--------------- QuickDiag | g3n-h@ckm@n | V3_17.10.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 17/10/2017 20:32:36

Updated 17/10/2017 | 08.10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[enfers (Administrator)] - [ENFERS-PC] (S-1-5-21-3297246652-1234983403-2385491008-1000)

System: Microsoft Windows 7 Édition Intégrale - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Édition Intégrale |C:\Windows|\Device\Harddisk0\Partition2
Boot : Normal boot
PC: HP Notebook - HP - IdNumber: CND6326N63 - UUID: 958BF7B1-D35D-E611-B27E-98E7F414A216
Processor : X64 - 1995 Mhz - Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
InsydeH2O Version 05.04.43F.09 - fr|FR|iso8859-1,0 - Insyde - S/N: CND6326N63 - F.09 - HPQOEM - 1
CoreTemp : 27.8 Celsius

----------| Quick


---------- | SoundDevice

Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0282&SUBSYS_103C81F0&REV_1000\4&9EA6B4B&0&0001

---------- | Video

Intel(R) HD Graphics 5500 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32 - PNPDeviceID: PCI\VEN_8086&DEV_1616&SUBSYS_81F0103C&REV_09\3&11583659&0&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824
AMD Radeon (TM) R5 M330 - Resolution: x - Colors: - RefreshRate: -  Bits Per Pixel - DeviceID: VideoController2 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll - PNPDeviceID: PCI\VEN_1002&DEV_6660&SUBSYS_81F0103C&REV_83\4&A98AEFC&0&00E4 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 5500 - DriverVersion: 8.14.1.6558 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

---------- | Network

Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.larosiere.loc : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.{DEE20546-C5C7-47A1-B239-BB968BEDB2CE} : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:0 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_81F0103C&REV_07\4&2368322F&0&00E2
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - - - Status: - PnPID : 
Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001
Realtek RTL8723BE 802.11 bgn Wi-Fi Adapter - Ethernet 802.3 - Realtek Semiconductor Corp. - Status: - PnPID : PCI\VEN_10EC&DEV_B723&SUBSYS_81C1103C&REV_00\4&F099184&0&00E5
avast! SecureLine TAP Adapter v3 - - TAP-Windows Provider V9 - Status: - PnPID : ROOT\NET\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0002
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0003
Carte Microsoft 6to4 - Tunnel - Microsoft - Status: - PnPID : ROOT\*6TO4MP\0000

---------- | Memory

RAM = Total (MB) : 4113 | Free (MB) : 1196
Pagefile = Total (MB) : 8224 | Free (MB) : 4968
Virtual = Total (MB) : 4194 | Free (MB) : 3992

Physical Memory 1 : Capacity: 4294967296 - Bottom - Slot 2 (right) - Posit.: 2 - Manufacturer: Micron - PartNumber: 8KTF51264HZ-1G9P1 - S/N: 19071693

---------- | SID Users

Administrateur : [S-1-5-21-3297246652-1234983403-2385491008-500]
enfers : [S-1-5-21-3297246652-1234983403-2385491008-1000]
HomeGroupUser$ : [S-1-5-21-3297246652-1234983403-2385491008-1002]
Invité : [S-1-5-21-3297246652-1234983403-2385491008-501]
Administrateurs : [S-1-5-32-544]
Duplicateurs : [S-1-5-32-552]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Opérateurs de chiffrement : [S-1-5-32-569]
Opérateurs de configuration réseau : [S-1-5-32-556]
Opérateurs de sauvegarde : [S-1-5-32-551]
Utilisateurs : [S-1-5-32-545]
Utilisateurs avec pouvoir : [S-1-5-32-547]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du Bureau à distance : [S-1-5-32-555]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]
HomeUsers : [S-1-5-21-3297246652-1234983403-2385491008-1001]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [] | Total : 931.41 Go | Free : 135.02 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:376,287 bytes/sec, Written:0 bytes/sec Max Read:376,287 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:376,287 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : SCSI\DISK&VEN_WDC&PROD_WD10JPVX-60JC3T0\4&DECFF39&0&000000

---------- | Windows updates

Last detection : 2017-10-17 18:06:49
Downloaded last ones : 2017-10-17 18:08:10
Installed last ones : 2017-10-17 18:20:18
Next search : 2017-10-18 12:26:41

Test 1 : Windows Is Activated

---------- | Browsers

IE : 11.0.9600.18817     (© Microsoft Corporation. Tous droits réservés.)
FF : 56.0.0.6478     (©Firefox and Mozilla Developers; available under the MPL 2 license.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer Plugin : 27.0.0.170

---------- | Security

AV : Avast Antivirus Disabled
AS : Avast Antivirus Disabled
FW : Avast Antivirus Enabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

376 | [Owner : Système | Parent : 4(System) | 0.53 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23915) = C:\Windows\System32\smss.exe     [11/10/2017 13:31:28]    CPU Usage:0 % --> Command Line : 
552 | [Owner : Système | Parent : 540() | 3.04 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
640 | [Owner : Système | Parent : 540() | 1.98 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [14/07/2009 01:52:37]    CPU Usage:0 % --> Command Line : 
664 | [Owner : Système | Parent : 648() | 13.18 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
696 | [Owner : Système | Parent : 640(wininit.exe) | 6.23 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [11/07/2017 15:26:07]    CPU Usage:0 % --> Command Line : 
732 | [Owner : Système | Parent : 640(wininit.exe) | 8.96 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23915) = C:\Windows\System32\lsass.exe     [11/10/2017 13:31:17]    CPU Usage:0 % --> Command Line : 
744 | [Owner : Système | Parent : 640(wininit.exe) | 2.93 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [11/07/2017 14:02:41]    CPU Usage:0 % --> Command Line : 
844 | [Owner : Système | Parent : 696(services.exe) | 7.6 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
932 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
992 | [Owner : Système | Parent : 696(services.exe) | 2.35 Mo] - (.AMD - AMD External Events Service Module.) - (22.19.662.4) = C:\Windows\System32\atiesrxx.exe     [05/09/2017 20:04:16]    CPU Usage:0 % --> Command Line : 
160 | [Owner : Système | Parent : 648() | 3.58 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [11/07/2017 15:19:11]    CPU Usage:0 % --> Command Line : 
780 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 15.34 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1028 | [Owner : Système | Parent : 696(services.exe) | 183.67 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1056 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.74 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1088 | [Owner : Système | Parent : 696(services.exe) | 45.68 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1292 | [Owner : Système | Parent : 992(atiesrxx.exe) | 4.55 Mo] - (.AMD - AMD External Events Client Module.) - (22.19.662.4) = C:\Windows\System32\atieclxx.exe     [05/09/2017 20:04:16]    CPU Usage:0 % --> Command Line : 
1324 | [Owner : Système | Parent : 696(services.exe) | 3.17 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.85) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe     [05/09/2017 13:09:30]    CPU Usage:0 % --> Command Line : 
1424 | [Owner : Système | Parent : 1324(RtkAudioService64.exe) | 3.11 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.276) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [05/09/2017 13:09:17]    CPU Usage:0 % --> Command Line : 
1596 | [Owner : enfers | Parent : 1028(svchost.exe) | 4.07 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [14/07/2009 01:37:38]    CPU Usage:0 % --> Command Line : 
1624 | [Owner : enfers | Parent : 1588() | 49.45 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe     [11/07/2017 15:19:38]    CPU Usage:0 % --> Command Line : 
1748 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 88.31 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1868 | [Owner : Système | Parent : 1028(svchost.exe) | 3.35 Mo] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe     [14/07/2009 02:07:15]    CPU Usage:0 % --> Command Line : 
1876 | [Owner : Système | Parent : 552(csrss.exe) | 2.09 Mo] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.23915) = C:\Windows\System32\conhost.exe     [11/10/2017 13:31:20]    CPU Usage:0 % --> Command Line : 
1320 | [Owner : Système | Parent : 696(services.exe) | 5.64 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe     [11/07/2017 14:02:35]    CPU Usage:0 % --> Command Line : 
1580 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 12.28 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1660 | [Owner : Système | Parent : 696(services.exe) | 39.45 Mo] - (.AVAST Software - Avast firewall service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\afwServ.exe     [07/10/2017 16:41:29]    CPU Usage:0 % --> Command Line : 
572 | [Owner : Système | Parent : 696(services.exe) | 3.94 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1952 | [Owner : Système | Parent : 696(services.exe) | 2.59 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.1.10608.329) = C:\Windows\SysWOW64\esif_uf.exe     [05/09/2017 12:46:22]    CPU Usage:0 % --> Command Line : 
2040 | [Owner : enfers | Parent : 1624(explorer.exe) | 15.16 Mo] - (.Piriform Ltd - CCleaner.) - (5.35.0.6210) = C:\Program Files\CCleaner\CCleaner64.exe     [20/09/2017 09:48:26]    CPU Usage:0 % --> Command Line : 
1836 | [Owner : enfers | Parent : 1624(explorer.exe) | 59.73 Mo] - (.Spotify Ltd - Spotify.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe     [09/10/2017 20:31:32]    CPU Usage:0 % --> Command Line : 
188 | [Owner : enfers | Parent : 1992() | 41.16 Mo] - (.AVAST Software - Avast Antivirus.) - (17.7.3660.226) = C:\Program Files\AVAST Software\Avast\avastui.exe     [11/10/2017 07:23:02]    CPU Usage:0 % --> Command Line : 
2060 | [Owner : enfers | Parent : 1624(explorer.exe) | 2.44 Mo] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\SpotifyWebHelper.exe     [09/10/2017 20:31:34]    CPU Usage:0 % --> Command Line : 
2304 | [Owner : Système | Parent : 696(services.exe) | 1.88 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [18/08/2017 02:23:54]    CPU Usage:0 % --> Command Line : 
2348 | [Owner : Système | Parent : 696(services.exe) | 13.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
2356 | [Owner : enfers | Parent : 2304(SynTPEnhService.exe) | 9.32 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [18/08/2017 02:23:52]    CPU Usage:0 % --> Command Line : 
2544 | [Owner : enfers | Parent : 1836(Spotify.exe) | 5.4 Mo] - (.Spotify Ltd - Spotify.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe     [09/10/2017 20:31:32]    CPU Usage:0 % --> Command Line : 
2564 | [Owner : enfers | Parent : 2532() | 1.31 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [18/08/2017 02:23:54]    CPU Usage:0 % --> Command Line : 
3184 | [Owner : enfers | Parent : 1836(Spotify.exe) | 50.04 Mo] - (.Spotify Ltd - Spotify.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe     [09/10/2017 20:31:32]    CPU Usage:0 % --> Command Line : 
3644 | [Owner : enfers | Parent : 1836(Spotify.exe) | 87.63 Mo] - (.Spotify Ltd - Spotify.) - (1.0.65.320) = C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe     [09/10/2017 20:31:32]    CPU Usage:0 % --> Command Line : 
3420 | [Owner : Système | Parent : 696(services.exe) | 25.46 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23914) = C:\Windows\System32\SearchIndexer.exe     [11/10/2017 13:31:14]    CPU Usage:0 % --> Command Line : 
3120 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 4.65 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
3660 | [Owner : enfers | Parent : 696(services.exe) | 8.45 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [11/07/2017 15:17:33]    CPU Usage:0 % --> Command Line : 
4144 | [Owner : SERVICE LOCAL | Parent : 1028(svchost.exe) | 16.21 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe     [13/07/2017 01:55:54]    CPU Usage:0 % --> Command Line : 
4800 | [Owner : enfers | Parent : 1952(esif_uf.exe) | 1.3 Mo] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.1.10608.329) = C:\Windows\Temp\DPTF\esif_assist_64.exe     [16/10/2017 21:17:19]    CPU Usage:0 % --> Command Line : 
4528 | [Owner : enfers | Parent : 4636() | 0.69 Mo] - (.Glarysoft Ltd - Glary Utilities 5.) - (5.85.0.106) = C:\Program Files (x86)\Glary Utilities 5\Integrator.exe     [28/09/2017 05:30:38]    CPU Usage:0 % --> Command Line : 
5044 | [Owner : Système | Parent : 696(services.exe) | 10.24 Mo] - (.Intel Corporation - IAStorDataSvc.) - (14.8.16.1063) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe     [19/04/2017 18:59:52]    CPU Usage:0 % --> Command Line : 
4252 | [Owner : enfers | Parent : 1624(explorer.exe) | 182.82 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [07/06/2017 22:21:11]    CPU Usage:0 % --> Command Line : 
4740 | [Owner : enfers | Parent : 4252(firefox.exe) | 65.19 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [07/06/2017 22:21:11]    CPU Usage:0 % --> Command Line : 
3772 | [Owner : enfers | Parent : 4252(firefox.exe) | 49.66 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [07/06/2017 22:21:11]    CPU Usage:0 % --> Command Line : 
1840 | [Owner : enfers | Parent : 4252(firefox.exe) | 244.15 Mo] - (.Mozilla Corporation - Firefox.) - (56.0.0.6478) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [07/06/2017 22:21:11]    CPU Usage:0 % --> Command Line : 
4312 | [Owner : enfers | Parent : 844(svchost.exe) | 6.36 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe     [14/07/2009 01:47:12]    CPU Usage:0 % --> Command Line : 
4424 | [Owner : SERVICE RÉSEAU | Parent : 844(svchost.exe) | 18.78 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [11/07/2017 14:02:49]    CPU Usage:6 % --> Command Line : 
4308 | [Owner : enfers | Parent : 4528(Integrator.exe) | 7.79 Mo] - (.Glarysoft Ltd - Glary Utilities Software Update.) - (5.0.0.39) = C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe     [28/09/2017 05:31:32]    CPU Usage:0 % --> Command Line : 
5036 | [Owner : enfers | Parent : 188(avastui.exe) | 74.44 Mo] - (.AVAST Software - Avast Antivirus.) - (17.7.3660.226) = C:\Program Files\AVAST Software\Avast\avastui.exe     [11/10/2017 07:23:02]    CPU Usage:0 % --> Command Line : 
4536 | [Owner : SERVICE RÉSEAU | Parent : 844(svchost.exe) | 7.65 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [11/07/2017 14:02:35]    CPU Usage:0 % --> Command Line : 
4748 | [Owner : enfers | Parent : 4308(SoftwareUpdate.exe) | 0.82 Mo] - (.Glarysoft Ltd - WinShellLink x64.) - (5.0.0.8) = C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe     [28/09/2017 05:31:36]    CPU Usage:0 % --> Command Line : 
264 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.02 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
4840 | [Owner : Système | Parent : 696(services.exe) | 12.86 Mo] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe     [11/07/2017 14:02:23]    CPU Usage:0 % --> Command Line : 
5876 | [Owner : Système | Parent : 3420(SearchIndexer.exe) | 7.75 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.23914) = C:\Windows\System32\SearchProtocolHost.exe     [11/10/2017 13:31:14]    CPU Usage:0 % --> Command Line : 
5276 | [Owner : Système | Parent : 3420(SearchIndexer.exe) | 8.83 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.23914) = C:\Windows\System32\SearchFilterHost.exe     [11/10/2017 13:31:13]    CPU Usage:0 % --> Command Line : 
5564 | [Owner : enfers | Parent : 1624(explorer.exe) | 34.9 Mo] - (.SosVirus - QuickDiag.) - (17.10.17.1) = C:\Users\enfers\Desktop\QuickDiag.exe     [17/10/2017 19:57:46]    CPU Usage:0 % --> Command Line : 
4896 | [Owner : Système | Parent : 844(svchost.exe) | 7.03 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [11/07/2017 14:02:49]    CPU Usage:0 % --> Command Line : 
4548 | [Owner : SERVICE RÉSEAU | Parent : 696(services.exe) | 8.81 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [11/07/2017 14:02:02]    CPU Usage:0 % --> Command Line : 

