devpro]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Digital Extremes]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\DirectShow]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Disc Soft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ej-technologies]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\electronic arts]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Emulators]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Enterbrain]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Epic Games]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\epsxe]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ESET]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Fast Folder Access]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\FonePaw]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Geek Uninstaller]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\GfaceGmbh]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Glarysoft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Google]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\IM Providers]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\IMDownloader]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Intel]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Jagex Ltd]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\JavaSoft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Leadertech]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Licenses]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\LogiShrd]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Logitech]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Macromedia]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\MainConcept]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Malwarebytes]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Mozilla]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Mumble]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\NeoCore Games]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Netscape]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\NVIDIA Corporation]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ODBC]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\OpenOffice]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\PCSX2]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Piriform]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Policies]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ProtectedStorage]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\QtProject]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Razer]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Realmforge Studios GmbH]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Realtek]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Red Giant Software]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Robot Entertainment]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Ross Ridge]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\runic games]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Seeds Of Eternity]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Skype]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\skypeapp-1305caa7fb36]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\SmallGamesInfo]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Software]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Sony Creative Software]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Subterranean Games]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Sysinternals]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\TeamSpeak 3 Client]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\TechSmith]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\TexMod]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\The Document Foundation]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Trion]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Trolltech]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Unchecky]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Unity]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Valve]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\VirtualDub.org]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\WinRAR]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Wow6432Node]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\YGOPro2]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Ada2]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\DVDVideoSoft]
[HKLM\Software\ESET]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\HitmanPro]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\panda_url_filtering]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SiteAdvisor]
[HKLM\Software\Software]
[HKLM\Software\Sonic]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sony Creative Software]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Help]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\Ada2]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\Avast]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Blizzard Entertainment]
[HKLM\Software\WOW6432Node\CDDB]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\ControlKids]
[HKLM\Software\WOW6432Node\Cygwin]
[HKLM\Software\WOW6432Node\Disc Soft]
[HKLM\Software\WOW6432Node\EasyAntiCheat]
[HKLM\Software\WOW6432Node\electronic arts]
[HKLM\Software\WOW6432Node\Enterbrain]
[HKLM\Software\WOW6432Node\Eset]
[HKLM\Software\WOW6432Node\Fraps]
[HKLM\Software\WOW6432Node\GlarySoft]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hi-Rez Studios]
[HKLM\Software\WOW6432Node\HiRez Studios]
[HKLM\Software\WOW6432Node\Infogrames]
[HKLM\Software\WOW6432Node\Infogrames Interactive]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Keycraft]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\LibreOffice]
[HKLM\Software\WOW6432Node\logishrd]
[HKLM\Software\WOW6432Node\Logitech]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Open Broadcaster Software]
[HKLM\Software\WOW6432Node\OpenOffice]
[HKLM\Software\WOW6432Node\Panda Software]
[HKLM\Software\WOW6432Node\PowerPivot]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Red Giant Software]
[HKLM\Software\WOW6432Node\runic games]
[HKLM\Software\WOW6432Node\SiteAdvisor]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Sony Creative Software]
[HKLM\Software\WOW6432Node\teammeat]
[HKLM\Software\WOW6432Node\TechSmith]
[HKLM\Software\WOW6432Node\The Document Foundation]
[HKLM\Software\WOW6432Node\THQ]
[HKLM\Software\WOW6432Node\Trad-FR]
[HKLM\Software\WOW6432Node\TrendyEntertainment]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\Wow6432Node]
[HKLM\Software\WOW6432Node\Yahoo]
[HKLM\Software\WOW6432Node\YgoLink]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


---------- | C:

[14/08/2015 17:05:00] - |SHD| - [6664912680] - C:\$RECYCLE.BIN
[25/05/2016 19:17:00] - |D| - [33389] - C:\$SysReset
[09/05/2018 20:00:26] - |D| - [20926] - C:\AdwCleaner
[13/04/2016 13:33:39] - |SHD| - [0] - C:\Config.Msi
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [14/08/2015 11:17:59] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Cookies
[MD5.9AB946AB9C7B163CECC2FE904B178D5B] - [19/08/2015 11:24:31] - |A| - (.-.) - [965] - (0.0.0.0) - C:\DelFix.txt
[14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1028.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1031.txt
[MD5.99C22D4A31F4EAD4351B71D6F4E5F6A1] - [07/11/2007 08:00:40] - |A| - (.-.) - [10134] - (0.0.0.0) - C:\eula.1033.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1036.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1040.txt
[MD5.9B15A3A055CC6E67EA191A1B7885649A] - [07/11/2007 08:00:40] - |A| - (.-.) - [118] - (0.0.0.0) - C:\eula.1041.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.1042.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.2052.txt
[MD5.9147A93F43D8E58218EBCB15FDA888C9] - [07/11/2007 08:00:40] - |A| - (.-.) - [17734] - (0.0.0.0) - C:\eula.3082.txt
[06/09/2014 10:27:12] - |D| - [739] - C:\Fraps
[MD5.0A6B586FABD072BD7382B5E24194EAC7] - [07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - C:\globdata.ini
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/05/2016 19:26:34] - |ASH| - (.-.) - [6368444416] - (0.0.0.0) - C:\hiberfil.sys
[MD5.520A6D1CBCC9CF642C625FE814C93C58] - [07/11/2007 09:03:18] - |A| - (.Â© Microsoft Corporation. - External Installer.) - [562688] - (9.0.21022.8) - C:\install.exe
[MD5.0DA9AB4977F3E7BA8C65734DF42FDAB6] - [07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - C:\install.ini
[MD5.8F05FE39BDD336C8FA2A18EC3DFE418C] - [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [75280] - (9.0.21022.8) - C:\install.res.1028.dll
[MD5.7D9EBB7DCA62BA75361346CAF4EC196B] - [07/11/2007 08:44:20] - |A| - (.Â© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL fÃ¼r UI-Wrapper.) - [95248] - (9.0.21022.8) - C:\install.res.1031.dll
[MD5.43FB29E3A676D26FCBF0352207991523] - [07/11/2007 08:44:20] - |A| - (.Â© Microsoft Corporation. - UI Wrapper Resource DLL.) - [90128] - (9.0.21022.8) - C:\install.res.1033.dll
[MD5.37C8A4717B40540816A3B92C470FD58F] - [07/11/2007 08:44:20] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - UI Wrapper Resource DLL.) - [96272] - (9.0.21022.8) - C:\install.res.1036.dll
[MD5.03576876C7E9A5B44EB7916492B5B0F6] - [07/11/2007 08:44:20] - |A| - (.Â© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [94224] - (9.0.21022.8) - C:\install.res.1040.dll
[MD5.A3946D3C9ED130AF89D1C1A9E63DEAA6] - [07/11/2007 08:44:20] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [80400] - (9.0.21022.8) - C:\install.res.1041.dll
[MD5.A5CFFE01D83AFECCD9590B4D696AA44E] - [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation. - UI ?? ??? DLL.) - [78864] - (9.0.21022.8) - C:\install.res.1042.dll
[MD5.213BF3AD8A5F31C021BBE011D6460752] - [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation???????? - ???????? DLL.) - [74768] - (9.0.21022.8) - C:\install.res.2052.dll
[MD5.FACD045628070999B43EB7C13AB2E0FE] - [07/11/2007 08:44:20] - |A| - (.Â© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [95248] - (9.0.21022.8) - C:\install.res.3082.dll
[19/08/2014 09:21:30] - |D| - [1814226] - C:\Intel
[MD5.800B746FDC4D80469AFC7E5E9B510C9C] - [01/12/2006 23:37:14] - |A| - (.Â© Microsoft Corporation. - MicrosoftÂ® Debug Information Accessor.) - [904704] - (8.0.50727.762) - C:\msdia80.dll
[23/06/2015 21:18:01] - |RHD| - [846075976] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [25/05/2016 19:26:36] - |ASH| - (.-.) - [8491261952] - (0.0.0.0) - C:\pagefile.sys
[14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs
[14/07/2009 05:20:08] - |RD| - [5552595957] - C:\Program Files
[14/07/2009 05:20:08] - |RD| - [185130469581] - C:\Program Files (x86)
[14/07/2009 05:20:08] - |D| - [5690212323] - C:\ProgramData
[18/05/2018 19:52:42] - |D| - [68686] - C:\QuickDiag
[MD5.D0CEEBBC7964A9321A517C7EAA8814E4] - [18/05/2018 19:53:06] - |A| - (.-.) - [126784] - (0.0.0.0) - C:\QuickDiag.txt
[25/05/2016 19:07:38] - |SHD| - [174130820] - C:\Recovery
[31/10/2014 23:12:00] - |D| - [68235449] - C:\Riot Games
[06/12/2014 17:30:08] - |D| - [1732649347] - C:\RomStation
[18/08/2014 17:37:35] - |SHD| - [6347090500] - C:\System Volume Information
[14/07/2009 05:20:08] - |RD| - [43534743645] - C:\Users
[MD5.06FBA95313F26E300917C6CEA4480890] - [07/11/2007 08:00:40] - |A| - (.-.) - [5686] - (0.0.0.0) - C:\vcredist.bmp
[MD5.E10F2F6E6379E9185F71AEC1421F37B4] - [07/11/2007 09:09:22] - |A| - (.-.) - [1442522] - (0.0.0.0) - C:\VC_RED.cab
[MD5.E0951D3CB1038EB2D2B2B2F336E1AB32] - [07/11/2007 09:12:28] - |A| - (.-.) - [232960] - (0.0.0.0) - C:\VC_RED.MSI
[14/07/2009 05:20:08] - |D| - [70481228291] - C:\Windows

