--------------- QuickDiag | g3n-h@ckm@n | V4_27.04.18.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 29/04/2018 22:26:14

Updated 27/04/2018 | 14.15 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Patrick (Administrator)] - [PATRICK] (S-1-5-21-3311965274-403475795-341010734)

System: Microsoft Windows 10 Famille - - (10.0.16299) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> (1709)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Famille|C:\WINDOWS|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: HP 250 G2 Notebook PC - Hewlett-Packard - IdNumber: 5CB4162TCK - UUID: 865A93A9-0050-6700-6575-575008426EB5
Processor : X64 - 2133 Mhz - Intel(R) Celeron(R) CPU  N2820  @ 2.13GHz
F.1A - en|US|iso8859-1 - Insyde - S/N: 5CB4162TCK - F.1A - HPQOEM - 3
CoreTemp : 42 Celsius

----------| Quick


---------- | SoundDevice

Son Intel(R) pour Ã©crans - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2882&SUBSYS_103C2190&REV_1000\4&519703F&0&0201
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0282&SUBSYS_103C2190&REV_1000\4&519703F&0&0001

---------- | Video

Intel(R) HD Graphics - Resolution: 1366x768 - Colors: 4294967296 - RefreshRate: 40 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll - PNPDeviceID: PCI\VEN_8086&DEV_0F31&SUBSYS_2190103C&REV_0C\3&11583659&2&10 - AdapterCompatibility: Intel Corporation - RAM: -2134587392
Inegrated Video Chipset DeviceName: Intel(R) HD Graphics - DriverVersion: 10.18.10.4358 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84480 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25400 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28672 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 33296 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34864 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42480 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:76 %
CPU #2 value:41 %
Total Overall CPU Usage value:58 %

---------- | Network

Realtek PCIe FE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
Qualcomm Atheros QCA9565 802.11b_g_n WiFi Adapter : SENT:0 bytes/sec / RECVD:0 bytes/sec
Connexion au rÃ©seau local* 2 : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:58 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe FE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8136&SUBSYS_2190103C&REV_07\4&6ED58EA&0&00E2
Qualcomm Atheros QCA9565 802.11b/g/n WiFi Adapter - Ethernet 802.3 - Qualcomm Atheros Communications Inc. - Status: - PnPID : PCI\VEN_168C&DEV_0036&SUBSYS_217F103C&REV_01\4&36AAE8A1&0&00E3
Microsoft Wi-Fi Direct Virtual Adapter #3 - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&943CCB&3&13
Microsoft Teredo Tunneling Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE
WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_SSTPMINIPORT
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_AGILEVPNMINIPORT
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_L2TPMINIPORT
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPTPMINIPORT
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_PPPOEMINIPORT
WAN Miniport (IP) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIP
WAN Miniport (IPv6) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANIPV6
WAN Miniport (Network Monitor) - Ethernet 802.3 - Microsoft - Status: - PnPID : SWD\MSRRAS\MS_NDISWANBH
RAS Async Adapter - - - Status: - PnPID : 
Bluetooth Device (RFCOMM Protocol TDI) - - - Status: - PnPID : 
Bluetooth Device (Personal Area Network) - - - Status: - PnPID : 

---------- | Memory

RAM = Total (MB) : 4088 | Free (MB) : 2018
Pagefile = Total (MB) : 5923 | Free (MB) : 3153
Virtual = Total (MB) : 4194 | Free (MB) : 3882

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: 0 - Manufacturer: 17 - PartNumber: HMT351S6EFR8A-PB  - S/N: 25244723

