--------------- QuickDiag | g3n-h@ckm@n | V3_18.05.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 19/05/2017 03:47:44

Updated 18/05/2017 | 12.00 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[ggcp (Administrator)] - [GGCP] (S-1-5-21-3066676641-2175538974-1535034829)

System: Microsoft Windows 10 Famille - - (10.0.14393) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: X751SA - ASUSTeK COMPUTER INC. - IdNumber: G9N0CV11667037E - UUID: 3F9A8247-0D6B-C44C-B197-066CBC9B7336
Processor : X64 - 1600 Mhz - Intel(R) Pentium(R) CPU  N3710  @ 1.60GHz
X751SA.403 - en|US|iso8859-1 - American Megatrends Inc. - S/N: G9N0CV11667037E     - X751SA.403 - _ASUS_ - 1072009
CoreTemp : 40 Celsius

----------| Quick


---------- | SoundDevice

Son Intel(R) pour Ã©crans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2883&SUBSYS_80860101&REV_1000\4&266C4F48&0&0201
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0233&SUBSYS_1043191D&REV_1000\4&266C4F48&0&0001

---------- | Video

Intel(R) HD Graphics - Resolution: 1600x900 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_22B1&SUBSYS_191D1043&REV_35\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 20.19.15.4531 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:2 %
CPU #2 value:14 %
CPU #3 value:26 %
CPU #4 value:14 %
Total Overall CPU Usage value:14 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Qualcomm Atheros AR956x Wireless Network Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec
Connexion au rÃ©seau local* 3 : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{2CACCDB5-0312-47D9-8C03-B046EA8F4A0B} : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:14 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

Qualcomm Atheros AR956x Wireless Network Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_21301A3B&REV_01\4&B716600&0&00E3
Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_200F1043&REV_12\4&3226DB8B&0&01E2
Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
RAS Async Adapter - - - Status: - PnPID : 
Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&3283EE1&0&11
Microsoft ISATAP Adapter - - - Status: - PnPID : 
Microsoft ISATAP Adapter #2 - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_1
WAN Miniport (SSTP) - - - Status: - PnPID : 
WAN Miniport (IKEv2) - - - Status: - PnPID : 
WAN Miniport (L2TP) - - - Status: - PnPID : 
WAN Miniport (PPTP) - - - Status: - PnPID : 
WAN Miniport (PPPOE) - - - Status: - PnPID : 
WAN Miniport (IP) - - - Status: - PnPID : 
WAN Miniport (IPv6) - - - Status: - PnPID : 
WAN Miniport (Network Monitor) - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 4098 | Free (MB) : 994
Pagefile = Total (MB) : 7899 | Free (MB) : 2958
Virtual = Total (MB) : 4194 | Free (MB) : 3952

Physical Memory 0 : Capacity: 4294967296 - A1_DIMM0 - Posit.: 1 - Manufacturer: Micron          - PartNumber: 8KTF51264HZ-1G9P2 - S/N: 00000000  

---------- | SID Users

Administrateur : [S-1-5-21-3066676641-2175538974-1535034829-500]
DefaultAccount : [S-1-5-21-3066676641-2175538974-1535034829-503]
ggcp : [S-1-5-21-3066676641-2175538974-1535034829]
InvitÃ© : [S-1-5-21-3066676641-2175538974-1535034829-501]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion Ã  distance : [S-1-5-32-580]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [OS] | Total : 930.75 Go | Free : 738.7 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_MQ01ABD100\4&3B453A23&0&000000

---------- | Windows updates

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated
Test 3 : Possible Fixed Windows (Notification Mode)

---------- | Browsers

IE : 11.0.14393.953     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)
FF : 53.0.2.6333     (Â©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 58.0.3029.110     (Copyright 2016 Google Inc.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 25.0.0.171
FlashPlayer Plugin : 25.0.0.171

---------- | Security

AV : Malwarebytes Disabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

424 | [Owner : SystÃ¨me | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.14393.0) = C:\Windows\System32\smss.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
612 | [Owner : SystÃ¨me | Parent : 604() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
704 | [Owner : SystÃ¨me | Parent : 604() | ?????] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
716 | [Owner : SystÃ¨me | Parent : 696() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.14393.0) = C:\Windows\System32\csrss.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
788 | [Owner : SystÃ¨me | Parent : 696() | 3.09 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (10.0.14393.1198) = C:\Windows\System32\winlogon.exe     [12/05/2017 01:08:44]    CPU Usage:0 %
844 | [Owner : SystÃ¨me | Parent : 704(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (10.0.14393.1198) = C:\Windows\System32\services.exe     [12/05/2017 01:11:56]    CPU Usage:0 %
852 | [Owner : SystÃ¨me | Parent : 704(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe     [21/11/2016 08:02:00]    CPU Usage:0 %
956 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 13.46 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
76 | [Owner : SERVICE RÃSEAU | Parent : 844(services.exe) | 8.76 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
560 | [Owner : DWM-1 | Parent : 788(winlogon.exe) | 64.23 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (10.0.14393.0) = C:\Windows\System32\dwm.exe     [16/07/2016 13:42:23]    CPU Usage:2 %
980 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 39.05 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
348 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 78.23 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1104 | [Owner : SERVICE LOCAL | Parent : 348(svchost.exe) | 5.1 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hÃ´te de lÂinfrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe     [16/07/2016 13:42:35]    CPU Usage:0 %
1240 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 19.08 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1340 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 16.6 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1420 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 19.79 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1476 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 3.17 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4531) = C:\Windows\System32\igfxCUIService.exe     [02/11/2016 00:05:26]    CPU Usage:0 %
1580 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1660 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1684 | [Owner : SERVICE RÃSEAU | Parent : 844(services.exe) | 12.61 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1748 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 8.48 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1800 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 1.16 Mo] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.90.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe     [11/01/2016 12:42:18]    CPU Usage:0 %
1808 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 0.68 Mo] - (.ASUSTek Computer Inc. - GFNEXSrv.) - (1.0.13.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe     [13/01/2016 11:45:30]    CPU Usage:0 %
1820 | [Owner : SystÃ¨me | Parent : 844(services.exe) | ?????] - (.AVAST Software - Avast Service.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe     [10/05/2017 04:36:35]    CPU Usage:0 %
1940 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 3.92 Mo] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe     [16/03/2017 21:22:26]    CPU Usage:0 %
2264 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 6.08 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
2364 | [Owner : SERVICE LOCAL | Parent : 348(svchost.exe) | 8.44 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe     [21/11/2016 08:02:03]    CPU Usage:0 %
2632 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 2.11 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.2.9200.16384) = C:\Program Files (x86)\Bluetooth Suite\AdminService.exe     [29/07/2015 21:36:16]    CPU Usage:0 %
2652 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 1.16 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10605.221) = C:\Windows\SysWOW64\esif_uf.exe     [19/09/2016 14:35:19]    CPU Usage:0 %
2660 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 2.89 Mo] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSWinService.exe     [24/12/2015 09:31:24]    CPU Usage:0 %
2676 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 15.98 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
2688 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 14.62 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7967.1324) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe     [19/09/2016 14:35:55]    CPU Usage:0 %
2752 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 136.46 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [14/05/2017 20:38:00]    CPU Usage:0 %
2916 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 6.67 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe     [21/01/2017 01:09:30]    CPU Usage:0 %
2924 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 14.98 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
2940 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 4.2 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
2956 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 3.08 Mo] - (.TeamViewer GmbH - TeamViewer 10.) - (10.0.47484.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe     [24/03/2016 14:06:36]    CPU Usage:0 %
3512 | [Owner : SERVICE RÃSEAU | Parent : 844(services.exe) | 2.67 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1772 | [Owner : SystÃ¨me | Parent : 1800(AsLdrSrv.exe) | 3.32 Mo] - (.ASUSTek Computer Inc. - HControl.) - (1.0.90.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe     [11/01/2016 12:42:22]    CPU Usage:0 %
4380 | [Owner : ggcp | Parent : 844(services.exe) | 21.8 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
1972 | [Owner : ggcp | Parent : 980(svchost.exe) | 19.2 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe     [16/07/2016 13:42:09]    CPU Usage:0 %
2788 | [Owner : SERVICE LOCAL | Parent : 844(services.exe) | 2.99 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe     [20/01/2017 22:19:54]    CPU Usage:0 %
3232 | [Owner : ggcp | Parent : 2652(esif_uf.exe) | 1.05 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10605.221) = C:\Windows\Temp\DPTF\esif_assist_64.exe     [15/05/2017 05:10:40]    CPU Usage:0 %
3560 | [Owner : ggcp | Parent : 980(svchost.exe) | 13.37 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe     [16/07/2016 13:42:36]    CPU Usage:0 %
4864 | [Owner : ggcp | Parent : 980(svchost.exe) | 0.42 Mo] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (4.1.5.0) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe     [25/05/2015 14:20:18]    CPU Usage:0 %
2772 | [Owner : ggcp | Parent : 956(svchost.exe) | 40.04 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe     [16/07/2016 13:42:05]    CPU Usage:0 %
5700 | [Owner : ggcp | Parent : 980(svchost.exe) | 0.45 Mo] - (.ASUS - ACMON.) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe     [02/12/2015 19:01:44]    CPU Usage:0 %
5912 | [Owner : ggcp | Parent : 5236() | 103.42 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.1198) = C:\Windows\explorer.exe     [12/05/2017 01:09:15]    CPU Usage:2 %
6448 | [Owner : ggcp | Parent : 6136() | 4.85 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4531) = C:\Windows\System32\igfxEM.exe     [02/11/2016 00:05:26]    CPU Usage:0 %
6508 | [Owner : ggcp | Parent : 5776(WmiPrvSE.exe) | 5.77 Mo] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.33.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe     [21/05/2015 15:52:36]    CPU Usage:0 %
6532 | [Owner : ggcp | Parent : 5920() | 2.16 Mo] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.23.5) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe     [26/11/2015 20:39:08]    CPU Usage:0 %
6572 | [Owner : ggcp | Parent : 6136() | 1.74 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4531) = C:\Windows\System32\igfxHK.exe     [02/11/2016 00:05:26]    CPU Usage:0 %
6604 | [Owner : SystÃ¨me | Parent : 5836() | 0.2 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe     [14/05/2017 18:54:53]    CPU Usage:0 %
6644 | [Owner : ggcp | Parent : 6136() | 4.25 Mo] - (.-.) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe     [02/11/2016 00:05:26]    CPU Usage:0 %
6856 | [Owner : SystÃ¨me | Parent : 5836() | 0.2 Mo] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe     [14/05/2017 18:54:53]    CPU Usage:0 %
7064 | [Owner : ggcp | Parent : 956(svchost.exe) | 55.31 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [21/11/2016 08:02:03]    CPU Usage:0 %
6352 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 18.07 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.953) = C:\Windows\System32\SearchIndexer.exe     [16/03/2017 21:23:18]    CPU Usage:0 %
6016 | [Owner : ggcp | Parent : 956(svchost.exe) | 20.45 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.953) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [16/03/2017 21:21:14]    CPU Usage:0 %
7088 | [Owner : ggcp | Parent : 980(svchost.exe) | 0.6 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.226) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [19/09/2016 14:09:16]    CPU Usage:0 %
4360 | [Owner : ggcp | Parent : 956(svchost.exe) | 1.6 Mo] - (.-.) - (11.15.597.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe     [09/05/2017 17:14:11]    CPU Usage:0 %
7016 | [Owner : ggcp | Parent : 980(svchost.exe) | 0.82 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.984) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe     [19/09/2016 14:09:16]    CPU Usage:0 %
8016 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 2.81 Mo] - (.WildTangent - WildTangent Games App Integration Service.) - (4.3.0.22) = C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe     [22/12/2015 08:05:20]    CPU Usage:0 %
8140 | [Owner : ggcp | Parent : 5912(explorer.exe) | 21.34 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [14/05/2017 20:37:56]    CPU Usage:0 %
8180 | [Owner : ggcp | Parent : 8124() | 53.11 Mo] - (.AVAST Software - Avast Antivirus.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [10/05/2017 04:36:53]    CPU Usage:0 %
6764 | [Owner : ggcp | Parent : 5912(explorer.exe) | 15.19 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6799.327) = C:\Users\ggcp\AppData\Local\Microsoft\OneDrive\OneDrive.exe     [20/01/2017 18:08:45]    CPU Usage:0 %
7292 | [Owner : ggcp | Parent : 5912(explorer.exe) | 3.3 Mo] - (.AVAST Software - SecureLine.) - (1.0.289.0) = C:\Program Files\AVAST Software\SecureLine\secureline.exe     [21/01/2017 01:09:26]    CPU Usage:0 %
7816 | [Owner : ggcp | Parent : 6484() | 1.52 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe     [30/05/2013 15:50:10]    CPU Usage:0 %
5616 | [Owner : SystÃ¨me | Parent : 788(winlogon.exe) | 0.97 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1066) = C:\Windows\System32\fontdrvhost.exe     [12/04/2017 01:00:54]    CPU Usage:0 %
8492 | [Owner : ggcp | Parent : 8200() | 15.23 Mo] - (.ASUSTeK Computer Inc. - ASUS Live Update.) - (3.4.3.0) = C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe     [01/08/2016 11:35:42]    CPU Usage:0 %
6792 | [Owner : ggcp | Parent : 956(svchost.exe) | 27.62 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe     [16/07/2016 13:42:40]    CPU Usage:0 %
9488 | [Owner : ggcp | Parent : 2164() | 7.53 Mo] - (.ASUS Cloud Corporation -.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\AsusWSPanel.exe     [24/12/2015 09:33:22]    CPU Usage:0 %
9776 | [Owner : ggcp | Parent : 956(svchost.exe) | 0.86 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.1198) = C:\Windows\System32\SettingSyncHost.exe     [12/05/2017 01:09:02]    CPU Usage:0 %
8036 | [Owner : SystÃ¨me | Parent : 844(services.exe) | 2.79 Mo] - (.Intel Corporation - Intel(R) Security Assist.) - (1.0.0.532) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe     [19/05/2015 10:11:00]    CPU Usage:0 %
8348 | [Owner : ggcp | Parent : 956(svchost.exe) | 42.08 Mo] - (.-.) - (1.0.1704.25001) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe     [05/05/2017 14:41:22]    CPU Usage:0 %
9344 | [Owner : ggcp | Parent : 956(svchost.exe) | 0.02 Mo] - (.Microsoft Corporation - ParamÃ¨tres.) - (10.0.14393.82) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe     [21/11/2016 08:01:54]    CPU Usage:0 %
2340 | [Owner : ggcp | Parent : 956(svchost.exe) | 0.26 Mo] - (.-.) - (14.1.1705.10002) = C:\Program Files\WindowsApps\Microsoft.3DBuilder_14.1.1302.0_x64__8wekyb3d8bbwe\Builder3D.exe     [17/05/2017 23:11:26]    CPU Usage:0 %
5456 | [Owner : ggcp | Parent : 956(svchost.exe) | 0.86 Mo] - (.Microsoft Corporation - OneNote.) - (16.0.8241.5759) = C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8241.57591.0_x64__8wekyb3d8bbwe\onenoteim.exe     [17/05/2017 23:15:56]    CPU Usage:0 %
10596 | [Owner : ggcp | Parent : 956(svchost.exe) | 40.97 Mo] - (.Microsoft Corporation - Store.) - (11703.1001.45.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.App.exe     [08/05/2017 16:43:44]    CPU Usage:0 %
5488 | [Owner : ggcp | Parent : 956(svchost.exe) | 22.49 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1198) = C:\Windows\System32\smartscreen.exe     [12/05/2017 01:12:03]    CPU Usage:0 %
9756 | [Owner : ggcp | Parent : 5912(explorer.exe) | 405.97 Mo] - (.Mozilla Corporation - Firefox.) - (53.0.2.6333) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [20/01/2017 20:58:25]    CPU Usage:0 %
7960 | [Owner : ggcp | Parent : 956(svchost.exe) | 38.51 Mo] - (.Microsoft Corporation - Video Application.) - (10.17032.1034.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17032.10341.0_x64__8wekyb3d8bbwe\Video.UI.exe     [05/05/2017 14:41:25]    CPU Usage:0 %
8416 | [Owner : ggcp | Parent : 956(svchost.exe) | 11.62 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.14393.0) = C:\Windows\System32\SystemSettingsBroker.exe     [16/07/2016 13:42:37]    CPU Usage:0 %
1360 | [Owner : ggcp | Parent : 956(svchost.exe) | 8.4 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe     [16/07/2016 13:42:27]    CPU Usage:0 %
9172 | [Owner : ggcp | Parent : 8256() | 44.45 Mo] - (.BitTorrent Inc. - ÂµTorrent.) - (3.5.0.43580) = C:\Users\ggcp\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe     [09/04/2017 12:49:41]    CPU Usage:0 %
6580 | [Owner : ggcp | Parent : 9172(3.5.0_43580.exe) | 92.04 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43580) = C:\Users\ggcp\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe     [12/04/2017 16:22:50]    CPU Usage:0 %
8820 | [Owner : ggcp | Parent : 9172(3.5.0_43580.exe) | 27.87 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.43580) = C:\Users\ggcp\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe     [12/04/2017 16:22:50]    CPU Usage:0 %
5252 | [Owner : ggcp | Parent : 956(svchost.exe) | 19.27 Mo] - (.-.) - (0.0.0.0) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8126.42377.0_x64__8wekyb3d8bbwe\HxMail.exe     [03/05/2017 13:17:17]    CPU Usage:0 %
10472 | [Owner : ggcp | Parent : 956(svchost.exe) | 35.54 Mo] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.8126.4237) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8126.42377.0_x64__8wekyb3d8bbwe\HxTsr.exe     [03/05/2017 13:17:17]    CPU Usage:0 %
6768 | [Owner : ggcp | Parent : 5912(explorer.exe) | 167.46 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
9012 | [Owner : ggcp | Parent : 6768(chrome.exe) | 8.56 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
9916 | [Owner : ggcp | Parent : 6768(chrome.exe) | 9.36 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
7300 | [Owner : ggcp | Parent : 6768(chrome.exe) | 134.17 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
10832 | [Owner : ggcp | Parent : 6768(chrome.exe) | 141.4 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
448 | [Owner : ggcp | Parent : 956(svchost.exe) | 27.02 Mo] - (.-.) - (29.29.1705.17002) = C:\Program Files\WindowsApps\Microsoft.XboxApp_29.29.17002.0_x64__8wekyb3d8bbwe\XboxApp.exe     [18/05/2017 20:12:32]    CPU Usage:0 %
9156 | [Owner : SERVICE LOCAL | Parent : 1580(svchost.exe) | 25.74 Mo] - (.Microsoft Corporation - Isolation graphique de pÃ©riphÃ©rique audio Windows.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe     [16/07/2016 13:42:22]    CPU Usage:0 %
8460 | [Owner : ggcp | Parent : 6768(chrome.exe) | 105.18 Mo] - (.Google Inc. - Google Chrome.) - (58.0.3029.110) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe     [14/05/2017 18:55:42]    CPU Usage:0 %
4104 | [Owner : ggcp | Parent : 8180(AvastUI.exe) | 125.13 Mo] - (.AVAST Software - Avast Antivirus.) - (17.4.3482.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [10/05/2017 04:36:53]    CPU Usage:0 %
6464 | [Owner : ggcp | Parent : 8180(AvastUI.exe) | 8.53 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.14393.0) = C:\Windows\SysWOW64\ctfmon.exe     [16/07/2016 13:43:04]    CPU Usage:0 %
3012 | [Owner : ggcp | Parent : 5912(explorer.exe) | 36.43 Mo] - (.SosVirus - QuickDiag.) - (18.5.17.1) = C:\Users\ggcp\Desktop\QuickDiag.exe     [19/05/2017 03:46:09]    CPU Usage:2 %
12252 | [Owner : SystÃ¨me | Parent : 956(svchost.exe) | 8.66 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\System32\wbem\WmiPrvSE.exe     [16/07/2016 13:42:31]    CPU Usage:0 %
6272 | [Owner : LogonSessionId_0_33025812 | Parent : 956(svchost.exe) | 9.82 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.14393.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [16/07/2016 13:42:56]    CPU Usage:0 %