---------- | C:\Windows

[14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins
[14/07/2009 05:20:08] - |D| - [36000191] - C:\Windows\AppCompat
[14/07/2009 05:20:08] - |D| - [10975800] - C:\Windows\AppPatch
[MD5.07818CDBBD9310E3941881F547F9A2DD] - [19/08/2014 09:09:51] - |A| - (.-.) - [46193] - (0.0.0.0) - C:\Windows\Ascd_tmp.ini
[14/07/2009 05:20:08] - |RSD| - [1631450650] - C:\Windows\assembly
[MD5.9FCFE78AFBA95C1F3AD8E3F99C5C4636] - [19/08/2014 09:15:47] - |A| - (.Copyright (C) 2009 - AsTaskSchedule.) - [16896] - (0.1.0.4) - C:\Windows\AsTaskSched.dll
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [09/09/2016 12:48:06] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\Windows\avastSS.scr
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[14/07/2009 05:20:09] - |D| - [29861998] - C:\Windows\Boot
[MD5.03D59C997FDB7DBD19151E902998EC3A] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding
[MD5.C6D9924A98FFF222C3EFB48B18FF944C] - [22/06/2015 20:44:01] - |A| - (.-.) - [27] - (0.0.0.0) - C:\Windows\BRPP2KA.INI
[MD5.96AB5888BC087FACFDB69D0956738724] - [22/06/2015 20:44:01] - |A| - (.-.) - [434] - (0.0.0.0) - C:\Windows\BRWMARK.INI
[19/08/2014 09:15:56] - |D| - [43248653] - C:\Windows\Chipset
[14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 06:45:54] - |D| - [10091] - C:\Windows\debug
[MD5.00BF5B84D105B5CE56C9B1CF1052F914] - [25/05/2016 18:23:05] - |A| - (.-.) - [10449] - (0.0.0.0) - C:\Windows\diagerr.xml
[14/07/2009 07:32:38] - |D| - [3044378] - C:\Windows\diagnostics
[MD5.692CA5EBC9E0CEF0A8D0BE4DF7400CEE] - [25/05/2016 18:23:05] - |A| - (.-.) - [9528] - (0.0.0.0) - C:\Windows\diagwrn.xml
[14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.7B55DA82532C54BF5B7FA9B82B69DE11] - [20/09/2017 16:58:04] - |A| - (.-.) - [80666] - (0.0.0.0) - C:\Windows\DirectX.log
[14/07/2009 07:32:38] - |D| - [283] - C:\Windows\Downloaded Program Files
[12/04/2011 11:27:58] - |D| - [118084593] - C:\Windows\ehome
[14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US
[14/08/2015 10:30:52] - |D| - [241872565] - C:\Windows\erdnt
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [12/10/2016 12:13:23] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe
[14/07/2009 05:20:09] - |RSD| - [734839259] - C:\Windows\Fonts
[12/04/2011 11:16:36] - |D| - [142336] - C:\Windows\fr-FR
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 05:20:09] - |D| - [21741460] - C:\Windows\Globalization
[14/07/2009 05:20:09] - |D| - [91726917] - C:\Windows\Help
[MD5.A66E522F3CBFB8709EA37844922A002E] - [15/06/2017 17:58:59] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [12/04/2011 11:28:50] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml
[14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME
[14/07/2009 05:20:10] - |D| - [135876314] - C:\Windows\inf
[19/08/2014 09:03:44] - |SHD| - [36245153744] - C:\Windows\Installer
[MD5.79BFF94635EC92C0126BC8BCDCD4AED0] - [25/02/2018 12:10:24] - |A| - (.-.) - [542] - (0.0.0.0) - C:\Windows\KB893803v2.log
[14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [19/08/2014 09:09:56] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\Windows\Language_trs.ini
[14/07/2009 05:20:10] - |D| - [1313700] - C:\Windows\LiveKernelReports
[14/07/2009 05:20:10] - |D| - [65492356] - C:\Windows\Logs
[14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 05:20:10] - |D| - [907420581] - C:\Windows\Microsoft.NET
[20/08/2014 03:20:41] - |D| - [4014] - C:\Windows\Migration
[07/12/2014 10:49:04] - |D| - [0] - C:\Windows\Minidump
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [12/08/2015 12:07:52] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe
[14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[18/08/2014 18:37:12] - |D| - [1213319] - C:\Windows\Panther
[23/06/2015 21:21:04] - |D| - [0] - C:\Windows\PCHEALTH
[14/07/2009 07:32:38] - |D| - [62471029] - C:\Windows\Performance
[MD5.8256D6D1A51ABC5643D8210A69B0F6A3] - [22/04/2017 10:06:53] - |A| - (.-.) - [92200] - (0.0.0.0) - C:\Windows\PFRO.log
[14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA
[14/07/2009 05:20:10] - |D| - [2972247] - C:\Windows\PolicyDefinitions
[13/12/2016 22:05:18] - |D| - [53870374] - C:\Windows\Prefetch
[03/09/2014 19:13:38] - |D| - [47159] - C:\Windows\pss
[MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration
[14/07/2009 05:20:10] - |D| - [7911945] - C:\Windows\rescache
[14/07/2009 05:20:10] - |D| - [1674534] - C:\Windows\Resources
[MD5.A8F0B315F67842060906A301108CDAB0] - [11/08/2015 16:33:02] - |A| - (.Copyright (C) 2014 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.4) - C:\Windows\RtlExUpd.dll
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 05:20:10] - |D| - [1057252] - C:\Windows\security
[14/07/2009 06:45:47] - |D| - [72921935] - C:\Windows\ServiceProfiles
[14/07/2009 05:20:10] - |D| - [191685677] - C:\Windows\servicing
[14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.91CAF72C9D5853917B25FE660A15CC40] - [21/04/2017 15:50:57] - |A| - (.-.) - [46619] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/04/2017 15:50:57] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[12/04/2011 11:27:58] - |D| - [66140] - C:\Windows\ShellNew
[18/08/2014 17:44:58] - |D| - [1887715054] - C:\Windows\SoftwareDistribution
[14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech
[MD5.127AA81343A7C6F665C22CB1293B0A90] - [20/08/2014 17:07:55] - |A| - (.Â© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system
[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - [14/07/2009 04:34:57] - |A| - (.-.) - [215] - (0.0.0.0) - C:\Windows\system.ini
[14/07/2009 05:20:10] - |D| - [5405312763] - C:\Windows\System32
[14/07/2009 05:20:14] - |D| - [1381475635] - C:\Windows\SysWOW64
[14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 05:20:14] - |D| - [32502] - C:\Windows\Tasks
[14/08/2015 17:07:37] - |D| - [88648992] - C:\Windows\temp
[14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 07:32:38] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.8CE5266F0BBB73C95886CB72B0063CB8] - [17/03/2015 18:22:37] - |A| - (.Copyright Â© MindVision Software 1995-2004 - Uninstall application file.) - [90112] - (3.6.1.0) - C:\Windows\unvise32.exe
[14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss
[14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web
[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 04:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.83CAF74C8FAD8A22D891AE820A1BDAF5] - [23/05/2016 15:31:00] - |A| - (.-.) - [1274139] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[14/07/2009 05:20:14] - |D| - [20719806300] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[12/01/2016 17:51:46] - C:\Windows\Installer\1047c78.msi : (UE4 Prerequisites (x64) - Epic Games, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/08/2014 11:16:04] - C:\Windows\Installer\1048e98.msi : (OpenOffice 4.1.1 - OpenOffice)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2017 16:53:25] - C:\Windows\Installer\12d2ba1.msi : (Install/UnInstall PhysX Driver + Engines: 2.7.1/3/4/5/6; 2.8.0/1/3 - NVIDIA Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/07/2014 00:45:18] - C:\Windows\Installer\17a463e.msi : (MSVCRT Redists - Sony Creative Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 01:34:20] - C:\Windows\Installer\22a55bc.msi : (LWS Help_main - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:18] - C:\Windows\Installer\22a55c1.msi : (LWS Webcam Software - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:16] - C:\Windows\Installer\22a55c6.msi : (CameraHelperMsi - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 01:46:08] - C:\Windows\Installer\22a55cb.msi : (Logitech eReg 1.12 merge module-to-MSI converter - Logitech, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/07/2012 00:15:18] - C:\Windows\Installer\22a55d0.msi : (LWS Facebook - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 00:19:08] - C:\Windows\Installer\22a55d5.msi : (LWS Gallery - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/09/2012 01:36:58] - C:\Windows\Installer\22a55da.msi : (LWS Launcher - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:12] - C:\Windows\Installer\22a55df.msi : (LWS Motion Detection - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/09/2012 09:41:22] - C:\Windows\Installer\22a55e4.msi : (LWS Pictures And Video - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/07/2011 04:51:16] - C:\Windows\Installer\22a55e9.msi : (LWS Twitter - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/06/2011 05:26:48] - C:\Windows\Installer\22a55ee.msi : (LWS WLM Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/11/2011 00:14:28] - C:\Windows\Installer\22a55f3.msi : (LWS YouTube Plugin - Logitech)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/04/2014 17:27:19] - C:\Windows\Installer\2582710.msi : (MSVCRT Redists - Sony Creative Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/10/2013 03:45:41] - C:\Windows\Installer\2a97b.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/11/2014 23:12:44] - C:\Windows\Installer\433528.msi : (MSVCRT Redists - Sony Creative Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/04/2018 12:07:05] - C:\Windows\Installer\607e0.msi : (Avast Update Helper - AVAST Software)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/08/2016 18:09:23] - C:\Windows\Installer\66ac1c.msi : (Java SE Runtime Environment 8 Update 101 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/08/2016 18:09:19] - C:\Windows\Installer\66ac27.msi : (Java Auto Updater - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[27/02/2018 10:30:31] - C:\Windows\Installer\a5f36.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:41:29] - C:\Windows\Installer\af707e.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/01/2013 05:52:52] - C:\Windows\Installer\d3101.msi : (ASUS Product Register Program - ASUSTek Computer Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini
[15/04/2015 09:53:25] - [16303] - C:\Windows\System32\ieuinit.inf
[18/01/2012 06:22:54] - [28418] - C:\Windows\System32\lvcoin64.ini
[14/07/2009 07:13:15] - [1673006] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[15/04/2015 09:53:27] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[19/08/2014 09:05:24] - [1647138] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.9B59AB9A6E428972A44E7B2CB174775E] - |A| - [12/07/2017 14:48:29] - (.-.) - [122.74 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.C2CA7695D85C0A0ED53A24A98E2CA735] - |A| - [24/05/2016 09:15:23] - (.-.) - [24 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup
[MD5.163A6956CCC48404576D0DA0C793D560] - |ASH| - [24/05/2016 09:15:23] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [24/05/2016 09:15:23] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG1
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |ASH| - [24/05/2016 09:15:23] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\PSS\boot.backup.LOG2
[MD5.4AA795432D059DAF172331FC3B19FF0E] - |N| - [03/09/2014 19:13:38] - (.-.) - [1.05 Ko] - (0.0.0.0) - C:\Windows\PSS\Control Kids.lnk.Startup
[MD5.4E07D9CE152C3128AA00FB87C146FC86] - |A| - [13/02/2018 21:44:02] - (.-.) - [3.96 Ko] - (0.0.0.0) - C:\Windows\Temp\AdobeARM.log
[MD5.D171E4210B2DF1EC0E6A17B61828B0F9] - |A| - [13/02/2018 21:44:27] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\Windows\Temp\AdobeARM_NotLocked.log
[MD5.BF5B105692FD88466CBA19AB1D66FCAF] - |A| - [08/08/2017 12:50:39] - (.-.) - [7480.82 Ko] - (0.0.0.0) - C:\Windows\Temp\adobegc.log
[MD5.864C22FB9A1C0670EDF01C6ED3E4FBE4] - |A| - [13/02/2018 21:44:02] - (.-.) - [251.88 Ko] - (0.0.0.0) - C:\Windows\Temp\ArmUI.ini
[MD5.7B1ADCEC76E64FEB8B3F72ACD7466CA3] - |A| - [10/05/2017 22:30:10] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00000.log
[MD5.770CAD703BC67763C783F6BF475D555C] - |A| - [10/05/2017 22:30:18] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00001.log
[MD5.6377F335B96BBA6E3A49F9533ECCE9EF] - |A| - [24/08/2017 09:54:18] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00002.log
[MD5.48B13F8EAB98E6FCD8D6B25C42FB057C] - |A| - [24/08/2017 09:54:34] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00003.log
[MD5.A6283B0368243B2696BD6183AC6444F2] - |A| - [14/09/2017 12:16:31] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00004.log
[MD5.35700F555D3BB48D7F117EFF60A48AC2] - |A| - [14/09/2017 12:16:44] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00005.log
[MD5.E57ADCEDBEB9FF7599745F7C72E2FCAE] - |A| - [12/10/2017 18:09:04] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00006.log
[MD5.A900E8B0BA3BB14ADFEB236308A5FEAD] - |A| - [12/10/2017 18:09:20] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00007.log
[MD5.53E7FA7CA1CA58BDB7C5A530D4616BEB] - |A| - [15/11/2017 09:47:56] - (.-.) - [4.47 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00008.log
[MD5.8C531D8D1AD46B32D1C04F12069B8DA5] - |A| - [15/11/2017 09:48:04] - (.-.) - [2.9 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00009.log
[MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [16/05/2017 19:14:34] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\Windows\Temp\asw-2a6d3f47-1818-495e-a288-c944a3d11050.tmp
[MD5.B13D45EB8A638043EFB637A0EC204EA6] - |A| - [24/04/2018 15:58:52] - (.-.) - [15376.52 Ko] - (0.0.0.0) - C:\Windows\Temp\cc4C44.tmp
[MD5.7A0C8D7D9925A9A332BDB752B4B1FDFB] - |A| - [24/04/2018 15:58:52] - (.Copyright (c) 2018 Piriform Ltd - CCleaner emergency updater.) - [491.41 Ko] - (17.8.77.0) - C:\Windows\Temp\ccupdate.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/04/2017 10:53:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.596SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/05/2017 19:08:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.596_0SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [31/05/2017 22:44:23] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.607SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/07/2017 09:36:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.609SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/07/2017 23:07:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser3.55.2393.609_0SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/08/2017 22:04:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser4.58.2552.909SZBrowser_autoupdate.download.lock
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/09/2017 21:58:18] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\CProgram FilesAVAST SoftwareSZBrowser4.58.2552.909_0SZBrowser_autoupdate.download.lock
[MD5.00000000000000000000000000000000] - |D| - [27/04/2017 22:09:55] - [0.04 Ko] - C:\Windows\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [08/08/2017 12:56:56] - [96.82 Ko] - C:\Windows\Temp\CreativeCloud
[MD5.E34D9CA39A42E7FD352C011E79105EDD] - |A| - [10/05/2017 22:29:17] - (.-.) - [1.32 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4014511-x64_decompression_log.txt
[MD5.266C4520B1ED8087D915C2328EFE7C97] - |A| - [14/09/2017 12:15:11] - (.-.) - [1.28 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_ndp46-kb4040973-x64_decompression_log.txt
[MD5.A4F7B29525A1FB2EA1598DE3C03357E8] - |A| - [15/11/2017 09:46:59] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4041778-x64_decompression_log.txt
[MD5.A41A531C52FD0A725B636CF0A375692A] - |A| - [12/10/2017 18:07:07] - (.-.) - [1.29 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4043764-x64_decompression_log.txt
[MD5.F9A2C01178E85B46D5D60AA5640237EF] - |A| - [24/08/2017 09:51:58] - (.-.) - [1.31 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_ndp47-kb3186495-x86-x64-enu_decompression_log.txt
[MD5.063767FD9C845CCE6BC1939FC3BA817D] - |A| - [24/08/2017 09:52:55] - (.-.) - [1.61 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_SetupUtility.txt
[MD5.1720AAF5A486F607308DE7AB71E94F14] - |A| - [10/05/2017 22:30:00] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170510_203000_557.txt
[MD5.D21A890C78D9CA08A5F0A9CF559434B5] - |A| - [10/05/2017 22:30:06] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170510_203006_111.txt
[MD5.CADFEDF5FF010BB3FF6671B5104C5474] - |A| - [24/08/2017 09:54:02] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170824_075402_154.txt
[MD5.C990CFB021FB8C8D079648F546FB6972] - |A| - [24/08/2017 09:54:07] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170824_075407_364.txt
[MD5.C785161F7AB28A537633170EA28AA582] - |A| - [14/09/2017 12:16:20] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170914_101620_505.txt
[MD5.54886C48B819ECB51AF95315C00C0157] - |A| - [14/09/2017 12:16:26] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20170914_101626_729.txt
[MD5.815122C1E60714E6DC42EBF7A499AF06] - |A| - [12/10/2017 18:08:46] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171012_160846_512.txt