---------- | SID Users

Administrateur : [S-1-5-21-3311965274-403475795-341010734-500]
DefaultAccount : [S-1-5-21-3311965274-403475795-341010734-503]
HomeGroupUser$ : [S-1-5-21-3311965274-403475795-341010734-1003]
InvitÃ© : [S-1-5-21-3311965274-403475795-341010734-501]
Patrick : [S-1-5-21-3311965274-403475795-341010734]
VERONIK : [S-1-5-21-3311965274-403475795-341010734-1020]
WDAGUtilityAccount : [S-1-5-21-3311965274-403475795-341010734-504]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
System Managed Accounts Group : [S-1-5-32-581]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de gestion Ã  distance : [S-1-5-32-580]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]
HomeUsers : [S-1-5-21-3311965274-403475795-341010734-1002]
WinRMRemoteWMIUsers__ : [S-1-5-21-3311965274-403475795-341010734-1000]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [Windows] | Total : 446.93 Go | Free : 300.76 Go -> NTFS [SATA]
D:\ -> [Fixed] | [RECOVERY] | Total : 16.35 Go | Free : 1.64 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:, D:] : Read:0 bytes/sec, Written:67,534 bytes/sec Max Read:0 bytes/sec, Max Write:67,534 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:67,534 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST500LT012-1DG14\4&100BB782&0&000000

---------- | Windows updates - Activation - License

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated
Test 3 : Possible Fixed Windows

Volume License


---------- | Browsers

IE : 11.0.16299.371     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)
FF : 57.0.0.6525     (Â©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 65.0.3325.181     (Copyright 2017 Google Inc.)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 29.0.0.140
FlashPlayer Plugin : 29.0.0.140

---------- | Security

AV : Windows Defender Disabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   ( 2.3.173.0)     [Update : 01/09/2014 07:45:20]
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Manual(3)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