---------- | MD5

[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [11/07/2017 15:19:38] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3154 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [11/07/2017 14:02:39] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.DFBB8D70152995D249D687A3A4A239C3] - [11/10/2017 13:31:24] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [1136 Ko] - (6.1.7601.23915) : C:\Windows\System32\Kernel32.dll
[MD5.62056ADD38513A86C4866E912371B56B] - [11/10/2017 13:31:17] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30 Ko] - (6.1.7601.23915) : C:\Windows\System32\lsass.exe
[MD5.3F1A199859B4F3F8357B2A0AF5666A54] - [13/09/2017 23:18:54] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.23889) : C:\Windows\System32\rpcss.dll
[MD5.C36BB659F08F046B139C8D1B980BF1AC] - [11/07/2017 15:30:26] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [45 Ko] - (6.1.7601.23755) : C:\Windows\System32\rundll32.exe
[MD5.71C85477DF9347FE8E7BC55768473FCA] - [11/07/2017 15:26:07] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [321 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.34BA256FBF83457F9D5E51A56DB54542] - [11/07/2017 15:30:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [985.5 Ko] - (6.1.7601.23594) : C:\Windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [11/07/2017 14:02:00] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [11/07/2017 15:19:11] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.0DC2A9882540DEA4A55B08785E09D8FC] - [11/07/2017 15:30:41] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [484.5 Ko] - (6.1.7601.23761) : C:\Windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [11/07/2017 15:17:55] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [14/07/2009 01:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [11/07/2017 14:01:28] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.9B38580063D281A99E68EF5813022A5F] - [11/07/2017 15:30:35] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [104 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [11/07/2017 14:01:28] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [14/07/2009 01:19:58] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [14/07/2009 02:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.767C6DF04C5758B9F0790D400541B44F] - [11/10/2017 13:31:27] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [156 Ko] - (6.1.7601.23915) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.F7309F42555F8AAB7144A51A1F2585B0] - [11/07/2017 15:16:23] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [928.44 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.734837208CAFD6E0959A7A0333C95C9D] - [13/09/2017 23:19:16] - (.© Microsoft Corporation. - MBT Transport driver.) - [256.5 Ko] - (6.1.7601.23889) : C:\Windows\System32\Drivers\netbt.sys
[MD5.96FEB18D7FFA4DC10F0C3CC4EF41500E] - [11/10/2017 13:31:56] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1641.23 Ko] - (6.1.7601.23914) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [14/07/2009 02:00:41] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [11/07/2017 14:02:24] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.1B6163C503398B23FF8B939C67747683] - [11/07/2017 14:01:53] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [162 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rdpdr.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [14/07/2009 02:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.7FB36A0A036ADDACE0A868E4A43C1C27] - [12/07/2017 19:34:21] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1851.23 Ko] - (6.1.7601.23821) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.4DD986720F7CB7A8A5D1226793097B9A] - [09/08/2017 12:40:37] - (.© Microsoft Corporation. - TDI Translation Driver.) - [114.5 Ko] - (6.1.7601.23880) : C:\Windows\System32\Drivers\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [11/07/2017 14:02:32] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.AVAST Software.-.Avast Shell Extension.) - (17.7.3660.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Malwarebytes Corporation.-.Malwarebytes Anti-Malware (Corporate).) - (1.70.0.0) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
(.Glarysoft Ltd.-.Context Menu Handler.) - (5.0.0.15) -- C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll
(.Initex.-.Proxifier shell extension module x64.) - (3.28.0.1) -- C:\Windows\system32\ProxifierShellExt.dll
(.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4549) -- C:\Windows\system32\igfxDTCM.dll
(.Intel Corporation.-.igfxDH Module.) - (6.15.10.4549) -- C:\Windows\system32\igfxDH.dll
(.Intel Corporation.-.igfxLHM Module.) - (6.15.10.4549) -- C:\Windows\system32\igfxLHM.dll
(.Intel Corporation.-.igfxDI Module.) - (6.15.10.4549) -- C:\Windows\system32\igfxDI.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Copyright © 2003-2015 Initex..-.Proxifier Winsock Layered Service Provider x64.) - (3.28.0.1) -- C:\Windows\system32\PrxerDrv.dll
(.Copyright © 2003-2015 Initex..-.Proxifier Namespace Service Provider.) - (3.28.0.1) -- C:\Windows\system32\PrxerNsp.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
GUDelayStartup - ("C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
BitTorrent - ("C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
CyberGhost - ("C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
Spotify - (C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
Spotify Web Helper - (C:\Users\enfers\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart [HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\...\Run]) - User: enfers-PC\enfers
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun   
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   
"BitTorrent"="C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED   
"CyberGhost"="C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min   
"Spotify"=C:\Users\enfers\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized   
"Spotify Web Helper"=C:\Users\enfers\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=cmd\1   
"MRUList"=a   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=Microsoft XPS Document Writer,winspool,Ne00:   
"UserSelectedDefault"=0   
"load"=   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   
"run"=   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   
"run"=   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Flash Player Updater
Avast Emergency Update
CCleanerSkipUAC
GlaryInitialize 5
GU5SkipUAC
{05A7F21D-84EF-4D06-939A-929500A499AF}
{0BA9C2F0-7EFB-48FF-A1B7-0691E6684278}
{75727505-EADF-491E-AC33-B082648989CD}
{AA3616EA-8FDA-4DEA-959B-9D956E9A4FF3}
{D7C76381-066A-497B-86B6-5DEA6B8D894C}
{F7280CF6-81E1-45EF-9BAF-934A56BCFD02}

---------- | Startings up registry ? Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTray] : C:\Program Files\ITknowledge24\uTray.exe -auto  

---------- | Other keys


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"WaitToKillServiceTimeout"=200   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=732   
"SecureBoot"=1   
"ProductType"=1   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *    
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"SetupExecute"=   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=b46cc106-22dd-4da8-b50c-c1695ed   
"RailShowallNotifyIcons"=1   
"RDPVGCInstalled"=1   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"LeftOverlapChars"=3   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [05/06/2017 18:32:31]
"ScreenSaveTimeOut"=66960   
"ScreenSaverIsSecure"=0   
"HungAppTimeout"=4000   
"WaitToKillAppTimeout"=200   
"MenuShowDelay"=0   
"ForegroundLockTimeout"=0   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=145   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"link"=0x18000000   
"Browse For Folder Width"=347   
"Browse For Folder Height"=346   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=1   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewShadow"=1   
"StartMenuInit"=4   
""=0   
"TaskbarSizeMove"=1   
"DisablePreviewDesktop"=0   
"TaskbarSmallIcons"=0   
"TaskbarGlomLevel"=2   
"ListviewAlphaSelect"=0   
"TaskbarAnimations"=0   
"ExtendedUIHoverTime"=0   
"DesktopLivePreviewHoverTime"=0   
"Start_PowerButtonAction"=2   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0   
"ConsentPromptBehaviorAdmin"=2   
"PromptOnSecureDesktop"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=85   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"EnableVirtualization"=1   
"ValidateAdminCodeSignatures"=0   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"EnableUIADesktopToggle"=0   
"legalnoticetext"=   
"EnableInstallerDetection"=1   
"EnableSecureUIAPaths"=1   
"FilterAdministratorToken"=0   
"ConsentPromptBehaviorUser"=3   
"dontdisplaylastusername"=0   
"undockwithoutlogon"=1   
"EnableLUA"=1   
"legalnoticecaption"=   
"PromptOnSecureDesktop"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoShellSearchButton"=0   
"NoFolderOptions"=0x00000000   
"NoTrayContextMenu"=0x00000000   
"NoSetTaskBar"=0   
"NoFileMenu"=0   
"NoActiveDesktopChanges"=0   
"NoLowDiskSpaceChecks"=0   
"NoNetworkConnections"=0   
"NoChangeStartMenu"=0x00000000   
"NoDesktop"=0x00000000   
"StartMenuLogOff"=0   
"NoActiveDesktop"=0   
"MaxRecentDocs"=0   
"NoNetConnectDisconnect"=0   
"NoRemoteRecursiveEvents"=0   
"NoDriveTypeAutoRun"=255   
"NoRecentDocsHistory"=0x00000000   
"NoFind"=0   
"ClearRecentDocsOnExit"=0x00000000   
"NoInternetIcon"=0   
"NoStartBanner"=0x00000000   
"NoNetHood"=0   
"NoRun"=0   
"NoViewContextMenu"=0x00000000   
"NoWinKey"=0   
"NoControlPanel"=0   
"NoNetConnextDisconnect"=0   
"NoFavoritesMenu"=0   
"NoWindowsUpdate"=0   
"NoDriveAutoRun"=4294967295   
"NoSMConfigurePrograms"=0   
"NoControlPanle"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoChangingWallPaper"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=134   
"Max Cached Icons"=2000   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"Userinit"=C:\Windows\system32\userinit.exe   [11/07/2017 14:02:00]
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=39   
"AllowMultipleTSSessions"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\System32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\System32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [11/10/2017 13:31:45]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [11/10/2017 13:31:45]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1
"C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe"=1
"C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF5\IObit Uninstaller.exe"=1
"SIGN.MEDIA=19AFF771 Setup.exe"=1
"C:\Users\enfers\Downloads\proxifier_3-29_en_64152.exe"=1
"C:\Users\enfers\Downloads\magic-mp3-tagger_2-2-6_en_126494.exe"=1
"C:\Users\enfers\Downloads\magic-mp3-tagger_2-2-6_en_126494(1).exe"=1
"C:\Users\enfers\Downloads\video-converter-studio.exe"=1
"C:\Users\enfers\Downloads\FreemakeAudioConverterSetup.exe"=1
"C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe"=1
"C:\Users\enfers\AppData\Local\Temp\n1s\nchsetup.exe"=1
"C:\Users\enfers\Downloads\ccsetup535.exe"=1
"C:\Users\enfers\Downloads\torbrowser-install-7.0.6_fr.exe"=1
"C:\Users\enfers\Downloads\mb3-setup-35891.35891-3.2.2.2029-1.0.207-1.0.2899.exe"=1
"C:\Users\enfers\Downloads\mbam-setup.exe"=1
"C:\Users\enfers\Desktop\Peer2Peer\Fichier\CyberGhost VPN 6.0.6.2540 + crack\CyberGhost_6.0.6.2540.exe"=1
"C:\Users\enfers\Desktop\Hotspot Shield VPN Elite 7.20.8 Setup +Update + Patch\Setup\Setup.exe"=1


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{18ebbd26-961a-11e7-9312-98e7f414a216}] : E:\autorun.exe     (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1
"ProductStatus"=0
"InstallTime"=0x40C1E2D218DED201

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)

[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries64\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015] : PROXIFIER LSP
[HKLM\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries64\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\ControlSet002\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015] : PROXIFIER LSP
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Namespace_Catalog5\Catalog_Entries64\000000000007] : %SystemRoot%\system32\PrxerNsp.dll
[HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015] : PROXIFIER LSP

---------- | Hosts

#       127.0.0.1       localhost

---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.204.142] avec 32 octets de donn?es?:
R?ponse de 192.168.8.250?: Impossible de joindre l'h?te de destination.
R?ponse de 192.168.8.250?: Impossible de joindre l'h?te de destination.
R?ponse de 192.168.8.250?: Impossible de joindre l'h?te de destination.
R?ponse de 192.168.8.250?: Impossible de joindre l'h?te de destination.

Statistiques Ping pour 216.58.204.142:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),

---------- | @

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000002003000030020000
"Start Page Redirect Cache_TIMESTAMP"=0x03AAFF69CBDFD201
"Start Page Redirect Cache AcceptLangs"=fr
"IE8RunOnceLastShown"=1
"IE8RunOnceLastShown_TIMESTAMP"=0xB386EC70CBDFD201
"IE8TourShown"=1
"IE8TourShownTime"=0x078EF577CBDFD201
"NotifyDownloadComplete"=yes
"DisableScriptDebuggerIE"=yes
"OperationalData"=5
"DefaultWANProfile"=137815446
"Isolation"=PMIL
"ImageStoreRandomFolder"=mclrwbg
"SearchBandRestoreBarCount"=0
"SearchBandMigrationVersion"=1
"Start Page_TIMESTAMP"=0xD62CEEDCFC41D301
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"DoNotTrack"=1
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0xE7A8C5A9E635D301
"IE10TourShown"=1
"IE10TourShownTime"=0xA76BCAA9E635D301

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x857135FA4006D301
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"ProxyEnable"=0
"MigrateProxy"=1
"WarnOnHTTPSToHTTPRedirect"=1
"WarnonBadCertRecving"=1
"WarnOnPostRedirect"=1
"GlobalUserOffline"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"WarnOnHTTPSToHTTPRedirect"=1
"WarnonBadCertRecving"=1
"CertificateRevocation"=1
"ProxyEnable"=0
"WarnOnPostRedirect"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"WarnOnHTTPSToHTTPRedirect"=1
"WarnonBadCertRecving"=1
"CertificateRevocation"=1
"ProxyEnable"=0
"WarnOnPostRedirect"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets

Possible Ramnit : C:\Users\enfers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AZ0BJAMN\search[1].htm : 69636F6E223E3C7469746C653E737663686F73742E6578652077696E646F77732037202D2052656368657263686520476F6F676C653C2F7469746C653E202020
Possible Ramnit : C:\Users\enfers\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSNCSS6W\1202392-svchost-exe-encombrant[1].htm : 2852E9736F6C75292C20737663686F73742E6578652C2070726F636573736575722C20616964657A2C20687474703A2F2F7777772E686F7374696E6770696373

---------- | Notify 


---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [05/10/2017 21:32:45]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=   


---------- | Toolbar

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x00   
"ITBarLayout"=0x00   

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
"DownloadRetries"=4   
"DefaultPackCorrection"=1   
"DefaultPackNTCorrection"=1   
"KnownProvidersUpgradeTime"=0x679F443E2541D301   
"Version"=4   
"UpgradeTime"=0x250E2633FD41D301   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll  [05/10/2017 21:31:29]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] -> (avast! Online Security) : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll  [05/10/2017 21:31:29]

---------- | Chrome


[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\MozillaPlugins\anvisoft.com/AdblockPlugin] - () : C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.170 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_170.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 27.0.0.170 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_170.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.6] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


C:\Users\enfers\AppData\Roaming\Mozilla\Firefox\Profiles\gydjksqb.default-1505245063118\Prefs.js

user_pref("browser.startup.homepage", "https://www.startpage.com/fra/");
user_pref("browser.startup.homepage_override.buildID", "20170926190823");
user_pref("browser.startup.homepage_override.mstone", "56.0");
user_pref("extensions.blocklist.pingCountTotal", 21);
user_pref("extensions.blocklist.pingCountVersion", 9);
user_pref("extensions.databaseSchema", 22);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", false);
user_pref("extensions.getAddons.cache.lastUpdate", 1508182387);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppBuildId", "20170926190823");
user_pref("extensions.lastAppVersion", "56.0");
user_pref("extensions.lastPlatformVersion", "56.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shield-recipe-client.first_run", false);
user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true);
user_pref("extensions.shield-recipe-client.startupExperimentPrefs.extensions.screenshots.system-disabled", false);
user_pref("extensions.shield-recipe-client.user_id", "175ad98a-1412-441b-a37f-d8d0cdf36d88");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{e16206b6-dfdf-47f8-9d0b-ffbe02a1756a}\",\"addons\":{\"shield-recipe-client@mozilla.org\":{\"version\":\"65.1\"}}}");
user_pref("extensions.webextensions.uuids", "{\"screenshots@mozilla.org\":\"4ac1ca0b-f94a-4a41-a3e3-6546f16b4ab1\",\"wrc@avast.com\":\"57e66dea-946d-49cb-ac21-763780ac60ac\"}");


[Profile0] - Name=default -> Profiles/gydjksqb.default-1505245063118

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.8.250
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{8ABEE179-ECDA-4F9D-85F4-37538E8C85BD}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{D674D178-FAF7-4969-9A05-19BB5DF52BBA}]
"DhcpNameServer"=192.168.8.250
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{8ABEE179-ECDA-4F9D-85F4-37538E8C85BD}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{D674D178-FAF7-4969-9A05-19BB5DF52BBA}]
"DhcpNameServer"=192.168.1.1 8.8.8.8
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8ABEE179-ECDA-4F9D-85F4-37538E8C85BD}]
"NameServer"=77.234.40.79
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{D674D178-FAF7-4969-9A05-19BB5DF52BBA}]
"DhcpNameServer"=192.168.8.250

---------- | Applications

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Classes\Applications\7zFM.exe] : "C:\Program Files (x86)\7-Zip\7zFM.exe" "%1"
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Classes\Applications\BitTorrent.exe] : "%APPDATA%\BitTorrent\BitTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\hl2.exe] : "c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\hl2.exe] : "c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\xnview.exe] : "C:\Program Files (x86)\XnView\xnview.exe" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"PeerDist"=PeerDistSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
PlugPlay
DcomLaunch


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\7-Zip]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\AMD]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Apowersoft]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\AppDataLow]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\ATI]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\AVAST Software]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\AVG Web TuneUp]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Avira]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Bytescout]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Chromium]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\cks]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Clients]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Disc Soft]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\DMGR1.25]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Freemake]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Glarysoft]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Initex]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Intel]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Macromedia]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Malwarebytes]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Malwarebytes' Anti-Malware]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Mozilla]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\NCH Software]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\NCH Swift Sound]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Piriform]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Policies]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Raptr]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Realtek]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\SecuROM]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Spotify]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Synaptics]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\sysinternals]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Trolltech]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Valve]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\WinRAR SFX]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Wow6432Node]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\ZHP]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVG]
[HKLM\Software\Clients]
[HKLM\Software\CyberGhost]
[HKLM\Software\Disc Soft]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Sonic]
[HKLM\Software\SonicFocus]
[HKLM\Software\SoundResearch]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\7-Zip]
[HKLM\Software\WOW6432Node\AMD]
[HKLM\Software\WOW6432Node\ATI]
[HKLM\Software\WOW6432Node\ATI Technologies]
[HKLM\Software\WOW6432Node\Avast Software]
[HKLM\Software\WOW6432Node\Freemake]
[HKLM\Software\WOW6432Node\Glarysoft]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\HUDSON]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\NCH Software]
[HKLM\Software\WOW6432Node\NCH Swift Sound]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\REALTEK Semiconductor Corp.]
[HKLM\Software\WOW6432Node\RtWLan]
[HKLM\Software\WOW6432Node\Songbird]
[HKLM\Software\WOW6432Node\SuperBoost]
[HKLM\Software\WOW6432Node\TuneUpMedia]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\Volatile]
[HKLM\Software\WOW6432Node\XnView]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


---------- | C:

[14/06/2017 21:37:58] - |AD| - [3072] - C:\$Anvi Rescue Disk$
[26/08/2017 10:55:34] - |HD| - [1183744] - C:\$AV_ASW
[14/07/2009 05:18:56] - |SHD| - [129] - C:\$Recycle.Bin
[27/06/2017 10:18:44] - |D| - [8214329] - C:\AdwCleaner
[07/06/2017 22:45:59] - |D| - [1312185612] - C:\AMD
[MD5.B9F7B4AAD8424CFA896EB7A5946B2F8D] - [14/06/2017 21:44:16] - |A| - (.Anvisoft Company - Anvi Smart Defender 2 Installation.) - [39269240] - (2.5.0.0) - C:\asdsetup.exe
[13/10/2017 23:15:10] - |SHD| - [0] - C:\Config.Msi
[14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings
[31/07/2017 20:12:03] - |D| - [643187579] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2017 18:26:06] - |ASH| - (.-.) - [3158839296] - (0.0.0.0) - C:\hiberfil.sys
[07/06/2017 22:24:55] - |D| - [179080] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/06/2017 18:26:07] - |ASH| - (.-.) - [4211785728] - (0.0.0.0) - C:\pagefile.sys
[14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs
[14/07/2009 05:20:08] - |RD| - [3595575236] - C:\Program Files
[14/07/2009 05:20:08] - |RD| - [8145045636] - C:\Program Files (x86)
[14/07/2009 05:20:08] - |HD| - [2089378153] - C:\ProgramData
[17/10/2017 20:01:06] - |D| - [68687] - C:\QuickDiag
[MD5.CC7C6638C0930838F2BAD037D9617F5E] - [17/10/2017 20:01:51] - |A| - (.-.) - [108906] - (0.0.0.0) - C:\QuickDiag.txt
[05/06/2017 18:32:03] - |SHD| - [173147937] - C:\Recovery
[08/10/2017 11:41:12] - |D| - [0] - C:\Softwares
[05/06/2017 18:26:06] - |SHD| - [0] - C:\System Volume Information
[14/07/2009 05:20:08] - |RD| - [588506449512] - C:\Users
[14/07/2009 05:20:08] - |D| - [48989321577] - C:\Windows
[26/06/2017 10:48:57] - |D| - [193986560000] - C:\Windows.old