[MD5.E8EF239529D7C9BAD3BA5AD3FA753C5C] - |A| - [12/10/2017 18:08:51] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171012_160851_348.txt
[MD5.E18BD12A318AFA1D0BA1A5A2407D1658] - |A| - [15/11/2017 09:47:39] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171115_074739_875.txt
[MD5.D9438E5E14F6ECAA0B76B30D33843391] - |A| - [15/11/2017 09:47:44] - (.-.) - [2.63 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171115_074744_165.txt
[MD5.00000000000000000000000000000000] - |D| - [01/08/2017 18:52:17] - [0 Ko] - C:\Windows\Temp\dmiwu
[MD5.EA088483772283BC3842E3326F437099] - |A| - [23/09/2016 22:18:41] - (.-.) - [17.41 Ko] - (0.0.0.0) - C:\Windows\Temp\f_bc
[MD5.B887710D44E38E77B239A95673F0F5FA] - |A| - [10/07/2017 17:37:05] - (.-.) - [6.58 Ko] - (0.0.0.0) - C:\Windows\Temp\HiRezUpdateInstallLog.txt
[MD5.00000000000000000000000000000000] - |D| - [21/04/2017 15:51:30] - [0 Ko] - C:\Windows\Temp\hsperfdata_USER-PC$
[MD5.DFEC2FFA19D018F43839F37A69ACD01F] - |A| - [23/09/2016 22:18:41] - (.-.) - [6.8 Ko] - (0.0.0.0) - C:\Windows\Temp\ibef
[MD5.330E2F6BFCB7BF1884048FB54CBAF5A4] - |A| - [23/09/2016 22:24:11] - (.-.) - [0.24 Ko] - (0.0.0.0) - C:\Windows\Temp\ibefa
[MD5.CFCFD55D6A54FEACBB2126C765DCEAD6] - |A| - [10/05/2017 22:29:30] - (.-.) - [17411.76 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4014511_20170510_222926268-Microsoft .NET Framework 4.6.1-MSP0.txt
[MD5.60112C7FDCEA1F1F411FF8F3493FFFD2] - |A| - [10/05/2017 22:29:24] - (.-.) - [78.55 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4014511_20170510_222926268.html
[MD5.25407F261FA91645843364BDFD165FC4] - |A| - [14/09/2017 12:15:31] - (.-.) - [8390.51 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4040973_20170914_121525577-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.A57EE4C1C06D1989AC78C5A9E2FFFE80] - |A| - [14/09/2017 12:15:20] - (.-.) - [97.25 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4040973_20170914_121525577.html
[MD5.CD449062F03B2E3414C3B8A4529449EC] - |A| - [15/11/2017 09:47:13] - (.-.) - [9210.76 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4041778_20171115_084709548-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.ECAC84788429F996232D1E5312C033A1] - |A| - [15/11/2017 09:47:05] - (.-.) - [97.21 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4041778_20171115_084709548.html
[MD5.8A805650CBBE73F753642DF976D7AB1B] - |A| - [12/10/2017 18:07:52] - (.-.) - [8714.15 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4043764_20171012_180747435-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.3614C0AC18A5D3FA23E9BE53668BA914] - |A| - [12/10/2017 18:07:13] - (.-.) - [97.57 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4043764_20171012_180747435.html
[MD5.2EA287CABEBE9670036CB0A1F81C57AB] - |A| - [24/08/2017 09:52:58] - (.-.) - [17325.44 Ko] - (0.0.0.0) - C:\Windows\Temp\Microsoft .NET Framework 4.7 Setup_20170824_095231378-MSI_netfx_Full_x64.msi.txt
[MD5.45CA6EF3E08B0B13E3BE8DB7DDFAE808] - |A| - [24/08/2017 09:52:10] - (.-.) - [631.46 Ko] - (0.0.0.0) - C:\Windows\Temp\Microsoft .NET Framework 4.7 Setup_20170824_095231378.html
[MD5.DBEF78447120E830587017C581F994F1] - |A| - [14/09/2017 12:16:38] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI391A.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [14/09/2017 12:16:38] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI391A.tmp-tmp
[MD5.DBEF78447120E830587017C581F994F1] - |A| - [10/05/2017 22:30:14] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI484B.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [10/05/2017 22:30:14] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI484B.tmp-tmp
[MD5.DBEF78447120E830587017C581F994F1] - |A| - [12/10/2017 18:09:13] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI6893.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [12/10/2017 18:09:13] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI6893.tmp-tmp
[MD5.DBEF78447120E830587017C581F994F1] - |A| - [15/11/2017 09:47:59] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI7CDD.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [15/11/2017 09:47:59] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI7CDD.tmp-tmp
[MD5.DBEF78447120E830587017C581F994F1] - |A| - [24/08/2017 09:54:30] - (.-.) - [10.19 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIF2C7.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [24/08/2017 09:54:30] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGIF2C7.tmp-tmp
[MD5.00000000000000000000000000000000] - |D| - [26/05/2016 13:30:32] - [608.08 Ko] - C:\Windows\Temp\SafeZone Installer
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [09/05/2017 15:39:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\safezone_crashreporter.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/04/2017 13:01:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\SPL4FE7.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/04/2017 10:33:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\SPL532E.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/04/2017 13:02:16] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\SPLD5F8.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [23/04/2017 13:02:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\SPLE302.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [22/04/2017 10:33:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\SPLFFC2.tmp
[MD5.00000000000000000000000000000000] - |D| - [26/05/2016 13:28:35] - [0 Ko] - C:\Windows\Temp\_avast_
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/09/2014 19:18:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\--debugoff
[MD5.9088D79B1A20723BF681CBD684DB2F31] - |A| - [07/09/2014 19:18:46] - (.-.) - [29.76 Ko] - (0.0.0.0) - C:\Windows\System32\--traceoff
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [0 Ko] - C:\Windows\System32\040C
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [28.44 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [28.44 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.F2CF417EF502555B139EDCD9FEBF9CD3] - |A| - [11/08/2015 16:33:10] - (.-.) - [107.27 Ko] - (0.0.0.0) - C:\Windows\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.F4C05547920F091BA19D7971DB5CFF6C] - |A| - [17/05/2018 12:12:50] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [367.71 Ko] - (18.4.3895.0) - C:\Windows\System32\aswBoot.exe
[MD5.505609C10E1DA95914C728B62F36E066] - |A| - [11/08/2015 16:33:10] - (.-.) - [32.8 Ko] - (0.0.0.0) - C:\Windows\System32\audioLibVc.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [2589.81 Ko] - C:\Windows\System32\Boot
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 03:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 02:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [123073.62 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [29637.19 Ko] - C:\Windows\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [12431.87 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [03/12/2014 16:11:16] - [0 Ko] - C:\Windows\System32\Coffre
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [357 Ko] - C:\Windows\System32\com
[MD5.00000000000000000000000000000000] - |SD| - [20/08/2014 01:56:58] - [4945.69 Ko] - C:\Windows\System32\CompatTel
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [11/08/2015 16:33:10] - (.2013 Â© Real Sound Lab SIA, iSoft Solutions - CONEQÂ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [504352.96 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [432 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [427.5 Ko] - C:\Windows\System32\da-DK
[MD5.27C042B16AAB77DA585FDD2A145FAC0D] - |A| - [11/08/2015 16:33:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [255.34 Ko] - (7.6.3.1) - C:\Windows\System32\DDPA64.dll
[MD5.897250C97A775A7A667328F849D93D6F] - |A| - [11/08/2015 16:33:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1894.34 Ko] - (7.6.3.1) - C:\Windows\System32\DDPD64A.dll
[MD5.A2D8B4C56F55F0349DC7A0C942833E0F] - |A| - [11/08/2015 16:33:11] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [308.34 Ko] - (7.6.3.1) - C:\Windows\System32\DDPO64A.dll
[MD5.CCFDC399241063EF7F3EBA80F273F1A2] - |A| - [11/08/2015 16:33:11] - (.Â©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6072.34 Ko] - (7.6.3.1) - C:\Windows\System32\DDPP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [457.5 Ko] - C:\Windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 06:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [5335 Ko] - C:\Windows\System32\Dism
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [11/08/2015 16:33:11] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [11/08/2015 16:33:11] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [11/08/2015 16:33:11] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [11/08/2015 16:33:11] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [11/08/2015 16:33:12] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [11/08/2015 16:33:12] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [11/08/2015 16:33:12] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [11/08/2015 16:33:12] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [11/08/2015 16:33:12] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll
[MD5.37B8A8089ECED77F6CEAF74917C5D12B] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS GFX APO.) - [475.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PGFX64.dll
[MD5.8AE860D92752CFA136979B1FF797FFDC] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS LFX APO.) - [489.44 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PLFX64.dll
[MD5.A9B98F96FBE514ADEABD20B2BD132172] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS LFX APO.) - [405.94 Ko] - (2.1.1.0) - C:\Windows\System32\DTSU2PREC64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [11/08/2015 16:33:13] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [457 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2883.59 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [448 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [430 Ko] - C:\Windows\System32\fi-FI
[MD5.9558A3AF13C37D52358C1C9EB36DCD38] - |A| - [16/06/2015 16:31:06] - (.- MicrosoftÂ® Forms DLL.) - [1652.16 Ko] - (15.0.4737.1000) - C:\Windows\System32\FM20.DLL
[MD5.E44C360B261B0C35F175370F20D5DDCD] - |A| - [01/10/2012 20:38:12] - (.- MicrosoftÂ® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\Windows\System32\FM20ENU.DLL
[MD5.6F9F227CDEA2DDA13F09E8D94F997F88] - |A| - [18/02/2015 15:49:54] - (.- MicrosoftÂ® Forms International DLL.) - [35.14 Ko] - (15.0.4442.1000) - C:\Windows\System32\FM20FRA.DLL
[MD5.8EC0A1BFD9B6F7210660BA694CB882E2] - |A| - [14/07/2009 06:45:34] - (.-.) - [5066.11 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [1840 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [41461.9 Ko] - C:\Windows\System32\fr-FR
[MD5.B6E154D478A5BAEC3A12B2EE50D396D4] - |A| - [26/02/2013 08:55:24] - (.Copyright Â© Beepa P/L 2013 - Fraps.) - [70 Ko] - (3.5.99.15619) - C:\Windows\System32\frapsv64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [434.5 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.5950161AD9643B7153CC509DA76DF15E] - |A| - [11/08/2015 16:33:18] - (.Copyright (c) 2014, ICEpower a/s - ICEpower ICEsound audio effects.) - [284.66 Ko] - (1.0.0.4) - C:\Windows\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36875.94 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.AAA0C03BF54FC8A4E895B576861A9848] - |A| - [21/11/2010 05:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [452 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [365 Ko] - C:\Windows\System32\ja-JP
[MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [11/08/2015 16:33:18] - (.Â© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [360 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.563C3703A9B57CC9B370A76D6173D09C] - |A| - [21/11/2010 04:52:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.00000000000000000000000000000000] - |D| - [30/09/2014 12:28:28] - [0 Ko] - C:\Windows\System32\log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2614.79 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.842FE246144628943AA6522C98DF0932] - |A| - [18/01/2012 06:44:26] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [257.28 Ko] - (13.31.1044.0) - C:\Windows\System32\lvco13311044.dll
[MD5.62641B50B9D2FDE44E583AFA8380E02A] - |A| - [21/09/2012 21:04:24] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.51.823.0) - C:\Windows\System32\lvco1351823.dll
[MD5.BCD7159B6F32F03F394DFBC9F925398F] - |A| - [18/01/2012 06:22:54] - (.-.) - [27.75 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoin64.ini
[MD5.6255FC890DA75D6A413991A56BD72CBD] - |A| - [27/08/2014 20:31:15] - (.-.) - [48.94 Ko] - (0.0.0.0) - C:\Windows\System32\lvcoinst.log
[MD5.00000000000000000000000000000000] - |D| - [23/07/2016 11:28:00] - [32181.28 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 22:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [11/08/2015 16:33:19] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll
[MD5.06080807E61471A18AD99F3E6FF3C9B5] - |A| - [11/08/2015 16:33:19] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [647.75 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxAudioAPO30.dll
[MD5.80C4F3C1718C9EB97872E8074F215D35] - |A| - [11/08/2015 16:33:19] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1110.09 Ko] - (4.5.5.0) - C:\Windows\System32\MaxxAudioAPO4064.dll
[MD5.9AC502A3BCBB5A61A652D21280F947B6] - |A| - [11/08/2015 16:33:20] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1141.09 Ko] - (5.5.1.0) - C:\Windows\System32\MaxxAudioAPO5064.dll
[MD5.3107A0536287C4BB89D70377642F6B4A] - |A| - [11/08/2015 16:33:20] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1287.09 Ko] - (6.0.15.0) - C:\Windows\System32\MaxxAudioAPO6064.dll
[MD5.20033C3A104038F59668D563F0A0A048] - |A| - [11/08/2015 16:33:21] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [1038.59 Ko] - (4.15.0.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll
[MD5.E93ADE8C38CA41442FE60E844DED92AC] - |A| - [11/08/2015 16:33:21] - (.Copyright Â© 1996-2014 -.) - [1993.59 Ko] - (4.1.1.0) - C:\Windows\System32\MaxxAudioEQ64.dll
[MD5.75EA61BDD02296302A61B9188DB2F5A9] - |A| - [11/08/2015 16:33:21] - (.- Waves Realtek App.) - [1889.09 Ko] - (5.2.21.0) - C:\Windows\System32\MaxxAudioRealtek264.dll
[MD5.CF1FBA842B8F4E9AA8926B0BAC1DE47D] - |A| - [11/08/2015 16:33:21] - (.Copyright ÃÂ© 1996-2014 -.) - [14515.09 Ko] - (4.5.7.0) - C:\Windows\System32\MaxxAudioRealtek64.dll
[MD5.E151AAB6C22879648EC0C37422214E08] - |A| - [11/08/2015 16:33:21] - (.Copyright ÃÂ© 1996-2014 -.) - [27679.09 Ko] - (1.7.11.0) - C:\Windows\System32\MaxxAudioVnA64.dll
[MD5.631A4E29274E7F0DCDD336F54C8E24BA] - |A| - [11/08/2015 16:33:22] - (.Copyright ÃÂ© 1996-2014 -.) - [3866.59 Ko] - (1.4.5.0) - C:\Windows\System32\MaxxAudioVnN64.dll
[MD5.581778867AEB80C4366057B3DE1DC4D0] - |A| - [11/08/2015 16:33:22] - (.Â© Waves Audio Ltd. - MaxxSpeech APO.) - [1283.11 Ko] - (1.1.4.0) - C:\Windows\System32\MaxxSpeechAPO64.dll
[MD5.08CF8AE5EC57381F41F3851C5351A155] - |A| - [11/08/2015 16:33:23] - (.Â© Waves Audio Ltd. - MaxxVoice APO.) - [934.09 Ko] - (2.5.0.0) - C:\Windows\System32\MaxxVoiceAPO2064.dll
[MD5.9ABDB1ED02FA5E401DF621329CFEB6EA] - |A| - [11/08/2015 16:33:25] - (.Â© Waves Audio Ltd. - MaxxVoice APO.) - [12592.59 Ko] - (3.0.15.0) - C:\Windows\System32\MaxxVoiceAPO3064.dll
[MD5.587A8CF457604D84266FF858CEB60223] - |A| - [11/08/2015 16:33:29] - (.Â© Waves Audio Ltd. - MaxxVolumeSD APO.) - [647.25 Ko] - (3.6.0.0) - C:\Windows\System32\MaxxVolumeSDAPO.dll
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 06:45:42] - [24.32 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [3464.93 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [37856.93 Ko] - C:\Windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 06:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.4B4050855236C4656EEBDF225E3480FA] - |A| - [23/11/2014 10:36:58] - (.Â© 1999-2009 Logitech. - Logitech Force Feedback Driver.) - [321.01 Ko] - (5.8.141.0) - C:\Windows\System32\MijFrc.dll
[MD5.A50250D5D6502D3BD2B99C974BD4C524] - |A| - [11/08/2015 16:33:32] - (.Copyright Â© 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5616.26 Ko] - (6.3.9600.16384) - C:\Windows\System32\NAHIMICAPOlfx.dll
[MD5.79EF9AAA516436DEB230DA04F67BA859] - |A| - [11/08/2015 16:33:33] - (.Copyright Â© 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [920.3 Ko] - (1.0.0.14866) - C:\Windows\System32\NAHIMICAPOSettingsIPC.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [422.5 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [640 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [68 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [443.5 Ko] - C:\Windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.21F9EF68518E14564DA873C0D1C838D7] - |A| - [19/08/2014 09:06:01] - (.-.) - [4075.71 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin
[MD5.28A036968D9B80BCBE808176DDCD85B7] - |A| - [19/08/2014 09:05:40] - (.-.) - [26.8 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb
[MD5.70F213DCE4F5530086A00B8A8532D8CC] - |A| - [04/08/2016 12:40:04] - (.-.) - [109.41 Ko] - (0.0.0.0) - C:\Windows\System32\NvRtmpStreamer64.dll
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 22:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [13095.58 Ko] - C:\Windows\System32\oobe
[MD5.2A437129B2AAC04A7CCFA4923E732449] - |A| - [14/07/2009 04:36:59] - (.-.) - [119.79 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.6BA3E7C07AB0A63C3665BA6199110EDE] - |A| - [12/04/2011 11:16:45] - (.-.) - [147.17 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 04:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [12/04/2011 11:16:45] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.F5EF20133556DBD41D9F2A1EA62848E3] - |A| - [14/07/2009 04:36:59] - (.-.) - [639.93 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.04965C22765FB269B05C1BC014B6CC79] - |A| - [12/04/2011 11:16:45] - (.-.) - [731.13 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.7825323CC829E424E67BFD30EB667880] - |A| - [14/07/2009 07:13:15] - (.-.) - [1633.79 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [439 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [436 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [438.5 Ko] - C:\Windows\System32\pt-PT
[MD5.8882AD10853E45402CABD3BAF48A7EFC] - |A| - [11/08/2015 16:33:33] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [121.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEA64A.dll
[MD5.0B5EF50E26CFD1E7BF01E32E053532B2] - |A| - [11/08/2015 16:33:33] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [424.77 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EED64A.dll
[MD5.01096663377134C41D618AF0E53A953E] - |A| - [11/08/2015 16:33:33] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [73.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEG64A.dll
[MD5.D0EB28022A91A5C084E8A7DEBB08D8D2] - |A| - [11/08/2015 16:33:33] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [138.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEL64A.dll
[MD5.03625A179B27362D3A90E3331AEBE95E] - |A| - [11/08/2015 16:33:33] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6996.27 Ko] - (7.2.8000.17) - C:\Windows\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.D61937B3B6F0EB457F1C052CE49962AB] - |A| - [21/09/2012 20:48:56] - (.-.) - [39.8 Ko] - (0.0.0.0) - C:\Windows\System32\Repository.reg
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [11/08/2015 16:33:49] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [11/08/2015 16:33:49] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [11/08/2015 16:33:50] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [11/08/2015 16:33:50] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [11/08/2015 16:33:50] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [11/08/2015 16:33:50] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [21/11/2010 05:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [11/08/2015 16:33:52] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll
[MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [11/08/2015 16:33:52] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll
[MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [11/08/2015 16:33:52] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll
[MD5.55D8C5F89695CBDE93201671F5A4A23F] - |A| - [11/08/2015 16:33:52] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [868.74 Ko] - (3.1.23.0) - C:\Windows\System32\sl3apo64.dll
[MD5.1671AE03E56BEED80A0FBD8519557232] - |A| - [11/08/2015 16:33:52] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1024.24 Ko] - (3.1.23.0) - C:\Windows\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [42.67 Ko] - C:\Windows\System32\slmgr
[MD5.CBC5F17C1A77DFAC7825575A7BBB15C1] - |A| - [11/08/2015 16:33:53] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [240.24 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll
[MD5.AD8A1086FEBF23D98532659B82F68891] - |A| - [11/08/2015 16:33:53] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [707.74 Ko] - (3.1.23.0) - C:\Windows\System32\sltech64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [35394.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [17378 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [56751.74 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [1959.75 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [11/08/2015 16:33:53] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [11/08/2015 16:33:53] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [11/08/2015 16:33:53] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [11/08/2015 16:33:53] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.CC758BDB722C466464CF09CF70F47D29] - |A| - [11/08/2015 16:33:53] - (.-.) - [2067.8 Ko] - (0.0.0.0) - C:\Windows\System32\SStudio.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [426.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [137.88 Ko] - C:\Windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [21/11/2010 05:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 23:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [14/07/2009 06:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [14/07/2009 06:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.00000000000000000000000000000000] - |D| - [20/08/2014 09:52:05] - [1754.83 Ko] - C:\Windows\System32\Wat
[MD5.D5DBBF94106B931112FBFB19A1351506] - |A| - [11/08/2015 16:33:54] - (.Copyright Â© 1996-2012 - General Library for Plug-Ins.) - [2052.59 Ko] - (4.4.5.0) - C:\Windows\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [53049.9 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:34] - [47.61 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [39902.5 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 23:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9124.89 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [113840 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [106.26 Ko] - C:\Windows\System32\winrm
[MD5.8128B54EAA48F9C06B19A86C87752996] - |A| - [19/08/2014 09:33:15] - (.Copyright (C) 2010 - AsIO DLL.) - [28 Ko] - (1.0.0.4) - C:\Windows\SysWOW64\AsIO.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2
[MD5.57741342CB514072D26EF56B9EF95C86] - |A| - [11/04/2013 13:55:56] - (.Copyright 1999 - 2007 - CDDBControl Core Module.) - [777.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CDDBControl.dll
[MD5.99A44759C589DF319376B29724DFBAEB] - |A| - [11/04/2013 13:55:56] - (.Copyright Â© 2003-2007 - CddbLangDE.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangDE.dll
[MD5.889293D30D3F7A459EA4C00FAF006B1B] - |A| - [11/04/2013 13:55:56] - (.Copyright Â© 2003-2007 - CddbLangES.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangES.dll
[MD5.C69B5427BCCA7BD1ABEE933B9CD41989] - |A| - [11/04/2013 13:55:56] - (.Copyright Â© 2003-2007 - CddbLangFR.) - [101.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangFR.dll
[MD5.1E4ADA579CF04AAE901F14970604078E] - |A| - [11/04/2013 13:55:56] - (.Copyright Â© 2003-2007 - CddbLangJA.) - [81.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangJA.dll
[MD5.CDF4D8D1717F22F9BD5DFA9E44842757] - |A| - [11/04/2013 13:55:56] - (.Copyright Â© 2003-2007 - CddbLangRU.) - [165.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CddbLangRU.dll
[MD5.F525176D64D23A4C4B27DD6BCCD96F4E] - |A| - [11/04/2013 13:55:56] - (.Copyright 2001 - 2007 - CDDBUIControl Module.) - [789.49 Ko] - (2.5.0.104) - C:\Windows\SysWOW64\CDDBUI.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1748.91 Ko] - C:\Windows\SysWOW64\config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [427.5 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.FDEF330575C8C8EAD815F58BB7A93ED3] - |RA| - [19/08/2014 09:26:09] - (.Copyright  2011 - CSVer.) - [52 Ko] - (9.4.0.1026) - C:\Windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [422.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [452 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.E63482034EB1A877133523513A66CCC1] - |A| - [26/05/2016 16:16:11] - (.-.) - [73.44 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\debug.log
[MD5.00000000000000000000000000000000] - |D| - [02/12/2014 10:58:37] - [0 Ko] - C:\Windows\SysWOW64\directx
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [4156 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3507.64 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1.09 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.D95EA048E69B6050ABE222D697C09A40] - |A| - [04/02/2017 23:10:27] - (.Copyright Â© EasyAntiCheat Ltd 2016 - EasyAntiCheat Service.) - [391.27 Ko] - (4.0.0.0) - C:\Windows\SysWOW64\EasyAntiCheat.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [451.5 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2847.09 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [443 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [425 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [1680 Ko] - C:\Windows\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [37742.63 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.D4046F6784F46D545DB063A6553CB49C] - |A| - [26/02/2013 08:55:22] - (.Copyright Â© Beepa P/L 2013 - Fraps.) - [64 Ko] - (3.5.99.15619) - C:\Windows\SysWOW64\frapsvid.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34097.44 Ko] - C:\Windows\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1160 Ko] - C:\Windows\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [447 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.FA2E1F09ED6C4C221E4513A7E815E13D] - |A| - [27/08/2013 14:00:08] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\IusEventLog.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [361 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [356.5 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/09/2017 23:02:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\last.dump
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [23/07/2016 11:27:58] - [19675.83 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf
[MD5.59434189B1C1BCAC73E49E9D74291C5B] - |A| - [11/08/2015 16:33:21] - (.Copyright (C) 2010-2014 - MaxxAudio APO Shell.) - [879.59 Ko] - (4.15.0.0) - C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
[MD5.00000000000000000000000000000000] - |SD| - [22/08/2016 19:20:05] - [0 Ko] - C:\Windows\SysWOW64\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3178.93 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32763.45 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [418 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [438.5 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 23:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.D3279C2140F8286D8D916DDC1F83D6F1] - |A| - [19/08/2014 09:05:24] - (.-.) - [1608.53 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.DB0A5D82D5477095EF4F29125C4E2DCC] - |A| - [16/03/2010 14:35:38] - (.Copyright (C) 2010 Red Giant Software LLC. - Magic Bullet Looks Render Engine.) - [4070 Ko] - (1.4.1.0) - C:\Windows\SysWOW64\PhotoLooksRenderer.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [434 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [431 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [433 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.1BE0AF3325AEAD4305CB78670D93A96F] - |A| - [17/09/2007 18:32:20] - (.-.) - [753.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS100J.dll
[MD5.955C8369E771FCFB32CBF2C6C0315F61] - |A| - [25/02/2018 13:56:57] - (.-.) - [760.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS102E.dll
[MD5.2D88C9EF8ADCEBCB52B43BB2D9180276] - |A| - [25/02/2018 13:56:57] - (.-.) - [763 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS102J.dll
[MD5.104D4609EF357922CED45BFD9F608232] - |A| - [25/02/2018 13:56:57] - (.-.) - [669 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS103J.dll
[MD5.71354278675A4DEEA20FB3CBB5F77170] - |A| - [25/02/2018 13:56:57] - (.-.) - [740.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS104E.dll
[MD5.00D55AB17E8677E866C0EF66D515D55E] - |A| - [25/02/2018 13:56:57] - (.-.) - [744 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\RGSS104J.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [169 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [11/08/2015 16:39:16] - [5336.77 Ko] - C:\Windows\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [429.5 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.0DC5AF80D059DEC792B665ED598C6567] - |A| - [09/10/2014 21:00:05] - (.2000-2010 Public Domain - SQLite Dynamic Link Library (No TCL).) - [524 Ko] - (3.7.2.0) - C:\Windows\SysWOW64\sqlite3.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [170 Ko] - C:\Windows\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [421.5 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.286EAA2C6A9D63F37C6D339679BFA6B0] - |A| - [13/10/2016 11:18:58] - (.-.) - [0.31 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\swhealthex.log
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [419 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.9B9C0AD47713675CF1D3D006F4968B3F] - |A| - [25/02/2018 13:14:17] - (.-.) - [72.95 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Uninstal.exe
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 04:35:41] - (.Copyright Â© 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [20/08/2014 09:52:05] - [237.33 Ko] - C:\Windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [9057.18 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [47.61 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9079.89 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:36] - [106.26 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [12/04/2011 11:16:35] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [333.5 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [255.5 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [334 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\user\AppData\Roaming   [18/08/2014 17:48:29]
"Local AppData"=C:\Users\user\AppData\Local   [18/08/2014 17:48:29]
"My Video"=C:\Users\user\Videos   [18/08/2014 17:48:29]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries   [18/08/2014 17:48:41]
"My Pictures"=C:\Users\user\Pictures   [18/08/2014 17:48:29]
"Desktop"=C:\Users\user\Desktop   [18/08/2014 17:48:29]
"History"=C:\Users\user\AppData\Local\Microsoft\Windows\History   [18/08/2014 17:48:29]
"NetHood"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [18/08/2014 17:48:29]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\user\Contacts   [18/08/2014 17:48:34]
"Cookies"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies   [18/08/2014 17:48:29]
"Favorites"=C:\Users\user\Favorites   [18/08/2014 17:48:29]
"SendTo"=C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo   [18/08/2014 17:48:29]
"Start Menu"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu   [18/08/2014 17:48:29]
"My Music"=C:\Users\user\Music   [18/08/2014 17:48:29]
"Programs"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [18/08/2014 17:48:29]
"Recent"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent   [18/08/2014 17:48:29]
"CD Burning"=C:\Users\user\AppData\Local\Microsoft\Windows\Burn\Burn   [18/08/2014 17:48:45]
"PrintHood"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [18/08/2014 17:48:29]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\user\Searches   [18/08/2014 17:48:42]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\user\Downloads   [18/08/2014 17:48:29]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\user\AppData\LocalLow   [18/08/2014 17:48:29]
"Startup"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [18/08/2014 17:48:42]
"Administrative Tools"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [18/08/2014 17:48:42]
"Personal"=C:\Users\user\Documents   [18/08/2014 17:48:29]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\user\Links   [18/08/2014 17:48:29]
"Cache"=C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files   [18/08/2014 17:48:29]
"Templates"=C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates   [18/08/2014 17:48:29]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\user\Saved Games   [18/08/2014 17:48:29]
"Fonts"=C:\Windows\Fonts   [14/07/2009 05:20:09]