360 | [Owner : SystÃ¨me | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (10.0.16299.15) = C:\Windows\System32\smss.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
556 | [Owner : SystÃ¨me | Parent : 544() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
632 | [Owner : SystÃ¨me | Parent : 544() | ?????] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (10.0.16299.15) = C:\Windows\System32\wininit.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
644 | [Owner : SystÃ¨me | Parent : 624() | ?????] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (10.0.16299.15) = C:\Windows\System32\csrss.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
696 | [Owner : SystÃ¨me | Parent : 632(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (10.0.16299.192) = C:\Windows\System32\services.exe     [07/01/2018 11:29:20]    CPU Usage:0 % --> Command Line : 
704 | [Owner : SystÃ¨me | Parent : 632(wininit.exe) | 13.85 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.16299.15) = C:\Windows\System32\lsass.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
832 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 3.5 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
852 | [Owner : UMFD-0 | Parent : 632(wininit.exe) | 2.91 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.334) = C:\Windows\System32\fontdrvhost.exe     [10/04/2018 22:16:59]    CPU Usage:0 % --> Command Line : 
884 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 28.34 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:8 % --> Command Line : 
940 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 11.81 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:4 % --> Command Line : 
968 | [Owner : SystÃ¨me | Parent : 624() | 7.98 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (10.0.16299.371) = C:\Windows\System32\winlogon.exe     [10/04/2018 22:16:37]    CPU Usage:0 % --> Command Line : 
1008 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
464 | [Owner : UMFD-1 | Parent : 968(winlogon.exe) | 9.03 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.334) = C:\Windows\System32\fontdrvhost.exe     [10/04/2018 22:16:59]    CPU Usage:0 % --> Command Line : 
508 | [Owner : DWM-1 | Parent : 968(winlogon.exe) | 45.33 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (10.0.16299.15) = C:\Windows\System32\dwm.exe     [29/09/2017 15:41:41]    CPU Usage:0 % --> Command Line : 
1064 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 24.89 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:27 % --> Command Line : 
1124 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 9.25 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1156 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 10.74 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1184 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 14.47 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1244 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.56 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1284 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 9.96 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1380 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 16.96 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1408 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 8.38 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1444 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.01 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1488 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.08 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1536 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.11 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1672 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 12.05 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1720 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.32 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1768 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.38 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1776 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.32 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1784 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 77.34 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:4 % --> Command Line : 
1908 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.44 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2020 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 8.84 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2044 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 7.75 Mo] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4358) = C:\Windows\System32\igfxCUIService.exe     [03/05/2016 23:30:46]    CPU Usage:0 % --> Command Line : 
1484 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 13.03 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1924 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 7.51 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2104 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.74 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2156 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 10.65 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2240 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 8.22 Mo] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.66) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe     [23/11/2015 21:41:23]    CPU Usage:0 % --> Command Line : 
2272 | [Owner : SystÃ¨me | Parent : 2240(RtkAudioService64.exe) | 11.07 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.221) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [23/11/2015 21:41:09]    CPU Usage:0 % --> Command Line : 
2304 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 8.16 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2320 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.04 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2332 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.46 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2424 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.03 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2508 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 12.65 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2600 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 10.84 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2668 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 24.08 Mo] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (10.0.16299.371) = C:\Windows\System32\spoolsv.exe     [10/04/2018 22:16:53]    CPU Usage:0 % --> Command Line : 