---------- | C:\Windows

[14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins
[14/07/2009 05:20:08] - |D| - [8353155] - C:\Windows\AppCompat
[14/07/2009 05:20:08] - |D| - [17775160] - C:\Windows\AppPatch
[26/07/2017 23:55:21] - |D| - [136192] - C:\Windows\ar-SA
[14/07/2009 05:20:08] - |RSD| - [2027113963] - C:\Windows\assembly
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [11/07/2017 14:01:44] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[27/07/2017 06:10:38] - |D| - [81920] - C:\Windows\bg-BG
[14/07/2009 17:35:06] - |SHD| - [553227] - C:\Windows\BitLockerDiscoveryVolumeContents
[14/07/2009 05:20:09] - |D| - [31020270] - C:\Windows\Boot
[MD5.9B69425F62A68C51FDA53884788E0809] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 05:20:09] - |D| - [6611456] - C:\Windows\Branding
[27/07/2017 02:18:15] - |D| - [132096] - C:\Windows\cs-CZ
[14/07/2009 17:35:06] - |D| - [0] - C:\Windows\CSC
[14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors
[27/07/2017 10:48:05] - |D| - [133632] - C:\Windows\da-DK
[26/07/2017 23:41:29] - |D| - [140288] - C:\Windows\de-DE
[14/07/2009 06:45:54] - |D| - [1044] - C:\Windows\debug
[14/07/2009 07:32:38] - |D| - [10610481] - C:\Windows\diagnostics
[14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Downloaded Program Files
[14/07/2009 17:35:06] - |D| - [152783134] - C:\Windows\ehome
[27/07/2017 03:23:14] - |D| - [146944] - C:\Windows\el-GR
[14/07/2009 07:37:46] - |D| - [110080] - C:\Windows\en-US
[MD5.89AFDD29832AA923926BDD4B5F5243D5] - [05/12/2015 12:24:23] - |A| - (.-.) - [163328] - (0.0.0.0) - C:\Windows\ERDNT.E_E
[MD5.F9650A5C954D2A9F8844DE99E8577F93] - [05/12/2015 12:24:23] - |A| - (.-.) - [2815] - (0.0.0.0) - C:\Windows\ERDNTDOS.LOC
[MD5.388D865D44EE8069DF8BD12EFEDADB3E] - [05/12/2015 12:24:23] - |A| - (.-.) - [3275] - (0.0.0.0) - C:\Windows\ERDNTWIN.LOC
[MD5.2E0323A94915FAAB10A25F3BABF82584] - [05/12/2015 12:24:23] - |A| - (.-.) - [157696] - (0.0.0.0) - C:\Windows\ERUNT.exe
[MD5.02187B1B6F37B3D0030791C802A6174C] - [05/12/2015 12:24:23] - |A| - (.-.) - [4090] - (0.0.0.0) - C:\Windows\ERUNT.LOC
[27/07/2017 00:43:59] - |D| - [139264] - C:\Windows\es-ES
[27/07/2017 04:43:52] - |D| - [77312] - C:\Windows\et-EE
[MD5.38AE1B3C38FAEF56FE4907922F0385BA] - [11/07/2017 15:19:38] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [3229696] - (6.1.7601.23537) - C:\Windows\explorer.exe
[11/07/2017 13:17:13] - |D| - [130048] - C:\Windows\fi-FI
[14/07/2009 05:20:09] - |RSD| - [356475031] - C:\Windows\Fonts
[14/07/2009 17:24:08] - |D| - [142336] - C:\Windows\fr-FR
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 05:20:09] - |D| - [25187856] - C:\Windows\Globalization
[27/07/2017 00:31:10] - |D| - [147968] - C:\Windows\he-IL
[14/07/2009 05:20:09] - |D| - [1474133925] - C:\Windows\Help
[MD5.A66E522F3CBFB8709EA37844922A002E] - [11/07/2017 15:30:35] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [14/07/2009 02:29:03] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe
[27/07/2017 09:44:58] - |D| - [80384] - C:\Windows\hr-HR
[27/07/2017 01:09:52] - |D| - [136704] - C:\Windows\hu-HU
[14/07/2009 05:20:09] - |D| - [143594348] - C:\Windows\IME
[14/07/2009 05:20:10] - |D| - [156477177] - C:\Windows\inf
[07/06/2017 22:35:22] - |SHD| - [381276399] - C:\Windows\Installer
[05/09/2017 06:57:21] - |D| - [0] - C:\Windows\IObit
[27/07/2017 00:06:55] - |D| - [138240] - C:\Windows\it-IT
[27/07/2017 11:28:39] - |D| - [89088] - C:\Windows\ja-JP
[27/07/2017 02:40:00] - |D| - [103424] - C:\Windows\ko-KR
[14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports
[14/07/2009 05:20:10] - |D| - [59654028] - C:\Windows\Logs
[27/07/2017 04:25:23] - |D| - [80896] - C:\Windows\lt-LT
[27/07/2017 01:22:29] - |D| - [79360] - C:\Windows\lv-LV
[14/07/2009 05:20:10] - |RSD| - [13327133] - C:\Windows\Media
[MD5.2E28B8543639C01E9FECB6712FEF37AB] - [13/10/2017 22:53:16] - |A| - (.-.) - [677122265] - (0.0.0.0) - C:\Windows\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[15/06/2017 06:12:03] - |D| - [63766] - C:\Windows\Microsoft Antimalware
[14/07/2009 05:20:10] - |D| - [1429810567] - C:\Windows\Microsoft.NET
[14/06/2017 22:44:42] - |D| - [4287] - C:\Windows\Migration
[26/07/2017 18:43:45] - |D| - [1995840] - C:\Windows\Minidump
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[27/07/2017 03:43:45] - |D| - [129024] - C:\Windows\nb-NO
[27/07/2017 01:36:51] - |D| - [139776] - C:\Windows\nl-NL
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [11/07/2017 15:17:25] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe
[MD5.ACCFD3B107A046F7150F38FC41DA1079] - [16/10/2017 21:04:21] - |A| - (.-.) - [92286] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[05/06/2017 19:25:30] - |D| - [0] - C:\Windows\Panther
[14/07/2009 07:32:38] - |D| - [61871352] - C:\Windows\Performance
[MD5.36B27A520D545CB21F79834140D2C600] - [16/10/2017 19:06:37] - |A| - (.-.) - [1084] - (0.0.0.0) - C:\Windows\PFRO.log
[27/07/2017 07:08:27] - |D| - [135168] - C:\Windows\pl-PL
[14/07/2009 05:20:10] - |D| - [5149998] - C:\Windows\PLA
[14/07/2009 05:20:10] - |D| - [63321764] - C:\Windows\PolicyDefinitions
[05/06/2017 18:26:29] - |D| - [86148236] - C:\Windows\Prefetch
[27/07/2017 08:32:46] - |D| - [136192] - C:\Windows\pt-BR
[27/07/2017 07:33:41] - |D| - [136704] - C:\Windows\pt-PT
[MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration
[14/07/2009 17:35:06] - |D| - [0] - C:\Windows\RemotePackages
[14/07/2009 05:20:10] - |D| - [12068209] - C:\Windows\rescache
[14/07/2009 05:20:10] - |D| - [3291942] - C:\Windows\Resources
[27/07/2017 10:15:01] - |D| - [81920] - C:\Windows\ro-RO
[27/07/2017 04:04:53] - |D| - [133632] - C:\Windows\ru-RU
[MD5.C967FF9CE59D51C6D4F6E126C7FB0EEE] - [07/06/2017 22:34:28] - |A| - (.Copyright (C) 2012-2014 -.) - [44760] - (1.1005.415.2014) - C:\Windows\runSW.exe
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 05:20:10] - |D| - [5281068] - C:\Windows\security
[14/07/2009 06:45:47] - |D| - [776413634] - C:\Windows\ServiceProfiles
[14/07/2009 05:20:10] - |D| - [577043149] - C:\Windows\servicing
[14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.5E96602F592E97F540955E67BD55C760] - [12/10/2017 19:18:44] - |A| - (.-.) - [1008] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/10/2017 19:18:44] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[11/07/2017 13:27:24] - |D| - [82432] - C:\Windows\sk-SK
[27/07/2017 00:18:59] - |D| - [79872] - C:\Windows\sl-SI
[05/06/2017 18:33:57] - |D| - [932207225] - C:\Windows\SoftwareDistribution
[14/07/2009 05:20:10] - |D| - [574292362] - C:\Windows\Speech
[MD5.D01628AF9F7FB3F415B357D446FBE6D9] - [11/07/2017 14:02:26] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17514) - C:\Windows\splwow64.exe
[27/07/2017 05:02:06] - |D| - [80384] - C:\Windows\sr-Latn-CS
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[27/07/2017 03:00:07] - |D| - [131072] - C:\Windows\sv-SE
[MD5.799C8BB0C2D54159845672F04BB8500F] - [07/06/2017 22:34:28] - |A| - (.2012: (c) Realtek.  By Karl - Switch USB2.0/USB3.0 for WinXP SP2+ ~ Win8.1.) - [454360] - (500.1032.515.2015) - C:\Windows\SwUSB.exe
[08/10/2017 11:41:12] - |D| - [0] - C:\Windows\Sys64
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[14/07/2009 05:20:10] - |D| - [8278015694] - C:\Windows\System32
[14/07/2009 05:20:14] - |D| - [2736649204] - C:\Windows\SysWOW64
[14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 05:20:14] - |D| - [32600] - C:\Windows\Tasks
[14/07/2009 05:20:14] - |D| - [18650684] - C:\Windows\Temp
[11/07/2017 13:21:18] - |D| - [77824] - C:\Windows\th-TH
[27/07/2017 06:34:23] - |D| - [131584] - C:\Windows\tr-TR
[14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 07:32:38] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [11/07/2017 14:01:46] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[27/07/2017 00:57:02] - |D| - [80896] - C:\Windows\uk-UA
[MD5.BE9ABBA239905C914B050195978E4D02] - [14/07/2009 17:35:44] - |A| - (.-.) - [51867] - (0.0.0.0) - C:\Windows\Ultimate.xml
[MD5.FFD1091BF01CB6CDB38F08E06CDC8974] - [10/07/2017 20:15:31] - |A| - (.-.) - [1533] - (0.0.0.0) - C:\Windows\unins000.dat
[MD5.6B84FABCBD099B83A67DC447BA94F00C] - [10/07/2017 20:15:31] - |A| - (.- Setup/Uninstall.) - [707354] - (51.50.0.0) - C:\Windows\unins000.exe
[14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss
[14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.6C8D0BCDBA8550E64E5279CD47B4A588] - [05/06/2017 18:33:56] - |A| - (.-.) - [1785425] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[14/07/2009 05:20:14] - |D| - [27828554211] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe
[27/07/2017 05:29:30] - |D| - [92672] - C:\Windows\zh-CN
[27/07/2017 09:12:05] - |D| - [92160] - C:\Windows\zh-TW

---------- | C:\Windows\System32\GroupPolicy

[MD5.A943A33C8C4B453FE6F98D5D84995712] - [10/07/2017 20:16:55] - |A| - (.-.) - [51] - (0.0.0.0) - C:\Windows\System32\GroupPolicy\gpt.ini
[10/07/2017 20:16:55] - |D| - [8] - C:\Windows\System32\GroupPolicy\Machine
[10/07/2017 20:16:55] - |D| - [0] - C:\Windows\System32\GroupPolicy\User