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files   
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   


---------- | C:\ProgramData

[02/05/2015 21:13:06] - |D| - [0] - C:\ProgramData\.mono
[07/08/2017 16:25:57] - |D| - [287467721] - C:\ProgramData\Adobe
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
[12/07/2016 19:44:55] - |D| - [659796592] - C:\ProgramData\AVAST Software
[30/08/2014 17:20:19] - |D| - [22592400] - C:\ProgramData\Battle.net
[19/08/2014 20:32:12] - |D| - [2875225888] - C:\ProgramData\Blizzard Entertainment
[08/10/2014 21:46:24] - |D| - [35642951] - C:\ProgramData\BlueStacksSetup
[18/08/2014 17:48:26] - |SHD| - [0] - C:\ProgramData\Bureau
[22/11/2014 12:53:24] - |D| - [1738] - C:\ProgramData\DAEMON Tools Lite
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents
[19/08/2014 09:20:38] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[18/08/2014 17:48:26] - |SHD| - [0] - C:\ProgramData\Favoris
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[15/08/2015 19:33:01] - |D| - [227452] - C:\ProgramData\GFACE
[23/02/2015 13:28:23] - |D| - [41] - C:\ProgramData\GlarySoft
[23/09/2016 22:18:24] - |D| - [24426477] - C:\ProgramData\Hi-Rez Studios
[20/06/2016 20:40:07] - |D| - [525604] - C:\ProgramData\HitmanPro
[19/08/2014 10:02:28] - |D| - [3732075] - C:\ProgramData\Intel
[27/08/2014 20:42:59] - |D| - [307] - C:\ProgramData\LogiShrd
[20/10/2014 23:57:22] - |D| - [206003783] - C:\ProgramData\Malwarebytes
[25/02/2018 12:01:08] - |D| - [1437260] - C:\ProgramData\McAfee
[18/08/2014 17:48:26] - |SHD| - [0] - C:\ProgramData\Menu DÃ©marrer
[14/07/2009 05:20:08] - |SD| - [852901437] - C:\ProgramData\Microsoft
[23/06/2015 21:18:33] - |D| - [14984] - C:\ProgramData\Microsoft Help
[18/08/2014 17:48:26] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[19/08/2014 09:06:17] - |D| - [2397469] - C:\ProgramData\NVIDIA
[19/08/2014 09:05:49] - |D| - [320604520] - C:\ProgramData\NVIDIA Corporation
[09/11/2015 19:32:15] - |D| - [0] - C:\ProgramData\Oracle
[25/01/2015 17:41:14] - |D| - [85613605] - C:\ProgramData\Package Cache
[19/08/2015 11:34:34] - |D| - [46382264] - C:\ProgramData\Panda Security
[19/08/2015 11:39:03] - |D| - [54055225] - C:\ProgramData\panda_url_filtering
[08/08/2017 12:01:08] - |D| - [1709] - C:\ProgramData\regid.1986-12.com.adobe
[23/06/2015 21:21:47] - |D| - [1065] - C:\ProgramData\regid.1991-06.com.microsoft
[13/04/2015 00:13:03] - |D| - [897] - C:\ProgramData\RELOADED
[31/10/2014 23:15:40] - |D| - [39] - C:\ProgramData\Riot Games
[12/08/2015 14:09:30] - |D| - [444066] - C:\ProgramData\RogueKiller
[27/08/2014 17:13:46] - |D| - [210714624] - C:\ProgramData\Skype
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
[03/06/2016 22:12:08] - |D| - [534] - C:\ProgramData\Steam
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[19/08/2015 11:29:23] - |D| - [0] - C:\ProgramData\Unchecky