---------- | MD5

[MD5.679D17F8CDB938C7100D7A647953677E] - [12/05/2017 01:09:15] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [4564.8 Ko] - (10.0.14393.1198) : C:\WINDOWS\Explorer.exe
[MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 13:42:36] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - InterprÃ©teur de commandes Windows.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
[MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 13:42:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus dÂexÃ©cution client-serveur.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
[MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 13:42:27] - (.Â© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.951FF70440427DA334B6579D71A19480] - [12/05/2017 01:08:58] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL du client API BASE Windows NT.) - [684.51 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Kernel32.dll
[MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [21/11/2016 08:02:00] - (.Â© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
[MD5.4A7015195E49A3BA7DB967B277B21E9D] - [12/05/2017 01:08:56] - (.Â© Microsoft Corporation. - Distributed COM Services.) - [869.5 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\rpcss.dll
[MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 13:42:42] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te Windows (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.9A3B47CD17283B299311013AD3D21D26] - [12/05/2017 01:11:56] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Applications Services et ContrÃ´leur.) - [442.91 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\services.exe
[MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 13:42:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te pour les services Windows.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
[MD5.C46EA86BF0E7C96235E9064CBAD6ED26] - [20/01/2017 23:50:15] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL client de lÂAPI uilisateur de Windows multi-utilisateurs.) - [1426.95 Ko] - (10.0.14393.576) : C:\WINDOWS\System32\user32.dll
[MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 13:42:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Userinit.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
[MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 13:42:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application de dÃ©marrage de Windows.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
[MD5.B2151FE002A8D3F41E2DF935F260E3A8] - [12/05/2017 01:08:44] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Windows.) - [658 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Winlogon.exe
[MD5.323AA1953ED9C01E23F740FA891FE064] - [21/11/2016 08:02:00] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de fonction connexe pour WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 13:41:53] - (.Â© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 13:41:53] - (.Â© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 13:42:35] - (.Â© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 13:41:53] - (.Â© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.4BC21E937E9F9F408672D2C2CBE4A153] - [16/03/2017 21:21:29] - (.Â© Microsoft Corporation. - DFS Namespace Client Driver.) - [142 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 13:41:52] - (.Â© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 13:41:54] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port i8042.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 13:42:39] - (.Â© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.D559FF28B1AD9B1E15A4186E785E61F6] - [16/03/2017 21:21:30] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Minirdr SMB Windows NT.) - [439.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.63560E6BC9BCA978A6B72DF65F7A8930] - [12/04/2017 01:02:48] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - NDIS (Network Driver Interface Specification).) - [1153.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 13:42:35] - (.Â© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.8DB6A6B731CEC9046CD8CA0267EC5679] - [12/05/2017 01:09:10] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote du systÃ¨me de fichiers NT.) - [2202.84 Ko] - (10.0.14393.1198) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 13:41:53] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port parallÃ¨le.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 13:42:39] - (.Â© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 13:44:03] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Redirecteur de pÃ©riphÃ©rique de Microsoft RDP.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.F3CFBE74DAF9ABD06F0B2A037DC4C90A] - [12/04/2017 01:04:26] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote TCP/IP.) - [2474.34 Ko] - (10.0.14393.1066) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.0B237F8A96952BF95A14865030E131F2] - [16/03/2017 21:22:17] - (.Â© Microsoft Corporation. - TDI Translation Driver.) - [115.84 Ko] - (10.0.14393.953) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 13:42:35] - (.Â© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.AVAST Software s.r.o..-.Hook Library.) - (17.4.3.1767) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (20.19.15.4531) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (20.19.15.4531) -- C:\WINDOWS\SYSTEM32\igdusc64.dll
(.ASUS Cloud Corporation..-.AsusWSShellExt64.) - (1.1.0.27) -- C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll
(.AVAST Software.-.Avast Shell Extension.) - (17.4.3482.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4531) -- C:\WINDOWS\system32\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.10.4531) -- C:\WINDOWS\system32\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4531) -- C:\WINDOWS\system32\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.10.4531) -- C:\WINDOWS\system32\igfxDI.dll
(.Alexander Roshal.-.WinRAR shell extension.) - (5.40.0.0) -- C:\Program Files\WinRAR\rarext.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (7.2.0.424) -- C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
(.Hewlett-Packard.-.Hewlett-Packard WIA 2.0 scanner driver.) - (35.0.24.23398) -- C:\WINDOWS\system32\HPWia2_DJ3630.dll
(.Hewlett-Packard Development Company, LP.-.HPScanTRDrv Module.) - (35.0.43.52222) -- C:\WINDOWS\system32\HPScanTRDrv_DJ3630.dll
(.AVAST Software s.r.o..-.Hook Library.) - (17.4.3.1767) -- C:\Program Files\AVAST Software\Avast\x64\aswhooka.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÃSEAU
OneDrive - ("C:\Users\ggcp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3066676641-2175538974-1535034829-1001\SOFTWARE\...\Run]) - User: GGCP\ggcp
avast! SecureLine - (C:\PROGRA~1\AVASTS~1\SECURE~1\SECURE~1.EXE /nogui [Common Startup]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui   
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe   [14/05/2017 20:37:56]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"WindowsDefender"=0x040000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"WebStorage"=0x040000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=1   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D273672F477D7E   
"APPINIT_DLLS"=   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.2.6.547\ASUSWSLoader.exe   [24/12/2015 09:33:16]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe   [30/05/2013 15:50:10]
""=   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=1   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"APPINIT_DLLS"=   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Flash Player Updater
ASUS Live Update1
ASUS Live Update2
ASUS Splendid ACMON
ASUS USB Charger Plus
ATK Package 36D18D69AFC3
ATK Package A22126881260
Avast Emergency Update
avast! SL Update
DropboxOEM
DropboxUpdateTaskMachineCore
DropboxUpdateTaskMachineUA
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
HP AR Program Upload - 1565fb3176b54931b613daf5568d86c1118d1fc80bdb47848b83b4802e18d0d9
HPCustParticipation HP DeskJet 3630 series
OneDrive Standalone Update Task v2
RtHDVBg_ListenToDevice
RTKCPL
Update Checker
User_Feed_Synchronization-{078D7DDD-BEAB-498B-9525-D85D3A35A8C5}
WpsNotifyTask_Administrator
WpsUpdateTask_Administrator

---------- | Startings up registry Â¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=cda5a8fd-642c-4b55-a8ac-65744db   
"GlassSessionId"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN  NOVGA   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"LastBootSucceeded"=1   
"LastBootShutdown"=0   
"DirtyShutdownCount"=77   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [19/09/2016 15:35:31]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"fullprivilegeauditing"=0xC0   
"LsaPid"=852   
"SamConnectedAccountsExist"=1   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKLM\Software\Policies\Microsoft\Windows\System]
"DisableCMD"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"DisableTaskMgr"=0   
"DisableRegistryTools"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   
"NoRun"=0   
"NoFolderOptions"=0   
"NoControlPanel"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=16   
"SmartScreenEnabled"=RequireAdmin   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   
"HideFileExt"=0   
"SuperHidden"=1   
"ShowSuperHidden"=1   
"Hidden"=1   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"DisableCMD"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"DisableTaskMgr"=0   
"DisableRegistryTools"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   
"NoRun"=0   
"NoFolderOptions"=0   
"NoControlPanel"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=7   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=15011279934   
"ShutdownFlags"=2147483687   
"Userinit"=C:\windows\system32\userinit.exe,   
"AutoAdminLogon"=0   
"DefaultUserName"=ggcp   
"DisableCad"=1   
"DisableLockWorkstation"=0   
"EnableFirstLogonAnimation"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"Userinit"=C:\WINDOWS\system32\userinit.exe,   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [16/03/2017 21:21:25]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [16/03/2017 21:21:25]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131241833932308713

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"ProductType"=2
"InstallLocation"=C:\Program Files\Windows Defender\
"ProductStatus"=0
"DisableAntiSpyware"=1
"TrustedImageIdentifier"={X751SA00-0000-0000-0000-000000000000}
"ManagedDefenderProductType"=0
"InstallTime"=0xCBA2ACA36B12D201
"OOBEInstallTime"=0x2A6B66517B12D201
"DisableAntiVirus"=1
"PassiveMode"=0
"OneTimeSqmDataSent"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [172.217.22.142] avec 32 octets de donn?es?:
R?ponse de 172.217.22.142?: octets=32 temps=19 ms TTL=52
R?ponse de 172.217.22.142?: octets=32 temps=19 ms TTL=52
R?ponse de 172.217.22.142?: octets=32 temps=23 ms TTL=52
R?ponse de 172.217.22.142?: octets=32 temps=28 ms TTL=52

Statistiques Ping pour 172.217.22.142:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 19ms, Maximum = 28ms, Moyenne = 22ms

---------- | @

[HKLM\Software\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=about:blank
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"TabProcGrowth"=Medium

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"Anchor_Visitation_Horizon"=0x01000000
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=about:blank
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts








---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_B] - {6D4133E5-0742-4ADC-8A8C-9303440F7191} --  C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll   [22/04/2015 15:59:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_O] - {64174815-8D98-4CE6-8646-4C039977D809} --  C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll   [22/04/2015 15:59:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\!AsusWSShellExt_U] - {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} --  C:\Program Files (x86)\Common Files\AWS\2.2.6.547\ASUSWSShellExt64.dll   [22/04/2015 15:59:34]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [10/05/2017 04:37:05]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [10/05/2017 04:37:05]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [16/07/2016 13:42:17]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [19/09/2016 14:39:19]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [19/09/2016 14:39:19]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} --  C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL   [19/09/2016 14:39:19]


---------- | Toolbar

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a}] : (@C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101) -       []

---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll  [19/09/2016 14:39:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}] -> (Evernote extension) : C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll  [03/09/2015 17:45:26]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL  [19/09/2016 14:39:19]

---------- | Chrome

C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\ggcp\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek]

---------- | Opera


---------- | Firefox


[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (AdobeÂ® FlashÂ® Player 25.0.0.171 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (AdobeÂ® FlashÂ® Player 25.0.0.171 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (WildTangent Games App V2 Presence Detector Plugin) : C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll


C:\Users\ggcp\AppData\Roaming\Mozilla\Firefox\Profiles\x610dkgu.default\Prefs.js

user_pref("browser.startup.homepage", "google.fr");
user_pref("browser.startup.homepage_override.buildID", "20170504105526");
user_pref("browser.startup.homepage_override.mstone", "53.0.2");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"urlbar-container\",\"search-container\",\"bookmarks-menu-button\",\"downloads-button\",\"home-button\",\"pocket-button\",\"ublock0-button\",\"toggle-button--jetpack-extensiondashlanecom-kw-button\",\"multifox-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"pocket-button\",\"developer-button\",\"ublock0-button\",\"multifox-button\",\"toggle-button--jetpack-extensiondashlanecom-kw-button\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":6,\"newElementCount\":0}");
user_pref("extensions.blocklist.pingCountTotal", 105);
user_pref("extensions.blocklist.pingCountVersion", 8);
user_pref("extensions.bootstrappedAddons", "{\"multifox@hultmann\":{\"version\":\"3.2.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\extensions\\\\multifox@hultmann.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"uBlock0@raymondhill.net\":{\"version\":\"1.12.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\extensions\\\\uBlock0@raymondhill.net.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":false,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\features\\\\{b56d876b-7299-4878-8211-503383cba5f2}\\\\shield-recipe-client@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.14\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.e10s.rollout.blocklist", "{dc572301-7619-498c-a57d-39143191b318};firefox@mega.co.nz");
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", true);
user_pref("extensions.enabledAddons", "multifox-toolbar-button%40rbaldwin:1.05.1-signed.1-signed,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1494882950);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "53.0.2");
user_pref("extensions.lastPlatformVersion", "53.0.2");
user_pref("extensions.multifox-toolbar-button.addButtonToToolbar", false);
user_pref("extensions.multifox@hultmann.alias", "{\"0\":\"\",\"1\":\"\",\"2\":\"01 Kyle\",\"3\":\"01 Tim\",\"4\":\"02 Tyty\",\"5\":\"04 Alex N\",\"6\":\"02 Chris\",\"7\":\"\",\"8\":\"Matt Courao\",\"9\":\"03 Sergei\",\"10\":\"Angelo\",\"11\":\"Conan\",\"12\":\"Alex R\",\"13\":\"02 Tyty News\",\"14\":\"\",\"15\":\"Rafael Lazani\"}");
user_pref("extensions.multifox@hultmann.description", "Allows you to be simultaneously logged into multiple accounts.");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pocket.settings.test.panelSignUp", "v1");
user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1");
user_pref("extensions.shield-recipe-client.dev_mode", false);
user_pref("extensions.shield-recipe-client.enabled", true);
user_pref("extensions.shield-recipe-client.logging.level", 50);
user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300);
user_pref("extensions.shield-recipe-client.user_id", "7bb17342-a4e2-4388-b1f2-8e32db4c8e0c");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{b56d876b-7299-4878-8211-503383cba5f2}\",\"addons\":{\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\"}}}");
user_pref("extensions.ublock0.cloudStorage.myFiltersPane", "");
user_pref("extensions.ublock0.cloudStorage.myRulesPane", "");
user_pref("extensions.ublock0.cloudStorage.tpFiltersPane", "");
user_pref("extensions.ublock0.cloudStorage.whitelistPane", "");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"multifox-toolbar-button@rbaldwin\":{\"d\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\extensions\\\\multifox-toolbar-button@rbaldwin.xpi\",\"e\":true,\"v\":\"1.05.1-signed.1-signed\",\"st\":1485782394428},\"multifox@hultmann\":{\"d\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\extensions\\\\multifox@hultmann.xpi\",\"e\":true,\"v\":\"3.2.3\",\"st\":1484938899071},\"uBlock0@raymondhill.net\":{\"d\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\extensions\\\\uBlock0@raymondhill.net.xpi\",\"e\":true,\"v\":\"1.12.4\",\"st\":1494860925744}},\"app-system-addons\":{\"shield-recipe-client@mozilla.org\":{\"d\":\"C:\\\\Users\\\\ggcp\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x610dkgu.default\\\\features\\\\{b56d876b-7299-4878-8211-503383cba5f2}\\\\shield-recipe-client@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0.0\",\"st\":1494769163126}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1494190695971},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.14\",\"st\":1494190695944},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1494190695905},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1494190695868}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"53.0.2\",\"st\":1494190696016}}}");
user_pref("services.sync.prefs.sync.extensions.multifox@hultmann.alias", true);
user_pref("services.sync.prefs.sync.extensions.multifox@hultmann.clearProfiles", true);
user_pref("services.sync.prefs.sync.extensions.multifox@hultmann.windowMode", true);
user_pref("services.sync.prefs.sync.extensions.ublock0.cloudStorage.myFiltersPane", true);
user_pref("services.sync.prefs.sync.extensions.ublock0.cloudStorage.myRulesPane", true);
user_pref("services.sync.prefs.sync.extensions.ublock0.cloudStorage.tpFiltersPane", true);
user_pref("services.sync.prefs.sync.extensions.ublock0.cloudStorage.whitelistPane", true);


[Profile0] - Name=default -> Profiles/x610dkgu.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=89.2.0.1 89.2.0.2
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2caccdb5-0312-47d9-8c03-b046ea8f4a0b}]
"DhcpNameServer"=89.2.0.1 89.2.0.2
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{b29f8258-ab26-4bf5-8d31-e0a9c7d70cd9}]
"DhcpNameServer"=10.66.72.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2caccdb5-0312-47d9-8c03-b046ea8f4a0b}]
"DhcpNameServer"=89.2.0.1 89.2.0.2
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{b29f8258-ab26-4bf5-8d31-e0a9c7d70cd9}]
"DhcpNameServer"=10.66.72.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\et.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\et.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wpp.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wpp.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wps.exe] : "C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\office6\wps.exe" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DeviceInstall
SystemEventsBroker
DcomLaunch
"Camera"=FrameS
"smbsvcs"=lanmanserver
browser