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[19/04/2017 19:01:24] - C:\Windows\Installer\34de13.msi : (Intel(R) Rapid Storage Technology - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini
[13/07/2017 03:41:45] - [16303] - C:\Windows\System32\ieuinit.inf
[14/07/2009 07:13:15] - [2245384] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[07/06/2017 22:34:28] - [3086] - C:\Windows\Syswow64\EAPPkt.inf
[11/07/2017 18:45:53] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[08/06/2017 11:31:11] - [2208252] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.9B59AB9A6E428972A44E7B2CB174775E] - |A| - [12/07/2017 19:34:24] - (.-.) - [122.74 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.D03240FFB29728D31904926B8ABD1B08] - |A| - [13/10/2017 23:16:16] - (.-.) - [4.69 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00000.log
[MD5.5C69653BDE1484B99D14EBF91C19747D] - |A| - [13/10/2017 23:16:35] - (.-.) - [3.12 Ko] - (0.0.0.0) - C:\Windows\Temp\ASPNETSetup_00001.log
[MD5.862DEC5C27142824A394BC6464928F48] - |AT| - [14/10/2017 22:01:55] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\Windows\Temp\asw-9ab01a1d-8b3c-4943-b9d3-603405df3b3d.tmp
[MD5.00000000000000000000000000000000] - |D| - [07/10/2017 23:28:45] - [311.28 Ko] - C:\Windows\Temp\avast_ash2
[MD5.C840D196E2F80202AD0B0B7CB88BA699] - |A| - [13/10/2017 23:11:45] - (.-.) - [1.19 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_NDP46-KB4043764-x64_decompression_log.txt
[MD5.379C47E79A7E157FAE1F2AF139AC2947] - |A| - [13/10/2017 23:15:52] - (.-.) - [4.59 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171013_211552_689.txt
[MD5.9A7D5D5D9FCF1753C362A6AF5A5D12DC] - |A| - [13/10/2017 23:15:59] - (.-.) - [2.64 Ko] - (0.0.0.0) - C:\Windows\Temp\dd_wcf_CA_smci_20171013_211559_266.txt
[MD5.00000000000000000000000000000000] - |D| - [10/09/2017 10:01:03] - [501.38 Ko] - C:\Windows\Temp\DPTF
[MD5.822065502B2265D1301864106A04357B] - |A| - [13/10/2017 23:14:38] - (.-.) - [9184.87 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4043764_20171013_231430784-Microsoft .NET Framework 4.7-MSP0.txt
[MD5.D11EEDD4744DEBC8D429280F3405FD59] - |A| - [13/10/2017 23:12:01] - (.-.) - [98.23 Ko] - (0.0.0.0) - C:\Windows\Temp\KB4043764_20171013_231430784.html
[MD5.880110B70D34E4D52627FB4D4A987113] - |A| - [09/10/2017 21:20:19] - (.-.) - [4.92 Ko] - (0.0.0.0) - C:\Windows\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [11/10/2017 03:02:21] - [0 Ko] - C:\Windows\Temp\MPInstrumentation
[MD5.844B6396F10C11DD553F5DC1C0D44B4E] - |A| - [13/10/2017 23:28:18] - (.-.) - [13.05 Ko] - (0.0.0.0) - C:\Windows\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [17/10/2017 20:20:16] - [0 Ko] - C:\Windows\Temp\MPTelemetrySubmit
[MD5.13CD2799AF29E35E7536BE89B4482574] - |A| - [13/10/2017 23:16:28] - (.-.) - [10.22 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI89E8.tmp
[MD5.4AAE089D3731C3F9DCA27587E61CC4A2] - |A| - [13/10/2017 23:16:28] - (.-.) - [8.79 Ko] - (0.0.0.0) - C:\Windows\Temp\RGI89E8.tmp-tmp
[MD5.00000000000000000000000000000000] - |D| - [15/10/2017 19:41:17] - [196.1 Ko] - C:\Windows\Temp\SDIAG_b00b135a-38d7-458c-bde5-ad3551f10dbb
[MD5.59071590099D21DD439896592338BF95] - |AT| - [17/10/2017 04:36:26] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP5C8F2F36ED6169E0
[MD5.59071590099D21DD439896592338BF95] - |AT| - [14/10/2017 13:37:40] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMP63F5240190434743
[MD5.59071590099D21DD439896592338BF95] - |AT| - [14/10/2017 23:59:26] - (.-.) - [512 Ko] - (0.0.0.0) - C:\Windows\Temp\TMPAB9B7FE130B56B33
[MD5.00000000000000000000000000000000] - |D| - [01/08/2017 19:35:25] - [0 Ko] - C:\Windows\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [11/10/2017 22:05:10] - [5872.23 Ko] - C:\Windows\Temp\{7C2D6F7E-95C9-4EC6-8975-F0CCFE3A958A}
[MD5.00000000000000000000000000000000] - |D| - [13/10/2017 00:05:07] - [460.23 Ko] - C:\Windows\Temp\{C6C1B8CB-B9F6-4065-81D8-B2C4553F9E85}
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 13:12:13] - [0 Ko] - C:\Windows\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [0 Ko] - C:\Windows\System32\040C
[MD5.AE3F4B67EEABD2F9806FB25FC10F5088] - |AH| - [14/07/2009 06:45:49] - (.-.) - [20.22 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.AE3F4B67EEABD2F9806FB25FC10F5088] - |AH| - [14/07/2009 06:45:49] - (.-.) - [20.22 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.6AFF7354EB6FB5E99DF4AB0ACDC19859] - |A| - [05/09/2017 20:04:16] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\System32\amd-vulkan64.json
[MD5.74E107225671E347F93E3491632B7E66] - |A| - [05/09/2017 20:03:55] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [125.95 Ko] - (22.19.662.4) - C:\Windows\System32\amdave64.dll
[MD5.A4996222069F0FD091FED18FE922DC6F] - |A| - [05/09/2017 20:03:55] - (.-.) - [155.34 Ko] - (0.0.0.0) - C:\Windows\System32\amde31a.dat
[MD5.898C232737B2EDDCFC1FEE9077F29E58] - |A| - [05/09/2017 20:03:55] - (.-.) - [162.66 Ko] - (0.0.0.0) - C:\Windows\System32\amde34a.dat
[MD5.67F34021C0434640AAB6D37DEA59893B] - |A| - [05/09/2017 20:03:55] - (.-.) - [162.66 Ko] - (0.0.0.0) - C:\Windows\System32\amde34b.dat
[MD5.9CF41AE68017FC3A5E6FB7F3AC91F5EA] - |A| - [05/09/2017 20:03:55] - (.-.) - [161.16 Ko] - (0.0.0.0) - C:\Windows\System32\amde40a.dat
[MD5.1FE54BC7DF424AE407F3C38D0D90658F] - |A| - [05/09/2017 20:03:55] - (.-.) - [493.88 Ko] - (0.0.0.0) - C:\Windows\System32\amdgfxinfo64.dll
[MD5.EFFC91A9B3A616F8A83A93C41562372B] - |A| - [05/09/2017 20:03:55] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [181.25 Ko] - (22.19.662.4) - C:\Windows\System32\amdhcp64.dll
[MD5.B76F220B0BE0B4E6E39FD34E551452A4] - |A| - [05/09/2017 20:03:55] - (.-.) - [932.77 Ko] - (0.0.0.0) - C:\Windows\System32\amdicdxx.dat
[MD5.6FB5582E1415B9889CB3C24B873A51C0] - |A| - [05/09/2017 20:04:16] - (.-.) - [30.31 Ko] - (0.0.0.0) - C:\Windows\System32\AMDKernelEvents.man
[MD5.6CE794B14C5E01AB3178A314E96B05F6] - |A| - [05/09/2017 20:03:55] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [835.38 Ko] - (1.0.11.0) - C:\Windows\System32\amdlvr64.dll
[MD5.CAB450CC0BA35ADD4D7B5DBE97B14645] - |A| - [05/09/2017 20:03:56] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [11784.38 Ko] - (22.19.662.4) - C:\Windows\System32\amdmantle64.dll
[MD5.04BCF838E4923203CFB22783901D840B] - |A| - [05/09/2017 20:03:57] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [80.88 Ko] - (1.6.0.0) - C:\Windows\System32\amdmcl64.dll
[MD5.587A66E89C06C15C0A9B0DDD05E2C891] - |A| - [05/09/2017 20:03:57] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [65.38 Ko] - (22.19.662.4) - C:\Windows\System32\amdmmcl6.dll
[MD5.856F5E5967980C2A5590F2A500E061EF] - |A| - [05/09/2017 20:04:01] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [30339.88 Ko] - (22.19.662.4) - C:\Windows\System32\amdocl12cl64.dll
[MD5.3FFD5657E44E067C40804437D28BF7F2] - |A| - [05/09/2017 20:04:02] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [60146.88 Ko] - (22.19.662.4) - C:\Windows\System32\amdocl64.dll
[MD5.ECC9D68F5BEF5CD67BE2D2F758661980] - |A| - [04/08/2015 08:19:02] - (.-.) - [1159.51 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_as64.exe
[MD5.DD3E0FE46F9AB3F9A339F4DD3B2B2E4C] - |A| - [04/08/2015 08:19:02] - (.-.) - [1037.01 Ko] - (0.0.0.0) - C:\Windows\System32\amdocl_ld64.exe
[MD5.54B00CA0646E17FFA9690B904C09D4DC] - |A| - [05/09/2017 20:04:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [118.4 Ko] - (22.19.662.4) - C:\Windows\System32\amdpcom64.dll
[MD5.E416E6803216E0610D0309972D5F3F78] - |A| - [05/09/2017 20:04:06] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [162.88 Ko] - (15.13.6.0) - C:\Windows\System32\amduve64.dll
[MD5.5F555A3E268AE31FB2D9996E5CACECCA] - |A| - [05/09/2017 20:04:07] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [12192.88 Ko] - (1.0.51.0) - C:\Windows\System32\amdvlk64.dll
[MD5.3345D391180A341CF236D8EEA36B3FFD] - |A| - [05/09/2017 20:04:07] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2834.88 Ko] - (1.4.4.0) - C:\Windows\System32\amfrt64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/06/2017 22:32:17] - [0 Ko] - C:\Windows\System32\appmgmt
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 20:44:02] - [2507.98 Ko] - C:\Windows\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [101197.36 Ko] - C:\Windows\System32\ar-SA
[MD5.E5555B741B28425992E8CC2AE6DFCB37] - |A| - [07/10/2017 16:43:20] - (.Copyright (c) 2014 AVAST Software - Avast start-up scanner.) - [392.08 Ko] - (17.7.3660.0) - C:\Windows\System32\aswBoot.exe
[MD5.AD5114A51D1256E532EFFEE1434190BA] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1489.38 Ko] - (22.19.662.4) - C:\Windows\System32\atiadlxx.dll
[MD5.81AF51277D9FB5030D80E0157303BA17] - |A| - [05/09/2017 20:03:54] - (.-.) - [795.77 Ko] - (0.0.0.0) - C:\Windows\System32\atiapfxx.blb
[MD5.4ED6405CF58A528EC85D76922DB444D4] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [641.88 Ko] - (22.19.662.4) - C:\Windows\System32\atiapfxx.exe
[MD5.644982A304065A37EB73CA90538022C0] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [70.38 Ko] - (22.19.662.4) - C:\Windows\System32\aticalcl64.dll
[MD5.D6435815659D2EEF00E0386A270336D9] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [15359.88 Ko] - (22.19.662.4) - C:\Windows\System32\aticaldd64.dll
[MD5.9D1D9CA91E6547B0827D3B3D92DE7FE1] - |A| - [05/09/2017 20:04:09] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [76.88 Ko] - (22.19.662.4) - C:\Windows\System32\aticalrt64.dll
[MD5.BF8252FC204D280FFE88AB0B34CBF89A] - |A| - [05/09/2017 20:04:09] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx64.dll.) - [1866.05 Ko] - (22.19.662.4) - C:\Windows\System32\aticfx64.dll
[MD5.53D4B656BEC3600A0F445E7FA16C8DAB] - |A| - [05/09/2017 20:04:09] - (.2002-2012 - Graphics DEM.) - [447.88 Ko] - (4.5.6410.31840) - C:\Windows\System32\atidemgy.dll
[MD5.2AAC290C7FBCE03DA2DE5436D2B09F33] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx64.dll.) - [14345.77 Ko] - (22.19.662.4) - C:\Windows\System32\atidxx64.dll
[MD5.5B4321DE37F68EAC9752645EFB9B3F7C] - |A| - [05/09/2017 20:04:16] - (.-.) - [463.88 Ko] - (0.0.0.0) - C:\Windows\System32\atieah64.exe
[MD5.A78ED6A54F3D0A7E9B1D8CD775DBD708] - |A| - [05/09/2017 20:04:16] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [754.38 Ko] - (22.19.662.4) - C:\Windows\System32\atieclxx.exe
[MD5.A4320D4CD23A9897EF61C771BB5189F7] - |A| - [05/09/2017 20:04:16] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [530.38 Ko] - (22.19.662.4) - C:\Windows\System32\atiesrxx.exe
[MD5.90FA4395F6807A46266BCE31FB782502] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [151.88 Ko] - (22.19.662.4) - C:\Windows\System32\atig6pxx.dll
[MD5.94B81ECB7E4406F7C8F053B412100454] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [230.88 Ko] - (22.19.662.4) - C:\Windows\System32\atig6txx.dll
[MD5.E3DBD7E4F1505A5E4E276F9D03F7B82D] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [121.88 Ko] - (22.19.662.4) - C:\Windows\System32\atiglpxx.dll
[MD5.079EFFD5BECB418FE6596229B28D7324] - |A| - [06/11/2014 12:53:26] - (.-.) - [720.13 Ko] - (0.0.0.0) - C:\Windows\System32\atiicdxx.dat
[MD5.54B00CA0646E17FFA9690B904C09D4DC] - |A| - [05/09/2017 20:04:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [118.4 Ko] - (22.19.662.4) - C:\Windows\System32\atimpc64.dll
[MD5.4EC814DCCFCD72E2B6FBD8062858AB77] - |A| - [05/09/2017 20:04:10] - (.Copyright ? 2009 AMD - Multi-language DPPE DLL.) - [112.88 Ko] - (22.19.662.4) - C:\Windows\System32\atimuixx.dll
[MD5.2A34A089C7023440268037BAB3E5EC02] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [34373.88 Ko] - (22.19.662.4) - C:\Windows\System32\atio6axx.dll
[MD5.38B618F50F8682204A8952689C7B1B9D] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2008 - ATIODCLI Application.) - [65.88 Ko] - (22.19.662.4) - C:\Windows\System32\ATIODCLI.exe
[MD5.833D204E93DD7EDD22989397E4F73053] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2008 - ATIODE Application.) - [340.88 Ko] - (22.19.662.4) - C:\Windows\System32\ATIODE.exe
[MD5.068525D0ABA3334CCD51AF333A1A3969] - |A| - [05/09/2017 20:04:13] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [155.38 Ko] - (22.19.662.4) - C:\Windows\System32\atisamu64.dll
[MD5.73CBE18260B5903D7E38785027F5BAB3] - |A| - [05/09/2017 20:04:13] - (.Copy Right © 2012 Advanced Micro Devices, Inc - TMM Clone Control Module.) - [531.38 Ko] - (22.19.662.4) - C:\Windows\System32\atitmm64.dll
[MD5.A2C554FFBE23521A1D995874ED66B32F] - |A| - [05/09/2017 20:04:13] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [180.75 Ko] - (22.19.662.4) - C:\Windows\System32\atiu9p64.dll
[MD5.2D898D92048F3819CD60C4FDA909631D] - |A| - [05/09/2017 20:04:13] - (.Copyright (C) 1998-2011 AMD Inc. - atiumd64.dll.) - [11285.43 Ko] - (22.19.662.4) - C:\Windows\System32\atiumd64.dll
[MD5.A0A0F6FF440FC3855C022892FBF55E56] - |A| - [05/09/2017 20:03:54] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\Windows\System32\atiumd6a.cap
[MD5.6DB0C877CE0938EDD53CF384785B3345] - |A| - [05/09/2017 20:04:14] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [12450.27 Ko] - (22.19.662.4) - C:\Windows\System32\atiumd6a.dll
[MD5.A884A3788B5BFE687839A9DEE1B166E5] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [203.39 Ko] - (22.19.662.4) - C:\Windows\System32\atiuxp64.dll
[MD5.913A194E8FC2E5D0DEC552D68679D7B6] - |A| - [05/09/2017 20:03:55] - (.-.) - [98.45 Ko] - (0.0.0.0) - C:\Windows\System32\ativce02.dat
[MD5.F1BA5386DED28EA5C2E0171CAB1BD8B1] - |A| - [05/09/2017 20:03:55] - (.-.) - [153.22 Ko] - (0.0.0.0) - C:\Windows\System32\ativce03.dat
[MD5.36776A9E27F69695331EED4149C2EBC4] - |A| - [05/09/2017 20:03:55] - (.-.) - [228.8 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik.dat
[MD5.757F192F2E89625496597D0AD2CE0D5E] - |A| - [05/09/2017 20:03:55] - (.-.) - [228.55 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cik_nd.dat
[MD5.E1BBFD48BDD0B6214AFA2EF1A1495985] - |A| - [05/09/2017 20:03:55] - (.-.) - [265.09 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_cz_nd.dat
[MD5.B32DDA4C4A2E709B7166423198164C76] - |A| - [05/09/2017 20:03:55] - (.-.) - [362.03 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_el_nd.dat
[MD5.7E45EF6DFC8C2393447006CCD5ADE038] - |A| - [05/09/2017 20:03:55] - (.-.) - [260.64 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ.dat
[MD5.030C481ED88035EF1F2E239F7542BE1F] - |A| - [05/09/2017 20:03:55] - (.-.) - [260.39 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_FJ_nd.dat
[MD5.9421897201F7A2DF6B18B0F7DC1B52C0] - |A| - [05/09/2017 20:03:55] - (.-.) - [361.97 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_gl_nd.dat
[MD5.5F0CCF54BA42D9749FDBDED57A60C38F] - |A| - [05/09/2017 20:03:55] - (.-.) - [328.72 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_rv.dat
[MD5.AB7AB6DD41E1C1180FD897453DE6AB5F] - |A| - [05/09/2017 20:03:55] - (.-.) - [270.47 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_stn_nd.dat
[MD5.9465B6BB3FB4E0F42A163B41EB4F66F5] - |A| - [05/09/2017 20:03:55] - (.-.) - [317.69 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi.dat
[MD5.F18E51472AAC4404A761F0E55C679221] - |A| - [05/09/2017 20:03:55] - (.-.) - [317.44 Ko] - (0.0.0.0) - C:\Windows\System32\ativvaxy_vi_nd.dat
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [04/08/2015 04:12:40] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [04/08/2015 04:12:40] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\System32\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [20710.62 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [5160.84 Ko] - C:\Windows\System32\Boot
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 03:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 02:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour réseau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.936CCC6EADD4831CDE23393AFCD850FB] - |A| - [05/09/2017 13:09:00] - (.(c) Conexant System, Inc. - CAFAPI.) - [112.42 Ko] - (3.0.0.1) - C:\Windows\System32\Caf64api.dll
[MD5.F0D9E4A750746EB291D15798AA925D9D] - |A| - [05/09/2017 13:09:00] - (.©Conexant Systems, Inc. - Conexant Audio Processing Objects, (x64).) - [595.11 Ko] - (2.51.0.0) - C:\Windows\System32\CAF64APO2.dll
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [390346.51 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [155288 Ko] - C:\Windows\System32\catroot2
[MD5.1C2BF48A5D42F7F06E9E32BE3C6B3898] - |A| - [05/09/2017 20:04:16] - (.-.) - [352.38 Ko] - (0.0.0.0) - C:\Windows\System32\clinfo.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [11179.32 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.C9685E2A48B6D1F5D2A0D4B8A9676382] - |A| - [05/09/2017 20:04:19] - (.AMD. - CoInstaller DLL.) - [894.38 Ko] - (1.0.5.9) - C:\Windows\System32\coinst_17.30.dll
[MD5.64430E214B5B229D426D2D35538C402D] - |A| - [29/03/2017 10:05:54] - (.-.) - [366.38 Ko] - (0.0.0.0) - C:\Windows\System32\ColorImageEnhancement.wmv
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [441 Ko] - C:\Windows\System32\com
[MD5.755BFC56892C3ECCA0F02AAC5E0BD3B1] - |A| - [05/09/2017 13:09:00] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [119.45 Ko] - (1.0.0.4) - C:\Windows\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [991994.41 Ko] - C:\Windows\System32\config
[MD5.82DF5576BDD96CE8DF5A06C0571EA463] - |A| - [29/03/2017 10:05:54] - (.-.) - [499.28 Ko] - (0.0.0.0) - C:\Windows\System32\cp_resources.bin
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [36974.56 Ko] - C:\Windows\System32\cs-CZ
[MD5.707DBFA069D1A078D5FC6CB57A9BB707] - |A| - [05/09/2017 13:09:00] - (.©Conexant Systems Inc. - Conexant APO.) - [1578.79 Ko] - (1.74.0.0) - C:\Windows\System32\CX64APO.dll
[MD5.42403C608F1EB6A3A003ED8949C3CE04] - |A| - [05/09/2017 13:09:00] - (.©Conexant Systems Inc. - Conexant MFX APO Proxy.) - [1493.3 Ko] - (1.2.0.0) - C:\Windows\System32\CX64Proxy.dll
[MD5.2B4C3D9F114EE40FEAD6A86395F2FC89] - |A| - [07/06/2017 22:44:06] - (.-.) - [5.47 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.lncs
[MD5.7C5FD3EEC5147A5C2060B080AF7604D2] - |A| - [05/09/2017 13:09:00] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\Windows\System32\cxapo.prop
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [35703.18 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [39218.14 Ko] - C:\Windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 06:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.43A53C6A212AB933AA04E31F4ED8FBCB] - |A| - [05/09/2017 20:04:16] - (.-.) - [530.88 Ko] - (0.0.0.0) - C:\Windows\System32\dgtrayicon.exe
[MD5.17FBCE91AEBA666E5BC2423C8EB34E8B] - |A| - [29/03/2017 10:05:54] - (.-.) - [812.19 Ko] - (0.0.0.0) - C:\Windows\System32\DisplayAudiox64.cab