2772 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 7.47 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2812 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.78 Mo] - (.ArcSoft Inc. - ArcSoft Connect Service.) - (1.1.0.47) = C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe     [19/11/2014 12:40:35]    CPU Usage:0 % --> Command Line : 
2820 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 2.58 Mo] - (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - (1.0.64.10) = C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe     [23/11/2015 21:40:47]    CPU Usage:0 % --> Command Line : 
2828 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.2 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.1196) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe     [17/01/2018 23:13:46]    CPU Usage:0 % --> Command Line : 
2840 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.5 Mo] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (6.2.9200.16384) = C:\Program Files (x86)\Bluetooth Suite\AdminService.exe     [07/08/2013 01:34:24]    CPU Usage:0 % --> Command Line : 
2848 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.15 Mo] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe     [30/08/2011 23:05:32]    CPU Usage:0 % --> Command Line : 
2860 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 8.04 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2872 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 13.48 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2880 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.18 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2888 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 27.19 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2896 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 66.75 Mo] - (.Avira Operations GmbH & Co. KG - Avira Updater Service Host.) - (2.0.5.2809) = C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe     [13/04/2018 03:12:24]    CPU Usage:0 % --> Command Line : 
2912 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 36.26 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2968 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.49 Mo] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.28.506.1) = C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe     [01/07/2013 20:08:32]    CPU Usage:0 % --> Command Line : 
3032 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 17.67 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2236 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 5.97 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2548 | [Owner : SystÃ¨me | Parent : 696(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.309) = C:\Windows\System32\SecurityHealthService.exe     [14/03/2018 20:57:14]    CPU Usage:0 % --> Command Line : 
444 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 7.62 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:19 % --> Command Line : 
3088 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.02 Mo] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - (2.5.11.0) = C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe     [09/08/2017 19:27:59]    CPU Usage:0 % --> Command Line : 
3104 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.35 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3152 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.11 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3172 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 19.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3284 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 5 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3304 | [Owner : SERVICE LOCAL | Parent : 2880(svchost.exe) | 15.03 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.16299.15) = C:\Windows\System32\dasHost.exe     [29/09/2017 15:41:33]    CPU Usage:0 % --> Command Line : 
3352 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 6.31 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3396 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 13.76 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3404 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 41.34 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.643) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [09/03/2018 20:52:37]    CPU Usage:0 % --> Command Line : 
3464 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 41.63 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.9126.2152) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe     [20/11/2015 08:10:52]    CPU Usage:0 % --> Command Line : 
3524 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3540 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 4.4 Mo] - (.Synaptics Incorporated - 64-bit Synaptics Pointing Enhance Service.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe     [18/08/2017 02:23:54]    CPU Usage:0 % --> Command Line : 
3856 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 28.36 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3892 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 7.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3208 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 6.46 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4256 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 12.6 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4268 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 8.56 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4292 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.28 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4588 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 6.67 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4612 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.38 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
5008 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 11.33 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
5396 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 4.72 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hÃ´te de lÂinfrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe     [29/09/2017 15:41:51]    CPU Usage:0 % --> Command Line : 
5560 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 17.84 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
