start 
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [SessionLogon] => C:\ExpressGateUtil\SessionLogon.exe
HKU\S-1-5-21-2305713913-1011405820-342418368-1001\...\MountPoints2: {070b880a-5c51-11e4-b1ff-97f26773d8b9} - F:\Startme.exe
HKU\S-1-5-21-2305713913-1011405820-342418368-1001\...\MountPoints2: {9a4cda4b-b5fb-11e4-8a7e-485b399a53bb} - F:\Startme.exe
SearchScopes: HKU\S-1-5-21-2305713913-1011405820-342418368-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2305713913-1011405820-342418368-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2305713913-1011405820-342418368-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
S2 MBAMScheduler; \ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder)
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
2015-07-08 09:06 - 2015-07-08 09:06 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Local\VirtualStore
2015-07-08 09:06 - 2015-07-08 09:06 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Local\Power2Go
2015-07-08 09:05 - 2015-07-08 09:06 - 00000000 ____D C:\Users\cccfxeyrymqv
2015-07-08 09:05 - 2015-07-08 09:05 - 00000020 ___SH C:\Users\cccfxeyrymqv\ntuser.ini
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Voisinage réseau
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Voisinage d'impression
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Modèles
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Menu Démarrer
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Documents\Mes vidéos
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Documents\Mes images
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\Documents\Ma musique
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-07-08 09:05 - 2015-07-08 09:05 - 00000000 _SHDL C:\Users\cccfxeyrymqv\AppData\Local\Historique
2015-07-08 09:05 - 2011-08-16 19:16 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Local\Microsoft Help
2015-07-08 09:05 - 2011-02-19 17:32 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Roaming\Macromedia
2015-07-08 09:05 - 2010-10-17 07:57 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-07-08 09:05 - 2010-10-17 07:56 - 00000000 ____D C:\Users\cccfxeyrymqv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-07-08 09:05 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\cccfxeyrymqv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-08 09:05 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\cccfxeyrymqv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-07 05:53 - 2015-07-07 05:53 - 00000000 ____D C:\ProgramData\boost_interprocess
C:\Users\henri\AppData\Local\Temp\_is3B2B.exe
C:\Users\henri\AppData\Local\Temp\_is783B.exe
C:\Users\henri\AppData\Local\Temp\_is9DF.exe
C:\Users\henri\AppData\Local\Temp\_isB116.exe
C:\Users\henri\AppData\Local\Temp\_isC448.exe
AlternateDataStreams: C:\ProgramData\Temp:2F370DA6
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:A724744F

EmptyTemp:
end