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DeviceInstall
DcomLaunch
"smbsvcs"=lanmanserver


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKLM\Software\Agere]
[HKLM\Software\ASUS]
[HKLM\Software\Atheros]
[HKLM\Software\BigNox]
[HKLM\Software\Clients]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\ECAREME]
[HKLM\Software\Fortemedia]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HP]
[HKLM\Software\ICEpower]
[HKLM\Software\Intel]
[HKLM\Software\IPS]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\LSI]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nahimic]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\SyncIntegrationClients]
[HKLM\Software\sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Yamaha APO]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\DWM]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\Atheros]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\BigNox]
[HKLM\Software\WOW6432Node\Chromium]
[HKLM\Software\WOW6432Node\Dropbox]
[HKLM\Software\WOW6432Node\DropboxUpdate]
[HKLM\Software\WOW6432Node\DuoDianOnline]
[HKLM\Software\WOW6432Node\ECAREME]
[HKLM\Software\WOW6432Node\Evernote]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hewlett-Packard]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Internet Download Manager]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Kingsoft]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Qualcomm Atheros]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\RocketLife]
[HKLM\Software\WOW6432Node\SRS Labs]
[HKLM\Software\WOW6432Node\SuppHelpDir]
[HKLM\Software\WOW6432Node\TeamViewer]
[HKLM\Software\WOW6432Node\Visan]
[HKLM\Software\WOW6432Node\WBFS Manager 3.0]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


---------- | C:

[30/10/2015 09:24:24] - |SHD| - [387] - C:\$Recycle.Bin
[24/03/2016 21:39:46] - |SHD| - [18470380] - C:\Boot
[MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 10:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 10:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[MD5.0B536E322F6255E925E5F689B89623A5] - [19/09/2016 15:28:57] - |AH| - (.-.) - [10771] - (0.0.0.0) - C:\devlist.txt
[21/01/2017 00:58:46] - |SHD| - [0] - C:\Documents and Settings
[19/09/2016 21:44:55] - |D| - [1727159406] - C:\eSupport
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/09/2016 13:52:58] - |ASH| - (.-.) - [1678618624] - (0.0.0.0) - C:\hiberfil.sys
[19/09/2016 14:01:40] - |HD| - [124815] - C:\Intel
[15/05/2017 05:12:43] - |HD| - [0] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/09/2016 13:46:50] - |ASH| - (.-.) - [3892314112] - (0.0.0.0) - C:\pagefile.sys
[16/07/2016 13:47:47] - |D| - [0] - C:\PerfLogs
[16/07/2016 08:04:24] - |RD| - [6228712597] - C:\Program Files
[16/07/2016 08:04:24] - |RD| - [2637618761] - C:\Program Files (x86)
[16/07/2016 13:47:48] - |HD| - [1306428704] - C:\ProgramData
[19/05/2017 03:47:26] - |D| - [262051] - C:\QuickDiag
[MD5.E2329499171420B939DEE589F011ADFD] - [19/05/2017 03:47:44] - |A| - (.-.) - [123802] - (0.0.0.0) - C:\QuickDiag.txt
[24/03/2016 13:42:12] - |SHD| - [4022782728] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [19/09/2016 13:46:51] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[19/09/2016 21:16:54] - |SHD| - [0] - C:\System Volume Information
[16/07/2016 08:04:24] - |RD| - [170753448204] - C:\Users
[16/07/2016 08:04:24] - |D| - [20496173168] - C:\Windows