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [29/03/2017 10:05:54] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [29/03/2017 10:05:54] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [145536.65 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2160320.84 Ko] - C:\Windows\System32\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [42924.05 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 13:12:13] - [1804 Ko] - C:\Windows\System32\en
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36092.74 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [39042.76 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [15817.86 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 14:05:42] - [154.5 Ko] - C:\Windows\System32\EventProviders
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 13:17:02] - [1808 Ko] - C:\Windows\System32\fi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [37938.17 Ko] - C:\Windows\System32\fi-FI
[MD5.A08B87CC51FB774ED45FDF4284B1974F] - |A| - [29/03/2017 10:05:54] - (.-.) - [626.49 Ko] - (0.0.0.0) - C:\Windows\System32\FilmModeDetection.wmv
[MD5.7C89F7E3BD8533D0C7974892369A0B6A] - |A| - [12/10/2017 19:18:19] - (.-.) - [261.54 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [1840 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [42561.45 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.48CB5BE5BB7020C46F39B0531EA72BE5] - |A| - [05/09/2017 20:04:16] - (.-.) - [510.38 Ko] - (0.0.0.0) - C:\Windows\System32\GameManager64.dll
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [29/03/2017 10:05:54] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv2_0.exe.config
[MD5.60E6C68CB0B797EDD0386A68526935A4] - |A| - [29/03/2017 10:05:54] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\Windows\System32\Gfxv4_0.exe.config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [07/06/2017 22:41:45] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\System32\GfxValDisplayLog.bin
[MD5.00000000000000000000000000000000] - |HD| - [14/07/2009 05:20:11] - [0.06 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [68764.97 Ko] - C:\Windows\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [17259.83 Ko] - C:\Windows\System32\hr-HR
[MD5.8019DDDF7E0E69938F7CC1F70D69D05F] - |A| - [04/08/2015 03:37:32] - (.-.) - [100.5 Ko] - (0.0.0.0) - C:\Windows\System32\hsa-thunk64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [38037.22 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.AB2D50B6F3C665B55C8E5A049D59E7CC] - |A| - [29/03/2017 10:06:00] - (.-.) - [5663.46 Ko] - (0.0.0.0) - C:\Windows\System32\igdclbif.bin
[MD5.6C327778BC87A86E6EF9F382F30D623F] - |A| - [08/12/2016 19:14:30] - (.Copyright (C) 2012-2015 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [178.69 Ko] - (5.0.0.1148) - C:\Windows\System32\igfx11cmrt64.dll
[MD5.531D8EFA640A9876C8A6BFDFE08FD52A] - |A| - [08/12/2016 19:14:40] - (.Copyright (C) 2010 - 2015 - MDF(CM) JIT Dynamic Link Library.) - [1553.5 Ko] - (5.0.0.1148) - C:\Windows\System32\igfxcmjit64.dll
[MD5.8339FCDAB5F3ACC66A3AB4D1522E6D0B] - |A| - [08/12/2016 19:14:36] - (.Copyright (C) 2010 - 2015 - MDF(CM) Runtime Dynamic Link Library.) - [179.69 Ko] - (5.0.0.1148) - C:\Windows\System32\igfxcmrt64.dll
[MD5.5D99C02572F921D24A485354D2CAD3F0] - |A| - [08/12/2016 19:14:42] - (.-.) - [267 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCPL.cpl
[MD5.58FC50973456C28D2BFAF4F3BA317749] - |A| - [08/12/2016 19:14:48] - (.-.) - [101 Ko] - (0.0.0.0) - C:\Windows\System32\igfxCUIServicePS.dll
[MD5.AD04A28C8A8EA2E6F6C9BBAF6192555D] - |A| - [08/12/2016 19:14:54] - (.-.) - [82.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLib.dll
[MD5.82D4D0D2233501851B4744C99157EFE5] - |A| - [08/12/2016 19:14:54] - (.-.) - [93 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDHLibv2_0.dll
[MD5.6532028069F357D4B8D2DF938CB954C6] - |A| - [08/12/2016 19:15:00] - (.-.) - [28.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILib.dll
[MD5.16EF118BE6F10C1F67E8DA87D5DADA11] - |A| - [08/12/2016 19:15:04] - (.-.) - [28.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxDILibv2_0.dll
[MD5.838053C996D325C235E274F1CBDFC5F6] - |A| - [08/12/2016 19:15:08] - (.-.) - [27 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLib.dll
[MD5.0F60FE8F6F1BE30F36C1F0F82F7EE885] - |A| - [08/12/2016 19:15:10] - (.-.) - [27 Ko] - (1.0.0.0) - C:\Windows\System32\igfxEMLibv2_0.dll
[MD5.8F7AE6A283296F063E7596AFA910D2F1] - |A| - [08/12/2016 19:15:20] - (.-.) - [22 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLib.dll
[MD5.3C4A3E7342C3CF2CD069C1377CB813C7] - |A| - [08/12/2016 19:15:20] - (.-.) - [22 Ko] - (1.0.0.0) - C:\Windows\System32\igfxLHMLibv2_0.dll
[MD5.8C2E7624FA11F63E892D1546AEF02403] - |A| - [08/12/2016 19:15:26] - (.-.) - [1002.96 Ko] - (0.0.0.0) - C:\Windows\System32\igfxSDK.exe
[MD5.FEA9C455516E5462068B040E9B7B3867] - |A| - [08/12/2016 19:15:30] - (.-.) - [98.5 Ko] - (1.0.0.0) - C:\Windows\System32\igfxSDKLib.dll
[MD5.7EAC63E5422AC14DB23D5C4EA66BF96C] - |A| - [08/12/2016 19:15:32] - (.-.) - [109 Ko] - (1.0.0.0) - C:\Windows\System32\igfxSDKLibv2_0.dll
[MD5.56ADE045252C5626088D9CA46453DA86] - |A| - [29/03/2017 10:07:16] - (.-.) - [392.46 Ko] - (0.0.0.0) - C:\Windows\System32\igfxTray.exe
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [29/03/2017 10:06:04] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.cpa
[MD5.0D3AF85E1F169395885151038ADE9317] - |A| - [29/03/2017 10:06:04] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxa64.vp
[MD5.A0D0A10C8DA1B00A2EE378357F72BA90] - |A| - [29/03/2017 10:06:04] - (.-.) - [39.37 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64.vp
[MD5.7B929507BB2C2A3FBD2956EC3515364C] - |A| - [29/03/2017 10:06:04] - (.-.) - [40.33 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxc64_dev.vp
[MD5.1A8302994182D4FC003A71DC6D23EE81] - |A| - [29/03/2017 10:06:04] - (.-.) - [38.73 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64.vp
[MD5.38FA402460982FE9A071BEC11C58B0D3] - |A| - [29/03/2017 10:06:04] - (.-.) - [38.87 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxg64_dev.vp
[MD5.26526A63D35D8E4E19C46F920AAF48F2] - |A| - [29/03/2017 10:06:04] - (.-.) - [39.4 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64.vp
[MD5.9CD97189D5A5E409BBEC1B28A8AFD428] - |A| - [29/03/2017 10:06:04] - (.-.) - [39.97 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxo64_dev.vp
[MD5.43B54B93E36AD6D5842C33697D5B3F47] - |A| - [08/12/2016 15:06:58] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\Windows\System32\iglhxs64.vp
[MD5.3ED204C864E5CC3C78D3DBB707D102D1] - |A| - [29/03/2017 10:06:04] - (.-.) - [394.21 Ko] - (0.0.0.0) - C:\Windows\System32\ImageStabilization.wmv
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36875.94 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.1B0002C3AD22E29DF2670C0CB1F03A0C] - |A| - [08/12/2016 19:15:40] - (.Copyright (C) 2015 - IntelCpHDCPSvc Executable.) - [437.96 Ko] - (1.0.0.1) - C:\Windows\System32\IntelCpHDCPSvc.exe
[MD5.E93F26C1BACEC3C7C27D0FDCB198352B] - |A| - [08/12/2016 19:16:12] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [97.5 Ko] - (2.0.2.0) - C:\Windows\System32\Intel_OpenCL_ICD64.dll
[MD5.D506921989872994B9C5615D4761882C] - |A| - [05/09/2017 12:59:50] - (.Copyright © 2005-2016 - IObit Smart Defrag Extension.) - [125.28 Ko] - (1.0.0.25) - C:\Windows\System32\IObitSmartDefragExtension.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [38244.04 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36243.94 Ko] - C:\Windows\System32\ja-JP
[MD5.D8F45BD2596E35E20A32EA3334A38171] - |A| - [05/09/2017 20:04:16] - (.-.) - [118.05 Ko] - (0.0.0.0) - C:\Windows\System32\kapp_ci.sbin
[MD5.DA921F39CCD51EA50E74C53426A3D674] - |A| - [05/09/2017 20:04:16] - (.-.) - [112.02 Ko] - (0.0.0.0) - C:\Windows\System32\kapp_si.sbin
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [49839.52 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2762.52 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [17173.19 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [16897.23 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [03/08/2017 23:59:26] - [28854.41 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 22:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore
[MD5.2B7D24228CC82BF1E1235BCC7020D8A5] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [178.38 Ko] - (22.19.662.4) - C:\Windows\System32\mantle64.dll
[MD5.C66CEA0ECCE431B3B28077E9C1010AB6] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [157.38 Ko] - (22.19.662.4) - C:\Windows\System32\mantleaxl64.dll
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 06:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [10/07/2017 21:28:42] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [294.74 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [35556.79 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [512 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [136 Ko] - C:\Windows\System32\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [38113.37 Ko] - C:\Windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 22:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [43350.98 Ko] - C:\Windows\System32\oobe
[MD5.B5C22811A5B49930F25EDE9AF2E127B1] - |A| - [14/07/2009 04:36:59] - (.-.) - [120.14 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.A36E3F6DEFD5E198BB8CCB3D6654F52C] - |A| - [11/07/2017 13:17:59] - (.-.) - [100 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00B.dat
[MD5.FCBA61367CBDBDF4BB3611EB1915D993] - |A| - [14/07/2009 17:24:17] - (.-.) - [147.53 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 04:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.78B6F0C1136D84A7B5303785BB8B6102] - |A| - [11/07/2017 13:17:59] - (.-.) - [37.36 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00B.dat
[MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [14/07/2009 17:24:17] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.D46DA9B141A3DD45B52227EAD52F89E5] - |A| - [14/07/2009 04:36:59] - (.-.) - [641.28 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.5DB528EBC36BDFF23B9265543CCC04C7] - |A| - [11/07/2017 13:17:59] - (.-.) - [464.68 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00B.dat
[MD5.B5ECF6C06124D351C991ACEBA62DAD30] - |A| - [14/07/2009 17:24:17] - (.-.) - [732.52 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.8BBC11EA063A67FF8D96B84AA755FBD1] - |A| - [14/07/2009 07:13:15] - (.-.) - [2192.76 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [37410 Ko] - C:\Windows\System32\pl-PL
[MD5.1DD626FE4DE2D4B710DD1360F404A54F] - |A| - [13/09/2017 23:18:42] - (.Copyright (C) 2001 - Application PrintBrm.) - [70 Ko] - (1.0.0.0) - C:\Windows\System32\PrintBrmUi.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [9131.45 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.962C5A7D55A0D6ECBF09C69D098DA1AF] - |A| - [26/09/2017 12:52:23] - (.Copyright © 2010-2015 Initex. - Proxifier shell extension module x64.) - [140.57 Ko] - (3.28.0.1) - C:\Windows\System32\ProxifierShellExt.dll
[MD5.C995F3F9FBA02B5A70ADB031CF5B6D1B] - |A| - [26/09/2017 12:52:23] - (.Copyright © 2003-2015 Initex. - Proxifier Winsock Layered Service Provider x64.) - [116.07 Ko] - (3.28.0.1) - C:\Windows\System32\PrxerDrv.dll
[MD5.5965EC1D84D2674AF15D2958A4A6AFDF] - |A| - [26/09/2017 12:52:23] - (.Copyright © 2003-2015 Initex. - Proxifier Namespace Service Provider.) - [94.57 Ko] - (3.28.0.1) - C:\Windows\System32\PrxerNsp.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [38971.8 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [38997.9 Ko] - C:\Windows\System32\pt-PT
[MD5.CF58D6F1F3D4CC8EF789992B7E0AB1BC] - |A| - [05/09/2017 20:04:16] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [525.38 Ko] - (1.1.0.22) - C:\Windows\System32\Rapidfire64.dll
[MD5.7988F0575A06E8963566D558EF7E0EF3] - |A| - [05/09/2017 20:04:16] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [35.38 Ko] - (1.1.0.19) - C:\Windows\System32\RapidFireServer64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.53FDA4AF81E7C4895357A50E848B7CFE] - |A| - [11/07/2017 14:03:12] - (.Copyright (C) 2009 - RemoteFX Helper.) - [93.5 Ko] - (1.1.0.0) - C:\Windows\System32\RDVGHelper.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0.78 Ko] - C:\Windows\System32\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0.07 Ko] - C:\Windows\System32\restore
[MD5.26D4D6A5FB33AAEEACA7C82558A2E26D] - |A| - [07/06/2017 22:42:10] - (.-.) - [15 Ko] - (0.0.0.0) - C:\Windows\System32\results.xml
[MD5.D518E801551E975B26ECA37E7E1D3086] - |A| - [05/09/2017 13:09:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.23212C53F5D8DE747F86463B3B5A183F] - |A| - [05/09/2017 13:09:27] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [314.17 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.AC1AA9F3B1D8FDF8882DC6AB8A10D64A] - |A| - [05/09/2017 13:09:29] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [209.8 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.FFE5A1AD38CFF13815D962F228C237C8] - |A| - [05/09/2017 13:09:29] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [86.27 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.A75237F8A8BA4F19A7A8712FEE428A84] - |A| - [05/09/2017 13:09:29] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [108.38 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.44BAE5798495ADF0E3006DFCFD35373F] - |A| - [05/09/2017 13:09:29] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [378.23 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.56B23318DE09559AE0A7EA51F068AC3B] - |A| - [05/09/2017 20:04:16] - (.-.) - [150.77 Ko] - (0.0.0.0) - C:\Windows\System32\samu_krnl_ci.sbin
[MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [12/12/2013 15:53:54] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\Windows\System32\samu_krnl_isv_ci.sbin
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [11/07/2017 14:01:37] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.4F9374F4BA6E7C1766D92FFF7B460513] - |A| - [05/09/2017 13:09:35] - (.Copyright (C) 2016 DTS, Inc. - DTS Universal APO DLL.) - [961.83 Ko] - (3.5.14.0) - C:\Windows\System32\sl3apo64.dll
[MD5.80DC05FEC7BA483A27D1B6187329A18A] - |A| - [05/09/2017 13:09:35] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Controller DLL.) - [3330.89 Ko] - (3.5.14.0) - C:\Windows\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [845.26 Ko] - C:\Windows\System32\slmgr
[MD5.ACBA21E0914B0E4B01C02AD2798877DB] - |A| - [05/09/2017 13:09:36] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [252.79 Ko] - (1.0.0.1) - C:\Windows\System32\slprp64.dll
[MD5.FF5082EAF6259F5F4BE3A6C750DA0203] - |A| - [05/09/2017 13:09:36] - (.Copyright (C) 2016 DTS, Inc. - DTS APO Technology DLL.) - [3049.47 Ko] - (3.5.14.0) - C:\Windows\System32\sltech64.dll
[MD5.7B86EBA5C84E56CBA25FB7DE895F2093] - |A| - [05/09/2017 12:59:38] - (.Copyright © 2005-2013 - SmartDefrag.) - [44.59 Ko] - (2.0.0.0) - C:\Windows\System32\SmartDefragBootTime.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [18562.02 Ko] - C:\Windows\System32\SMI
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [70023 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [71388.56 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [1843.23 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 14:06:59] - [1775.5 Ko] - C:\Windows\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [17314.38 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.1EC2635E831C845E2ECC3D3340AC7797] - |A| - [05/09/2017 13:09:36] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [456.2 Ko] - (4.0.0.59) - C:\Windows\System32\SRAPO64.dll
[MD5.09DB317084AD30C69391BF95BF44664C] - |A| - [05/09/2017 13:09:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.15 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM.dll
[MD5.F5FE279435F4593A1F6869FD08EAB55F] - |A| - [05/09/2017 13:09:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [372.47 Ko] - (4.0.0.59) - C:\Windows\System32\SRCOM64.dll
[MD5.6BFB992D7EED2D1CAD7F28968B98976B] - |A| - [05/09/2017 13:09:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1401.5 Ko] - (4.0.0.59) - C:\Windows\System32\SRRPTR64.dll
[MD5.00000000000000000000000000000000] - |D| - [07/06/2017 22:44:37] - [2267.65 Ko] - C:\Windows\System32\SRSLabs
[MD5.0F4A688E07D9905E0EF9A3BB0D1E9A60] - |A| - [05/09/2017 13:09:37] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [519.9 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.4F443A11503A87786D1B0FA818F70D07] - |A| - [05/09/2017 13:09:37] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [162.3 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [35516.83 Ko] - C:\Windows\System32\sv-SE
[MD5.CA146D554527E03EE97CB539DD19D848] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [796.59 Ko] - (19.3.31.31) - C:\Windows\System32\SynCOM.dll
[MD5.6115AC4E39F106E065D6ED5963306176] - |A| - [01/10/2011 01:14:22] - (.Copyright (C) Synaptics Incorporated 1996-2011 - SynCtrl.) - [270.29 Ko] - (15.3.27.1) - C:\Windows\System32\SynCtrl.dll
[MD5.2111EFF8E2DFD04C0E25041DD6392E4F] - |A| - [15/09/2011 01:11:16] - (.-.) - [1024 Ko] - (0.0.0.0) - C:\Windows\System32\syndata.bin
[MD5.4B6E766A42B94C14D7A6EB091679D73D] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynTPAPI.) - [282.59 Ko] - (19.3.31.31) - C:\Windows\System32\SynTPAPI.dll
[MD5.A52459D3D0D67115C4B770F8FAA261CB] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - Synaptics Pointing Device Driver Co-Installer.) - [342.59 Ko] - (19.3.31.31) - C:\Windows\System32\SynTPCo59.dll
[MD5.AD940A29D1B5B198D49A65F658722718] - |A| - [01/10/2011 01:14:26] - (.Copyright (C) Synaptics Incorporated 1996-2011 - Synaptics Pointing Device Driver Co-Installer.) - [144.79 Ko] - (15.3.27.1) - C:\Windows\System32\SynTPCo9.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [390.38 Ko] - C:\Windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [11/07/2017 14:02:58] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [283.75 Ko] - C:\Windows\System32\Tasks
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 23:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [21922.77 Ko] - C:\Windows\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [35282.29 Ko] - C:\Windows\System32\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [19853.85 Ko] - C:\Windows\System32\uk-UA
[MD5.B0D8E26D3CC725F0CC6D33FDBEA061F7] - |A| - [14/07/2009 06:45:37] - (.-.) - [21 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.E2090ABBDE0128166584C1534810D334] - |A| - [14/07/2009 06:45:37] - (.-.) - [9 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 20:43:03] - [1754.83 Ko] - C:\Windows\System32\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [452307.75 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:06] - [2682.62 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [47293.64 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 23:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [128 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [97.5 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [87582.97 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [98888 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [2384.92 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [27950.29 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [8170.09 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [19784.06 Ko] - C:\Windows\System32\zh-TW