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[18/08/2014 17:48:26] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009 05:20:08] - |RD| - [267659] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[14/07/2009 05:20:08] - |RD| - [42268] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/02/2018 21:36:50] - |A| - [2441] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[14/07/2009 07:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[18/02/2015 23:01:56] - |A| - [1019] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[12/04/2018 12:08:11] - |A| - [2499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
[12/07/2016 19:48:01] - |D| - [1940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[20/02/2015 01:50:20] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[30/08/2014 17:22:59] - |D| - [1096] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[25/12/2014 21:08:38] - |D| - [3399] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bodom-Child - RaBBi
[25/10/2014 14:55:14] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[22/11/2014 12:54:43] - |D| - [3257] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[14/07/2009 06:54:23] - |SH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[03/12/2014 15:53:57] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Folder Access
[14/07/2009 07:32:38] - |RD| - [6734] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[04/04/2015 13:55:45] - |D| - [1157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[23/09/2016 22:18:25] - |D| - [4130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[19/08/2014 10:02:28] - |RD| - [1960] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[09/11/2015 19:32:23] - |D| - [6871] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[08/06/2016 17:27:59] - |D| - [3291] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keycraft
[14/01/2016 18:05:56] - |D| - [9616] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
[27/08/2014 20:41:53] - |D| - [1642] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[17/03/2015 18:22:37] - |D| - [850] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Bullet PhotoLooks
[14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[17/05/2018 19:47:01] - |D| - [3806] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[18/08/2014 17:39:54] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[23/06/2015 21:22:45] - |RD| - [55814] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[23/11/2014 10:36:58] - |D| - [1087] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[18/02/2017 23:01:46] - |A| - [936] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[27/01/2015 13:27:11] - |D| - [11101] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[22/09/2017 15:27:06] - |D| - [3496] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
[13/03/2015 21:59:02] - |SD| - [7280] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
[25/01/2015 16:51:25] - |D| - [13098] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[24/07/2017 18:08:58] - |D| - [3203] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[20/06/2016 20:50:27] - |D| - [876] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[06/12/2014 17:30:41] - |D| - [1303] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RomStation
[25/02/2018 13:23:01] - |D| - [2905] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP
[14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[02/12/2017 13:22:57] - |D| - [1324] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[23/07/2016 11:26:20] - |D| - [3228] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[09/10/2015 18:48:49] - |D| - [1280] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II - Legacy of the Void Beta
[14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[19/08/2014 19:59:19] - |D| - [1039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[13/04/2015 14:26:44] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II
[28/10/2014 16:37:22] - |D| - [6750] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[28/10/2014 22:25:20] - |D| - [2097] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirtualDub
[05/06/2016 14:11:48] - |D| - [9663] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[18/08/2014 17:39:43] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[24/07/2017 21:09:29] - |A| - [2507] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[03/11/2014 20:56:29] - |D| - [4149] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[26/03/2016 12:58:51] - |D| - [2232] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YgoLink

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[08/08/2017 12:50:19] - |D| - [283898271] - C:\Program Files (x86)\Adobe
[04/10/2017 17:38:10] - |D| - [0] - C:\Program Files (x86)\AGEIA Technologies
[19/08/2014 09:23:24] - |D| - [23419153] - C:\Program Files (x86)\ASUS
[28/10/2014 20:23:55] - |D| - [49808551] - C:\Program Files (x86)\Audacity
[12/04/2018 12:07:07] - |D| - [427780599] - C:\Program Files (x86)\AVAST Software
[30/08/2014 17:22:58] - |D| - [407879763] - C:\Program Files (x86)\Battle.net
[18/04/2018 19:03:25] - |D| - [84544] - C:\Program Files (x86)\Biologie du plaisir
[25/12/2014 21:08:38] - |D| - [38347844] - C:\Program Files (x86)\Bodom-Child - RaBBi
[14/07/2009 05:20:08] - |D| - [486841969] - C:\Program Files (x86)\Common Files
[22/11/2014 12:54:11] - |D| - [28300703] - C:\Program Files (x86)\DAEMON Tools Lite
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[30/08/2017 11:01:11] - |D| - [1558912] - C:\Program Files (x86)\Destiny 2
[20/08/2014 18:41:25] - |D| - [376867] - C:\Program Files (x86)\Dungeon Defenders
[05/01/2015 16:44:36] - |D| - [0] - C:\Program Files (x86)\Dungeon Defenders 2
[03/12/2014 15:53:57] - |D| - [113] - C:\Program Files (x86)\Fast Folder Access
[01/08/2017 18:50:48] - |D| - [0] - C:\Program Files (x86)\FonePaw
[19/08/2014 19:24:56] - |D| - [0] - C:\Program Files (x86)\Google
[04/04/2015 13:38:03] - |D| - [21046463998] - C:\Program Files (x86)\Heroes of the Storm
[23/09/2016 22:18:21] - |D| - [91732122] - C:\Program Files (x86)\Hi-Rez Studios
[19/08/2014 09:19:06] - |HD| - [12742370] - C:\Program Files (x86)\InstallShield Installation Information
[19/08/2014 09:21:46] - |D| - [49131664] - C:\Program Files (x86)\Intel
[14/07/2009 05:20:08] - |D| - [10535810] - C:\Program Files (x86)\Internet Explorer
[09/11/2015 19:32:14] - |D| - [166032652] - C:\Program Files (x86)\Java
[14/01/2016 18:04:51] - |D| - [452466312] - C:\Program Files (x86)\LibreOffice 5
[27/08/2014 20:41:52] - |D| - [38884251] - C:\Program Files (x86)\Logitech
[17/03/2015 18:22:36] - |D| - [16882096] - C:\Program Files (x86)\LooksBuilder
[10/10/2015 16:25:17] - |D| - [0] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[25/02/2018 12:01:26] - |D| - [25324942] - C:\Program Files (x86)\McAfee
[25/02/2018 12:11:57] - |D| - [0] - C:\Program Files (x86)\Micro Application
[02/12/2017 13:22:51] - |D| - [189982421] - C:\Program Files (x86)\Microsoft
[23/06/2015 21:18:51] - |D| - [103148255] - C:\Program Files (x86)\Microsoft Analysis Services
[24/06/2015 00:42:05] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET
[23/06/2015 21:18:42] - |D| - [97617251] - C:\Program Files (x86)\Microsoft Office
[23/06/2015 21:22:04] - |D| - [30160] - C:\Program Files (x86)\Microsoft SQL Server
[19/08/2014 09:03:51] - |D| - [8855615] - C:\Program Files (x86)\Microsoft.NET
[24/07/2017 21:09:29] - |D| - [9336778] - C:\Program Files (x86)\Movie Maker 2.6
[12/11/2016 18:15:21] - |D| - [43424] - C:\Program Files (x86)\Mozilla Firefox
[18/02/2017 23:01:45] - |D| - [316920] - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[19/08/2014 09:05:47] - |D| - [194394574] - C:\Program Files (x86)\NVIDIA Corporation
[24/11/2014 22:53:53] - |D| - [105916682] - C:\Program Files (x86)\OBS
[13/03/2015 21:58:24] - |D| - [327250814] - C:\Program Files (x86)\OpenOffice 4
[25/01/2015 16:51:23] - |D| - [11720284] - C:\Program Files (x86)\PCSX2 0.9.8
[25/01/2015 17:37:00] - |D| - [20973632] - C:\Program Files (x86)\PCSX2 1.2.1
[19/08/2014 09:19:06] - |D| - [6582834] - C:\Program Files (x86)\Realtek
[14/07/2009 07:32:38] - |D| - [39179521] - C:\Program Files (x86)\Reference Assemblies
[25/02/2018 13:23:00] - |D| - [5880009] - C:\Program Files (x86)\RPG Maker XP
[17/03/2017 18:47:44] - |RD| - [1926632] - C:\Program Files (x86)\Skype
[24/11/2016 19:42:43] - |D| - [949296] - C:\Program Files (x86)\SpeedFan
[23/07/2016 11:26:14] - |D| - [178511498] - C:\Program Files (x86)\SRWare Iron
[29/10/2016 22:06:42] - |D| - [24788328051] - C:\Program Files (x86)\StarCraft II
[09/10/2015 18:31:40] - |D| - [3013451156] - C:\Program Files (x86)\StarCraft II - Legacy of the Void Beta
[19/08/2014 19:59:19] - |D| - [131242190797] - C:\Program Files (x86)\Steam
[19/08/2014 09:18:03] - |HD| - [0] - C:\Program Files (x86)\Temp
[14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[28/10/2014 16:37:11] - |D| - [129689877] - C:\Program Files (x86)\VideoLAN
[28/10/2014 22:25:19] - |D| - [4139190] - C:\Program Files (x86)\VirtualDub
[11/08/2015 15:56:19] - |D| - [0] - C:\Program Files (x86)\VS Revo Group
[06/06/2016 19:15:14] - |D| - [793835623] - C:\Program Files (x86)\Warcraft III
[27/11/2014 18:06:55] - |D| - [21758651] - C:\Program Files (x86)\Wiimm
[14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender
[14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail
[14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 05:20:08] - |D| - [12197044] - C:\Program Files (x86)\Windows NT
[14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar
[03/11/2014 20:56:25] - |D| - [4616314] - C:\Program Files (x86)\WinRAR
[26/03/2016 12:57:35] - |D| - [127890537] - C:\Program Files (x86)\YgoLink
[12/08/2015 22:52:00] - |D| - [7233214] - C:\Program Files (x86)\ZHPFix

---------- | C:\Program Files

[19/08/2014 09:16:01] - |D| - [3023535] - C:\Program Files\ASUS
[12/07/2016 19:45:14] - |D| - [1201793980] - C:\Program Files\AVAST Software
[25/10/2014 14:55:13] - |D| - [35436200] - C:\Program Files\CCleaner
[14/07/2009 05:20:08] - |D| - [538363061] - C:\Program Files\Common Files
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 07:32:38] - |D| - [90256404] - C:\Program Files\DVD Maker
[18/08/2014 17:48:26] - |SHD| - [0] - C:\Program Files\Fichiers communs
[20/01/2018 14:11:07] - |D| - [33012904] - C:\Program Files\Guild Wars 2
[19/08/2014 10:02:22] - |D| - [19605436] - C:\Program Files\Intel
[14/07/2009 05:20:08] - |D| - [30572565] - C:\Program Files\Internet Explorer
[22/04/2018 11:34:31] - |D| - [159978147] - C:\Program Files\Malwarebytes
[23/06/2015 21:18:51] - |D| - [120350535] - C:\Program Files\Microsoft Analysis Services
[14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games
[23/06/2015 21:18:35] - |D| - [1415659931] - C:\Program Files\Microsoft Office
[23/06/2015 21:21:04] - |D| - [35280] - C:\Program Files\Microsoft SQL Server
[24/06/2015 00:57:20] - |D| - [679616] - C:\Program Files\Microsoft.NET
[18/02/2017 23:01:43] - |D| - [107427351] - C:\Program Files\Mozilla Firefox
[14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[19/08/2014 09:00:34] - |D| - [1305278799] - C:\Program Files\NVIDIA Corporation
[24/11/2014 22:53:54] - |D| - [130998247] - C:\Program Files\OBS
[11/08/2015 16:39:18] - |D| - [45771600] - C:\Program Files\Realtek
[24/07/2017 18:08:57] - |D| - [10928904] - C:\Program Files\Recuva
[14/07/2009 07:32:38] - |D| - [36838569] - C:\Program Files\Reference Assemblies
[20/06/2016 20:50:24] - |D| - [73157020] - C:\Program Files\RogueKiller
[25/01/2015 15:12:26] - |D| - [337853] - C:\Program Files\Sony
[14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender
[14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail
[14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player
[14/07/2009 05:20:08] - |D| - [12627124] - C:\Program Files\Windows NT
[14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [7044767] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files (x86)\Common Files