---------- | C:\WINDOWS

[16/07/2016 13:47:48] - |D| - [802] - C:\WINDOWS\addins
[16/07/2016 13:47:48] - |D| - [15077699] - C:\WINDOWS\appcompat
[16/07/2016 13:47:48] - |D| - [12472678] - C:\WINDOWS\AppPatch
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
[MD5.520DFAB22529C8E94EF2C2B3861F6707] - [06/06/2016 04:48:37] - |A| - (.-.) - [23] - (0.0.0.0) - C:\WINDOWS\AsDCDVer.txt
[MD5.57E0740BDEBEEF217C54D13555DCAC60] - [24/03/2016 21:33:36] - |A| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\AsHDIVer.txt
[MD5.AE9562CB08BF777E7A40082AF944DEBF] - [17/02/2016 08:54:57] - |A| - (.-.) - [80] - (0.0.0.0) - C:\WINDOWS\ASOFSVer.txt
[MD5.410C0F4B8FD2594365D1311257C99C1C] - [19/09/2016 21:46:09] - |A| - (.-.) - [96] - (0.0.0.0) - C:\WINDOWS\AsPEToolVer.txt
[16/07/2016 13:47:47] - |RD| - [1007586227] - C:\WINDOWS\assembly
[MD5.467E7BA4A4ECB38F6046BDC6699DB24E] - [19/09/2016 21:46:09] - |A| - (.-.) - [55] - (0.0.0.0) - C:\WINDOWS\AsToolCDVer.txt
[24/03/2016 21:33:36] - |AD| - [366909075] - C:\WINDOWS\ASUS
[MD5.12EBDA58437CD1EA7066FCB6455241D2] - [26/01/2017 21:25:18] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr
[16/07/2016 13:47:48] - |D| - [325008] - C:\WINDOWS\bcastdvr
[MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 13:42:16] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
[16/07/2016 13:47:48] - |D| - [38115947] - C:\WINDOWS\Boot
[MD5.43A69B78763097037697F4751F55DE3F] - [21/11/2016 08:27:43] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[16/07/2016 13:47:48] - |D| - [3715608] - C:\WINDOWS\Branding
[16/07/2016 13:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [21/11/2016 08:20:43] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\Core.xml
[MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 20:19:51] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml
[MD5.F7C6DE1B6A6C7B1A36E0615B4BF980CC] - [24/03/2016 13:51:53] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt
[16/07/2016 13:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors
[16/07/2016 13:47:48] - |D| - [10011410] - C:\WINDOWS\debug
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [21/01/2017 00:56:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[16/07/2016 13:47:48] - |D| - [4543876] - C:\WINDOWS\diagnostics
[MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [21/01/2017 00:56:10] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[21/11/2016 07:55:24] - |D| - [0] - C:\WINDOWS\DigitalLocker
[16/07/2016 13:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.163244DB517D466A45AC22523F2C6AEC] - [06/06/2016 04:42:24] - |A| - (.-.) - [4783] - (0.0.0.0) - C:\WINDOWS\DriverCD_Template.txt
[16/07/2016 13:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP
[21/11/2016 07:55:24] - |D| - [0] - C:\WINDOWS\en-US
[MD5.679D17F8CDB938C7100D7A647953677E] - [12/05/2017 01:09:15] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [4674360] - (10.0.14393.1198) - C:\WINDOWS\explorer.exe
[MD5.E1FD9DE48AF5D7652AA31BBE914F54B8] - [26/02/2009 08:50:32] - |A| - (.-.) - [176] - (0.0.0.0) - C:\WINDOWS\explorer.exe.config
[16/07/2016 13:47:48] - |RSD| - [374918632] - C:\WINDOWS\Fonts
[21/11/2016 07:55:24] - |D| - [122368] - C:\WINDOWS\fr-FR
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[16/07/2016 13:47:48] - |D| - [20737866] - C:\WINDOWS\Globalization
[16/07/2016 13:47:48] - |D| - [1562659] - C:\WINDOWS\Help
[MD5.DD3887563D64E631168B8C107C61A1EC] - [12/04/2017 01:00:56] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [975872] - (10.0.14393.1066) - C:\WINDOWS\HelpPane.exe
[MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 13:42:21] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
[16/07/2016 13:47:48] - |D| - [173189928] - C:\WINDOWS\IME
[16/07/2016 13:47:48] - |RD| - [6842480] - C:\WINDOWS\ImmersiveControlPanel
[16/07/2016 13:45:54] - |D| - [60034149] - C:\WINDOWS\INF
[16/07/2016 13:47:48] - |D| - [1350942809] - C:\WINDOWS\InfusedApps
[16/07/2016 13:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
[16/07/2016 13:47:48] - |SHD| - [235453036] - C:\WINDOWS\Installer
[16/07/2016 13:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\LiveKernelReports
[24/03/2016 20:38:57] - |D| - [122083305] - C:\WINDOWS\Log
[16/07/2016 08:04:29] - |D| - [50067220] - C:\WINDOWS\Logs
[16/07/2016 13:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 13:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[16/07/2016 13:47:47] - |RD| - [785950344] - C:\WINDOWS\Microsoft.NET
[16/07/2016 13:47:48] - |D| - [2563] - C:\WINDOWS\Migration
[03/03/2017 13:20:41] - |D| - [0] - C:\WINDOWS\Minidump
[16/07/2016 13:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 13:43:51] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
[21/11/2016 08:02:58] - |D| - [199472] - C:\WINDOWS\OCR
[16/07/2016 13:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[19/09/2016 14:11:52] - |D| - [0] - C:\WINDOWS\Options
[21/01/2017 00:05:04] - |DC| - [190091544] - C:\WINDOWS\Panther
[16/07/2016 13:47:48] - |D| - [29320446] - C:\WINDOWS\Performance
[MD5.F7E1F3A357284F3E092B4909C136858B] - [14/05/2017 20:30:49] - |A| - (.-.) - [726] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[16/07/2016 13:47:48] - |D| - [1136442] - C:\WINDOWS\PLA
[16/07/2016 13:47:48] - |D| - [2653354] - C:\WINDOWS\PolicyDefinitions
[21/01/2017 00:08:05] - |D| - [24173793] - C:\WINDOWS\Prefetch
[16/07/2016 13:47:48] - |RD| - [2037042] - C:\WINDOWS\PrintDialog
[16/07/2016 13:47:48] - |D| - [1423310] - C:\WINDOWS\Provisioning
[MD5.BF5D30514FEA913E25CCC9E546257088] - [16/03/2017 21:19:45] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [320512] - (10.0.14393.953) - C:\WINDOWS\regedit.exe
[16/07/2016 13:47:48] - |D| - [1095144] - C:\WINDOWS\Registration
[16/07/2016 13:47:48] - |D| - [10979890] - C:\WINDOWS\rescache
[16/07/2016 13:47:48] - |D| - [3847938] - C:\WINDOWS\Resources
[MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [19/09/2016 14:09:02] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\SchCache
[16/07/2016 13:47:48] - |D| - [121229] - C:\WINDOWS\schemas
[16/07/2016 13:47:48] - |D| - [8855552] - C:\WINDOWS\security
[20/11/2016 23:27:10] - |D| - [46491685] - C:\WINDOWS\ServiceProfiles
[16/07/2016 08:04:24] - |D| - [227349609] - C:\WINDOWS\servicing
[16/07/2016 13:49:46] - |D| - [42] - C:\WINDOWS\Setup
[16/07/2016 13:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences
[21/11/2016 08:02:37] - |D| - [3070736] - C:\WINDOWS\SKB
[19/09/2016 13:48:47] - |D| - [1169651550] - C:\WINDOWS\SoftwareDistribution
[16/07/2016 13:47:48] - |D| - [86037697] - C:\WINDOWS\Speech
[16/07/2016 13:47:48] - |D| - [53541356] - C:\WINDOWS\Speech_OneCore
[MD5.BCDB205132974EC3AB6F5C01DD93489B] - [21/11/2016 08:01:54] - |A| - (.Â© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
[16/07/2016 13:47:48] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 09:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[16/07/2016 08:04:24] - |D| - [5279020455] - C:\WINDOWS\System32
[16/07/2016 13:47:48] - |D| - [144079234] - C:\WINDOWS\SystemApps
[16/07/2016 13:47:48] - |D| - [17560957] - C:\WINDOWS\SystemResources
[16/07/2016 08:04:27] - |D| - [1382593906] - C:\WINDOWS\SysWOW64
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\TAPI
[30/10/2015 09:24:25] - |D| - [3302] - C:\WINDOWS\Tasks
[16/07/2016 13:47:48] - |D| - [3137982] - C:\WINDOWS\Temp
[16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\tracing
[16/07/2016 13:47:48] - |D| - [31883872] - C:\WINDOWS\twain_32
[MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 13:43:52] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[16/07/2016 13:47:48] - |D| - [12420] - C:\WINDOWS\Vss
[16/07/2016 13:47:48] - |D| - [15729830] - C:\WINDOWS\Web
[MD5.60CDAF0811BF825164C0E246F4F5620D] - [30/10/2015 09:24:29] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 13:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [14/05/2017 18:47:39] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 13:42:48] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
[16/07/2016 08:04:24] - |D| - [7013132864] - C:\WINDOWS\WinSxS
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 13:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 13:42:39] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[17/11/2015 09:55:46] - C:\WINDOWS\Installer\1087a.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/05/2017 18:54:50] - C:\WINDOWS\Installer\1091f4.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/08/2015 14:52:50] - C:\WINDOWS\Installer\11309.msi : (Intel(R) Trusted Execution Engine Driver - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/08/2015 14:52:50] - C:\WINDOWS\Installer\1130d.msi : (Intel(R) Trusted Execution Engine - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/05/2015 20:27:50] - C:\WINDOWS\Installer\11311.msi : (IntelÂ® Security Assist - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/01/2016 07:54:47] - C:\WINDOWS\Installer\135944.msi : (Device Setup - ASUSTek Computer Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/03/2016 14:04:44] - C:\WINDOWS\Installer\13594a.msi : (Foxit PhantomPDF - Foxit Software Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[24/03/2016 14:05:36] - C:\WINDOWS\Installer\135950.msi : (Evernote v. 5.9.1 - Evernote Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2016 14:25:16] - C:\WINDOWS\Installer\13ae4.msi : (AudioWizard - ICEpower a/s)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/05/2015 07:20:24] - C:\WINDOWS\Installer\14573.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/03/2017 05:17:46] - C:\WINDOWS\Installer\1a260423.msi : (Dropbox 25 GB - Dropbox, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/11/2016 18:34:34] - C:\WINDOWS\Installer\1e11e2.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2015 14:51:48] - C:\WINDOWS\Installer\1eb96.msi : (Intel(R) Chipset Device Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/08/2016 11:39:54] - C:\WINDOWS\Installer\1f04c1.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/04/2015 12:03:19] - C:\WINDOWS\Installer\382e57.msi : (HP DeskJet 3630 series Basic Device Software - Hewlett-Packard Co.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/04/2015 12:08:14] - C:\WINDOWS\Installer\382e5c.msi : (Product Improvement Study for HP DeskJet 3630 series - Hewlett-Packard Co.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/08/2014 08:42:24] - C:\WINDOWS\Installer\382e60.msi : (HP Update - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[07/11/2014 03:55:36] - C:\WINDOWS\Installer\382e65.msi : (HP DeskJet 3630 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/09/2016 14:14:24] - C:\WINDOWS\Installer\6f6ca.msi : (Blank Project Template - InstallShield)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/01/2016 06:25:50] - C:\WINDOWS\Installer\6f6ce.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/12/2015 12:08:52] - C:\WINDOWS\Installer\de2e.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/06/2015 11:26:24] - C:\WINDOWS\Installer\ecd4.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/11/2016 18:34:34] - C:\WINDOWS\Installer\f300f.msi : ( - ASUS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[19/09/2016 14:11:52] - [428294] - C:\WINDOWS\System32\athw10x.inf
[16/07/2016 13:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[21/11/2016 08:37:13] - [2459846] - C:\WINDOWS\System32\PerfStringBackup.INI
[16/07/2016 13:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[16/07/2016 13:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[16/07/2016 13:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[16/07/2016 13:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 13:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.8BE31B88D8523648580AFAFB92B78A30] - |A| - [16/03/2017 21:20:48] - (.-.) - [540.84 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [15/05/2017 03:51:13] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\asw-d400e833-8899-4774-b44d-65076b70110d.tmp
[MD5.00000000000000000000000000000000] - |D| - [26/01/2017 21:28:24] - [315.27 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 18:47:01] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [21/01/2017 00:40:38] - [501.38 Ko] - C:\WINDOWS\Temp\DPTF
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [18/05/2017 04:04:55] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GeoInfo.tmp
[MD5.6028FFD05396D33D5ECD74392A398561] - |A| - [14/05/2017 00:51:00] - (.-.) - [127.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0051.log
[MD5.0D54AA78D6700C77227512A9E0363992] - |A| - [14/05/2017 01:06:36] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0106.log
[MD5.EECCE1DA166EF3E92761A766C5240B81] - |A| - [14/05/2017 01:36:33] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0136.log
[MD5.83FF74FA13CF5E41A0DC789DD87F1BA4] - |A| - [14/05/2017 02:06:33] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0206.log
[MD5.96FB75F9A57379527863A14BF64A78B9] - |A| - [14/05/2017 02:42:50] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0242.log
[MD5.B19CFCCF44F03D06F2099808AAC5A7EC] - |A| - [14/05/2017 02:58:46] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0258.log
[MD5.07780B362EE80BE6FE00CD0CD5CBED2A] - |A| - [14/05/2017 03:01:46] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0301.log
[MD5.27F219B37A51D2AD89ED842DF8BAA964] - |A| - [14/05/2017 03:44:09] - (.-.) - [193.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0344.log
[MD5.70DCCC1D9F56CEB443F9F5A9C9182941] - |A| - [14/05/2017 03:48:12] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0348.log
[MD5.78095A58F3C9B521FEC80AE94ADDB100] - |A| - [14/05/2017 03:49:03] - (.-.) - [20.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0349.log
[MD5.39800FF437A355AC57B219B94A01C0E1] - |A| - [14/05/2017 04:02:02] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0402.log
[MD5.34E6BE029FBDDF6AF624765F3B20A18C] - |A| - [14/05/2017 04:32:02] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-0432.log
[MD5.8A5F815B54DF261F2B07B7A1EC7B537D] - |A| - [14/05/2017 14:51:00] - (.-.) - [6.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-1451.log
[MD5.ADE8409CEA2E6B3120404B989E6D7710] - |A| - [14/05/2017 18:42:32] - (.-.) - [88.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-1842.log
[MD5.A6916CB2D0A27F65B17407563F323C12] - |A| - [14/05/2017 19:00:14] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-1900.log
[MD5.BC405A7A2D694C08E535C5C0635D58FF] - |A| - [14/05/2017 19:30:09] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-1930.log
[MD5.03B92E94246FE8E64AEBE34DB0CA30AF] - |A| - [14/05/2017 20:30:57] - (.-.) - [11.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2030.log
[MD5.DF593A5F3E044FB23C9131C079466951] - |A| - [14/05/2017 20:48:03] - (.-.) - [1.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2048.log
[MD5.45E221449F15387CA86F1E323354008D] - |A| - [14/05/2017 20:49:24] - (.-.) - [49.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2049.log
[MD5.19700F01A085FA869988197262E77043] - |A| - [14/05/2017 21:04:58] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2104.log
[MD5.ADC8E4649A01D30A9EEE5FB5D2AAEBDF] - |A| - [14/05/2017 21:26:34] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2126.log
[MD5.CE865493261686242405803EA221D752] - |A| - [14/05/2017 21:36:31] - (.-.) - [49.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2136.log
[MD5.7BCE4909CA13880AED62A25FA3CB3FC4] - |A| - [14/05/2017 21:51:59] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2151.log
[MD5.25243DFE279292C1DD9E6D7071789E8C] - |A| - [14/05/2017 22:51:27] - (.-.) - [131.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2251.log
[MD5.9B23B6A8806C8DB99EC42737F23757B6] - |A| - [14/05/2017 23:06:53] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2306.log
[MD5.8E41629387962A84AF9F9C33CF1ED99B] - |A| - [14/05/2017 23:36:52] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170514-2336.log
[MD5.AF94EBD67BF274F9B34F836DC741DEBD] - |A| - [15/05/2017 00:06:53] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0006.log
[MD5.5027072A513C29493FFCC423EA2375A5] - |A| - [15/05/2017 00:08:47] - (.-.) - [10.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0008.log
[MD5.4174C061E8A113AB6C4CC249FA93EFD6] - |A| - [15/05/2017 00:22:26] - (.-.) - [49.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0022.log
[MD5.B4625492FCB2274F1E307C6805D4B70B] - |A| - [15/05/2017 00:38:01] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0038.log
[MD5.B89ED534294202B649F2ABA9184A6BDA] - |A| - [15/05/2017 01:06:24] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0106.log
[MD5.8E6F1184003F6144FDDA7363634C1899] - |A| - [15/05/2017 01:21:51] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0121.log
[MD5.6FD4FDD4C0FF85185EB47E425DED61A2] - |A| - [15/05/2017 01:58:49] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0158.log
[MD5.06C081A8B52468D3F28363BB0253B6FF] - |A| - [15/05/2017 02:20:21] - (.-.) - [147.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0220.log
[MD5.819C91EB28A9BE97BDE4455349FDEFB7] - |A| - [15/05/2017 02:35:49] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0235.log
[MD5.826714CB9B26C72D751B90ED552DC741] - |A| - [15/05/2017 03:05:47] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0305.log
[MD5.E2A1DEE9D62EC76EF2BF4882AF2385D0] - |A| - [15/05/2017 03:51:43] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0351.log
[MD5.962BDE8EAB592B072754192D56434FF7] - |A| - [15/05/2017 05:10:40] - (.-.) - [127.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0510.log
[MD5.5402258234A6954064325E2954519118] - |A| - [15/05/2017 05:15:40] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0515.log
[MD5.38F5F2BF2E59863C737304BC0FF20040] - |A| - [15/05/2017 05:26:56] - (.-.) - [4.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-0526.log
[MD5.6BD47FDBD53F2955DBBE204551832ED4] - |A| - [15/05/2017 14:11:23] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1411.log
[MD5.4E502444C7FBA6337B7753BE8D7C0872] - |A| - [15/05/2017 15:43:42] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1543.log
[MD5.76E4F50089F953107EB8300B186F4CD1] - |A| - [15/05/2017 15:48:40] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1548.log
[MD5.ACDBAEBEDA0A5E37BD9292070EE99C45] - |A| - [15/05/2017 15:58:57] - (.-.) - [9.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1558.log
[MD5.55473EFDF6BF37ABB4F2BC049AAECA15] - |A| - [15/05/2017 16:40:43] - (.-.) - [49.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1640.log
[MD5.FD95BC3E121F6434A961CF49926ADA4F] - |A| - [15/05/2017 16:56:12] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1656.log
[MD5.0CC8811763CB0A01F0E7B0EE312F8DF5] - |A| - [15/05/2017 16:59:39] - (.-.) - [49.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1659.log
[MD5.94C002332D45B640736A59B6F738266C] - |A| - [15/05/2017 17:15:10] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-1715.log
[MD5.DB9759C2A205C485E9FB408235F23146] - |A| - [15/05/2017 20:37:43] - (.-.) - [159.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2037.log
[MD5.393EDB08EE80E985A2CD9D9626C920DF] - |A| - [15/05/2017 20:56:41] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2056.log
[MD5.B4F8562C9C6EB750629EC669F055C607] - |A| - [15/05/2017 21:26:40] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2126.log
[MD5.0A10776C7338C06954D74C401EE2F0CC] - |A| - [15/05/2017 21:56:40] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2156.log
[MD5.F8BC869313CFB4FF81CFFB5CF9586A2E] - |A| - [15/05/2017 21:57:23] - (.-.) - [84.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2157.log
[MD5.5CA70D81C9704A9525BF48E95837F639] - |A| - [15/05/2017 22:57:49] - (.-.) - [35.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2257.log
[MD5.048177A6164CC17EB4D4998F8F83B501] - |A| - [15/05/2017 22:57:56] - (.-.) - [49.84 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2257a.log
[MD5.8EE1CBE8F58C34AB06464D9588AC8F64] - |A| - [15/05/2017 22:58:41] - (.-.) - [157.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2258.log
[MD5.B6932D2900E17E6D77435B27EA2DE5AE] - |A| - [15/05/2017 23:00:13] - (.-.) - [9.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2300.log
[MD5.1C474BB484D29024BF526574542554BA] - |A| - [15/05/2017 23:00:28] - (.-.) - [23.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170515-2300a.log
[MD5.83710D3B188B1204AA618D73749DE061] - |A| - [16/05/2017 02:06:54] - (.-.) - [107.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-0206.log
[MD5.A6AF7A087F9D6061F3445B75CC5EC2BF] - |A| - [16/05/2017 02:22:33] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-0222.log
[MD5.7475C54BCCA03C759ECC41CD19389E72] - |A| - [16/05/2017 02:23:10] - (.-.) - [52.38 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-0223.log
[MD5.259543BF8F1D12B66E336714A685D329] - |A| - [16/05/2017 02:52:31] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-0252.log
[MD5.33272FCE45D6CF7C56BDC8EDF4EEA948] - |A| - [16/05/2017 23:12:08] - (.-.) - [130.77 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-2312.log
[MD5.64D3828B26BC7349D5CE48DBFBA10DC6] - |A| - [16/05/2017 23:15:28] - (.-.) - [6.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-2315.log
[MD5.90A7FFCF21C65C24C13FEDCEC3516C73] - |A| - [16/05/2017 23:15:28] - (.-.) - [4.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-2315a.log
[MD5.F2337AE9829CD3102952B6E13F27A4CF] - |A| - [16/05/2017 23:28:30] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-2328.log
[MD5.C4914CC5F18AF35D911C59E35C2711B1] - |A| - [16/05/2017 23:58:29] - (.-.) - [4.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170516-2358.log
[MD5.F839DDAA9B16153755E517AE9BEABD94] - |A| - [17/05/2017 23:09:32] - (.-.) - [1.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170517-2309.log
[MD5.1D148BD03B4BFD06FAA674CDDE125298] - |A| - [17/05/2017 23:15:44] - (.-.) - [6.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170517-2315.log
[MD5.585740B41ABE8C1271528C9324F5B30F] - |A| - [18/05/2017 09:57:06] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170518-0957.log
[MD5.DC576E34CDF64BEB9E2D2A20A9B4B394] - |A| - [18/05/2017 23:09:31] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170518-2309.log
[MD5.F350693354DB59539762FC725E9C3E9E] - |A| - [18/05/2017 23:15:04] - (.-.) - [2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\GGCP-20170518-2315.log
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 18:42:48] - [6.32 Ko] - C:\WINDOWS\Temp\HP
[MD5.BBE04935C4841615C6AAF37EC0BF061B] - |A| - [14/05/2017 00:50:59] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-005059-0.log
[MD5.AF0D33D880396CF5CACB868216A91BEE] - |A| - [14/05/2017 02:42:47] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-024247-0.log
[MD5.70B210C308F3BF1D501A9CDDB518EDCF] - |A| - [14/05/2017 02:58:50] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-025847-0.log
[MD5.9F060D6A3CD9BFA4D8F7ABD854224EA0] - |A| - [14/05/2017 03:01:45] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-030145-0.log
[MD5.560F9B5E7C0294C238F7131CF1494901] - |A| - [14/05/2017 03:44:10] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-034410-0.log
[MD5.55746C8749C573C6409747CEC1E54EBA] - |A| - [14/05/2017 18:42:30] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-184230-0.log
[MD5.E54CE52660CB009B4FD813A4742AD1F1] - |A| - [14/05/2017 20:30:55] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-203055-0.log
[MD5.367580F2DF8C09FCC71987A002B29AE8] - |A| - [14/05/2017 20:49:20] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-204920-0.log
[MD5.878D1A2B04CDDD83BDFDD38E2E79DFBB] - |A| - [14/05/2017 21:26:31] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-212631-0.log
[MD5.AD724396949461FB33C32608C1BA73FB] - |A| - [14/05/2017 21:36:28] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-213628-0.log
[MD5.86D2A48108ABCF8B55ACDF6935AFED46] - |A| - [14/05/2017 22:51:24] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170514-225124-0.log
[MD5.D622BDAD5F4BEF144B8EAD1142F98383] - |A| - [15/05/2017 00:08:42] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-000842-0.log
[MD5.3036589356454CF14EFEA0AF6052A596] - |A| - [15/05/2017 00:22:23] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-002223-0.log
[MD5.E2089A1BAE2FBFE205B8F918B677CDEB] - |A| - [15/05/2017 01:06:20] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-010620-0.log
[MD5.619251D3CB8AA0057CDEED4962A6799A] - |A| - [15/05/2017 01:21:49] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-012149-0.log
[MD5.24DC75B947F20DF9CFC9CF9A35D59377] - |A| - [15/05/2017 01:58:45] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-015845-0.log
[MD5.F7168FB84993E07BC86F3532E2FEC28B] - |A| - [15/05/2017 02:20:15] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-022015-0.log
[MD5.899227C29251808EEA9E73F69CA7AB6C] - |A| - [15/05/2017 05:10:37] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-051037-0.log
[MD5.114213DE9B4125041F0BDEBA49705A6D] - |A| - [15/05/2017 15:43:39] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-154339-0.log
[MD5.3ABA658CAF849C82B0109DC8CE22F3E7] - |A| - [15/05/2017 15:48:37] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-154837-0.log
[MD5.CD177F4D5D4D3DF7492E4A6CC4DF2F6F] - |A| - [15/05/2017 15:58:51] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-155851-0.log
[MD5.BD5C745813D4EAB5B4B13AFC4337B351] - |A| - [15/05/2017 16:40:40] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-164040-0.log
[MD5.E8B763041A3F72163479C2696C988909] - |A| - [15/05/2017 16:59:35] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-165935-0.log
[MD5.BA05250E8B6F7B5369FC78C3CE915E53] - |A| - [15/05/2017 20:37:41] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-203741-0.log
[MD5.EBE0DE3200C4A67C8FD16E045B1AB144] - |A| - [15/05/2017 22:57:47] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170515-225747-0.log
[MD5.C73FF4C3B3BF8AEB1547B0A98ABC344C] - |A| - [16/05/2017 02:06:51] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170516-020651-0.log
[MD5.85853E439331B361467680FB58557C12] - |A| - [16/05/2017 23:12:05] - (.-.) - [2.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\lpksetup-20170516-231205-0.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 00:51:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705140051009F0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 02:42:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514024253A20).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 02:58:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705140258479BC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 03:01:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705140301469CC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 03:44:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201705140344109A8).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 18:42:32] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514184232A7C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 20:49:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514204924B90).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 21:26:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514212635A64).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 21:36:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514213633B4C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 22:51:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170514225128A98).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 00:08:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515000847AD4).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 00:22:27] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515002227AD0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:06:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515010625B6C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:21:53] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515012153A70).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:58:49] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515015849A80).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 02:20:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515022021AB8).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 05:10:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515051041A7C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:43:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515154343A94).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:48:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515154841ACC).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:58:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515155857B24).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 16:40:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515164044AB0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 16:59:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515165940A9C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 20:37:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170515203745A98).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 22:58:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2017051522584113E8).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/05/2017 02:06:58] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170516020658B30).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/05/2017 23:12:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170516231211A80).log
[MD5.00000000000000000000000000000000] - |D| - [18/05/2017 00:11:28] - [0 Ko] - C:\WINDOWS\Temp\SDIAG_77728aea-5489-438a-a1f6-c1166fbca854
[MD5.00000000000000000000000000000000] - |D| - [26/01/2017 21:27:44] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 02:42:50] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{08919AC8-B51D-4191-B6DE-223390876731} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 05:10:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{17436D54-181A-4080-930F-941AB09AF434} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 20:37:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{1E6FFA76-017A-4874-8331-5EA7E8F99AA2} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/05/2017 23:12:08] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{25E3AAB5-F8D2-47B0-9E07-B469D489EAA0} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 03:01:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{33E90A69-A913-433F-99E5-5FF1B9474377} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 00:08:47] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{4EBE6530-95CD-43A9-9FED-BC6C3D8CCE4F} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 03:44:09] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{573B7AE9-BC9C-4344-9C00-FB6D83C44967} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:48:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{5939AA3C-8815-40B9-8C1D-29CE524B2CE9} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 21:36:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{5FDFBBC3-C497-4A28-9CE6-0EBAB09DCD94} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 22:51:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{6832A99F-60B4-43CE-852F-B0F061EF8075} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:06:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{685E5170-349C-40C4-A565-B1F19B5B8CEA} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 00:51:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{7090EB18-5081-4352-A10A-9429809773B7} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 20:48:02] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{74670A72-61E6-4A08-8FF5-6D4D96117E28} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 00:22:26] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{78DDB376-E0BF-476A-B965-C71D39FC06A0} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 21:26:33] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{A3491FD5-3193-486C-B79F-F4976CE77A26} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:58:48] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{ACABB84F-38ED-474A-A17B-4013A7744FA4} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 02:58:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{B06EB40D-4D35-490C-838E-3655F4A5C756} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 02:20:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{B26F99B8-9BE1-46C0-BA06-DB4367F8DA06} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [16/05/2017 02:06:54] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{BFA1557B-4FF2-4FFE-8B1C-B9A84FCECE8D} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 22:58:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{D7C32B06-5071-43D8-B897-5EFD515175E8} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 01:21:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{DAE6D112-AABB-4D39-811B-2AEF61D2F539} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 20:49:24] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{F02578BA-C7EB-4E9C-9F79-527FD55167C6} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:43:42] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{F03F7710-6330-41AA-A258-EC3E2AFC91DE} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/05/2017 18:42:31] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{F240EDE2-C980-4472-892E-86412A9F3DBD} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 16:59:38] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{FA0CE35E-EA5D-4387-9C73-0B9E0579A214} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 16:40:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{FC1B0319-8388-4B48-989B-CA4F10BF01C2} - OProcSessId.dat
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/05/2017 15:58:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\{FC20693E-E699-4FF2-9B68-FB4F81B6050B} - OProcSessId.dat
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:25] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 13:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 13:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 13:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 13:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 13:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 13:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 13:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 13:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.91FB6C2DEE1F0D49C3C6AA412148382F] - |A| - [19/09/2016 14:09:09] - (.-.) - [115.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AcpiServiceVnA64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.1E53DBCFBA49AB327BF00CC7E0759B6C] - |A| - [16/03/2017 21:22:57] - (.-.) - [437.78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [2478.42 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.9C9E101EA088877B74CC6FA1CB96DC5A] - |A| - [14/11/2016 11:32:58] - (.-.) - [55.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ASGCoInstaller_x64.dll
[MD5.C7FB2578AD61DB530FF8169348EE9A30] - |A| - [10/05/2017 04:37:13] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [391.07 Ko] - (17.4.3482.0) - C:\WINDOWS\System32\aswBoot.exe
[MD5.6563ABDC7F8E285F845A34940054B01F] - |A| - [19/09/2016 14:11:52] - (.-.) - [92.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.cat
[MD5.C2226FF346710590801F50BED6D59236] - |A| - [19/09/2016 14:11:52] - (.-.) - [418.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\athw10x.inf
[MD5.6CCA54D9875198E34D47ACCF58BCED31] - |A| - [19/09/2016 14:11:52] - (.Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) - [4216.61 Ko] - (10.0.0.324) - C:\WINDOWS\System32\athw10x.sys
[MD5.473C2209AA40A7EF3B092F6BCACEAB21] - |A| - [19/09/2016 14:09:10] - (.-.) - [102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\audioLibVc.dll
[MD5.A85BB7E8294E4F4228CD4E55DEE041E0] - |A| - [19/09/2016 14:50:59] - (.-.) - [320 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AxeLog-000.etl
[MD5.00000000000000000000000000000000] - |D| - [20/01/2017 22:01:21] - [7.65 Ko] - C:\WINDOWS\System32\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [4474.05 Ko] - C:\WINDOWS\System32\Boot
[MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 13:42:12] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:24] - [93826.37 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [79708.28 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [2130.01 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [06/10/2016 20:41:12] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
[MD5.1202C941BF619C499870AE8DE673A647] - |A| - [19/09/2016 14:09:10] - (.2013 Â© Real Sound Lab SIA, iSoft Solutions - CONEQÂ Media Suite APO GUI Library.) - [119.46 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:24] - [397586.16 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 13:47:48] - [51.22 Ko] - C:\WINDOWS\System32\Configuration
[MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [06/10/2016 20:41:18] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [292.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.513A6B13A3ADB52C9E5BE4A30DAF269C] - |A| - [19/09/2016 14:09:10] - (.Â©Conexant Systems Inc. - Conexant APO.) - [1564.41 Ko] - (1.31.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [288.5 Ko] - C:\WINDOWS\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [21/01/2017 00:21:57] - [5274.66 Ko] - C:\WINDOWS\System32\DAX2
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
[MD5.796E820B411ADC44C3EB6D6BB75AAC6C] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [266.33 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPA64.dll
[MD5.57BC19D2B0EA89DDC1EB1BF8544C488B] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus API x86.) - [303.16 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPA64F3.dll
[MD5.F54D76A895D7D943A5CD043711D539E9] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1919.74 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPD64A.dll
[MD5.5B45D785A66D57EB6C51813EE2E67409] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus COM DLL x86.) - [1913.68 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPD64AF3.dll
[MD5.6DC5E11904E16B7D17F5D15C14B981BA] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [319.79 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPO64A.dll
[MD5.F9C0BB09ED4C27C13E3576F80B4BAF89] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby Digital Plus APO x86.) - [353.58 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPO64AF3.dll
[MD5.906B54B4CD3815015924F9AC2FE2BC30] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6929.88 Ko] - (7.6.5.1) - C:\WINDOWS\System32\DDPP64A.dll
[MD5.164B7F933FD1F01878BDA6C632557D31] - |A| - [19/09/2016 14:09:10] - (.Â©2014 Dolby Laboratories. - Dolby DS1PC Control Panel x86.) - [6117.81 Ko] - (7.6.7.2) - C:\WINDOWS\System32\DDPP64AF3.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [324.5 Ko] - C:\WINDOWS\System32\de-DE
[MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 13:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 13:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 13:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 13:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:27] - [7611.09 Ko] - C:\WINDOWS\System32\Dism
[MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [06/10/2016 20:41:20] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab
[MD5.87DBF36A1A5B7929D9F89D9A3E6887A9] - |A| - [19/09/2016 14:09:11] - (.Â© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO Property Page.) - [930.65 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOProp.dll
[MD5.816F2C01E2441730AECD508C3A4712EE] - |A| - [19/09/2016 14:09:11] - (.Â© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [2380.02 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOv201.dll
[MD5.9A342FAB78DEB37BEBF9C2063B8BAE0F] - |A| - [19/09/2016 14:09:11] - (.Â© 2015 Dolby Laboratories, Inc. - Dolby DAX2 APO.) - [5213.8 Ko] - (0.5.2.25) - C:\WINDOWS\System32\DolbyDAX2APOv211.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:27] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [06/10/2016 20:41:20] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [06/10/2016 20:41:20] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:24] - [116476.41 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:24] - [1422018.59 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [22/04/2017 21:07:03] - [393.57 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 13:47:48] - [158 Ko] - C:\WINDOWS\System32\dsc
[MD5.6FCA87F30D923D774A92B4AA2DA0F55D] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [726.53 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.6F4936AEEDF1ECA855C1FAADFD5979E5] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Boost COM DLL.) - [1473.57 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.62F503ED19CEE8F4BE9A4F53B054F17B] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [430.93 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.25947CD6D0295D95BC300A203B11CD24] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS GFX APO.) - [247.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.5D5E843B2F0EBAB0FEB00FE5BDFD0B5D] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS GFX APO.) - [246.95 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSGFXAPONS64.dll
[MD5.91BE5B931C0826F586FEF90A1668C3A7] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS LFX APO.) - [247.91 Ko] - (1.0.0.3) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.1448952A1608C3BF0B0597D723461EDF] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Limiter COM DLL.) - [434.97 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.F14619732ACE35B0BB774C9C6E57A9E8] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [492.49 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.5969DE4A3069003872C1F6F37FF06A23] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1553.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.6C075C3ED6E1B8609182FF9B583C9743] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1738.89 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.0037625E4ACB4EF30965BF3E5C233417] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Symmetry COM DLL.) - [710.39 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSSymmetryDLL64.dll
[MD5.1079CF6E29CFF7F1F1468C874C17B82D] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS GFX APO.) - [488.83 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PGFX64.dll
[MD5.87F6ED3A62B8C6410A673B4721ECE6AE] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS LFX APO.) - [502.47 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PLFX64.dll
[MD5.B36FA9F461628CB1B546E8BDE61BD566] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS LFX APO.) - [418.2 Ko] - (2.1.1.0) - C:\WINDOWS\System32\DTSU2PREC64.dll
[MD5.370F68FFB4085F1DC6EE396F9AB1071B] - |A| - [19/09/2016 14:09:11] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [691.72 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [320.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.C8D63C5866084080CCE5DB35FB58C883] - |A| - [21/01/2017 00:46:10] - (.-.) - [22.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:25] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [2196.1 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [313.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 13:47:48] - [25882.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [292.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [06/10/2016 20:41:20] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FilmModeDetection.wmv
[MD5.AD6884F7BE9C0E1715F4D0E589C00269] - |A| - [20/11/2016 23:27:01] - (.-.) - [326.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:25] - [3393.5 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [44137.75 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 13:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [06/10/2016 20:41:22] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [06/10/2016 20:41:22] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [21/01/2017 00:40:00] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [30/10/2015 09:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.288E1D8A3B6D74D201F4677339895805] - |A| - [19/09/2016 14:09:12] - (.Â© 2015 Dolby Laboratories, Inc. - Dolby DAX2 HiFi API.) - [360.65 Ko] - (0.6.0.37) - C:\WINDOWS\System32\HiFiDAX2API.dll
[MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 13:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.0D07EE407B051FF24E3899CB43FD9047] - |A| - [19/09/2016 14:09:12] - (.Copyright (c) 2015, ICEpower a/s - ICEpower ICEsound audio effects.) - [332.66 Ko] - (1.0.0.15) - C:\WINDOWS\System32\ICEsoundAPO64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [06/10/2016 20:41:44] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdclbif.bin
[MD5.B3979AF17AA452FACE505C8D328E8BF6] - |A| - [02/11/2016 00:06:02] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.67 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.5E4291111D0E2F1289ADE923FDB4DA01] - |A| - [02/11/2016 00:05:26] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.51 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.067259B4850748ACB595CE43471C7260] - |A| - [02/11/2016 00:06:02] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.67 Ko] - (5.0.0.1148) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.E925CB495C54CC0FD20F8F78A7FB0CD3] - |A| - [02/11/2016 00:05:26] - (.-.) - [267.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.1386B6E8656E831D311864E83901020C] - |A| - [02/11/2016 00:05:26] - (.-.) - [101.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.82AEB1D5D5D77C9063434710D37C132C] - |A| - [02/11/2016 00:05:26] - (.-.) - [82.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.CA1629EB57254EE55B4AF513526CAB3A] - |A| - [02/11/2016 00:05:26] - (.-.) - [93.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.851B28BA5D521C5F24BDAEFBD40AFAFD] - |A| - [02/11/2016 00:05:26] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.67B914A36AB9A8BE822F3C5203BD3085] - |A| - [02/11/2016 00:05:26] - (.-.) - [28.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.417515E302A043FF2249BBE2C6E5DE7A] - |A| - [02/11/2016 00:05:26] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.9C77F50D1972DDB9056022D99DB62946] - |A| - [02/11/2016 00:05:26] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.3E406C3DC3DFB8E489489199342FEB88] - |A| - [02/11/2016 00:05:26] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.1BA2F014C584936A3E3D72BA5EE65436] - |A| - [02/11/2016 00:05:26] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.9CA15001F1E70BD41BB8259F1700E23A] - |A| - [02/11/2016 00:05:26] - (.-.) - [1002.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxSDK.exe
[MD5.B68BFB194AD81A98B74588A28BC71806] - |A| - [02/11/2016 00:05:26] - (.-.) - [98.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLib.dll
[MD5.240CF5B8950715986A71F13B3C83CE80] - |A| - [02/11/2016 00:05:26] - (.-.) - [109.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxSDKLibv2_0.dll
[MD5.F3E1B4D249B9E2E820870A3C1ED82AC8] - |A| - [02/11/2016 00:05:26] - (.-.) - [392.48 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [06/10/2016 20:42:04] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [06/10/2016 20:42:04] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [06/10/2016 20:42:04] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [06/10/2016 20:42:04] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [06/10/2016 20:42:04] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [06/10/2016 20:42:04] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [06/10/2016 20:42:04] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [06/10/2016 20:42:04] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.F7C2DA680EB3B871077221B80E100A98] - |A| - [06/10/2016 20:42:04] - (.-.) - [5.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64lp.vp
[MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 13:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [06/10/2016 20:42:06] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [25924.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [4803 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.0FBCAA4ECCD17513E4D3BFF3C86DF62E] - |A| - [02/11/2016 00:05:26] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.98 Ko] - (1.0.0.1) - C:\WINDOWS\System32\IntelCpHDCPSvc.exe
[MD5.70C5F319699E6AF1C71F93429AA97768] - |A| - [02/11/2016 00:05:26] - (.Copyright Â© The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.51 Ko] - (2.0.2.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 13:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [318.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [231.5 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.5503F60CA95A39152DE88FE5E8126CC8] - |A| - [19/09/2016 14:09:13] - (.Â© Knowles Electronics. - Knowles HD Audio APO.) - [603.7 Ko] - (4.1105.6000.53) - C:\WINDOWS\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [229 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 13:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [15780 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [57630.09 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.E234087E2636672A8586257029A04CE8] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [322.82 Ko] - (2.2.9.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.BCD4B2494733C53B0DF00167B1EDC697] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [662.3 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxAudioAPO30.dll
[MD5.690D748BE12B1D5FFC2FDF7A1AFDCA67] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1137.05 Ko] - (4.5.8.0) - C:\WINDOWS\System32\MaxxAudioAPO4064.dll
[MD5.624F9D23D9651D60404AEE76EE1EEEC1] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1183.43 Ko] - (5.6.5.0) - C:\WINDOWS\System32\MaxxAudioAPO5064.dll
[MD5.452AE81745480EF8437A5126BFFFC79A] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [1387.8 Ko] - (6.1.17.0) - C:\WINDOWS\System32\MaxxAudioAPO6064.dll
[MD5.1233E896DDBD86463E649F203CF2EB2D] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [2757.11 Ko] - (7.0.10.0) - C:\WINDOWS\System32\MaxxAudioAPO7064.dll
[MD5.CC92AEDC5B41B841ECEA10BFD580D305] - |A| - [19/09/2016 14:09:13] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [909.79 Ko] - (4.10.8.0) - C:\WINDOWS\System32\MaxxAudioAPOShell64.dll
[MD5.DAA6D28DA644CE03350274BF23608156] - |A| - [19/09/2016 14:09:13] - (.Copyright Â© 1996-2014 -.) - [2002.13 Ko] - (4.1.1.0) - C:\WINDOWS\System32\MaxxAudioEQ64.dll
[MD5.F6B22F338D266F134C9EDB7825210675] - |A| - [19/09/2016 14:09:13] - (.Copyright ÃÂ© 1996-2013 -.) - [13727.79 Ko] - (4.4.10.0) - C:\WINDOWS\System32\MaxxAudioRealtek64.dll
[MD5.C8B5E60F56B45449EAE56F9F1E9AA5A2] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxSpeech APO.) - [1291.66 Ko] - (1.1.4.0) - C:\WINDOWS\System32\MaxxSpeechAPO64.dll
[MD5.543FCA65D6F6ED03015131EB28AECC89] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxVoice APO.) - [974.64 Ko] - (2.6.2.0) - C:\WINDOWS\System32\MaxxVoiceAPO2064.dll
[MD5.E7550C189C5E6BDA7D262968E81939E0] - |A| - [19/09/2016 14:09:13] - (.Â© Waves Audio Ltd. - MaxxVoice APO.) - [12813.24 Ko] - (3.1.14.0) - C:\WINDOWS\System32\MaxxVoiceAPO3064.dll
[MD5.D6075F284057C444D423799C71CA5E09] - |A| - [19/09/2016 14:09:15] - (.Â© Waves Audio Ltd. - MaxxVoice APO.) - [12682.16 Ko] - (4.0.19.0) - C:\WINDOWS\System32\MaxxVoiceAPO4064.dll
[MD5.F8A6F9A716AB21F2F6BCBAD4C9C3CE42] - |A| - [19/09/2016 14:09:15] - (.Â© Waves Audio Ltd. - MaxxVolumeSD APO.) - [661.79 Ko] - (3.6.0.0) - C:\WINDOWS\System32\MaxxVolumeSDAPO.dll
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 13:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.2F06FEFDF9AB67EC5A4150D0C00C242A] - |A| - [19/09/2016 14:09:15] - (.Copyright Â© 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5165.97 Ko] - (6.3.9600.17231) - C:\WINDOWS\System32\NAHIMICAPOlfx.dll
[MD5.8F9B6A5A522675DBEC0AA78D695F92A0] - |A| - [19/09/2016 14:09:16] - (.Copyright Â© 2013 Nahimic Inc. All rights reserved - Nahimic APO Settings Communication Dll.) - [980.34 Ko] - (1.0.0.14866) - C:\WINDOWS\System32\NahimicAPONSControl.dll
[MD5.76163C901707AEDABC7A7F8804ACAC5A] - |A| - [19/09/2016 14:09:16] - (.Copyright Â© 2013 Nahimic Inc. All rights reserved - Nahimic APO lfx dll.) - [5641.3 Ko] - (6.3.9600.16384) - C:\WINDOWS\System32\NAHIMICV2apo.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [283.5 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [768 Ko] - C:\WINDOWS\System32\NDF
[MD5.13F0AEDA8528CCE4339175D24AE80BCB] - |A| - [21/01/2017 00:07:10] - (.-.) - [29.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 13:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [303.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 13:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 13:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 13:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [24170.5 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 13:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.F3A698A0F5D34E7DE6D7596DCAF71C39] - |A| - [16/07/2016 13:49:31] - (.-.) - [269.69 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.E272E6F21C0C90367511501E28BFFE7D] - |A| - [21/11/2016 07:55:35] - (.-.) - [226.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 13:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.AA180E09E4990FF71FBEAC8C4455CF47] - |A| - [21/11/2016 07:55:35] - (.-.) - [39.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.2894DB243BF844E566EC9E61065E63B0] - |A| - [16/07/2016 13:49:31] - (.-.) - [886.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.C2325319AB1BF2BA176F14ABA4843118] - |A| - [21/11/2016 07:55:35] - (.-.) - [1009.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.4034DA579CA242084D88E8A5A51AC7C8] - |A| - [21/11/2016 08:37:13] - (.-.) - [2402.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [301.5 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [560 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:26] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 13:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [299 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.8FA90717AF1FD22E38DCA1434AEE6D62] - |A| - [19/09/2016 14:09:16] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [131.06 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEA64A.dll
[MD5.5C1CF3434FC03A9097994854483D60EB] - |A| - [19/09/2016 14:09:16] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [437.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EED64A.dll
[MD5.5A64E6AB6A23F1C02D91B5F21A1DE733] - |A| - [19/09/2016 14:09:16] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [82.64 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEG64A.dll
[MD5.B79801C1904AE93892641C836824EFBB] - |A| - [19/09/2016 14:09:16] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [148.23 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEL64A.dll
[MD5.FE0ABBD08B3142E3B07995EAB7BB07BD] - |A| - [19/09/2016 14:09:16] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [7004.8 Ko] - (7.2.8000.17) - C:\WINDOWS\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 13:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 13:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 13:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\restore
[MD5.DE775CF0F2149C4BEE18A8927C43C0E9] - |A| - [19/09/2016 14:05:59] - (.-.) - [17.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.4F2448066D4DDBB28704F0F8E6B6F843] - |A| - [19/09/2016 14:09:19] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.F14DCAB2159DAD2EDF48F56781C1B11D] - |A| - [19/09/2016 14:09:19] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.18 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.EABD549516BF670A684743EEE6A1ADA9] - |A| - [19/09/2016 14:11:29] - (.Copyright (C) 2014 - RtCRX.) - [81.21 Ko] - (1.11.9600.0) - C:\WINDOWS\System32\RtCRX64.dll
[MD5.5CB77AB981AAE719AC32A807110CCFDC] - |A| - [19/09/2016 14:09:20] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.4CF32016F39F2B19A1FF35110E7E7C15] - |A| - [19/09/2016 14:09:20] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.28 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.89DCD8160C09A949CE8705961955C370] - |A| - [19/09/2016 14:09:20] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.2B56B6B45001F7E41E5EDC9A4ECA3439] - |A| - [19/09/2016 14:09:20] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.24 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 13:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 13:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.57ECD0138DE23EFC14960A0E5A2D0227] - |A| - [19/09/2016 14:09:22] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [86.26 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFAPO64.dll
[MD5.D520014689410AED2E0D1219B3C47ECE] - |A| - [19/09/2016 14:09:22] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [88.79 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFCOM64.dll
[MD5.AB9815A8D0B6B88694C42C0F7BEAECB8] - |A| - [19/09/2016 14:09:22] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [226.48 Ko] - (3.0.0.16) - C:\WINDOWS\System32\SFNHK64.dll
[MD5.A97A1137BCE42E287AB321F4F4F56F15] - |A| - [19/09/2016 14:09:23] - (.Copyright (C) 2015 DTS, Inc. - DTS Universal APO DLL.) - [996.3 Ko] - (3.5.3.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.16DB817FF311C59FE36A5E89C5B09DC1] - |A| - [19/09/2016 14:09:23] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Controller DLL.) - [1297.37 Ko] - (3.5.3.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [20/11/2016 23:27:10] - [50152.24 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:26] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.8FD909E62B5E80ABCEDB264323EB1CF3] - |A| - [19/09/2016 14:09:23] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [252.45 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.34FB5855027BF6B1686CE9264C0B3A5C] - |A| - [19/09/2016 14:09:23] - (.Copyright (C) 2015 DTS, Inc. - DTS APO Technology DLL.) - [2080.65 Ko] - (3.5.3.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 13:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:24] - [13377.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [7600.34 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [7957.64 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [113462.29 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [11163.71 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.B170EB9E29682A369609784CFD64635A] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.22 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.5A5E7EDB0C0DBEDE8DDBBA8523D5E358] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.D6064F684AD4E6CBFA8BC8055280BF66] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.48 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 13:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.00B9CCFED156123B69B0A832F013E54E] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.52 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.D48CFCC143DCE8AEBD3891AFDE39D1DC] - |A| - [19/09/2016 14:09:23] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [204.63 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.8A6C3BD4874FD34F03838B7E33B78B87] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [216.77 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.F3CB8542B06E1E57AE8AC7B9975502E7] - |A| - [19/09/2016 14:09:23] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.91 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.DD03531707C04C1BD661930B996A2025] - |A| - [19/09/2016 14:09:23] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.31 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [25752 Ko] - C:\WINDOWS\System32\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [289 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:27] - [1623.08 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [913.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 13:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 13:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 13:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [14/05/2017 18:39:19] - [2137.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 13:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
[MD5.483C7B35923AE58556098BF249762D83] - |A| - [19/09/2016 14:09:24] - (.Copyright Â© 1996-2012 - General Library for Plug-Ins.) - [2061.13 Ko] - (4.4.5.0) - C:\WINDOWS\System32\WavesGUILib64.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [120990.86 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:26] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [102280.28 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 13:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [8369.13 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [172188 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:26] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 13:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 13:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [21/01/2017 00:21:10] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [21/01/2017 00:21:10] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:26] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 13:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 13:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 13:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 08:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.BA754F2F4CA5E3B2E6DFB2A2A98507D9] - |A| - [19/09/2016 14:35:39] - (.-.) - [4.68 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\AsPowerCfg.log
[MD5.00000000000000000000000000000000] - |D| - [20/01/2017 22:01:22] - [7.65 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.17751FA352996D900314F6F7B79E27F7] - |A| - [02/11/2016 00:05:26] - (.Copyright Â© The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.52 Ko] - (2.0.2.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.5A5E7EDB0C0DBEDE8DDBBA8523D5E358] - |A| - [19/09/2016 14:09:23] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.16 Ko] - (4.0.0.59) - C:\WINDOWS\SysWOW64\SRCOM.dll
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:27] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [15541.87 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:27] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [7726.87 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [21/11/2016 07:55:27] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [20/01/2017 22:21:28] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [16/07/2016 13:47:48]
"Common AppData"=C:\ProgramData   [16/07/2016 13:47:48]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 09:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 09:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [16/07/2016 13:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [16/07/2016 13:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [16/07/2016 13:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 09:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 09:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 09:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 09:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [16/07/2016 13:47:48]
"Common AppData"=C:\ProgramData   [16/07/2016 13:47:48]
"Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 09:24:24]
"Common Documents"=C:\Users\Public\Documents   [30/10/2015 09:24:24]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [16/07/2016 13:47:48]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [16/07/2016 13:47:48]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [16/07/2016 13:47:48]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 09:24:24]
"CommonMusic"=C:\Users\Public\Music   [30/10/2015 09:24:24]
"CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 09:24:24]
"CommonVideo"=C:\Users\Public\Videos   [30/10/2015 09:24:24]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [Administrateur]