2432 | [Owner : Patrick | Parent : 3404(MBAMService.exe) | 27.24 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1429) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [09/03/2017 14:16:22]    CPU Usage:0 % --> Command Line : 
3004 | [Owner : Patrick | Parent : 1408(svchost.exe) | 24.28 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe     [29/09/2017 15:41:31]    CPU Usage:0 % --> Command Line : 
2376 | [Owner : Patrick | Parent : 3540(SynTPEnhService.exe) | 20.23 Mo] - (.Synaptics Incorporated - Synaptics TouchPad 64-bit Enhancements.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe     [18/08/2017 02:23:52]    CPU Usage:0 % --> Command Line : 
3196 | [Owner : Patrick | Parent : 696(services.exe) | 18.24 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3556 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 17.33 Mo] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8833) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe     [30/12/2017 11:52:37]    CPU Usage:0 % --> Command Line : 
3868 | [Owner : Patrick | Parent : 696(services.exe) | 30.17 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
4264 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 14.23 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
5676 | [Owner : Patrick | Parent : 1184(svchost.exe) | 14.88 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe     [29/09/2017 15:42:01]    CPU Usage:0 % --> Command Line : 
6228 | [Owner : Patrick | Parent : 5472() | 114.27 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.248) = C:\Windows\explorer.exe     [14/02/2018 10:11:09]    CPU Usage:0 % --> Command Line : 
6288 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 7.33 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
6360 | [Owner : Patrick | Parent : 6288(svchost.exe) | 14.37 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe     [29/09/2017 15:42:00]    CPU Usage:0 % --> Command Line : 
6632 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.82 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
6856 | [Owner : Patrick | Parent : 4416() | 4.12 Mo] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (19.3.31.31) = C:\Program Files\Synaptics\SynTP\SynTPHelper.exe     [18/08/2017 02:23:54]    CPU Usage:0 % --> Command Line : 
6892 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 8.25 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
7016 | [Owner : Patrick | Parent : 6900() | 12.14 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4358) = C:\Windows\System32\igfxEM.exe     [03/05/2016 23:30:46]    CPU Usage:0 % --> Command Line : 
7028 | [Owner : Patrick | Parent : 6900() | 9.05 Mo] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4358) = C:\Windows\System32\igfxHK.exe     [03/05/2016 23:30:46]    CPU Usage:0 % --> Command Line : 
7036 | [Owner : Patrick | Parent : 6900() | 10.36 Mo] - (.Intel Corporation - igfxTray Module.) - (6.15.10.4358) = C:\Windows\System32\igfxTray.exe     [03/05/2016 23:30:46]    CPU Usage:0 % --> Command Line : 
7052 | [Owner : Patrick | Parent : 884(svchost.exe) | 6.42 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.16299.15) = C:\Windows\System32\dllhost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
6844 | [Owner : Patrick | Parent : 1184(svchost.exe) | 1.17 Mo] - (.CyberLink - CyberLink MediaLibrary Service.) - (8.0.0.2002) = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe     [22/04/2014 18:55:24]    CPU Usage:0 % --> Command Line : 
6980 | [Owner : Patrick | Parent : 884(svchost.exe) | 86.76 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.334) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [10/04/2018 22:17:19]    CPU Usage:0 % --> Command Line : 
5600 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.65 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
7780 | [Owner : Patrick | Parent : 884(svchost.exe) | 17.83 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16299.15) = C:\Windows\System32\SettingSyncHost.exe     [29/09/2017 15:41:26]    CPU Usage:0 % --> Command Line : 
7520 | [Owner : Patrick | Parent : 696(services.exe) | 20.34 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
6500 | [Owner : Patrick | Parent : 6228(explorer.exe) | 8.78 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16299.15) = C:\Program Files\Windows Defender\MSASCuiL.exe     [29/09/2017 15:41:19]    CPU Usage:0 % --> Command Line : 
2688 | [Owner : Patrick | Parent : 6228(explorer.exe) | 11.79 Mo] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.485.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe     [23/11/2015 21:41:23]    CPU Usage:0 % --> Command Line : 
6332 | [Owner : Patrick | Parent : 6228(explorer.exe) | 10.84 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.221) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe     [23/11/2015 21:41:09]    CPU Usage:0 % --> Command Line : 
8364 | [Owner : Patrick | Parent : 6228(explorer.exe) | 58.22 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (18.65.329.2) = C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\OneDrive.exe     [06/03/2015 10:34:00]    CPU Usage:0 % --> Command Line : 
8380 | [Owner : Patrick | Parent : 6228(explorer.exe) | 5.86 Mo] - (.Â© 2015 Microsoft Corporation - Microsoft Bing Service.) - (1.0.6.0) = C:\Users\Patrick\AppData\Local\Microsoft\BingSvc\BingSvc.exe     [22/11/2015 19:53:59]    CPU Usage:0 % --> Command Line : 
8708 | [Owner : Patrick | Parent : 8472() | 16.09 Mo] - (.CyberLink Corp. - CyberLink YouCam Service.) - (5.0.6629.0) = C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe     [22/04/2014 18:50:53]    CPU Usage:0 % --> Command Line : 
8716 | [Owner : Patrick | Parent : 8472() | 5.89 Mo] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe     [30/05/2013 14:50:10]    CPU Usage:0 % --> Command Line : 
8724 | [Owner : Patrick | Parent : 8472() | 10.29 Mo] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) - (1.1.0.49) = C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe     [19/11/2014 12:40:35]    CPU Usage:0 % --> Command Line : 
8732 | [Owner : Patrick | Parent : 8472() | 8.4 Mo] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) - (1.2.10.0) = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe     [01/12/2014 15:19:56]    CPU Usage:0 % --> Command Line : 
8804 | [Owner : Patrick | Parent : 8472() | 9.96 Mo] - (.CyberLink Corp. - CyberLink YouCam Service.) - (7.0.1904.0) = C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe     [06/10/2016 08:48:19]    CPU Usage:0 % --> Command Line : 