[08/08/2017 11:47:17] - |D| - [99614357] - C:\Program Files (x86)\Common Files\Adobe
[26/05/2016 13:28:17] - |D| - [0] - C:\Program Files (x86)\Common Files\AV
[19/08/2014 20:32:12] - |D| - [2952248] - C:\Program Files (x86)\Common Files\Blizzard Entertainment
[25/02/2018 13:56:52] - |D| - [22129425] - C:\Program Files (x86)\Common Files\Enterbrain
[19/08/2014 09:18:00] - |D| - [2106564] - C:\Program Files (x86)\Common Files\InstallShield
[19/08/2014 10:03:24] - |D| - [234495] - C:\Program Files (x86)\Common Files\Intel Corporation
[01/08/2016 19:45:35] - |D| - [1973320] - C:\Program Files (x86)\Common Files\Java
[27/08/2014 20:41:52] - |D| - [90116084] - C:\Program Files (x86)\Common Files\LogiShrd
[25/02/2018 12:01:33] - |D| - [1031928] - C:\Program Files (x86)\Common Files\McAfee
[14/07/2009 05:20:08] - |D| - [210837288] - C:\Program Files (x86)\Common Files\microsoft shared
[19/08/2014 10:07:43] - |D| - [196972] - C:\Program Files (x86)\Common Files\postureAgent
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[19/08/2014 19:59:20] - |D| - [3951168] - C:\Program Files (x86)\Common Files\Steam
[14/07/2009 05:20:08] - |D| - [10591635] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[26/05/2016 13:28:17] - |D| - [0] - C:\Program Files\Common files\AV
[06/12/2017 19:41:03] - |D| - [1869008] - C:\Program Files\Common files\Avast Software
[23/06/2015 21:22:24] - |D| - [14488] - C:\Program Files\Common files\DESIGNER
[27/08/2014 20:31:14] - |D| - [22539931] - C:\Program Files\Common files\logishrd
[14/07/2009 05:20:08] - |D| - [500601393] - C:\Program Files\Common files\Microsoft Shared
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[14/07/2009 05:20:08] - |D| - [12726771] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.0948C1C93C7BB70798E40A9BC92641FD] - [14/07/2009 07:08:49] - |A| - [32496] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.A46054E192FD19480D51D7600A2B91B2] - [13/02/2018 21:37:36] - |A| - [4478] - C:\Windows\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.AD318025BB6EB56319CF102E8B4F0245] - [23/07/2016 11:28:05] - |A| - [4620] - C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier         :   C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe
[MD5.469DC1C49AF1C9C3A7C12FEE698FAEAF] - [23/07/2016 11:28:07] - |A| - [4486] - C:\Windows\System32\Tasks\Adobe Flash Player Updater         :   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.C9DBC79D36E5C13AF6087E7AB07F69ED] - [01/02/2018 18:47:22] - |A| - [3456] - C:\Windows\System32\Tasks\AdobeGCInvoker-1.0-user-PC-user         :   C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
[MD5.00000000000000000000000000000000] - [19/08/2014 09:16:14] - |D| - [9396] - C:\Windows\System32\Tasks\ASUS
[MD5.8C084425E081E43DEA545FCE80519A29] - [18/03/2017 19:44:18] - |A| - [3910] - C:\Windows\System32\Tasks\Avast Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [26/05/2016 13:28:17] - |D| - [13032] - C:\Windows\System32\Tasks\AVAST Software
[MD5.1A8401C19446EE68400F4B04DF364B63] - [12/04/2018 12:07:13] - |A| - [3416] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.F81F807CB6409B8B28031D9D8F1E81CA] - [12/04/2018 12:07:15] - |A| - [3544] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.D425325962A21BF2ABA7CF6AAE5F7D9C] - [24/04/2018 15:59:16] - |A| - [4130] - C:\Windows\System32\Tasks\CCleaner Update         :   C:\Program Files\CCleaner\CCUpdate.exe
[MD5.A0CA27E49CA0F0768EF5A66B62321591] - [25/10/2014 14:55:15] - |A| - [2772] - C:\Windows\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [255192] - C:\Windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [23/06/2015 21:23:07] - |D| - [4838] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.00000000000000000000000000000000] - [13/03/2015 17:18:49] - |D| - [0] - C:\Windows\System32\Tasks\Safer-Networking
[MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [4470] - C:\Windows\System32\Tasks\WPD
[MD5.CE77631C2C6BB9731C981D2A9A8D82C8] - [10/05/2018 20:22:15] - |A| - [3002] - C:\Windows\System32\Tasks\{275B388B-80D1-4B1F-B9DA-94BB37982A54}         :   C:\Users\user\Desktop\YGOPRO\ygopro_vs_links_beta\ygopro_vs_links.exe
[MD5.49C857C9DC722F3871CB8434BEC673EA] - [11/08/2015 15:58:30] - |A| - [3410] - C:\Windows\System32\Tasks\{533E72F0-4AC0-4140-B1EC-FF788AFEE1A8}         :   C:\Windows\system32\pcalua.exe
[MD5.FDBE9074D6C47491E98520FE1987BFDA] - [15/05/2016 23:30:53] - |A| - [3208] - C:\Windows\System32\Tasks\{59675EE7-1E89-41D0-8545-9D9877CB0F32}         :   "c:\program files (x86)\google\chrome\application\chrome.exe"
[MD5.0D0B7936554E6BBDBE7B9925CC15F9A4] - [28/10/2014 22:23:05] - |A| - [3340] - C:\Windows\System32\Tasks\{D86EE1C9-C50A-4CA8-BC64-6E0B73590769}         :   C:\Windows\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{DE85CDF7-4837-4778-93A6-9EF783F910AC}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{6C6C52E5-6C49-4A06-9B97-ACC68E51ED87}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Battle.net\Battle.net.exe|Name=Battle.net|
"{C80A73CD-2EC6-4991-BE45-3D074398207C}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Battle.net\Battle.net.exe|Name=Battle.net|
"{AE89FF47-78FC-4F74-9C24-EFF6B20BDFF4}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\StarCraft II\StarCraft II.exe|Name=Blizzard Launcher|
"{5FFAE0A8-EFA8-4F8B-827D-098B16B59FE9}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\StarCraft II\StarCraft II.exe|Name=Blizzard Launcher|
"{0319FFCE-0988-4DFD-B07B-2D913D352B27}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (TCP-In)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{E929B329-9F4F-4166-88BA-B00570A3AB04}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (UDP-In)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{15BE3946-B503-4F30-91B8-A6E89050AC0B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\RomStation\NetPlay\OpenVPN\bin\openvpn.exe|Name=openvpn|
"{2DBEA660-E43A-4826-85E7-9AEBC075D426}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\RomStation\NetPlay\OpenVPN\bin\openvpn.exe|Name=openvpn|
"{F6B5103B-0B92-435E-8568-23C6BBEC879E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\RomStation\Emulation\GameCube\Dolphin x64\Dolphin.exe|Name=Dolphin.exe|
"{260F93E6-A59E-4DA0-BE39-BB7F7827BEDB}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\RomStation\Emulation\GameCube\Dolphin x64\Dolphin.exe|Name=Dolphin.exe|
"{13A9929A-D8A4-40D1-83C8-3A83DDE21565}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=1688|Name=KMS Emulator Port|
"TCP Query User{51AF49DA-3328-4A4E-9506-C8B914222373}C:\program files (x86)\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"UDP Query User{5B540AD6-0CF0-4180-A414-B76595ABE3CE}C:\program files (x86)\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"TCP Query User{A04513B7-5F21-48DF-A4F0-337F4C13A8A9}C:\program files (x86)\warcraft iii\war3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\warcraft iii\war3.exe|Name=Warcraft III|Desc=Warcraft III|Defer=User|
"UDP Query User{E860D462-82A7-4DBA-BA0F-A293020773F8}C:\program files (x86)\warcraft iii\war3.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\warcraft iii\war3.exe|Name=Warcraft III|Desc=Warcraft III|Defer=User|
"TCP Query User{11E9BD63-54F2-4FC0-A10D-61FF76E77064}C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs_ai_debug.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs_ai_debug.exe|Name=ygopro_vs_ai_debug.exe|Desc=ygopro_vs_ai_debug.exe|Defer=User|
"UDP Query User{9775930D-1911-459B-9CD2-19B53F954F54}C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs_ai_debug.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs_ai_debug.exe|Name=ygopro_vs_ai_debug.exe|Desc=ygopro_vs_ai_debug.exe|Defer=User|
"TCP Query User{1A672F70-3A87-45A7-8DBF-359274ECC5E7}C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs.exe|Name=ygopro_vs.exe|Desc=ygopro_vs.exe|Defer=User|
"UDP Query User{6AFFEF1A-3D40-43C7-B9E2-49BB8C836FEF}C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\desktop\ygopro-1.033.7-v2-percy\ygopro_vs.exe|Name=ygopro_vs.exe|Desc=ygopro_vs.exe|Defer=User|
"TCP Query User{E2541172-E9E2-4884-95D9-232927D994CF}C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{15BCAA10-B3BC-4694-AD2B-E3349064EAAA}C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base46690\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{E75E5ABC-51E8-438A-9AEC-B8F59A184908}C:\program files (x86)\hearthstone\hearthstone.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\hearthstone\hearthstone.exe|Name=Hearthstone|Desc=Hearthstone|Defer=User|
"UDP Query User{F88FAF8F-27EE-4745-8F09-68A944989814}C:\program files (x86)\hearthstone\hearthstone.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\hearthstone\hearthstone.exe|Name=Hearthstone|Desc=Hearthstone|Defer=User|
"TCP Query User{0A64B1C3-2ABC-4B8A-98DA-518151B7EC1C}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"UDP Query User{5D44974E-E2B3-4070-AD3F-7043656034D1}C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base47185\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"TCP Query User{9A3A28FC-B580-412C-938B-0F68F9513E0E}C:\program files (x86)\srware iron\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\srware iron\chrome.exe|Name=SRWare Iron|Desc=SRWare Iron|Defer=User|
"UDP Query User{183C3F2D-B95F-4EC8-8F53-B19D95C3B757}C:\program files (x86)\srware iron\chrome.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\srware iron\chrome.exe|Name=SRWare Iron|Desc=SRWare Iron|Defer=User|
"TCP Query User{D5D567BC-5D99-49EC-8110-A33345759A7B}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{10B3996C-16A6-4769-A84C-065F022CB4B9}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{81DE933E-D2FC-49A9-BDC0-39D44A14A972}C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{6CC69413-A840-43CB-A15E-A0DF6C6FA5D0}C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base55288\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{FABCAC2B-8BF2-4875-B9F6-416A405E63B7}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"UDP Query User{F5003796-B002-41B8-8870-234D90D32EB2}C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base55505\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"TCP Query User{907CC32E-4A52-4F87-A2B9-9B8B1D8CD126}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{DF95D93F-9FA2-4212-99AE-529EF9C55CE5}C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base55844\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{C56957A3-3541-40F3-AF28-894E19B13BE5}C:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{9F89570F-4BC1-4C69-BE52-FD6092348B1C}C:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56175\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{137F9BA4-E529-49DE-B5C4-B0BE59D8FE49}C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{B9687D70-DC17-4C3D-811F-2A1B9F747527}C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56361\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{0E2EA925-97D1-4ED5-9034-BFF673E3C05F}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"UDP Query User{C8EC1399-AB2D-4F45-87AA-F4DFCC29A64D}C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base55958\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"TCP Query User{09F65B7F-5B64-4B61-A6D9-D714908D144B}C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{97F8347A-41E4-4DC4-9F1E-116CA571E1AA}C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base56705\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{EEE18220-56E0-46BD-BCE0-16688687E169}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"UDP Query User{54AC4A70-A2A8-4DB1-BD1F-1450295A86F2}C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\starcraft ii\versions\base56787\sc2_x64.exe|Name=StarCraft II|Desc=StarCraft II|Defer=User|
"TCP Query User{BFA039F2-9135-40A3-AF43-7181B4E85FE9}C:\program files (x86)\destiny 2\destiny2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\destiny 2\destiny2.exe|Name=Game Executable|Desc=Game Executable|Defer=User|
"UDP Query User{8A98B5EE-B513-471C-B7BE-52C2B200AD2C}C:\program files (x86)\destiny 2\destiny2.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\destiny 2\destiny2.exe|Name=Game Executable|Desc=Game Executable|Defer=User|
"TCP Query User{F18D3E61-81C3-4085-A91C-1D061BD0754F}C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{343AD59B-6E84-49F0-881D-BA2C9A443131}C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base57062\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{32097F94-C946-4193-8BF8-BFD00EAE9711}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{F1C30560-375B-4FF3-AD3B-0C09A40DC070}C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base57286\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{F07ADA75-3F1D-41D1-847D-8AA04262E7B0}C:\users\user\desktop\ygopro\ygopro-1.033.7-v2-percy\ygopro_vs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\desktop\ygopro\ygopro-1.033.7-v2-percy\ygopro_vs.exe|Name=ygopro_vs.exe|Desc=ygopro_vs.exe|Defer=User|
"UDP Query User{300417A6-E51F-4E3B-A8D9-E3C399646633}C:\users\user\desktop\ygopro\ygopro-1.033.7-v2-percy\ygopro_vs.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\desktop\ygopro\ygopro-1.033.7-v2-percy\ygopro_vs.exe|Name=ygopro_vs.exe|Desc=ygopro_vs.exe|Defer=User|
"TCP Query User{A869911F-7B7E-4E99-9872-E4F0608A7063}C:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{89C36530-B4CC-46F5-A1E0-0F9FD0C43524}C:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base59657\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{347C1B4B-A255-4B9A-8CC3-BC2B44CC2F41}C:\program files (x86)\battle.net\battle.net.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\battle.net\battle.net.exe|Name=Blizzard Battle.net App|Desc=Blizzard Battle.net App|Defer=User|
"UDP Query User{E721D7C8-9C39-4BF0-BC53-3E6045100856}C:\program files (x86)\battle.net\battle.net.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\battle.net\battle.net.exe|Name=Blizzard Battle.net App|Desc=Blizzard Battle.net App|Defer=User|
"{9D82DF5B-ACAC-4227-8FB7-893DEB161F51}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=GoogleÂ Chrome (mDNS-In)|Desc=RÃ¨gle de trafic entrant pour GoogleÂ Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{B2300EC0-3FE3-470B-9AFB-F1D3116C1A0F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe|Name=Avast Secure Browser (mDNS-In)|Desc=RÃ¨gle de trafic entrant pour Avast Secure Browser autorisant le trafic mDNS|EmbedCtxt=Avast Secure Browser|
"TCP Query User{11F4494C-3163-4A3A-9CD2-4F1E8BF52982}C:\program files (x86)\heroes of the storm\versions\base64455\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base64455\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{BFE5DF9D-659A-4642-B4DC-4BC301AA6B05}C:\program files (x86)\heroes of the storm\versions\base64455\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base64455\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{3AEC0710-7775-483E-BEEB-573C7DC5ED2F}C:\program files (x86)\heroes of the storm\versions\base64657\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base64657\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"UDP Query User{A6F6EA66-476D-464A-8DD1-220F6ADEB0A3}C:\program files (x86)\heroes of the storm\versions\base64657\heroesofthestorm_x64.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\heroes of the storm\versions\base64657\heroesofthestorm_x64.exe|Name=Heroes of the Storm|Desc=Heroes of the Storm|Defer=User|
"TCP Query User{1A7D6E53-7F13-40C8-BB94-D0CC63371BD1}C:\users\user\desktop\ygopro\ygopro_vs_links_beta\ygopro_vs_links.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\desktop\ygopro\ygopro_vs_links_beta\ygopro_vs_links.exe|Name=ygopro_vs_links.exe|Desc=ygopro_vs_links.exe|Defer=User|
"UDP Query User{37514B13-B0A0-41DD-8AF4-42C41C8ECDA9}C:\users\user\desktop\ygopro\ygopro_vs_links_beta\ygopro_vs_links.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\desktop\ygopro\ygopro_vs_links_beta\ygopro_vs_links.exe|Name=ygopro_vs_links.exe|Desc=ygopro_vs_links.exe|Defer=User|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C99-B45F-E9707B377636}] : (aswEmHWID2) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9D3039DD-CCA5-4B4D-B33D-E2DDC8A8C52E}] : (dtsoftbus01) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[22/11/2014 12:54:15] - (4.49.1.352) - (Disc Soft Ltd - DAEMON Tools Virtual Bus Driver) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys
[19/08/2014 09:33:15] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsIO.sys
[27/01/2015 13:25:16] - (9.18.13.4725) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 347.25) - C:\Windows\system32\DRIVERS\nvlddmkm.sys
[06/12/2014 17:30:37] - (9.0.0.9) - (The OpenVPN Project - TAP-Windows Virtual Network Driver) - C:\Windows\system32\DRIVERS\tap0901.sys
[04/08/2016 12:39:40] - (1.2.34.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys
[27/01/2015 13:25:16] - (1.3.33.0) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys
[14/11/2017 20:41:23] - (5.1.2.252) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL
[01/05/2018 18:21:51] - (1.0.0.115) - (McAfee, Inc. - McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
[19/08/2014 09:38:50] - (4.1.2028.3462) - (NVIDIA Corporation - Nvidia Streaming Kernel Service) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrÃ´leur d'hÃ´te Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Pilote dÂÃ©numÃ©rateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - dtsoftbus01 (DAEMON Tools Virtual Bus Driver) -> system32\DRIVERS\dtsoftbus01.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systÃ¨mes Microsoft) -> system32\DRIVERS\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Pilote de port sÃ©rie) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Pilote de pÃ©riphÃ©rique terminal) -> system32\DRIVERS\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.798DE15F187C1F013095BBBEB6FB6197] - [19/08/2014 09:33:15] - (.-.) - [14.88 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsIO.sys
[MD5.19166026A93206F9C6A8CD3A1F010AE4] - [02/04/2009 14:30:14] - (.-.) - [10.05 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\ASUSHWIO.SYS