[21/11/2016 08:30:44] - |D| - [106901800] - C:\Users\Administrateur\AppData\Local
[21/11/2016 08:30:44] - |D| - [0] - C:\Users\Administrateur\AppData\LocalLow
[21/11/2016 08:30:44] - |D| - [135923] - C:\Users\Administrateur\AppData\Roaming
[21/11/2016 08:30:44] - |SHD| - [1111379169] - C:\Users\Administrateur\AppData\Local\Application Data
[21/11/2016 08:30:45] - |D| - [1064908] - C:\Users\Administrateur\AppData\Local\ConnectedDevicesPlatform
[21/11/2016 08:30:44] - |SHD| - [130] - C:\Users\Administrateur\AppData\Local\Historique
[21/11/2016 08:42:37] - |AH| - [3724] - C:\Users\Administrateur\AppData\Local\IconCache.db
[21/11/2016 08:30:44] - |D| - [91542226] - C:\Users\Administrateur\AppData\Local\Microsoft
[21/11/2016 08:30:50] - |D| - [3125246] - C:\Users\Administrateur\AppData\Local\Packages
[21/11/2016 08:30:44] - |D| - [0] - C:\Users\Administrateur\AppData\Local\Temp
[21/11/2016 08:30:44] - |SHD| - [0] - C:\Users\Administrateur\AppData\Local\Temporary Internet Files
[21/11/2016 08:30:49] - |D| - [11165696] - C:\Users\Administrateur\AppData\Local\TileDataLayer
[21/11/2016 08:40:56] - |D| - [0] - C:\Users\Administrateur\AppData\Roaming\Adobe
[21/11/2016 08:30:44] - |SD| - [135923] - C:\Users\Administrateur\AppData\Roaming\Microsoft
[21/11/2016 08:40:57] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[21/11/2016 08:30:44] - |SHD| - [22487] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[21/11/2016 08:30:44] - |RD| - [22487] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[21/11/2016 08:30:44] - |RD| - [3888] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[21/11/2016 08:30:44] - |RD| - [2921] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[21/11/2016 08:40:58] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[21/11/2016 08:40:57] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[21/11/2016 08:30:44] - |D| - [170] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[21/11/2016 08:41:41] - |A| - [2430] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[21/11/2016 08:40:58] - |RD| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[21/11/2016 08:30:44] - |RD| - [5318] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[21/11/2016 08:30:44] - |RD| - [7238] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[21/11/2016 08:40:58] - |ASH| - [174] - C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [ggcp]