8848 | [Owner : Patrick | Parent : 8472() | 18.44 Mo] - (.Wondershare - Wondershare Studio.) - (2.5.2.3) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe     [03/09/2017 11:11:37]    CPU Usage:0 % --> Command Line : 
6140 | [Owner : Patrick | Parent : 8672() | 18.66 Mo] - (.Piriform Ltd - CCleaner.) - (5.42.140.6495) = C:\Program Files\CCleaner\CCleaner64.exe     [12/04/2018 22:15:44]    CPU Usage:0 % --> Command Line : 
7112 | [Owner : SystÃ¨me | Parent : 884(svchost.exe) | 8.98 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\System32\wbem\WmiPrvSE.exe     [14/02/2018 10:09:09]    CPU Usage:0 % --> Command Line : 
7452 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 36.17 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16299.248) = C:\Windows\System32\SearchIndexer.exe     [14/02/2018 10:10:07]    CPU Usage:0 % --> Command Line : 
1804 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 3.73 Mo] - (.CyberLink - CyberLink Media Server Monitor Service.) - (2.2.0.11427) = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe     [22/04/2014 18:54:15]    CPU Usage:0 % --> Command Line : 
9324 | [Owner : SERVICE RÃSEAU | Parent : 696(services.exe) | 15.55 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
10148 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 46.29 Mo] - (.HP Inc. - HP Support Solutions Framework Service.) - (8.8.47.1) = C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe     [07/12/2016 03:43:02]    CPU Usage:0 % --> Command Line : 
10200 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 13.62 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
5028 | [Owner : Patrick | Parent : 884(svchost.exe) | 12.8 Mo] - (.-.) - (12.1813.286.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe     [25/04/2018 21:48:04]    CPU Usage:0 % --> Command Line : 
7920 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 43.65 Mo] - (.HP Inc. - HP Touchpoint Analytics Client Service.) - (4.0.2.1439) = C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe     [21/11/2017 07:55:30]    CPU Usage:0 % --> Command Line : 
9560 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 9.04 Mo] - (.HP - HP CASL Framework Service.) - (7.0.6.1) = C:\Program Files (x86)\HP\Shared\hpqwmiex.exe     [03/06/2016 23:08:04]    CPU Usage:0 % --> Command Line : 
8564 | [Owner : SERVICE LOCAL | Parent : 696(services.exe) | 9.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
7416 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.72 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
8544 | [Owner : Patrick | Parent : 2896(Avira.SoftwareUpdater.ServiceHost.exe) | 32.42 Mo] - (.Avira Operations GmbH & Co. KG; - Avira.SoftwareUpdater.ToastNotificationsBridge.) - (1.0.0.0) = C:\Program Files (x86)\Avira\SoftwareUpdater\AviraSoftwareUpdaterToastNotificationsBridge.exe     [13/04/2018 03:10:02]    CPU Usage:0 % --> Command Line : 
9504 | [Owner : Patrick | Parent : 1184(svchost.exe) | 1.8 Mo] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) - (15.0.36.128) = C:\Program Files (x86)\Avira\Antivirus\avgnt.exe     [29/04/2018 19:42:06]    CPU Usage:0 % --> Command Line : 
5548 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 43.96 Mo] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.36.150) = C:\Program Files (x86)\Avira\Antivirus\avguard.exe     [29/04/2018 19:42:06]    CPU Usage:0 % --> Command Line : 
7560 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 3.72 Mo] - (.Avira Operations GmbH & Co. KG - Avira Service Host.) - (1.2.109.23832) = C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe     [28/03/2018 16:19:18]    CPU Usage:0 % --> Command Line : 
8216 | [Owner : SystÃ¨me | Parent : 5548(avguard.exe) | 8.36 Mo] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (15.0.36.163) = C:\Program Files (x86)\Avira\Antivirus\avshadow.exe     [29/04/2018 19:42:09]    CPU Usage:0 % --> Command Line : 
1004 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 3.28 Mo] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (15.0.36.150) = C:\Program Files (x86)\Avira\Antivirus\sched.exe     [29/04/2018 19:42:24]    CPU Usage:0 % --> Command Line : 
9896 | [Owner : Patrick | Parent : 7560(Avira.ServiceHost.exe) | 35.88 Mo] - (.Avira Operations GmbH & Co. KG - Avira.) - (1.2.109.23832) = C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe     [28/03/2018 16:21:32]    CPU Usage:4 % --> Command Line : 
9556 | [Owner : Patrick | Parent : 6228(explorer.exe) | 155.97 Mo] - (.Microsoft Corporation - Microsoft Outlook.) - (16.0.9126.2152) = C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE     [19/03/2017 02:36:28]    CPU Usage:0 % --> Command Line : 
820 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 18.41 Mo] - (.CyberLink - CyberLink Media Server Service.) - (2.2.0.11427) = C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe     [22/04/2014 18:54:15]    CPU Usage:0 % --> Command Line : 
164 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 15.6 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
10840 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.79 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
5808 | [Owner : SystÃ¨me | Parent : 696(services.exe) | ?????] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
1564 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 6.8 Mo] - (.Hewlett-Packard Development Company, L.P. - HP WMI Service.) - (1.2.9.0) = C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe     [01/12/2014 15:19:46]    CPU Usage:0 % --> Command Line : 
3680 | [Owner : Patrick | Parent : 884(svchost.exe) | 15.26 Mo] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.98) = C:\Windows\System32\smartscreen.exe     [30/12/2017 12:02:21]    CPU Usage:0 % --> Command Line : 
5768 | [Owner : SERVICE LOCAL | Parent : 2104(svchost.exe) | 17.84 Mo] - (.Microsoft Corporation - Isolation graphique de pÃ©riphÃ©rique audio Windows.) - (10.0.16299.248) = C:\Windows\System32\audiodg.exe     [14/02/2018 10:10:13]    CPU Usage:0 % --> Command Line : 
3412 | [Owner : Patrick | Parent : 6228(explorer.exe) | 46.75 Mo] - (.SosVirus - QuickDiag.) - (27.4.18.1) = C:\Users\Patrick\Desktop\QuickDiag.exe     [29/04/2018 19:56:40]    CPU Usage:0 % --> Command Line : 
8128 | [Owner : SystÃ¨me | Parent : 696(services.exe) | 5.71 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe     [29/09/2017 15:41:43]    CPU Usage:0 % --> Command Line : 
3472 | [Owner : SERVICE RÃSEAU | Parent : 884(svchost.exe) | 9.94 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.16299.248) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [14/02/2018 10:09:03]    CPU Usage:0 % --> Command Line : 