[MD5.5C5A797761421CF9B72087F3BC8A5259] - |A| - [11/07/2017 11:47:54] - (.-.) - [0.18 Ko] - (0.0.0.0) - C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.1373F6562D5E4C715D5D3583E350093E] - |A| - [07/06/2017 22:40:08] - (.-.) - [0.2 Ko] - (0.0.0.0) - C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[MD5.F50971E859E4C66686B819DEE4605930] - |A| - [08/10/2017 11:14:53] - (.-.) - [1 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\.rnd
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 13:12:20] - [0 Ko] - C:\Windows\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [0 Ko] - C:\Windows\SysWOW64\040C
[MD5.33392D5E83960A7909E4AE264094A329] - |A| - [26/08/2017 10:43:37] - (.-.) - [0.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\account.dat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2258.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.A11A5494E3E3D3C010A84720246B5243] - |A| - [05/09/2017 20:04:16] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amd-vulkan32.json
[MD5.9B3280970670E1CE2815904CF9B3BB29] - |A| - [05/09/2017 20:03:55] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [103.76 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdave32.dll
[MD5.81DDDB54FD3856D9A3B2A272188B4F56] - |A| - [05/09/2017 20:03:55] - (.-.) - [343.38 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdgfxinfo32.dll
[MD5.8AC600C0678C8770621A28D3A0E88C6D] - |A| - [05/09/2017 20:03:55] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [150.54 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdhcp32.dll
[MD5.33E2129316EB73800C95CC48D73217AA] - |A| - [05/09/2017 20:03:55] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [670.88 Ko] - (1.0.11.0) - C:\Windows\SysWOW64\amdlvr32.dll
[MD5.D6BDFF6343F6B3A7A86C50C3EF839437] - |A| - [05/09/2017 20:03:56] - (.Copyright (C) 2013 AMD Inc. - Mantle driver, support for SI family and above.) - [9523.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdmantle32.dll
[MD5.C0735C0BE15281B157C76FF22A384D43] - |A| - [05/09/2017 20:03:57] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [64.88 Ko] - (1.6.0.0) - C:\Windows\SysWOW64\amdmcl32.dll
[MD5.C41D7946922391D4F9439F7317FBEA98] - |A| - [05/09/2017 20:03:57] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MMOCL Universal Driver.) - [53.38 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdmmcl.dll
[MD5.AEC50020F78D5143672A45670EF48969] - |A| - [05/09/2017 20:03:57] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD Accelerated Parallel Processing OpenCL 2.0 Runtime.) - [46723.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdocl.dll
[MD5.5A79A3FE5C5526E08B3123776C6FBC5D] - |A| - [05/09/2017 20:03:59] - (.Copyright (C) 2011 Advanced Micro Devices Inc. - AMD COMPILER OpenCL 1.1 Compiler.) - [24387.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdocl12cl.dll
[MD5.56B986D13C74903FE27B71BA85C76037] - |A| - [04/08/2015 08:19:02] - (.-.) - [972.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_as32.exe
[MD5.28F4F5BAC73505F71B8AEC95B7FBE1DD] - |A| - [04/08/2015 08:19:02] - (.-.) - [780.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\amdocl_ld32.exe
[MD5.8B5EC741841BDB518FDCF9129671C712] - |A| - [05/09/2017 20:04:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [90.66 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\amdpcom32.dll
[MD5.D7149E7DDB1FD5561F3715E46AD780F3] - |A| - [05/09/2017 20:04:06] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [132.38 Ko] - (15.13.6.0) - C:\Windows\SysWOW64\amduve32.dll
[MD5.F73747BE183EBDB812D49DE7DFBF49DE] - |A| - [05/09/2017 20:04:06] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [10025.38 Ko] - (1.0.51.0) - C:\Windows\SysWOW64\amdvlk32.dll
[MD5.7A5921DFDD8715FAE44720D7311659D5] - |A| - [05/09/2017 20:04:07] - (.Advanced Micro Devices, Inc. Copyright (C) 2017 - Advanced Media Framework.) - [2458.88 Ko] - (1.4.4.0) - C:\Windows\SysWOW64\amfrt32.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [98586.87 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.5763838E12C44B854144BEEDA1107D4E] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1019.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiadlxx.dll
[MD5.5763838E12C44B854144BEEDA1107D4E] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1019.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiadlxy.dll
[MD5.81AF51277D9FB5030D80E0157303BA17] - |A| - [05/09/2017 20:03:54] - (.-.) - [795.77 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiapfxx.blb
[MD5.2E273F893F014D6F5CB7B7929FF02C64] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL compiler runtime.) - [63.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\aticalcl.dll
[MD5.7DD9FC7012130AEFA7F4719567523B0C] - |A| - [05/09/2017 20:04:08] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL DD.) - [13983.38 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\aticaldd.dll
[MD5.18A26D2CBFBD4A48382EB67ACFEF2BF7] - |A| - [05/09/2017 20:04:09] - (.Copyright (C) 2008 Advanced Micro Devices Inc. - ATI CAL runtime.) - [66.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\aticalrt.dll
[MD5.1277420F01A4D7B45E11CD86F3F7BF66] - |A| - [05/09/2017 20:04:09] - (.Copyright (C) 1998-2012 AMD Inc. - aticfx32.dll.) - [1489.84 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\aticfx32.dll
[MD5.588478632BD603577574961B0B373F5A] - |A| - [05/09/2017 20:04:09] - (.Copyright (C) 1998-2011 AMD Inc. - atidxx32.dll.) - [11908.04 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atidxx32.dll
[MD5.6E2DEB846685C41F835C2DAD7DF68058] - |A| - [05/09/2017 20:04:16] - (.-.) - [317.88 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atieah32.exe
[MD5.750D7699C2FB7474276C2C0FD86E8818] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [190.38 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atigktxx.dll
[MD5.E3DBD7E4F1505A5E4E276F9D03F7B82D] - |A| - [05/09/2017 20:04:10] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiglpxx.dll.) - [121.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiglpxx.dll
[MD5.8B5EC741841BDB518FDCF9129671C712] - |A| - [05/09/2017 20:04:10] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [90.66 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atimpc32.dll
[MD5.0AF84BC6EBBFCE06F5CDF5D7F3DDEA5F] - |A| - [05/09/2017 20:04:12] - (.Copyright (C) 1998-2011 Advanced Micro Devices, Inc. - AMD OpenGL driver.) - [28187.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atioglxx.dll
[MD5.EFC31E725C5CE2C44B331A3E4B3F11AE] - |A| - [05/09/2017 20:04:13] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [121.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atisamu32.dll
[MD5.E9ED99F7BCF6F1C779E73C059B2F649D] - |A| - [05/09/2017 20:04:13] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiu9pag.dll.) - [140.49 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiu9pag.dll
[MD5.A1915027B655B8F547222379D33DA06E] - |A| - [05/09/2017 20:04:14] - (.Copyright (C) 1998-2011 AMD Inc. - atiumdag.dll.) - [9186.7 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiumdag.dll
[MD5.2AA981D39FC689E0B04624992DC9244A] - |A| - [05/09/2017 20:03:55] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\atiumdva.cap
[MD5.2E7E24BDDB72DEFB2FCAB7AC408D8A75] - |A| - [05/09/2017 20:04:15] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) - [11376.47 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiumdva.dll
[MD5.C8AC1A7165E040E755E48D47D4FFF3E0] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atiuxpag.dll.) - [157.56 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\atiuxpag.dll
[MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [04/08/2015 04:12:40] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsva.dat
[MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [04/08/2015 04:12:40] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ativvsvl.dat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [19185.62 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.80644F6F44C4ABC0F6FB934C590F3B09] - |SH| - [09/06/2017 09:59:17] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\Bin.data
[MD5.7C217EBF5A271A0F0BBF80284F9C1C49] - |A| - [26/08/2017 13:51:08] - (.-.) - [0.1 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\bomber.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2
[MD5.0C5F241718385E7D5D143B586B5911A4] - |A| - [08/06/2017 11:58:16] - (.-.) - [51.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\CCCInstall_201706081158160340.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [386.5 Ko] - C:\Windows\SysWOW64\com
[MD5.96E45D86451E8F4EE5632A96BA217807] - |A| - [07/06/2017 22:34:28] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\EAPPkt.inf
[MD5.A5E2DA5102B7A5BC82324AFD79A4348E] - |A| - [07/06/2017 22:34:28] - (.-.) - [97.66 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\EAPPkt9x.VXD
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [38718.24 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [11/07/2017 13:12:20] - [1648 Ko] - C:\Windows\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32508.35 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [35018.84 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.65D2CB4EE69ECC3B2F0412F180C56BA8] - |A| - [05/09/2017 20:04:16] - (.-.) - [348.38 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\GameManager32.dll
[MD5.F0A1BD19DD198FA7F4FC39C8189A89FF] - |A| - [20/08/2017 11:52:15] - (.Copyright © 2000-2006 GEAR Software Inc. - GEARAspi.) - [106.8 Ko] - (2.0.6.2) - C:\Windows\SysWOW64\GEARAspi.dll
[MD5.00000000000000000000000000000000] - |D| - [10/07/2017 20:15:33] - [1601.98 Ko] - C:\Windows\SysWOW64\GPBAK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3245.96 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [66427.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [15776.33 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.F6B46C0B8D4D84687A2BA72D51B1D51F] - |A| - [04/08/2015 03:37:22] - (.-.) - [100 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\hsa-thunk.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34116.31 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.8EFB54E726289E41888AC9E333DCF47A] - |A| - [08/12/2016 19:16:10] - (.Copyright © The Khronos Group Inc 2014 - OpenCL Client DLL.) - [101.5 Ko] - (2.0.2.0) - C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.EDD400CC92C6D43F98D3D3AFC97C2559] - |A| - [07/06/2017 22:34:28] - (.-.) - [440.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\ISSRemoveSP.exe
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34269.11 Ko] - C:\Windows\SysWOW64\it-IT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [33499.95 Ko] - C:\Windows\SysWOW64\ja-JP
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [47183.63 Ko] - C:\Windows\SysWOW64\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [15692.69 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [15435.73 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [03/08/2017 22:51:34] - [25624.77 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore
[MD5.23133336FBDAC08FC4A4B1117995698E] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [138.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\mantle32.dll
[MD5.00350FB324D3A758F700787259B75DDB] - |A| - [05/09/2017 20:04:16] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [123.88 Ko] - (22.19.662.4) - C:\Windows\SysWOW64\mantleaxl32.dll
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |SD| - [10/09/2017 10:48:30] - [0 Ko] - C:\Windows\SysWOW64\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3314.43 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [37151.45 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [294.74 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [31901.4 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34145.98 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2566.05 Ko] - C:\Windows\SysWOW64\oobe
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 23:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.7FC57186163AA77447FEE7ECF48AD400] - |A| - [08/06/2017 11:31:11] - (.-.) - [2156.5 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [33426.06 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [9131.45 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.F1FAFA5A32A03742A0FF1B2CF1A04F25] - |A| - [26/09/2017 12:52:22] - (.Copyright © 2010-2015 Initex. - Proxifier shell extension module.) - [117.07 Ko] - (3.28.0.1) - C:\Windows\SysWOW64\ProxifierShellExt.dll
[MD5.8BF46E338C425A73DC677B608FAB2957] - |A| - [26/09/2017 12:52:23] - (.Copyright © 2003-2015 Initex. - Proxifier Winsock Layered Service Provider.) - [95.57 Ko] - (3.28.0.1) - C:\Windows\SysWOW64\PrxerDrv.dll
[MD5.B6CC831358F33D0851242231636C0385] - |A| - [26/09/2017 12:52:23] - (.Copyright © 2003-2015 Initex. - Proxifier Namespace Service Provider.) - [82.07 Ko] - (3.28.0.1) - C:\Windows\SysWOW64\PrxerNsp.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34969.39 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [35047.97 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.879C33A8D8349C1BB2E5A4A80D1A2E90] - |A| - [05/09/2017 20:04:16] - (.(c) Advanced Micro Devices, Inc. - AMD RapidFire.) - [458.38 Ko] - (1.1.0.22) - C:\Windows\SysWOW64\Rapidfire.dll
[MD5.52E307583988264386AC1934B2581E2F] - |A| - [05/09/2017 20:04:16] - (.(c) Advanced Micro Devices, Inc. - AMD Rapid Fire Server.) - [32.88 Ko] - (1.1.0.19) - C:\Windows\SysWOW64\RapidFireServer.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.B6BD46D4DF1CC0DEBAA70B0D716877E2] - |A| - [07/06/2017 22:34:28] - (.-.) - [12.68 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\REALPKT.VXD
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [16546.97 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [07/06/2017 22:44:36] - [3691.66 Ko] - C:\Windows\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [34594.65 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.09DB317084AD30C69391BF95BF44664C] - |A| - [05/09/2017 13:09:37] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [333.15 Ko] - (4.0.0.59) - C:\Windows\SysWOW64\SRCOM.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [31842.93 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.5AC4694C49BC95E92FB7656C7C10278B] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [427.09 Ko] - (19.3.31.31) - C:\Windows\SysWOW64\SynCom.dll
[MD5.7CB45B78126B902A66FB8AA33DB13738] - |A| - [01/10/2011 01:14:22] - (.Copyright (C) Synaptics Incorporated 1996-2011 - SynCtrl.) - [217.29 Ko] - (15.3.27.1) - C:\Windows\SysWOW64\SynCtrl.dll
[MD5.7DF13DEED15B454A096402665E7DBCBE] - |A| - [01/10/2011 01:14:28] - (.Copyright (C) Synaptics Incorporated 1996-2011 - Synaptics TouchPad Interfaces.) - [105.29 Ko] - (15.3.27.1) - C:\Windows\SysWOW64\SynTPCOM.dll
[MD5.913D17FDBCFEA1AA3297A54B79A04390] - |A| - [01/10/2011 01:14:32] - (.Copyright (C) Synaptics Incorporated 1996-2011 - Synaptics Proxy Server.) - [65.29 Ko] - (15.3.27.1) - C:\Windows\SysWOW64\SynTPEnhPS.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [20493.77 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [31670.87 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [18355.35 Ko] - C:\Windows\SysWOW64\uk-UA
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 04:35:41] - (.Copyright © 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 20:43:04] - [237.33 Ko] - C:\Windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [37992.34 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [2682.62 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [101.23 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [86544.08 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [2384.92 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 17:24:07] - [229.59 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [25665.4 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [7842.18 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [17770.09 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\enfers\AppData\Roaming   [05/06/2017 18:32:13]
"Local AppData"=C:\Users\enfers\AppData\Local   [05/06/2017 18:32:13]
"My Video"=C:\Users\enfers\Videos   [05/06/2017 18:32:13]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Libraries   [05/06/2017 18:32:50]
"My Pictures"=C:\Users\enfers\Pictures   [05/06/2017 18:32:13]
"Desktop"=C:\Users\enfers\Desktop   [05/06/2017 18:32:13]
"History"=C:\Users\enfers\AppData\Local\Microsoft\Windows\History   [05/06/2017 18:32:13]
"NetHood"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [05/06/2017 18:32:13]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\enfers\Contacts   [05/06/2017 18:32:33]
"Cookies"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Cookies   [05/06/2017 18:32:13]
"Favorites"=C:\Users\enfers\Favorites   [05/06/2017 18:32:13]
"SendTo"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\SendTo   [05/06/2017 18:32:13]
"Start Menu"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu   [05/06/2017 18:32:13]
"My Music"=C:\Users\enfers\Music   [05/06/2017 18:32:13]
"Programs"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [05/06/2017 18:32:13]
"Recent"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Recent   [05/06/2017 18:32:13]
"CD Burning"=C:\Users\enfers\AppData\Local\Microsoft\Windows\Burn\Burn   [05/06/2017 18:33:05]
"PrintHood"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [05/06/2017 18:32:13]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\enfers\Searches   [05/06/2017 18:32:50]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\enfers\Downloads   [05/06/2017 18:32:13]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\enfers\AppData\LocalLow   [05/06/2017 18:32:13]
"Startup"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [05/06/2017 18:32:50]
"Administrative Tools"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [05/06/2017 18:32:50]
"Personal"=C:\Users\enfers\Documents   [05/06/2017 18:32:13]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\enfers\Links   [05/06/2017 18:32:13]
"Cache"=C:\Users\enfers\AppData\Local\Microsoft\Windows\Temporary Internet Files   [05/06/2017 18:32:13]
"Templates"=C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Templates   [05/06/2017 18:32:13]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\enfers\Saved Games   [05/06/2017 18:32:13]
"Fonts"=C:\Windows\Fonts   [14/07/2009 05:20:09]