[21/01/2017 00:28:04] - |D| - [1673430751] - C:\Users\ggcp\AppData\Local
[19/09/2016 15:35:32] - |D| - [6693632] - C:\Users\ggcp\AppData\LocalLow
[21/01/2017 00:28:04] - |D| - [3099072971] - C:\Users\ggcp\AppData\Roaming
[19/09/2016 15:39:01] - |D| - [0] - C:\Users\ggcp\AppData\Local\ActiveSync
[25/04/2017 01:27:59] - |D| - [0] - C:\Users\ggcp\AppData\Local\Adobe
[21/01/2017 00:28:05] - |SHD| - [16517451782] - C:\Users\ggcp\AppData\Local\Application Data
[19/09/2016 15:39:58] - |D| - [16942120] - C:\Users\ggcp\AppData\Local\ASUS GIFTBOX
[26/01/2017 21:38:04] - |D| - [443696] - C:\Users\ggcp\AppData\Local\CEF
[20/01/2017 18:37:54] - |D| - [61608355] - C:\Users\ggcp\AppData\Local\Comms
[21/01/2017 01:01:31] - |D| - [1401705] - C:\Users\ggcp\AppData\Local\ConnectedDevicesPlatform
[20/01/2017 18:18:50] - |D| - [25369708] - C:\Users\ggcp\AppData\Local\Crashpad
[21/01/2017 02:45:34] - |D| - [1012748] - C:\Users\ggcp\AppData\Local\Diagnostics
[19/09/2016 15:40:54] - |D| - [7348] - C:\Users\ggcp\AppData\Local\DropboxOEM
[13/02/2017 23:51:03] - |D| - [414186642] - C:\Users\ggcp\AppData\Local\Google
[21/01/2017 00:28:05] - |SHD| - [130] - C:\Users\ggcp\AppData\Local\Historique
[21/01/2017 01:40:09] - |D| - [87550] - C:\Users\ggcp\AppData\Local\HP
[27/03/2017 04:37:08] - |AH| - [286780] - C:\Users\ggcp\AppData\Local\IconCache.db
[25/04/2017 01:33:31] - |D| - [0] - C:\Users\ggcp\AppData\Local\Macromedia
[21/01/2017 00:28:04] - |D| - [369850260] - C:\Users\ggcp\AppData\Local\Microsoft
[20/01/2017 18:46:41] - |D| - [82095] - C:\Users\ggcp\AppData\Local\MicrosoftEdge
[20/01/2017 20:58:49] - |D| - [70215186] - C:\Users\ggcp\AppData\Local\Mozilla
[20/01/2017 18:13:54] - |D| - [0] - C:\Users\ggcp\AppData\Local\NetworkTiles
[22/04/2017 21:03:27] - |D| - [36557] - C:\Users\ggcp\AppData\Local\Nox
[19/09/2016 15:36:55] - |D| - [620980534] - C:\Users\ggcp\AppData\Local\Packages
[18/03/2017 23:09:56] - |D| - [10404312] - C:\Users\ggcp\AppData\Local\Pokemon Showdown
[16/04/2017 18:59:39] - |D| - [0] - C:\Users\ggcp\AppData\Local\Programs
[19/09/2016 15:38:14] - |D| - [272246] - C:\Users\ggcp\AppData\Local\Publishers
[21/01/2017 00:28:04] - |D| - [67949623] - C:\Users\ggcp\AppData\Local\Temp
[15/05/2017 04:39:11] - |D| - [0] - C:\Users\ggcp\AppData\Local\TempOfficeC2R0B2E2848-FB5B-443E-BBB3-DDF24D072F45
[21/01/2017 00:28:05] - |SHD| - [5938263] - C:\Users\ggcp\AppData\Local\Temporary Internet Files
[19/09/2016 15:36:54] - |D| - [12279808] - C:\Users\ggcp\AppData\Local\TileDataLayer
[19/09/2016 15:37:02] - |D| - [15934] - C:\Users\ggcp\AppData\Local\VirtualStore
[24/02/2017 17:27:04] - |D| - [2868] - C:\Users\ggcp\AppData\Local\WBFSManager
[20/01/2017 18:15:16] - |SD| - [6660253] - C:\Users\ggcp\AppData\LocalLow\Microsoft
[20/01/2017 20:59:08] - |D| - [0] - C:\Users\ggcp\AppData\LocalLow\Mozilla
[16/04/2017 19:01:23] - |D| - [611] - C:\Users\ggcp\AppData\LocalLow\PokÃ©Fan Company
[27/02/2017 11:24:05] - |D| - [0] - C:\Users\ggcp\AppData\LocalLow\Temp
[18/05/2017 15:56:51] - |D| - [32768] - C:\Users\ggcp\AppData\LocalLow\uTorrent
[19/09/2016 15:37:34] - |D| - [0] - C:\Users\ggcp\AppData\Roaming\Adobe
[26/01/2017 21:27:59] - |D| - [28101236] - C:\Users\ggcp\AppData\Roaming\AVAST Software
[20/01/2017 18:11:47] - |D| - [0] - C:\Users\ggcp\AppData\Roaming\awsRun
[05/02/2017 15:50:31] - |D| - [0] - C:\Users\ggcp\AppData\Roaming\DMCache
[19/09/2016 15:41:03] - |D| - [78965193] - C:\Users\ggcp\AppData\Roaming\DropboxOEM
[21/01/2017 04:21:47] - |D| - [0] - C:\Users\ggcp\AppData\Roaming\Foxit Software
[21/01/2017 01:43:50] - |D| - [5515] - C:\Users\ggcp\AppData\Roaming\HpUpdate
[21/01/2017 01:13:03] - |D| - [69223] - C:\Users\ggcp\AppData\Roaming\HP_Easy_Start
[07/03/2017 18:13:05] - |D| - [57] - C:\Users\ggcp\AppData\Roaming\Kingsoft
[20/01/2017 18:57:45] - |D| - [506] - C:\Users\ggcp\AppData\Roaming\Macromedia
[21/01/2017 00:28:04] - |SD| - [48198103] - C:\Users\ggcp\AppData\Roaming\Microsoft
[20/01/2017 20:58:49] - |D| - [65239094] - C:\Users\ggcp\AppData\Roaming\Mozilla
[22/04/2017 21:04:33] - |D| - [2858501135] - C:\Users\ggcp\AppData\Roaming\Nox
[21/01/2017 01:11:58] - |D| - [76] - C:\Users\ggcp\AppData\Roaming\Skype
[19/09/2016 15:38:58] - |A| - [184] - C:\Users\ggcp\AppData\Roaming\sp_data.sys
[26/01/2017 21:22:02] - |D| - [19935564] - C:\Users\ggcp\AppData\Roaming\uTorrent
[19/09/2016 15:37:26] - |D| - [42713] - C:\Users\ggcp\AppData\Roaming\WebStorage
[23/02/2017 20:01:59] - |D| - [12] - C:\Users\ggcp\AppData\Roaming\WinRAR
[19/09/2016 15:37:38] - |ASH| - [174] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[22/04/2017 21:08:44] - |D| - [2032] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
[21/01/2017 00:28:05] - |SHD| - [31217] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[21/01/2017 00:28:04] - |RD| - [31217] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[26/02/2017 16:28:08] - |A| - [2681] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\ÂµTorrent.lnk
[21/01/2017 00:28:04] - |RD| - [3888] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[21/01/2017 00:28:04] - |RD| - [2931] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[19/09/2016 15:37:39] - |RD| - [174] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[21/01/2017 01:02:11] - |ASH| - [174] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[20/01/2017 19:59:47] - |A| - [1053] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FonctionnalitÃ©s optionnelles.lnk
[21/01/2017 00:28:04] - |D| - [170] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[20/01/2017 18:08:46] - |A| - [2410] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[18/03/2017 23:09:31] - |A| - [2135] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokemon Showdown.lnk
[19/09/2016 15:37:39] - |RD| - [174] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[21/01/2017 00:28:04] - |RD| - [5318] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[23/02/2017 20:02:36] - |D| - [1151] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[21/01/2017 00:28:04] - |RD| - [7238] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[21/01/2017 01:13:49] - |D| - [4401] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[19/09/2016 15:37:39] - |ASH| - [174] - C:\Users\ggcp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[21/01/2017 01:41:03] - |A| - [57] - C:\ProgramData\Ament.ini
[21/01/2017 00:58:46] - |SHD| - [14596540795] - C:\ProgramData\Application Data
[24/03/2016 14:04:30] - |D| - [4065] - C:\ProgramData\ASUS WebStorage
[19/09/2016 14:24:55] - |D| - [178139104] - C:\ProgramData\AVAST Software
[21/01/2017 00:58:46] - |SHD| - [25138] - C:\ProgramData\Bureau
[16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms
[21/01/2017 00:58:46] - |SHD| - [278] - C:\ProgramData\Documents
[21/01/2017 00:22:05] - |AH| - [0] - C:\ProgramData\DP45977C.lfl
[24/03/2016 14:06:28] - |D| - [1493664] - C:\ProgramData\Dropbox
[21/01/2017 01:13:12] - |AD| - [12399299] - C:\ProgramData\HP
[21/01/2017 01:44:13] - |AD| - [2838603] - C:\ProgramData\HP Photo Creations
[05/02/2017 15:50:31] - |D| - [0] - C:\ProgramData\IDM
[19/09/2016 14:08:03] - |D| - [27102689] - C:\ProgramData\Intel
[24/03/2016 14:06:20] - |D| - [28501] - C:\ProgramData\Kingsoft
[14/05/2017 20:37:55] - |D| - [83029840] - C:\ProgramData\Malwarebytes
[19/09/2016 14:26:06] - |D| - [3041280] - C:\ProgramData\McAfee
[21/01/2017 00:58:46] - |SHD| - [140860] - C:\ProgramData\Menu DÃ©marrer
[16/07/2016 13:47:48] - |SD| - [942904003] - C:\ProgramData\Microsoft
[21/11/2016 08:41:15] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[21/01/2017 00:58:46] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[24/03/2016 14:04:44] - |D| - [2743265] - C:\ProgramData\Package Cache
[19/09/2016 14:11:44] - |D| - [20781] - C:\ProgramData\Qualcomm Atheros
[16/07/2016 13:47:48] - |AD| - [4214] - C:\ProgramData\regid.1991-06.com.microsoft
[21/01/2017 00:13:47] - |D| - [53680231] - C:\ProgramData\SetupTPDriver
[16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[19/09/2016 15:38:45] - |D| - [7589] - C:\ProgramData\USBChargerPlus
[16/07/2016 13:47:48] - |D| - [4281] - C:\ProgramData\USOPrivate
[21/11/2016 08:28:24] - |D| - [1789952] - C:\ProgramData\USOShared
[21/01/2017 01:44:13] - |D| - [44887] - C:\ProgramData\Visan
[24/03/2016 14:04:30] - |D| - [4065] - C:\ProgramData\WebStorage
[24/03/2016 14:05:23] - |D| - [627] - C:\ProgramData\WildTangent