---------- | MD5

[MD5.A77D56422C38C1F8A00D95D2D5B1675E] - [14/02/2018 10:11:09] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3812.79 Ko] - (10.0.16299.248) : C:\WINDOWS\Explorer.exe
[MD5.E08FE2DE3DDD22123247D49A11B4F53D] - [29/09/2017 15:41:33] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - InterprÃ©teur de commandes Windows.) - [266.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\cmd.exe
[MD5.4E043FE41901F1EA1B0FCCEF3C077C56] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus dÂexÃ©cution client-serveur.) - [17.27 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\csrss.exe
[MD5.5D94FA288F4BB230FE77BC67DE506257] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. - COM Surrogate.) - [20.4 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\dllhost.exe
[MD5.222A8E8EA615529B5025DE5782830AF1] - [29/09/2017 15:42:04] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL du client API BASE Windows NT.) - [686.1 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Kernel32.dll
[MD5.94E06D509D50807774F35BEE3163E806] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. - Local Security Authority Process.) - [56.62 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\lsass.exe
[MD5.79BDBB684629A526CCD958F06B9D6FAD] - [29/09/2017 15:41:44] - (.Â© Microsoft Corporation. - Distributed COM Services.) - [1091 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rpcss.dll
[MD5.731A783A36A8E69A6434D19D98B12A09] - [29/09/2017 15:41:58] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te Windows (Rundll32).) - [69.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\rundll32.exe
[MD5.AB75687641C9ADBE22336EC3C496909C] - [07/01/2018 11:29:20] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Applications Services et ContrÃ´leur.) - [601.34 Ko] - (10.0.16299.192) : C:\WINDOWS\System32\services.exe
[MD5.440684C4F823AAE2CC587363F9C477A6] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Processus hÃ´te pour les services Windows.) - [47.55 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\svchost.exe
[MD5.0370364D4D8846B6CF316ABBB2EDB083] - [30/12/2017 12:02:21] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - DLL client de lÂAPI uilisateur de Windows multi-utilisateurs.) - [1595.98 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\user32.dll
[MD5.755ED4FDBD7D6C3980610E26E527E2F5] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Userinit.) - [31.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\userinit.exe
[MD5.BF3E1D9B2360C6BE4CC3094CD2DDC617] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application de dÃ©marrage de Windows.) - [351.16 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Wininit.exe
[MD5.C67E7F605A830AA96A204ECCDC678FBC] - [10/04/2018 22:16:37] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Application dÂouverture de session Windows.) - [699.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Winlogon.exe
[MD5.9619C0D7DB55CC3A636A24A7D82B0C8E] - [10/04/2018 22:16:18] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de fonction connexe pour WinSock.) - [599.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.6191B9B2EE0E8CB957C683B9B341CC86] - [29/09/2017 15:41:03] - (.Â© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.9 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.10B25A467C6FB6ACBDB2D203B98BEFBC] - [14/03/2018 20:56:59] - (.Â© Microsoft Corporation. - ATAPI Driver Extension.) - [189.9 Ko] - (10.0.16299.251) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.9E82A95D77AC78C84BA75FF896B060BF] - [29/09/2017 15:41:43] - (.Â© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.6D83565C1652E80447EDEA6947FA89D7] - [29/09/2017 15:41:02] - (.Â© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.FAEC08F583CAD06D4F057DBB733A03A1] - [10/04/2018 22:15:41] - (.Â© Microsoft Corporation. - DFS Namespace Client Driver.) - [147.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.99A34FD1F6431A10D8C3BB50E170D0F2] - [29/09/2017 15:40:59] - (.Â© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.56FF074E50F9042FD2856AB3418F4B18] - [29/09/2017 15:41:08] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port i8042.) - [103.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.7BEC2AF23F586EFF0DB4DBF4331B0C70] - [29/09/2017 15:41:33] - (.