[HKU\S-1-5-21-3297246652-1234983403-2385491008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files   
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   


---------- | [enfers]

[05/06/2017 18:32:13] - |D| - [3672721645] - C:\Users\enfers\AppData\Local
[05/06/2017 18:32:13] - |D| - [6549545] - C:\Users\enfers\AppData\LocalLow
[05/06/2017 18:32:13] - |D| - [500647240] - C:\Users\enfers\AppData\Roaming
[03/08/2017 23:57:54] - |D| - [0] - C:\Users\enfers\AppData\Local\Adobe
[10/09/2017 17:31:58] - |D| - [65536] - C:\Users\enfers\AppData\Local\AMD
[05/06/2017 18:32:13] - |SHD| - [0] - C:\Users\enfers\AppData\Local\Application Data
[08/06/2017 11:41:18] - |D| - [54379] - C:\Users\enfers\AppData\Local\ATI
[14/06/2017 19:46:43] - |D| - [0] - C:\Users\enfers\AppData\Local\Avg
[14/06/2017 19:46:43] - |D| - [3728666] - C:\Users\enfers\AppData\Local\AvgSetupLog
[14/06/2017 19:49:01] - |D| - [2097208] - C:\Users\enfers\AppData\Local\CEF
[10/09/2017 17:57:19] - |D| - [2691309] - C:\Users\enfers\AppData\Local\CrashDumps
[07/06/2017 22:17:58] - |D| - [0] - C:\Users\enfers\AppData\Local\Diagnostics
[10/09/2017 16:45:31] - |D| - [2502] - C:\Users\enfers\AppData\Local\Disc_Soft_Ltd
[20/08/2017 21:33:01] - |D| - [5709] - C:\Users\enfers\AppData\Local\easytag
[19/06/2017 21:44:49] - |D| - [0] - C:\Users\enfers\AppData\Local\ElevatedDiagnostics
[05/10/2017 20:51:47] - |D| - [1128] - C:\Users\enfers\AppData\Local\FreemakeAudioConverter
[12/10/2017 19:21:47] - |A| - [58016] - C:\Users\enfers\AppData\Local\GDIPFONTCACHEV1.DAT
[05/06/2017 18:32:13] - |SHD| - [0] - C:\Users\enfers\AppData\Local\Historique
[07/08/2017 22:31:09] - |D| - [1652195725] - C:\Users\enfers\AppData\Local\Luminescence_Software
[04/08/2017 00:05:04] - |D| - [0] - C:\Users\enfers\AppData\Local\Macromedia
[05/06/2017 18:32:13] - |D| - [948619665] - C:\Users\enfers\AppData\Local\Microsoft
[07/06/2017 22:21:21] - |D| - [381869412] - C:\Users\enfers\AppData\Local\Mozilla
[02/08/2017 12:50:24] - |D| - [94356890] - C:\Users\enfers\AppData\Local\MusicBrainz
[08/06/2017 11:43:11] - |D| - [0] - C:\Users\enfers\AppData\Local\Programs
[20/08/2017 11:52:40] - |D| - [327186389] - C:\Users\enfers\AppData\Local\Songbird2
[09/10/2017 20:31:53] - |D| - [228382108] - C:\Users\enfers\AppData\Local\Spotify
[10/09/2017 17:16:04] - |D| - [29276113] - C:\Users\enfers\AppData\Local\Steam
[05/06/2017 18:32:13] - |D| - [1829239] - C:\Users\enfers\AppData\Local\Temp
[05/06/2017 18:32:13] - |SHD| - [0] - C:\Users\enfers\AppData\Local\Temporary Internet Files
[03/08/2017 22:57:57] - |D| - [852] - C:\Users\enfers\AppData\Local\TuneUpMedia
[05/06/2017 18:32:30] - |D| - [32] - C:\Users\enfers\AppData\Local\VirtualStore
[22/08/2017 22:56:38] - |D| - [68790] - C:\Users\enfers\AppData\Local\Your Freedom
[16/10/2017 20:41:34] - |D| - [231977] - C:\Users\enfers\AppData\Local\ZHP
[21/08/2017 19:44:48] - |D| - [665] - C:\Users\enfers\AppData\LocalLow\IObit
[07/06/2017 22:19:50] - |SHD| - [6548880] - C:\Users\enfers\AppData\LocalLow\Microsoft
[07/06/2017 22:21:44] - |D| - [0] - C:\Users\enfers\AppData\LocalLow\Mozilla
[26/07/2017 20:57:06] - |D| - [0] - C:\Users\enfers\AppData\Roaming\Adobe
[05/10/2017 20:43:58] - |D| - [8027222] - C:\Users\enfers\AppData\Roaming\Apowersoft
[08/06/2017 11:41:18] - |D| - [0] - C:\Users\enfers\AppData\Roaming\ATI
[10/09/2017 11:40:02] - |D| - [8318591] - C:\Users\enfers\AppData\Roaming\AVAST Software
[14/06/2017 23:10:15] - |D| - [12195378] - C:\Users\enfers\AppData\Roaming\BitTorrent
[10/09/2017 13:36:40] - |D| - [0] - C:\Users\enfers\AppData\Roaming\DAEMON Tools Lite
[03/10/2017 19:03:07] - |D| - [0] - C:\Users\enfers\AppData\Roaming\DiskDefrag
[03/10/2017 19:03:06] - |D| - [510173] - C:\Users\enfers\AppData\Roaming\GlarySoft
[05/06/2017 18:32:37] - |D| - [0] - C:\Users\enfers\AppData\Roaming\Identities
[31/07/2017 22:13:16] - |D| - [682] - C:\Users\enfers\AppData\Roaming\Intel Corporation
[21/08/2017 19:44:37] - |D| - [846692] - C:\Users\enfers\AppData\Roaming\IObit
[08/06/2017 11:35:15] - |D| - [0] - C:\Users\enfers\AppData\Roaming\library_dir
[03/08/2017 23:49:38] - |D| - [555] - C:\Users\enfers\AppData\Roaming\Macromedia
[07/10/2017 17:10:09] - |D| - [1393773] - C:\Users\enfers\AppData\Roaming\Malwarebytes
[05/06/2017 18:32:13] - |D| - [0] - C:\Users\enfers\AppData\Roaming\Media Center Programs
[05/06/2017 18:32:13] - |SD| - [2511401] - C:\Users\enfers\AppData\Roaming\Microsoft
[07/06/2017 22:21:21] - |D| - [66450632] - C:\Users\enfers\AppData\Roaming\Mozilla
[02/08/2017 12:50:24] - |D| - [1308274] - C:\Users\enfers\AppData\Roaming\MusicBrainz
[05/10/2017 21:22:58] - |D| - [0] - C:\Users\enfers\AppData\Roaming\NCH Software
[26/09/2017 12:57:29] - |D| - [1188] - C:\Users\enfers\AppData\Roaming\Proxifier
[08/06/2017 11:34:22] - |D| - [17622] - C:\Users\enfers\AppData\Roaming\Raptr
[17/08/2017 21:46:12] - |D| - [0] - C:\Users\enfers\AppData\Roaming\SimpleStar
[20/08/2017 11:52:40] - |D| - [161645818] - C:\Users\enfers\AppData\Roaming\Songbird2
[09/10/2017 20:22:23] - |D| - [168451196] - C:\Users\enfers\AppData\Roaming\Spotify
[05/09/2017 12:59:32] - |D| - [136256] - C:\Users\enfers\AppData\Roaming\SuperBoost
[08/09/2017 10:11:00] - |D| - [0] - C:\Users\enfers\AppData\Roaming\Synaptics
[17/08/2017 21:27:57] - |D| - [96258] - C:\Users\enfers\AppData\Roaming\vlc
[17/08/2017 21:12:48] - |D| - [53288] - C:\Users\enfers\AppData\Roaming\XnView
[16/10/2017 20:41:35] - |D| - [68682241] - C:\Users\enfers\AppData\Roaming\ZHP
[05/06/2017 18:32:50] - |SH| - [174] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[05/06/2017 18:32:13] - |SHD| - [0] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[05/06/2017 18:32:13] - |RD| - [21750] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[05/06/2017 18:32:13] - |RD| - [14643] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[05/06/2017 18:32:50] - |RD| - [174] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/06/2017 18:32:50] - |SH| - [476] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[26/08/2017 12:26:42] - |D| - [416] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[05/06/2017 18:32:52] - |A| - [1433] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[05/06/2017 18:32:13] - |RD| - [580] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[09/10/2017 20:31:51] - |A| - [1797] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[07/10/2017 16:20:02] - |A| - [835] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[05/06/2017 18:32:50] - |RD| - [174] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[10/09/2017 17:37:29] - |D| - [1222] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[05/06/2017 18:32:50] - |SH| - [174] - C:\Users\enfers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]


---------- | C:\ProgramData

[14/06/2017 22:05:43] - |D| - [15102011] - C:\ProgramData\Anvisoft
[05/10/2017 20:43:48] - |D| - [970920] - C:\ProgramData\Apowersoft
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
[09/06/2017 10:06:30] - |D| - [96875867] - C:\ProgramData\AVAST Software
[14/06/2017 19:46:43] - |D| - [1210] - C:\ProgramData\Avg
[25/08/2017 21:23:11] - |D| - [177921] - C:\ProgramData\BDLogging
[14/06/2017 22:06:36] - |D| - [0] - C:\ProgramData\boost_interprocess
[05/06/2017 18:32:03] - |SHD| - [0] - C:\ProgramData\Bureau
[14/06/2017 19:46:43] - |HD| - [96] - C:\ProgramData\Common Files
[10/09/2017 13:35:19] - |D| - [3334] - C:\ProgramData\DAEMON Tools Lite
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents
[05/06/2017 18:32:03] - |SHD| - [0] - C:\ProgramData\Favoris
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[05/10/2017 20:50:44] - |D| - [0] - C:\ProgramData\Freemake
[03/10/2017 20:21:24] - |D| - [41] - C:\ProgramData\GlarySoft
[31/07/2017 22:12:13] - |D| - [17222789] - C:\ProgramData\Intel
[21/08/2017 19:43:47] - |D| - [1027950] - C:\ProgramData\IObit
[03/08/2017 21:51:55] - |D| - [24198957] - C:\ProgramData\Malwarebytes
[05/06/2017 18:32:03] - |SHD| - [0] - C:\ProgramData\Menu Démarrer
[14/07/2009 05:20:08] - |SD| - [1756873347] - C:\ProgramData\Microsoft
[05/06/2017 18:32:03] - |SHD| - [0] - C:\ProgramData\Modèles
[07/10/2017 16:01:38] - |D| - [0] - C:\ProgramData\NCH Software
[10/07/2017 20:18:19] - |RASH| - [8] - C:\ProgramData\ntuser.pol
[08/06/2017 11:28:20] - |D| - [30948851] - C:\ProgramData\Package Cache
[21/08/2017 19:44:49] - |D| - [1258] - C:\ProgramData\ProductData
[10/09/2017 14:48:54] - |D| - [209482] - C:\ProgramData\RogueKiller
[31/07/2017 22:10:00] - |D| - [34202] - C:\ProgramData\SoundResearch
[31/07/2017 22:10:00] - |D| - [275966] - C:\ProgramData\SRS Labs
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
[05/09/2017 12:59:45] - |D| - [88] - C:\ProgramData\SuperBoost
[16/10/2017 19:46:33] - |D| - [0] - C:\ProgramData\SWCUTemp
[08/09/2017 10:11:07] - |D| - [3756] - C:\ProgramData\Synaptics
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[05/09/2017 12:59:34] - |D| - [0] - C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
[21/08/2017 19:43:53] - |D| - [65] - C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[05/06/2017 18:32:03] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009 05:20:08] - |RD| - [155762] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[02/08/2017 20:32:13] - |D| - [1849] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[14/07/2009 05:20:08] - |RD| - [43301] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/07/2009 07:32:38] - |RD| - [21157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[07/10/2017 16:46:20] - |D| - [1940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[10/09/2017 14:10:46] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BomberMan Collection
[01/08/2017 20:37:01] - |D| - [924] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 06:54:23] - |SH| - [1222] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[05/09/2017 06:57:03] - |D| - [2525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
[31/07/2017 22:10:04] - |A| - [2062] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
[20/08/2017 21:30:56] - |D| - [3080] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTAG
[14/07/2009 07:32:38] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[03/10/2017 19:04:12] - |D| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[03/10/2017 19:04:13] - |A| - [1106] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[31/07/2017 22:12:13] - |RD| - [2398] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[05/10/2017 20:25:30] - |D| - [3157] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic MP3 Tagger
[14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[07/10/2017 17:09:39] - |D| - [4793] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[05/06/2017 18:29:30] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[27/07/2017 02:41:40] - |A| - [406] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Center.lnk
[27/07/2017 02:41:40] - |A| - [406] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Messenger Center.lnk
[07/06/2017 22:21:15] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[20/08/2017 13:07:19] - |D| - [46] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[07/10/2017 16:01:38] - |D| - [6220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programmes audio
[26/09/2017 12:52:24] - |D| - [5243] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier
[14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[20/08/2017 11:52:09] - |D| - [7860] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songbird
[14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[10/09/2017 17:10:55] - |D| - [1043] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[07/10/2017 16:01:38] - |D| - [12596] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Suite NCH Software
[07/10/2017 16:01:36] - |A| - [1168] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch - Convertisseur de fichiers audio.lnk
[17/08/2017 21:26:52] - |D| - [6774] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[05/06/2017 18:29:28] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[07/10/2017 23:46:50] - |D| - [1369] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[17/08/2017 21:11:52] - |D| - [2131] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[02/08/2017 20:32:12] - |D| - [3631890] - C:\Program Files (x86)\7-Zip
[14/06/2017 22:05:40] - |D| - [83739691] - C:\Program Files (x86)\Anvisoft
[14/06/2017 20:00:30] - |D| - [29856576] - C:\Program Files (x86)\AVG
[14/07/2009 05:20:08] - |D| - [258340881] - C:\Program Files (x86)\Common Files
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[09/08/2017 19:03:23] - |D| - [1517] - C:\Program Files (x86)\Duplicate Music Files Finder
[20/08/2017 21:30:53] - |D| - [299483] - C:\Program Files (x86)\EasyTAG
[05/10/2017 20:50:22] - |D| - [0] - C:\Program Files (x86)\Freemake
[03/10/2017 18:59:46] - |D| - [50489582] - C:\Program Files (x86)\Glary Utilities 5
[05/06/2017 18:40:01] - |HD| - [44919297] - C:\Program Files (x86)\InstallShield Installation Information
[07/06/2017 22:25:01] - |D| - [19163411] - C:\Program Files (x86)\Intel
[14/07/2009 05:20:08] - |D| - [11229683] - C:\Program Files (x86)\Internet Explorer
[21/08/2017 19:44:17] - |D| - [72347095] - C:\Program Files (x86)\IObit
[05/10/2017 20:25:28] - |D| - [23099998] - C:\Program Files (x86)\Magic MP3 Tagger
[07/10/2017 17:09:37] - |D| - [19388501] - C:\Program Files (x86)\Malwarebytes' Anti-Malware
[08/06/2017 11:30:09] - |D| - [23935] - C:\Program Files (x86)\Microsoft.NET
[07/06/2017 22:21:11] - |D| - [133559567] - C:\Program Files (x86)\Mozilla Firefox
[07/06/2017 22:21:13] - |D| - [266063] - C:\Program Files (x86)\Mozilla Maintenance Service
[20/08/2017 13:07:18] - |D| - [0] - C:\Program Files (x86)\Mp3tag
[14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[07/10/2017 16:01:34] - |D| - [2270944] - C:\Program Files (x86)\NCH Software
[26/09/2017 12:52:21] - |D| - [8886444] - C:\Program Files (x86)\Proxifier
[08/06/2017 11:35:09] - |D| - [472176] - C:\Program Files (x86)\Raptr Inc
[05/06/2017 18:40:02] - |D| - [4773312] - C:\Program Files (x86)\Realtek
[07/06/2017 22:34:28] - |D| - [10916584] - C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[14/07/2009 07:32:38] - |D| - [87423233] - C:\Program Files (x86)\Reference Assemblies
[20/08/2017 11:51:53] - |D| - [66806267] - C:\Program Files (x86)\Songbird
[10/09/2017 17:10:53] - |D| - [5293507436] - C:\Program Files (x86)\Steam
[05/09/2017 12:59:31] - |D| - [2754642] - C:\Program Files (x86)\SuperBoost
[07/06/2017 22:43:58] - |HD| - [0] - C:\Program Files (x86)\Temp
[14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[17/08/2017 21:25:54] - |D| - [140048596] - C:\Program Files (x86)\VideoLAN
[14/07/2009 07:32:38] - |D| - [2113536] - C:\Program Files (x86)\Windows Defender
[07/10/2017 23:46:47] - |D| - [1660593283] - C:\Program Files (x86)\Windows Kits
[14/07/2009 05:20:08] - |D| - [24238592] - C:\Program Files (x86)\Windows Mail
[14/07/2009 07:32:38] - |D| - [8117521] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 05:20:08] - |D| - [17621172] - C:\Program Files (x86)\Windows NT
[14/07/2009 07:32:38] - |D| - [6340872] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [37671958] - C:\Program Files (x86)\Windows Sidebar
[17/08/2017 21:11:50] - |D| - [19916015] - C:\Program Files (x86)\XnView

---------- | C:\Program Files

[08/06/2017 12:07:34] - |D| - [101729] - C:\Program Files\AMD
[01/08/2017 19:31:53] - |D| - [2490558948] - C:\Program Files\AVAST Software
[01/08/2017 20:36:58] - |D| - [21529928] - C:\Program Files\CCleaner
[14/07/2009 05:20:08] - |D| - [348384991] - C:\Program Files\Common Files
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 07:32:38] - |D| - [92727828] - C:\Program Files\DVD Maker
[05/06/2017 18:32:03] - |SHD| - [0] - C:\Program Files\Fichiers communs
[07/06/2017 22:39:58] - |D| - [58734528] - C:\Program Files\Intel
[14/07/2009 05:20:08] - |D| - [31475334] - C:\Program Files\Internet Explorer
[14/07/2009 07:32:38] - |D| - [168164402] - C:\Program Files\Microsoft Games
[14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[07/06/2017 22:44:36] - |D| - [46853441] - C:\Program Files\Realtek
[14/07/2009 07:32:38] - |D| - [85082281] - C:\Program Files\Reference Assemblies
[08/09/2017 10:09:32] - |D| - [143164057] - C:\Program Files\Synaptics
[14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[14/07/2009 07:32:38] - |D| - [7274496] - C:\Program Files\Windows Defender
[14/07/2009 05:20:08] - |D| - [24724992] - C:\Program Files\Windows Mail
[14/07/2009 07:32:38] - |D| - [12275629] - C:\Program Files\Windows Media Player
[14/07/2009 05:20:08] - |D| - [18051252] - C:\Program Files\Windows NT
[14/07/2009 07:32:38] - |D| - [7439128] - C:\Program Files\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [38761605] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files (x86)\Common Files