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[16/07/2016 13:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[21/01/2017 00:58:46] - |SHD| - [140686] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[16/07/2016 13:47:48] - |RD| - [140686] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[19/09/2016 14:42:39] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[16/07/2016 13:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[16/07/2016 13:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[16/07/2016 13:47:48] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[24/03/2016 14:04:30] - |D| - [13505] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[24/03/2016 14:04:43] - |A| - [2103] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS GIFTBOX.lnk
[26/01/2017 21:27:46] - |A| - [1981] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Antivirus Gratuit.lnk
[19/09/2016 14:25:00] - |D| - [1074] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[16/07/2016 13:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[23/01/2017 19:17:37] - |A| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 25 GB.lnk
[24/03/2016 14:05:50] - |D| - [2541] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[19/09/2016 14:42:40] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[24/03/2016 14:05:06] - |D| - [1035] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
[24/03/2016 14:05:30] - |RD| - [2634] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[14/05/2017 18:55:43] - |A| - [2348] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[21/01/2017 01:43:33] - |D| - [7798] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[19/09/2016 14:25:50] - |D| - [2685] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
[16/07/2016 13:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[19/09/2016 14:04:04] - |A| - [724] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
[16/07/2016 13:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[14/05/2017 20:38:08] - |D| - [4042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[16/07/2016 13:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[20/01/2017 20:58:39] - |A| - [1234] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[19/09/2016 14:42:40] - |A| - [2447] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[21/01/2017 01:32:00] - |D| - [5103] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016
[19/09/2016 14:42:40] - |A| - [2459] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[16/04/2017 19:01:13] - |D| - [1323] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon MMO 3D
[19/09/2016 14:42:40] - |A| - [2474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[16/07/2016 13:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[19/09/2016 14:42:40] - |A| - [2397] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[19/09/2016 14:10:19] - |D| - [1952] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[16/07/2016 13:47:48] - |RD| - [1262] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[16/07/2016 13:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[24/03/2016 14:06:38] - |A| - [1042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[24/03/2016 14:05:30] - |A| - [2430] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
[21/01/2017 00:38:57] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[21/01/2017 01:13:50] - |D| - [4329] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[19/09/2016 14:42:40] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[24/03/2016 14:06:26] - |D| - [11868] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[19/09/2016 14:25:00] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\avast! SecureLine.lnk
[16/07/2016 13:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[21/01/2017 00:22:24] - |D| - [286047459] - C:\Program Files (x86)\ASUS
[19/09/2016 14:14:25] - |AD| - [1096725] - C:\Program Files (x86)\Bluetooth Suite
[16/07/2016 08:04:24] - |D| - [99541053] - C:\Program Files (x86)\Common Files
[20/01/2017 18:26:49] - |D| - [0] - C:\Program Files (x86)\Dashlane
[16/07/2016 13:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[24/03/2016 14:06:28] - |D| - [10116124] - C:\Program Files (x86)\Dropbox
[24/03/2016 14:05:47] - |D| - [243417995] - C:\Program Files (x86)\Evernote
[24/03/2016 14:04:56] - |AD| - [537416209] - C:\Program Files (x86)\Foxit PhantomPDF
[13/02/2017 23:51:11] - |D| - [423717080] - C:\Program Files (x86)\Google
[21/01/2017 01:44:17] - |D| - [1771958] - C:\Program Files (x86)\Hewlett-Packard
[21/01/2017 01:43:02] - |AD| - [18699901] - C:\Program Files (x86)\HP
[21/01/2017 01:44:13] - |D| - [400678] - C:\Program Files (x86)\HP Photo Creations
[19/09/2016 14:25:50] - |D| - [7535670] - C:\Program Files (x86)\ICEpower
[19/09/2016 14:09:03] - |HD| - [77606226] - C:\Program Files (x86)\InstallShield Installation Information
[21/01/2017 00:20:11] - |D| - [31273708] - C:\Program Files (x86)\Intel
[16/07/2016 13:47:48] - |D| - [1990171] - C:\Program Files (x86)\Internet Explorer
[24/03/2016 14:05:54] - |D| - [414779362] - C:\Program Files (x86)\Kingsoft
[24/03/2016 14:06:21] - |D| - [0] - C:\Program Files (x86)\Microsoft Office
[16/07/2016 13:47:48] - |D| - [8256327] - C:\Program Files (x86)\Microsoft.NET
[20/01/2017 20:58:22] - |AD| - [93338019] - C:\Program Files (x86)\Mozilla Firefox
[20/01/2017 20:58:36] - |D| - [304117] - C:\Program Files (x86)\Mozilla Maintenance Service
[20/01/2017 22:21:26] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[18/03/2017 23:09:25] - |D| - [82222071] - C:\Program Files (x86)\Pokemon Showdown
[19/09/2016 14:12:15] - |AD| - [236899] - C:\Program Files (x86)\Qualcomm Atheros
[19/09/2016 14:09:03] - |D| - [164643003] - C:\Program Files (x86)\Realtek
[20/01/2017 22:21:26] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[24/03/2016 14:06:36] - |AD| - [49580877] - C:\Program Files (x86)\TeamViewer
[19/09/2016 14:09:02] - |HD| - [0] - C:\Program Files (x86)\Temp
[24/03/2016 14:05:23] - |D| - [17651575] - C:\Program Files (x86)\WildTangent Games
[16/07/2016 13:47:48] - |D| - [1942016] - C:\Program Files (x86)\Windows Defender
[16/07/2016 13:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
[16/07/2016 13:47:48] - |D| - [3275928] - C:\Program Files (x86)\Windows Media Player
[16/07/2016 13:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
[16/07/2016 13:47:48] - |D| - [7584962] - C:\Program Files (x86)\Windows NT
[16/07/2016 13:47:48] - |D| - [5424832] - C:\Program Files (x86)\Windows Photo Viewer
[16/07/2016 13:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
[16/07/2016 13:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[16/07/2016 13:47:48] - |D| - [3240833] - C:\Program Files (x86)\WindowsPowerShell

---------- | C:\Program Files

[19/09/2016 14:24:55] - |D| - [1069506340] - C:\Program Files\AVAST Software
[22/04/2017 21:05:49] - |D| - [36028448] - C:\Program Files\Bignox
[17/02/2017 18:55:55] - |AD| - [172984] - C:\Program Files\CCleaner
[16/07/2016 08:04:24] - |D| - [129523638] - C:\Program Files\Common Files
[16/07/2016 13:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
[19/09/2016 14:21:31] - |D| - [1728472] - C:\Program Files\DIFX
[21/01/2017 00:58:46] - |SHD| - [129523638] - C:\Program Files\Fichiers communs
[21/01/2017 01:43:00] - |D| - [142222111] - C:\Program Files\HP
[21/01/2017 00:20:55] - |D| - [60148591] - C:\Program Files\Intel
[16/07/2016 13:47:47] - |D| - [2583046] - C:\Program Files\Internet Explorer
[14/05/2017 20:37:55] - |D| - [137258008] - C:\Program Files\Malwarebytes
[19/09/2016 14:36:10] - |AD| - [2435404467] - C:\Program Files\Microsoft Office
[19/09/2016 14:35:57] - |D| - [8494464] - C:\Program Files\Microsoft Office 15
[20/01/2017 22:21:26] - |D| - [25757] - C:\Program Files\MSBuild
[21/01/2017 00:21:35] - |D| - [45618436] - C:\Program Files\Realtek
[20/01/2017 22:21:26] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[21/11/2016 08:27:42] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/05/2017 18:39:19] - |AD| - [4072610] - C:\Program Files\UNP
[23/02/2017 20:02:35] - |D| - [4130399] - C:\Program Files\WBFS
[16/07/2016 13:47:47] - |RD| - [14914868] - C:\Program Files\Windows Defender
[16/07/2016 13:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
[16/07/2016 13:47:47] - |D| - [4989628] - C:\Program Files\Windows Media Player
[16/07/2016 13:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
[16/07/2016 13:47:47] - |D| - [7848642] - C:\Program Files\Windows NT
[16/07/2016 13:47:47] - |D| - [6223552] - C:\Program Files\Windows Photo Viewer
[16/07/2016 13:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
[16/07/2016 13:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[16/07/2016 13:47:47] - |HD| - [2064695549] - C:\Program Files\WindowsApps
[16/07/2016 13:47:47] - |D| - [3713730] - C:\Program Files\WindowsPowerShell
[21/01/2017 01:13:47] - |AD| - [6299905] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[19/09/2016 14:14:26] - |D| - [68426] - C:\Program Files (x86)\Common Files\Atheros
[30/01/2017 01:56:59] - |D| - [960123] - C:\Program Files (x86)\Common Files\AV
[24/03/2016 14:04:27] - |D| - [4121297] - C:\Program Files (x86)\Common Files\AWS
[21/01/2017 00:20:42] - |D| - [68080827] - C:\Program Files (x86)\Common Files\Intel
[16/07/2016 13:47:48] - |AD| - [16668371] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/07/2016 13:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[16/07/2016 13:47:48] - |D| - [9639307] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[19/09/2016 14:26:13] - |D| - [960123] - C:\Program Files\Common files\AV
[15/05/2017 23:02:10] - |AD| - [23328] - C:\Program Files\Common files\DESIGNER
[16/07/2016 13:47:47] - |AD| - [117412742] - C:\Program Files\Common files\microsoft shared
[19/09/2016 14:14:25] - |D| - [878716] - C:\Program Files\Common files\QCA_Bluetooth
[16/07/2016 13:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
[16/07/2016 13:47:47] - |D| - [10246027] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.6616F2EEFF4CEC91FA5FE7C745D7FF80] - [24/03/2016 14:06:30] - |A| - [1222] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
[MD5.C35BCD653A9AA1F622B6A77889A7E95C] - [24/03/2016 14:06:30] - |A| - [1226] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [21/11/2016 08:27:23] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.B015FFBE63325773C8791DAA04B932F0] - [24/03/2016 14:06:24] - |A| - [424] - C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job
[MD5.F1789DD6D268DA5E07C353D578FDA7E5] - [24/03/2016 14:06:23] - |A| - [424] - C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job
[MD5.DED65B44A36997996418CCF9366DD781] - [25/04/2017 01:29:15] - |A| - [4594] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater         :   C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.00000000000000000000000000000000] - [21/01/2017 00:45:30] - |D| - [4372] - C:\WINDOWS\System32\Tasks\ASUS
[MD5.447FF1403969A64B4513A50A9FFB9BB9] - [21/01/2017 01:14:55] - |A| - [3550] - C:\WINDOWS\System32\Tasks\ASUS Live Update1         :   C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
[MD5.47921D2F2E49741023D1B46B5572AC50] - [21/01/2017 01:14:55] - |A| - [3540] - C:\WINDOWS\System32\Tasks\ASUS Live Update2         :   C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
[MD5.D5B85D0930BE440F5775D99A81316085] - [21/01/2017 00:45:30] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON         :   C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
[MD5.3574BD6D39576CDF9976EBD210098E7E] - [21/01/2017 00:45:30] - |A| - [2340] - C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus         :   "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
[MD5.AEDC8E22D7F58845F9132CC2B36C1E1A] - [21/01/2017 00:45:30] - |A| - [2924] - C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3         :   "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
[MD5.A4C90D430197DE626B28A0D0B60C8981] - [21/01/2017 00:45:30] - |A| - [2214] - C:\WINDOWS\System32\Tasks\ATK Package A22126881260         :   "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
[MD5.76C54E3C23DF248DA36B49BA04C26101] - [14/03/2017 14:16:29] - |A| - [3994] - C:\WINDOWS\System32\Tasks\Avast Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [30/01/2017 01:57:02] - |D| - [3968] - C:\WINDOWS\System32\Tasks\AVAST Software
[MD5.B2F7EF9E6E5D91D02EBB43786E6151AB] - [21/01/2017 00:45:30] - |A| - [2926] - C:\WINDOWS\System32\Tasks\avast! SL Update         :   C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe
[MD5.9666488A6391D08EEB5BDAF1CFD180A0] - [21/01/2017 00:45:30] - |A| - [3186] - C:\WINDOWS\System32\Tasks\DropboxOEM         :   "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe"
[MD5.F48CAA12D3874AB30BC5229C81A753E9] - [21/01/2017 00:45:30] - |A| - [3516] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore         :   C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
[MD5.DBEC2194791A1757049A0AFACC173BB3] - [21/01/2017 00:45:30] - |A| - [3740] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA         :   C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
[MD5.9865AF27814A8097A6836695FF5A8ACF] - [14/05/2017 18:54:56] - |A| - [3462] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.A082319FC9E430640B05943BAB5CD0A2] - [14/05/2017 18:54:56] - |A| - [3586] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.DEA449BDC9666B387475A2833970984F] - [26/01/2017 20:51:26] - |A| - [3746] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 1565fb3176b54931b613daf5568d86c1118d1fc80bdb47848b83b4802e18d0d9         :   C:\Program Files\HP\HP DeskJet 3630 series\bin\HPRewards.exe
[MD5.0112332834B17A39EE748F5B327A6D8F] - [21/01/2017 01:43:46] - |A| - [3706] - C:\WINDOWS\System32\Tasks\HPCustParticipation HP DeskJet 3630 series         :   "C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe"
[MD5.00000000000000000000000000000000] - [16/07/2016 13:47:48] - |D| - [522250] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.297E847312C7C6B01769CDA05927FBEA] - [21/01/2017 01:13:24] - |A| - [3266] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.C4DEFE179456697578CC4A86444DE4F5] - [21/01/2017 00:45:35] - |A| - [2346] - C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice         :   "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"
[MD5.DA27E11EE2F7EC8285002AF3E18F42A1] - [21/01/2017 00:45:35] - |A| - [2280] - C:\WINDOWS\System32\Tasks\RTKCPL         :   "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
[MD5.23BA1BA706284D97EA448BB9EF3C97B9] - [21/01/2017 01:14:57] - |A| - [3976] - C:\WINDOWS\System32\Tasks\Update Checker         :   C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
[MD5.965F9F1103850EFE6F12DD8E0EE5D8EA] - [21/01/2017 01:48:10] - |A| - [4154] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{078D7DDD-BEAB-498B-9525-D85D3A35A8C5}         :   C:\WINDOWS\system32\msfeedssync.exe
[MD5.F1243E7122F9416EFFCFDB7B43714014] - [21/01/2017 00:45:35] - |A| - [3006] - C:\WINDOWS\System32\Tasks\WpsNotifyTask_Administrator         :   C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsnotify.exe
[MD5.B1D44A6CB98367E52DBC7C509016191E] - [21/01/2017 00:45:35] - |A| - [3006] - C:\WINDOWS\System32\Tasks\WpsUpdateTask_Administrator         :   C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\wtoolex\wpsupdate.exe
[MD5.00000000000000000000000000000000] - [16/07/2016 13:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"{01FE6F2A-30E4-4DC9-BB17-0985F58BEF82}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{CCB2E77C-9396-498D-8F1E-8593006E663E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
"{10A3AF2D-DA37-4672-9916-BB4D4017AEC0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Mozilla Firefox\firefox.exe|Name=Firefox (C:\Program Files (x86)\Mozilla Firefox)|
"{65EF0A49-1073-4226-9B6A-7F70D12ED87D}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{9356A944-49C2-438F-B216-0B07DB4C4DBD}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{35D92C8D-CA97-45BD-A780-4B8C689F381A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=TripAdvisor Hotels Flights Restaurants|Desc=TripAdvisor Hotels Flights Restaurants|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-3043548224-2235967549-1382791125-3168413616-1702302935-4247438294-2497735402|EmbedCtxt=TripAdvisor Hotels Flights Restaurants|Platform=2:6:2|Platform2=GTEQ|
"{6101A128-CACC-4AB2-8C22-C8520086C21A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
"{F3B7A885-9341-493C-BF6F-3117C1FC85C5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|
"{9C20A807-458A-440A-AF2E-8936CF5BDCB7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Desc=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-914775309-424825794-3355368112-487557154-2084386389-537045334-2498513562|EmbedCtxt=@{MAGIX.MusicMakerJam_2.3.1054.0_x64__a2t3txkz9j1jw?ms-resource://MAGIX.MusicMakerJam/Resources/app_name}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{DCFDF90B-5498-4324-927F-B241E43FD9F2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe|Name=Configuration du pÃ©riphÃ©rique HP (HP DeskJet 3630 series)|Edge=TRUE|
"{64F625A3-C319-47BA-9CB0-B904E42FF2D5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357|
"{48A483E9-88A3-41E1-8159-A29CF7A587F9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|RA4=LocalSubnet|RA6=LocalSubnet|App=C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe|Name=Communicateur rÃ©seau COM HP (HP DeskJet 3630 series)|Edge=TRUE|
"{6EE08FD0-FCA7-4C71-A4DF-9AB96C4F564F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{BCCEF5A6-7ECA-45C2-8014-DC59FA619150}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application|
"{E589FF8D-A78C-4D82-AA5B-FE8AB709022D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{2FC379A9-ED06-4F7B-B343-720528AE24A3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service|
"{3159285D-39DE-46F2-9744-C943AAF325AA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=MyASUS|Desc=MyASUS|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-545957056-798866350-1522785379-2444689802-67236901-3270837419-2293412403|EmbedCtxt=MyASUS|Platform=2:6:2|Platform2=GTEQ|
"{3E7FC25D-EF55-462F-8014-C22410E11566}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (TCP-In) (ggcp)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{0AE077C9-FC5A-4B89-844E-5F6C9B318671}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (TCP-Out) (ggcp)|Desc=Allow ÂµTorrent network traffic|
"{5C9C8169-F47F-49C2-B81A-30E9653BE2DC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (UDP-In) (ggcp)|Desc=Allow ÂµTorrent network traffic with Edge Traversal|Edge=TRUE|
"{20DE5E0E-8CF2-456F-9D6C-2DC057B07D38}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (ggcp)|
"{CB339E72-CFD7-4ED0-B28F-E33B42058A3A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (ggcp)|
"{8AF8F653-3619-4015-8A9A-80529AC45589}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\ggcp\AppData\Roaming\uTorrent\uTorrent.exe|Name=ÂµTorrent (UDP-Out) (ggcp)|Desc=Allow ÂµTorrent network traffic|
"{212E80A4-5B97-4540-9612-72FA82786CE6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{b-interaktiveGmbH.Warcaby_1.2.0.47_x64__qbsg90x8tpqqt?ms-resource://b-interaktiveGmbH.Warcaby/Resources/_appName}|Desc=@{b-interaktiveGmbH.Warcaby_1.2.0.47_x64__qbsg90x8tpqqt?ms-resource://b-interaktiveGmbH.Warcaby/Resources/_appName}|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-676672449-4052104506-3475751792-3440484181-2455238717-2320853708-4018886586|EmbedCtxt=@{b-interaktiveGmbH.Warcaby_1.2.0.47_x64__qbsg90x8tpqqt?ms-resource://b-interaktiveGmbH.Warcaby/Resources/_appName}|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{E3DB35E8-5353-4884-97FF-4F45A84F6DFA}C:\users\ggcp\appdata\roaming\utorrent\updates\3.4.9_43388.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.4.9_43388.exe|Name=3.4.9_43388.exe|Desc=3.4.9_43388.exe|Edge=TRUE|Defer=App|
"UDP Query User{22AEC4FC-C2FA-41FC-9027-A7A73E44C54B}C:\users\ggcp\appdata\roaming\utorrent\updates\3.4.9_43388.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.4.9_43388.exe|Name=3.4.9_43388.exe|Desc=3.4.9_43388.exe|Edge=TRUE|Defer=App|
"{9CF4C955-361B-405A-AED7-93397C9E52DE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{32955976-1AA7-4532-A8FC-015E2E680F40}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{A046EFD6-F6D2-418B-B7CD-BC98A02285B5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{12115E65-CC6E-4BC3-B4D7-83F1C84300AA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"TCP Query User{F7A3D516-B719-4236-B781-666FDCA6426A}C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe|Name=3.5.0_43580.exe|Desc=3.5.0_43580.exe|Edge=TRUE|Defer=App|
"UDP Query User{9961D2F8-1E8C-4794-BDE8-91CED21F49A4}C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe|Name=3.5.0_43580.exe|Desc=3.5.0_43580.exe|Edge=TRUE|Defer=App|
"{99820CD8-4567-4E86-93F4-2326E36DF6B8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{990D934E-268D-4384-829D-863B22C7B0A4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{4721BA77-5D77-4B3D-AEF2-AA9202046D4B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\ggcp\AppData\Roaming\Nox\bin\Nox.exe|Name=Nox.exe|Desc=|
"{3B9DE1AB-4EB0-4185-B453-5A52B885533F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|
"{330AA14C-6C67-48CF-A9C7-8A208A6B3389}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{DC2B6426-2475-4265-9911-31D4868A8719}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneDrive|Desc=OneDrive|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-2852359724-843896027-1537990088-2754894698-588416471-2258798409-135850798|EmbedCtxt=OneDrive|Platform=2:6:2|Platform2=GTEQ|
"{CC091E06-3EE6-43EA-B5AB-EB769510885F}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=OneDrive|Desc=OneDrive|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-2852359724-843896027-1537990088-2754894698-588416471-2258798409-135850798|EmbedCtxt=OneDrive|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"TCP Query User{84E0E8B6-B527-452E-89F6-912F5C41646F}C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe|Name=3.5.0_43580.exe|Desc=3.5.0_43580.exe|Defer=User|
"UDP Query User{A68F33A5-A600-4E9E-82F5-E28883D9EF45}C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\ggcp\appdata\roaming\utorrent\updates\3.5.0_43580.exe|Name=3.5.0_43580.exe|Desc=3.5.0_43580.exe|Defer=User|
"{A0A6E3E6-6A75-4406-BB87-F2B029230113}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=GoogleÂ Chrome (mDNS-In)|Desc=RÃ¨gle de trafic entrant pour GoogleÂ Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{ECA72D69-64DF-4B2C-8E7E-1393F5FD5C7F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{C1CF31C6-89D7-470C-B27E-DE4A862A42A1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{26D83D07-EF86-4EBE-8AF8-733B742C5B46}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{C1635305-9168-4654-853A-3C49DEFDA856}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{7D04D232-2108-4B51-B38C-FC461DE0B246}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|
"{4D80677A-924F-4D29-B43F-B802B3AA3F28}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3066676641-2175538974-1535034829-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem14.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{B95B836B-234E-4857-A1F8-D0D9A9BEC1C5}] : (vmbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c3077fcd-9c3c-482f-9317-460712f23efd}] : (DPTF) [] -> @oem5.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[22/04/2017 21:07:04] - (4.3.12.0) - (BigNox Corporation - VirtualBox Support Driver) - C:\WINDOWS\system32\DRIVERS\XQHDrv.sys
[22/04/2017 21:07:44] - (4.3.12.0) - (BigNox Corporation - VirtualBox USB Monitor Driver) - C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
[14/05/2017 20:38:04] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\mbae64.sys
[08/05/2015 11:07:06] - (1.0.6.1) - (ASUSTek Computer Inc. - ATK WMIACPI Utility) - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
[19/09/2016 14:11:29] - (10.0.10143.21278) - (Realsil Semiconductor Corporation - RTS PCIE READER Driver) - C:\WINDOWS\system32\DRIVERS\RtsPer.sys
[16/07/2016 13:41:50] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys
[20/08/2015 08:48:28] - (1.0.0.5) - (ASUS - HID driver for ASUS Wireless Radio Control) - C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys
[25/05/2015 14:20:18] - (6.3.9600.17246) - (ASUSTek Computer Inc. - ASUS Charger driver) - C:\WINDOWS\system32\DRIVERS\AiCharger.sys
[29/07/2015 21:35:16] - (10.0.1.2) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[12/04/2017 01:00:54] - (5.1.2.251) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL
[08/05/2015 11:49:58] - (1.0.9.1) - (ASUS - Memory mapping Driver) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ATKWMIACPIIO (ATKWMIACPI Driver) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VBoxUSBMon (VirtualBox USB Monitor Driver) -> \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - XQHDrv (BigNox Service) -> \SystemRoot\system32\DRIVERS\XQHDrv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - ASMMAP64 (ASMMAP64) -> \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.D3D9CB4BA15C1854294517AA8954E201] - [16/09/2015 05:29:46] - (.Copyright (C) 2009-2015 Oracle Corporation - VirtualBox Support Driver.) - [247.45 Ko] - (4.3.12.0) - C:\WINDOWS\Syswow64\Drivers\XQHDrv.sys