---------- | Uninstall (Whitelist)

[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\correctif rpgxp 1.0.0.1 pour vista] : (correctif rpgxp 1.0.0.1 pour vista.-.) -> C:\Windows\system32\Uninstal.exe
[HKU\S-1-5-21-768028322-443926211-1286405372-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\The Forgotten] : (C&C 3: The Forgotten.-.CNC Labs) -> C:\Users\user\Documents\Command & Conquer 3 Tiberium Wars\Mods\Mutant\UninstallTheForgottenMod.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Branding] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}] : (UE4 Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3BFC9CAE-091D-11E4-886A-F04DA23A5C58}] : (MSVCRT Redists.-.Sony Creative Software Inc.) -> MsiExec.exe /I{3BFC9CAE-091D-11E4-886A-F04DA23A5C58}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 347.25.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (Mises Ã  jour NVIDIA 2.9.1.22.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.9.1.22.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.34.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B5E06417-A4AC-4225-B36E-7E34C91616E7}] : (IntelÂ® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4BD27CF-BFBC-11E3-9B8F-F04DA23A5C58}] : (MSVCRT Redists.-.Sony Creative Software Inc.) -> MsiExec.exe /I{D4BD27CF-BFBC-11E3-9B8F-F04DA23A5C58}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D66B7840-6A9B-11E4-8FED-F04DA23A5C58}] : (MSVCRT Redists.-.Sony Creative Software Inc.) -> MsiExec.exe /I{D66B7840-6A9B-11E4-8FED-F04DA23A5C58}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 29 PPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe -maintain pepperplugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Open Broadcaster Software] : (Open Broadcaster Software.-.) -> C:\Program Files (x86)\OBS\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Panda Universal Agent Endpoint] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RGSS de RPG MAKER XP_is1] : (RGSS de RMXP version 1.0.1.-.Bodom-Child - RaBBi(YUME TEAM)) -> "C:\Program Files (x86)\Bodom-Child - RaBBi\RGSS\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08610298-29AE-445B-B37D-EFBE05802967}] : (LWS Pictures And Video.-.Logitech) -> MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{121727D5-FDF3-4723-BA57-EB383440ED72}] : (OpenOffice 4.1.1.-.Apache Software Foundation) -> MsiExec.exe /I{121727D5-FDF3-4723-BA57-EB383440ED72}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}] : (LibreOffice 5.0.4.2.-.The Document Foundation) -> MsiExec.exe /I{14B5DDCF-61C4-4F1E-A621-844685D60B5A}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{15634701-BACE-4449-8B25-1567DA8C9FD3}] : (CameraHelperMsi.-.Logitech) -> MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1651216E-E7AD-4250-92A1-FB8ED61391C9}] : (LWS Help_main.-.Logitech) -> MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{174A3B31-4C43-43DD-866F-73C9DB887B48}] : (LWS Twitter.-.Logitech) -> MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}] : (LWS YouTube Plugin.-.Logitech) -> MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180101F0}] : (Java 8 Update 101.-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180101F0}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}] : (erLT.-.Logitech, Inc.) -> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{582876EC-A178-44D4-9823-C10D6C62EAFF}] : (.-.) -> MsiExec /X{80407BA7-7763-4395-AB98-5233F1B34E65}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}] : (LWS Gallery.-.Logitech) -> MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71E66D3F-A009-44AB-8784-75E2819BA4BA}] : (LWS Motion Detection.-.Logitech) -> MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80407BA7-7763-4395-AB98-5233F1B34E65}] : (NVIDIA PhysX.-.NVIDIA Corporation) -> MsiExec.exe /I{80407BA7-7763-4395-AB98-5233F1B34E65}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}] : (LWS Launcher.-.Logitech) -> MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8937D274-C281-42E4-8CDB-A0B2DF979189}] : (LWS Webcam Software.-.Logitech) -> MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DAEA76B-E50F-4272-A595-0124E826553D}] : (LWS WLM Plugin.-.Logitech) -> MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9DF24673-1780-4621-8476-0E44BE708C96}_is1] : (YgoLink version 3.5.0.0.-.Jyru-Ken) -> "C:\Program Files (x86)\YgoLink\unins000.exe"
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Avast Update Helper.-.AVAST Software) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824265200}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824265200}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - FranÃ§ais.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}] : (ASUS Product Register Program.-.ASUSTek Computer Inc.) -> MsiExec.exe /I{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}] : (LWS Facebook.-.Logitech) -> MsiExec.exe /I{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\0487B66DB9A64E11F8DE0FD42AA3C585] : MSVCRT Redists
[HKCR\Installer\Products\10743651ECAB9444B8525176ADC8F93D] : CameraHelperMsi
[HKCR\Installer\Products\13B3A47134C4DD3468F6379CBD88B784] : LWS Twitter
[HKCR\Installer\Products\472D7398182C4E24C8BD0A2BFD791998] : LWS Webcam Software
[HKCR\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7] : LWS YouTube Plugin
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2238110100F] : Java 8 Update 101 -> C:\Program Files (x86)\Java\jre1.8.0_101\\bin\javaws.exe
[HKCR\Installer\Products\591761FF4EE90C64C87DBF3A54E788BA] : LWS Facebook
[HKCR\Installer\Products\5D7271213FDF3274AB75BE834304DE27] : OpenOffice 4.1.1 -> C:\Windows\Installer\{121727D5-FDF3-4723-BA57-EB383440ED72}\soffice.ico
[HKCR\Installer\Products\68AB67CA408033019195008142622500] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824265200}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - FranÃ§ais -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\71460E5BCA4A52243BE6E7439C61617E] : IntelÂ® Trusted Connect Service Client
[HKCR\Installer\Products\7AB7040836775934BA8925331F3BE456] : NVIDIA PhysX -> C:\Windows\Installer\{80407BA7-7763-4395-AB98-5233F1B34E65}\icon.ico
[HKCR\Installer\Products\89201680EA92B5443BD7FEEB50089276] : LWS Pictures And Video
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Avast Update Helper
[HKCR\Installer\Products\B67AEAD9F05E27245A5910428E6255D3] : LWS WLM Plugin
[HKCR\Installer\Products\C3AF8C38AE4F4C6438293DEC5373836D] : LWS Launcher
[HKCR\Installer\Products\C3CE67F61B43E63479BF845CD8B7DEDC] : LWS Gallery
[HKCR\Installer\Products\E6121561DA7E0524291ABFE86D31199C] : LWS Help_main
[HKCR\Installer\Products\EAC9CFB3D1904E1188A60FD42AA3C585] : MSVCRT Redists
[HKCR\Installer\Products\F3D66E17900ABA447848572E18B94AAB] : LWS Motion Detection
[HKCR\Installer\Products\F45FAD3B52BD6854E91F692DB41B0488] : Windows Movie Maker 2.6
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\FC5DAE63FE44FCF4B81E9DC684537D4A] : UE4 Prerequisites (x64) -> C:\Windows\Installer\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}\Setup.ico
[HKCR\Installer\Products\FC72DB4DCBFB3E11B9F80FD42AA3C585] : MSVCRT Redists
[HKCR\Installer\Products\FCDD5B414C16E1F46A124864586DB0A5] : LibreOffice 5.0.4.2 -> C:\Windows\Installer\{14B5DDCF-61C4-4F1E-A621-844685D60B5A}\soffice.ico

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:17Z. Error Code: 0x80041321.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:29Z. Error Code: 0x80041321.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:35Z. Error Code: 0x80041321.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:03Z. Error Code: 0x80041321.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:23Z. Error Code: 0x80041321.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Failed to schedule Software Protection service for re-start at 2018-05-24T15:01:22Z. Error Code: 0x80041321.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------


----------( EOF)---------- - 3435 | 19:59:56