[10/09/2017 14:07:50] - |D| - [1150965] - C:\Program Files (x86)\Common Files\InstallShield
[07/06/2017 22:39:55] - |D| - [68080659] - C:\Program Files (x86)\Common Files\Intel
[31/07/2017 22:14:42] - |D| - [243740] - C:\Program Files (x86)\Common Files\Intel Corporation
[21/08/2017 19:44:37] - |D| - [0] - C:\Program Files (x86)\Common Files\IObit
[14/07/2009 05:20:08] - |D| - [76196737] - C:\Program Files (x86)\Common Files\microsoft shared
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[14/07/2009 05:20:08] - |D| - [91917611] - C:\Program Files (x86)\Common Files\SpeechEngines
[10/09/2017 17:11:09] - |D| - [837312] - C:\Program Files (x86)\Common Files\Steam
[14/07/2009 05:20:08] - |D| - [19911155] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[05/09/2017 20:06:50] - |D| - [31174416] - C:\Program Files\Common files\ATI Technologies
[14/07/2009 05:20:08] - |D| - [294164814] - C:\Program Files\Common files\Microsoft Shared
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[14/07/2009 05:20:08] - |D| - [1474048] - C:\Program Files\Common files\SpeechEngines
[14/07/2009 05:20:08] - |D| - [21569011] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.00000000000000000000000000000000] - [05/09/2017 12:59:17] - |D| - [0] - C:\Windows\Tasks\ImCleanDisabled
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.665042E9D1EC7720865C3866FF2E101F] - [14/07/2009 07:08:49] - |A| - [32594] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.31056FA29C28A8048B062E08CCC40752] - [03/08/2017 23:59:36] - |A| - [4496] - C:\Windows\System32\Tasks\Adobe Flash Player Updater         :   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.61F59CE7EA6A0F5359D54940C3CC83E3] - [10/09/2017 11:37:02] - |A| - [4172] - C:\Windows\System32\Tasks\Avast Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.F2FC2B6663C574F4337E9991B700C0B6] - [07/10/2017 16:32:23] - |A| - [2794] - C:\Windows\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.BF92FD924A7AB88D429E38DABF5D86F1] - [03/10/2017 19:04:09] - |A| - [3316] - C:\Windows\System32\Tasks\GlaryInitialize 5         :   C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
[MD5.60AFA42AD8E546756F2028CABC20AC7A] - [03/10/2017 19:04:10] - |A| - [2976] - C:\Windows\System32\Tasks\GU5SkipUAC         :   C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [249376] - C:\Windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [07/10/2017 16:01:40] - |D| - [0] - C:\Windows\System32\Tasks\NCH Software
[MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [4482] - C:\Windows\System32\Tasks\WPD
[MD5.9A41633C65D154176765039612BC186A] - [10/09/2017 14:34:40] - |A| - [3036] - C:\Windows\System32\Tasks\{05A7F21D-84EF-4D06-939A-929500A499AF}         :   C:\Windows\system32\pcalua.exe
[MD5.BD53F8721421027E7BD1AA0A2F99D57F] - [19/06/2017 21:52:21] - |A| - [3180] - C:\Windows\System32\Tasks\{0BA9C2F0-7EFB-48FF-A1B7-0691E6684278}         :   C:\Windows\system32\pcalua.exe
[MD5.5F2964C9C5D1BB1A341AEC1C5769C37C] - [08/10/2017 11:42:02] - |A| - [3234] - C:\Windows\System32\Tasks\{75727505-EADF-491E-AC33-B082648989CD}         :   C:\Windows\system32\pcalua.exe
[MD5.0E0FF9E0D670BBD3F5325409AD0E3B9E] - [14/06/2017 22:39:22] - |A| - [3174] - C:\Windows\System32\Tasks\{AA3616EA-8FDA-4DEA-959B-9D956E9A4FF3}         :   C:\Windows\system32\pcalua.exe
[MD5.D2DF0B2B433E6349586CE99D553B452C] - [14/06/2017 21:34:05] - |A| - [3136] - C:\Windows\System32\Tasks\{D7C76381-066A-497B-86B6-5DEA6B8D894C}         :   C:\Windows\system32\pcalua.exe
[MD5.A5C47A9ADBE8BEF1D486D6882290A888] - [31/07/2017 21:44:02] - |A| - [3186] - C:\Windows\System32\Tasks\{F7280CF6-81E1-45EF-9BAF-934A56BCFD02}         :   C:\Windows\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"{72F73D1F-A79A-463F-B8E0-1F20F689A918}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{87390DC3-EA77-4B43-BAFB-49C85DBDC99F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\Windows\system32\rundll32.exe|Name=l|Desc=l|
"{0E1AE3C5-E57F-4092-992A-A57885C1D814}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In) (enfers)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{DAFFCE6F-E7AB-4B75-83D3-80A02D7B2FE7}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-Out) (enfers)|Desc=Allow µTorrent network traffic|
"{847E184B-872A-4D64-B502-3AC2EEB1EEE5}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In) (enfers)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
"{2D652DF9-3421-4B43-BFB6-810B010C6F88}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (enfers)|
"{3589E6D1-A0C5-4A37-BDAD-4D1F15498CC1}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (enfers)|
"{93D2D279-FA7A-4975-8209-C96E2A3BEC1C}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=C:\Users\enfers\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-Out) (enfers)|Desc=Allow µTorrent network traffic|
"{B3FE087B-380F-4E80-B5CF-5A0AAAB6102E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\System32\rundll32.exe|Name=l|
"{7B69DDEA-DEEB-4796-9773-C405CBF0608D}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\System32\rundll32.exe|Name=l|
"{B7724E63-2405-4C5B-8281-FBF4A11872E3}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\System32\rundll32.exe|Name=l|
"{2D318F1A-EED5-4118-823A-C21D9EF1A14B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\System32\rundll32.exe|Name=l|
"{84E8272D-5BDD-4F9F-B4FD-096D9588FE37}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.56.0/255.255.255.0|Name=w|
"{7771A0B7-37BB-4685-897D-E6BCC48D8AC3}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.57.0/255.255.255.0|Name=w|
"{EFE5DA31-4787-4FA6-A5A3-DE6B5CAD5C54}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.58.0/255.255.255.0|Name=w|
"{B117F367-455E-4C51-8C41-979AFE9DC794}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.59.0/255.255.255.0|Name=w|
"{C545B937-3371-4515-B2E3-77FCB7ECDE84}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.60.0/255.255.255.0|Name=w|
"{6D4B5514-51C7-4C60-BBA5-F870A914B7A3}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.61.0/255.255.255.0|Name=w|
"{C4225E39-B08E-4F1B-9219-83A33F8B2387}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.62.0/255.255.255.0|Name=w|
"{C7839E0C-A8A3-4537-B0D6-92CA8D72925C}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.45.63.0/255.255.255.0|Name=w|
"{CAF37A93-B611-452E-A6E0-A2694E7AEC30}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.36.0/255.255.254.0|Name=w|
"{5C951D78-73BF-437C-A4AA-6E83F0947725}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.38.0/255.255.254.0|Name=w|
"{A7FAAB0B-4C61-4226-BE55-6DAD1C51A1ED}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.40.0/255.255.254.0|Name=w|
"{1572999B-9F32-4E81-8AB5-A01AEF5DC9F5}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.42.0/255.255.254.0|Name=w|
"{2B1790A8-E88C-42E6-BC1B-74750CB5DEF0}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.44.0/255.255.254.0|Name=w|
"{C5698AC5-D7AB-4CD8-9EF5-F31F8904A31E}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.46.0/255.255.254.0|Name=w|
"{CE15E999-2DE5-419F-ADA3-0700A11459FF}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.48.0/255.255.254.0|Name=w|
"{9FB38AE6-33BB-4E05-8495-2A24735BE527}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.50.0/255.255.254.0|Name=w|
"{C23E8D2F-B500-4B9A-9C44-5FB8A4B741A8}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.52.0/255.255.254.0|Name=w|
"{3F62F574-C573-483A-8942-ABE35D838B5F}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.54.0/255.255.254.0|Name=w|
"{C6B9802E-3E9D-4874-8460-86921ADE9572}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.56.0/255.255.254.0|Name=w|
"{BA3891DC-FCBB-4C2D-BEF9-EC0B2582C49A}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.58.0/255.255.254.0|Name=w|
"{0B3B8634-A4FA-482C-BEAF-323E7D595984}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.60.0/255.255.254.0|Name=w|
"{797B30F9-6589-4921-9497-CEF6AE927FB0}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=5.62.62.0/255.255.254.0|Name=w|
"{F73F3BD3-9429-498E-A5F9-BB9B17DA2197}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.40.0/255.255.255.0|Name=w|
"{DC04AF53-3EFD-4580-B418-2F5BB67BC344}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.41.0/255.255.255.0|Name=w|
"{308E0CEE-7237-4948-8707-4C5CF9BD01ED}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.42.0/255.255.255.0|Name=w|
"{1391623D-E6B5-47A1-8E3F-5C0A969DC90B}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.43.0/255.255.255.0|Name=w|
"{420AB883-48D0-47BC-B52B-65E63BDD8243}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.44.0/255.255.255.0|Name=w|
"{5E4063DC-8065-422D-AB8A-7642A03F016B}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.45.0/255.255.255.0|Name=w|
"{810EFBA8-61A3-400C-AEE9-8DB797CD3385}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.46.0/255.255.255.0|Name=w|
"{A5F59BA4-7766-49D5-9B53-2EDFBE29542D}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=185.51.228.0/255.255.255.0|Name=w|
"{E87C9D83-EF80-429C-819F-DE239568FB09}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=185.51.229.0/255.255.255.0|Name=w|
"{0DB5CE6E-9D19-4482-936D-40E5C0F8960D}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=185.51.230.0/255.255.255.0|Name=w|
"{BC29B48B-B5A3-48BC-B9B9-DDDFAA4B4B5A}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=77.234.47.0/255.255.255.0|Name=w|
"{BF9B06B3-2BA7-4BED-9419-1E666A987D70}"=v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=185.51.231.0/255.255.255.0|Name=w|
"TCP Query User{8BEEF8EA-CF96-4EA4-B80E-B6B44BD80412}C:\program files (x86)\songbird\songbird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\songbird\songbird.exe|Name=Songbird Web Player|Desc=Songbird Web Player|Defer=User|
"UDP Query User{EEDA9D4D-3E13-4116-A710-A8AAB59F8C26}C:\program files (x86)\songbird\songbird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\songbird\songbird.exe|Name=Songbird Web Player|Desc=Songbird Web Player|Defer=User|
"{C227E3B6-6842-4861-8AE8-67398F330792}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe|Name=SP_FF|
"{E978CA44-6C97-443B-A759-F279C4177705}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe|Name=SP_FF|
"TCP Query User{F4314655-9CA7-40A5-9C83-EA18D4B3FB0E}C:\program files (x86)\your freedom\freedom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\your freedom\freedom.exe|Name=Your Freedom client software|Desc=Your Freedom client software|Defer=User|
"UDP Query User{A8980E35-F681-4B84-AF87-2F4FE986B489}C:\program files (x86)\your freedom\freedom.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\your freedom\freedom.exe|Name=Your Freedom client software|Desc=Your Freedom client software|Defer=User|
"TCP Query User{5A7C224B-5896-4FE1-A15F-F8E2BEE783FA}C:\program files (x86)\songbird\songbird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\songbird\songbird.exe|Name=Songbird Web Player|Desc=Songbird Web Player|Defer=User|
"UDP Query User{A00535DE-A04A-4AB5-BE84-93484212F531}C:\program files (x86)\songbird\songbird.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\songbird\songbird.exe|Name=Songbird Web Player|Desc=Songbird Web Player|Defer=User|
"{0AB872DC-810E-41A6-93A8-77F412E5D6DC}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe|Name=Driver Booster - DriverBooster.exe|EmbedCtxt=IObit|
"{C989BE2F-A335-45AD-B43C-84A8B3ED9EEC}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe|Name=Driver Booster - DriverBooster.exe|EmbedCtxt=IObit|
"{06417D6A-4CAF-438A-83A8-0E8E801F662B}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe|Name=Driver Booster - DBDownloader.exe|EmbedCtxt=IObit|
"{01618A5E-2324-4638-A018-102BF4DB36A0}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DBDownloader.exe|Name=Driver Booster - DBDownloader.exe|EmbedCtxt=IObit|
"{9406909E-E29C-4B32-9DCE-B380BDF2646F}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe|Name=Driver Booster - AutoUpdate.exe|EmbedCtxt=IObit|
"{98452C26-FEB3-41C5-B519-2B1276F0CE0D}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\IObit\Driver Booster\4.5.0\AutoUpdate.exe|Name=Driver Booster - AutoUpdate.exe|EmbedCtxt=IObit|
"{255F07FD-1817-4BA8-AAED-8D67BF671A6E}"=v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe|Name=Video Converter Studio|
"{14167218-6FA2-459E-ACD6-7256F13C3B87}"=v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe|Name=Video Converter Studio|
"TCP Query User{8B6E8F89-399E-421E-8F8A-24CC44FE00F7}C:\users\enfers\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\enfers\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|
"UDP Query User{F6D0A2F0-3B6E-4A03-B8B5-EC6466636001}C:\users\enfers\appdata\roaming\spotify\spotify.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\enfers\appdata\roaming\spotify\spotify.exe|Name=spotify.exe|Desc=spotify.exe|Defer=User|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (igfx) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (igfx) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C3077FCD-9C3C-482F-9317-460712F23EFD}] : (DPTF) [] -> @oem18.inf,%ClassName%;Intel(R) Dynamic Platform and Thermal Framework
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[14/06/2017 22:05:47] - (1.0.0.0) - (Anvisoft - Anvisoft Minifilter Driver) - C:\Windows\system32\DRIVERS\asd2fsm.sys
[05/09/2017 06:57:12] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
[03/10/2017 19:03:15] - (1.1.0.263) - (Glarysoft Ltd - The driver for the Startup Manager tool) - C:\Windows\System32\drivers\GUBootStartup.sys
[18/08/2017 02:23:52] - (19.3.31.31) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\Windows\system32\DRIVERS\SynTP.sys
[08/09/2017 10:10:21] - (19.3.31.31) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
[11/07/2017 15:30:41] - (5.1.2.252) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdkmpfd (AMD PCI Root Bus Lower Filter) -> system32\DRIVERS\amdkmpfd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Compbatt (Pilote de batterie composite Microsoft) -> system32\DRIVERS\compbatt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorA () -> system32\DRIVERS\iaStorA.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStorF () -> system32\DRIVERS\iaStorF.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrôleur d'hôte Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - storflt (@%SystemRoot%\system32\vmstorfltres.dll,-1000) -> system32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Pilote d’énumérateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vmbus (@%SystemRoot%\system32\vmbusres.dll,-1000) -> system32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wd (Pilote du Minuteur de surveillance Microsoft) -> system32\DRIVERS\wd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - asd2fsm (asd2fsm) -> system32\DRIVERS\asd2fsm.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> \SystemRoot\system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswNetSec (aswNetSec) -> \SystemRoot\system32\drivers\aswNetSec.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GUBootStartup (GUBootStartup) -> \??\C:\Windows\System32\drivers\GUBootStartup.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systèmes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Pilote de périphérique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.4AC51459805264AFFD5F6FDFB9D9235F] - [20/08/2017 11:52:15] - (.Copyright (c) GEAR Software Inc. 2006 - CD/DVD Class Filter Driver.) - [15.3 Ko] - (2.0.6.1) - C:\Windows\Syswow64\Drivers\GEARAspiWDM.sys
[MD5.EF558A02D734A1403583E95CCEEC2487] - [05/09/2017 06:57:12] - (.Copyright (c)1999-2015 Martin Malík - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\Windows\Syswow64\Drivers\HWiNFO64A.SYS

---------- | Uninstall (Whitelist)

----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9503AD68-6198-4081-9F57-1F346D7B58D4}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{9503AD68-6198-4081-9F57-1F346D7B58D4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 27 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_170_Plugin.exe -maintain plugin
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Driver Booster_is1] : (Driver Booster 4.5.-.IObit) -> "C:\Program Files (x86)\IObit\Driver Booster\4.5.0\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Glary Utilities 5] : (Glary Utilities 5.85.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glary Utilities 5\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Proxifier_is1] : (Proxifier version 3.29.-.Initex) -> "C:\Program Files (x86)\Proxifier\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Songbird-release-2453] : (Songbird 2.2.0 (Build 2453).-.) -> "C:\Program Files (x86)\Songbird\Songbird-Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uniquemagicmp3taggerappid_is1] : (Magic MP3 Tagger 2.2.6.-.Mathias Kunter) -> "C:\Program Files (x86)\Magic MP3 Tagger\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1] : (gpedt.msc 1.0.-.Richard) -> "C:\Windows\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{14F4ED8D-966F-4D5E-935D-8F820C14BA64}] : (.-.) -> 

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\1BCA4F58CD7E6C3C4FDFBB39D62F96E5] : Windows PE x86 x64 wims
[HKCR\Installer\Products\86DA305989161804F975F143D6B7854D] : Intel(R) Rapid Storage Technology
[HKCR\Installer\Products\AC96D98F1EE6730EDDB380DCEDB1DEC1] : Windows PE x86 x64
[HKCR\Installer\Products\E8779CFB5679C49C0C282C15F4D8BEB9] : Windows Deployment Tools

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Échec de la création d’un point de restauration (Processus = C:\Windows\system32\svchost.exe -k netsvcs ; Description = Windows Update ; Erreur = 0x81000101).
------------

Nom de l’application défaillante ZHPDiag3.exe, version : 2017.10.14.182, horodatage : 0x59e1ee0a
Nom du module défaillant : ntdll.dll, version : 6.1.7601.23915, horodatage : 0x59b94a16
Code d’exception : 0xc000000d
Décalage d’erreur : 0x000994d2
ID du processus défaillant : 0x1288
Heure de début de l’application défaillante : 0x01d346b40894fc7d
Chemin d’accès de l’application défaillante : C:\Users\enfers\AppData\Roaming\ZHP\ZHPDiag3.exe
Chemin d’accès du module défaillant: C:\Windows\SysWOW64\ntdll.dll
ID de rapport : 6b2b781a-b2aa-11e7-8415-98e7f414a216
------------

ATI EEU Service event error
------------

Le programme CKScanner(1).exe version 2.5.1.1 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 ID de processus : 1bd0
 Heure de début : 01d346a4e2a5f04b
 Heure de fin : 5
 Chemin d’accès de l’application : C:\Users\enfers\Downloads\CKScanner(1).exe
 ID de rapport : 593ebb3e-b299-11e7-84db-98e7f414a216

------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 0816. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 0804. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 0416. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 0404. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 01F. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 01D. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 019. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 015. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 014. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 013. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 012. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 011. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 010. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 00E. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------

Impossible de lire les chaînes du compteur de performance défini pour l’ID de langue 00D. Le premier DWORD de la section Data contient le code d’erreur Win32.
------------


----------( EOF)---------- - 3273 | 21:00:11