---------- | Uninstall

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\0147813640F7AF69F569581EE672B6BE1E71798E] : (Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12).-.BigNox Corporation) -> C:\PROGRA~1\DIFX\A34741A412038070\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\xqhdrv_651851341C5331542B6D842199A73F37E1707251\xqhdrv.inf
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\39F54A37125643D2E1E90FA7D81F36ACC9441510] : (Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12).-.BigNox Corporation) -> C:\PROGRA~1\DIFX\A34741A412038070\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\vboxusbmon_6C8E7BB0B75F88A8DB14CAF2210ADDD03FBE4B9C\vboxusbmon.inf
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{10966CDF-7E02-492D-92FA-11B476A7DD6D}] : (Ãtude pour l'amÃ©lioration du produit HP DeskJet 3630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{10966CDF-7E02-492D-92FA-11B476A7DD6D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{176E2755-0A17-42C6-88E2-192AB2131278}] : (Intel(R) Trusted Execution Engine.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{176E2755-0A17-42C6-88E2-192AB2131278}\Setup.exe" -uninstall
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{299C5199-82CF-4819-9BBA-098FC4B24930}] : (Intel(R) Trusted Execution Engine Driver.-.Intel Corporation) -> MsiExec.exe /I{299C5199-82CF-4819-9BBA-098FC4B24930}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1] : (Avast SecureLine for Asustek.-.AVAST Software) -> "C:\Program Files\AVAST Software\SecureLine\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55398EAC-F58E-4F19-B553-BDF8B9EFD839}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{55398EAC-F58E-4F19-B553-BDF8B9EFD839}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{69C6CF1F-72B8-4243-A522-9A2156A4450E}] : (Intel(R) Trusted Execution Engine.-.Intel Corporation) -> MsiExec.exe /I{69C6CF1F-72B8-4243-A522-9A2156A4450E}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Qualcomm Atheros) -> MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B29E7B47-4F32-4404-8336-24A88459F5C9}] : (Logiciel de base du pÃ©riphÃ©rique HP DeskJet 3630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{B29E7B47-4F32-4404-8336-24A88459F5C9}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 25 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ASUS GIFTBOX] : (ASUS GIFTBOX.-.ASUSTek Computer Inc) -> C:\Program Files (x86)\ASUS\Giftbox\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast Antivirus] : (Avast Antivirus Gratuit.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\Installer\setup.exe" --uninstall --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HP Photo Creations] : (HP Photo Creations.-.HP) -> C:\Program Files (x86)\HP Photo Creations\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Kingsoft Office] : (WPS Office for ASUS.-.Kingsoft Corp.) -> C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5247\utility\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 53.0.2 (x86 fr)] : (Mozilla Firefox 53.0.2 (x86 fr).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Nox] : (Nox APP Player.-.Duodian Technology Co. Ltd.) -> C:\Users\ggcp\AppData\Roaming\Nox\bin\Nox_unload.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Pokemon Showdown] : (Pokemon Showdown.-."Pokemon Showdown") -> "C:\Program Files (x86)\Pokemon Showdown\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 10.-.TeamViewer) -> C:\Program Files (x86)\TeamViewer\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WBFS Manager 3.0] : (WBFS Manager 3.0.-.AlexDP) -> C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WebStorage] : (WebStorage.-.ASUS Cloud Corporation) -> C:\Program Files (x86)\ASUS\WebStorage\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{04768366-F421-4BA5-8423-B84F644B5249}] : (ASUS HiPost.-.ASUS) -> MsiExec.exe /I{04768366-F421-4BA5-8423-B84F644B5249}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0867A88D-764F-366E-9E21-130DA8B472C3}] : (Dropbox 25 GB.-.Dropbox, Inc.) -> MsiExec.exe /I{0867A88D-764F-366E-9E21-130DA8B472C3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08F5B0C6-D24D-4327-BA56-F8E00C1A6878}] : (HP DeskJet 3630 series Aide.-.Hewlett Packard) -> MsiExec.exe /I{08F5B0C6-D24D-4327-BA56-F8E00C1A6878}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0969AF05-4FF6-4C00-9406-43599238DE0D}] : (ASUS Splendid Video Enhancement Technology.-.ASUS) -> MsiExec.exe /X{0969AF05-4FF6-4C00-9406-43599238DE0D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{28006915-2739-4EBE-B5E8-49B25D32EB33}] : (Qualcomm Atheros Client Installation Program.-.Qualcomm Atheros) -> "C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -runfromtemp -l0x0409 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App] : (Update Installer for WildTangent Games App.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{39263796-F296-43AF-909C-FCF99592BAC4}] : (Foxit PhantomPDF.-.Foxit Software Inc.) -> MsiExec.exe /X{39263796-F296-43AF-909C-FCF99592BAC4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4B230374-6475-4A73-BA6E-41015E9C5013}] : (IntelÂ® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{4B230374-6475-4A73-BA6E-41015E9C5013}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}] : (AudioWizard.-.ICEpower a/s) -> MsiExec.exe /X{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}] : (Realtek Card Reader.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5EA1DED0-5285-11E5-8AA1-0050569584E9}] : (Evernote v. 5.9.1.-.Evernote Corp.) -> MsiExec.exe /X{5EA1DED0-5285-11E5-8AA1-0050569584E9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}] : (Intel(R) Dynamic Platform and Thermal Framework.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Dynamic Platform and Thermal Framework\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus] : (WildTangent Games App.-.WildTangent) -> "C:\Program Files (x86)\WildTangent Games\Touchpoints\asus\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D6B05E0-F457-408C-9D13-549334D8FAE1}] : (Device Setup.-.ASUSTek Computer Inc.) -> MsiExec.exe /I{8D6B05E0-F457-408C-9D13-549334D8FAE1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F21291E-0444-4B1D-B9F9-4370A73E346D}] : (WinFlash.-.ASUS) -> MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}] : (ASUS USB Charger Plus.-.ASUS) -> MsiExec.exe /X{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}] : (ATK Package.-.ASUS) -> MsiExec.exe /X{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c7f54569-0018-439c-809a-48046a4d4ebc}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{c7f54569-0018-439c-809a-48046a4d4ebc}\SetupChipset.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D23F05D3-E8F6-4FFE-9833-D7350FE77ECB}_is1] : (Pokemon MMO 3D version 2.53.0d.-.) -> "C:\Users\Public\Games\Pokemon MMO 3D\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{f761359c-9ced-45ae-9a51-9d6605cd55c4}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}] : (ASUS Live Update.-.ASUS) -> MsiExec.exe /X{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00006109C80000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C800C0400100000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109E70000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\0DED1AE558255E11A81A00056559489E] : Evernote v. 5.9.1 -> C:\windows\Installer\{5EA1DED0-5285-11E5-8AA1-0050569584E9}\Evernote.ico
[HKCR\Installer\Products\0E50B6D8754FC804D9314539438DAF1E] : Device Setup -> C:\windows\Installer\{8D6B05E0-F457-408C-9D13-549334D8FAE1}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : Qualcomm Atheros Bluetooth Suite (64) -> C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2A077E75FAB2AAC4AB3ADB98E622453D] : AudioWizard -> C:\Windows\Installer\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\473032B4574637A4ABE61410E5C90531] : IntelÂ® Security Assist -> C:\Windows\Installer\{4B230374-6475-4A73-BA6E-41015E9C5013}\isa.ico
[HKCR\Installer\Products\50FA96906FF400C4496034952983EDD0] : ASUS Splendid Video Enhancement Technology -> C:\Windows\Installer\{0969AF05-4FF6-4C00-9406-43599238DE0D}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\5E3E958AF26CAFB4FAD1B2590E1366FA] : ASUS USB Charger Plus -> C:\Windows\Installer\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\66386740124F5AB448328BF446B42594] : ASUS HiPost -> C:\Windows\Installer\{04768366-F421-4BA5-8423-B84F644B5249}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\69736293692FFA3409C9CF9F5929AB4C] : Foxit PhantomPDF -> C:\windows\Installer\{39263796-F296-43AF-909C-FCF99592BAC4}\IconName.exe
[HKCR\Installer\Products\6C0B5F80D42D7234AB658F0EC0A18687] : HP DeskJet 3630 series Aide -> C:\WINDOWS\Installer\{08F5B0C6-D24D-4327-BA56-F8E00C1A6878}\ARP_Icon
[HKCR\Installer\Products\74B7E92B23F440443863428A48955F9C] : Logiciel de base du pÃ©riphÃ©rique HP DeskJet 3630 series -> C:\WINDOWS\Installer\{B29E7B47-4F32-4404-8336-24A88459F5C9}\ARP_Icon
[HKCR\Installer\Products\76E045AFC590B1A479ABD445D7CEA94F] : ASUS Live Update -> C:\WINDOWS\Installer\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}\MyIcon2
[HKCR\Installer\Products\9002F3925410B0544BAA60D334BF63C8] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\9915C992FC289184B9AB90F84C2B9403] : Intel(R) Trusted Execution Engine Driver
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\CAE89355E85F91F45B35DB8F9BFE8D93] : Intel(R) Chipset Device Software
[HKCR\Installer\Products\D88A7680F467E663E91231D08A4B273C] : Dropbox 25 GB -> C:\WINDOWS\Installer\{0867A88D-764F-366E-9E21-130DA8B472C3}\DropboxOEM.exe
[HKCR\Installer\Products\E19212F84440D1B49B9F34077AE343D6] : WinFlash -> C:\Windows\Installer\{8F21291E-0444-4B1D-B9F9-4370A73E346D}\MyIcon
[HKCR\Installer\Products\E339C5BAD7C503D43B41C9384AB949EB] : ATK Package -> C:\Windows\Installer\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\F1FC6C968B2734245A22A912654A54E0] : Intel(R) Trusted Execution Engine
[HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\WINDOWS\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\FDC6690120E7D29429AF114B677ADDD6] : Ãtude pour l'amÃ©lioration du produit HP DeskJet 3630 series -> C:\WINDOWS\Installer\{10966CDF-7E02-492D-92FA-11B476A7DD6D}\ARP_Icon

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

---------- | MBR

Windows Version:		
Windows Information:		 (build 9200), 64-bit
Base Board Manufacturer:	ASUSTeK COMPUTER INC.
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		ASUSTeK COMPUTER INC.
System Product Name:		X751SA
Logical Drives Mask:		0x0000000c

Analysis of file "C:\QuickDiag\MBR.bin":
Unknown MBR code

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Le package Microsoft.ZuneVideo_10.17032.10341.0_x64__8wekyb3d8bbwe+Microsoft.ZuneVideo a Ã©tÃ© interrompu, car sa suspension a Ã©tÃ© trop longue.
------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©criture dÂun paramÃ¨tre dÂapplication pour le package Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe. Code dÂerreurÂ : 5
------------

Nom de lÂapplication dÃ©faillante backgroundTaskHost.exe, version : 10.0.14393.0, horodatage : 0x57899bb2
Nom du module dÃ©faillant : RPCRT4.dll, version : 10.0.14393.82, horodatage : 0x57a558cf
Code dÂexception : 0xc0000005
DÃ©calage dÂerreur : 0x000000000005163f
ID du processus dÃ©faillant : 0x2278
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d2cd07535282af
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\WINDOWS\system32\backgroundTaskHost.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\System32\RPCRT4.dll
ID de rapport : f6655cf7-aef1-45db-b7ca-58eba2e87ad0
Nom complet du package dÃ©faillantÂ : Microsoft.People_10.2.831.0_x64__8wekyb3d8bbwe
ID de lÂapplication relative au package dÃ©faillantÂ : x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x
------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Nom de lÂapplication dÃ©faillante mbamtray.exe, version : 3.0.0.1068, horodatage : 0x59125d35
Nom du module dÃ©faillant : Qt5Core.dll, version : 5.6.2.0, horodatage : 0x58ed4d4f
Code dÂexception : 0xc0000005
DÃ©calage dÂerreur : 0x0018da93
ID du processus dÃ©faillant : 0x1c48
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d2cce1407cfad7
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID de rapport : 4ab21fb7-3c05-4048-bdf1-aeb747676532
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Nom de lÂapplication dÃ©faillante plugin-container.exe, version : 53.0.2.6333, horodatage : 0x590bd295
Nom du module dÃ©faillant : xul.dll, version : 53.0.2.6333, horodatage : 0x590bd27e
Code dÂexception : 0x80000003
DÃ©calage dÂerreur : 0x0089d467
ID du processus dÃ©faillant : 0xb9c
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d2cccd1c592119
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Program Files (x86)\Mozilla Firefox\xul.dll
ID de rapport : d1d7cd30-4c97-4fb9-b14d-027f078332c7
Nom complet du package dÃ©faillantÂ : 
ID de lÂapplication relative au package dÃ©faillantÂ : 
------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Ãchec de lÂÃ©numÃ©ration de sessions utilisateur en vue de gÃ©nÃ©rer des pools de filtre.

DÃ©tails :
	(HRESULT : 0x80040210) (0x80040210)

------------

Le package Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe+App a Ã©tÃ© interrompu, car sa suspension a Ã©tÃ© trop longue.
------------

7.488Â : le service EFS n'a pas pu provisionner un utilisateur pour PDE. Code d'erreurÂ : 0x80070005.
------------


----------( EOF)---------- - 3505 | 04:16:34