Â© Microsoft Corporation. - IP Network Address Translator.) - [209 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.71729B1EE949E1B092CB5CB75CC63715] - [14/02/2018 10:10:10] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Minirdr SMB Windows NT.) - [482.9 Ko] - (10.0.16299.248) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.25D126EFFEC0B117DA4C81F7AE6C99FC] - [10/04/2018 22:16:39] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - NDIS (Network Driver Interface Specification).) - [1247.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.E5C5E6ED3949546E2ACA79B6A3817202] - [10/04/2018 22:15:44] - (.Â© Microsoft Corporation. - MBT Transport driver.) - [309.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.ADF52C1A5831EA1009382B3BE3A204B3] - [10/04/2018 22:17:08] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote du systÃ¨me de fichiers NT.) - [2338.91 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2E07EC2C1622F5E7B535D62DCD61F3AB] - [29/09/2017 15:41:03] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de port parallÃ¨le.) - [96.5 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.E0220BB6580D34001D4D1D133052DAA4] - [29/09/2017 15:41:58] - (.Â© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104 Ko] - (10.0.16299.15) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.39886C19FB466BBF8AEC31E3E77C034C] - [10/04/2018 22:15:41] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Redirecteur de pÃ©riphÃ©rique de Microsoft RDP.) - [178.5 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.AE5CA8D3D81DCC76C5FFF1CD60E48606] - [10/04/2018 22:16:39] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote TCP/IP.) - [2708.41 Ko] - (10.0.16299.334) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.09125A12CAB5F8D5EAE9C83C25792FDD] - [10/04/2018 22:16:01] - (.Â© Microsoft Corporation. - TDI Translation Driver.) - [118.41 Ko] - (10.0.16299.371) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.5B27846CF4B1C21AFB3A35A8336BA02F] - [30/12/2017 12:02:27] - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Pilote de clichÃ© instantanÃ© du volume.) - [391.9 Ko] - (10.0.16299.125) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.HP Inc..-.HP DeskBand.) - (8.2.2.0) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
(..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\inputhost.dll
(.Intel Corporation.-.User Mode Driver for Intel(R) Graphics Technology.) - (10.18.10.4358) -- C:\WINDOWS\SYSTEM32\igd10iumd64.dll
(.Intel Corporation.-.Unified Shader Compiler for Intel(R) Graphics Accelerator.) - (10.18.10.4358) -- C:\WINDOWS\SYSTEM32\igdusc64.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.26) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(.Avira Operations GmbH & Co. KG.-.AntiVirus context menu.) - (15.0.36.115) -- C:\Program Files (x86)\Avira\Antivirus\shlext64.dll
(.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (8.0.0.2906) -- C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll
(.Igor Pavlov.-.7-Zip Shell Extension.) - (9.20.0.0) -- C:\Program Files\7-Zip\7-zip.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Copyright (C) 2003-2011 Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll
(.http://www.sqlite.org/copyright.html.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.19.3.0) -- C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÃSEAU
Le Cloud d'Orange - Transfert de fichiers Client - (C:\Users\Patrick\AppData\Local\Le Cloud Orange\omclient.exe [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
KiesPDLR.exe - (C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
Orange mes contenus - ("C:\Program Files\Orange\Orange mes contenus\OrangeSC.exe" /delayed [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
OneDrive - ("C:\Users\Patrick\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
BingSvc - (C:\Users\Patrick\AppData\Local\Microsoft\BingSvc\BingSvc.exe [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3311965274-403475795-341010734-1001\SOFTWARE\...\Run]) - User: PATRICK\Patrick
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\SOFTWARE\...\Run]) - User: Public
RtHDVBg - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS [HKLM\SOFTWARE\...\Run]) - User: Public
Logitech Download Assistant - (C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [HKLM\SOFTWARE\...\Run]) - User: Public

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe   
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s   
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS   
"Logitech Download Assistant"=C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x060000000000000000000000   
"!DiskInfo"=0x040000000000000000000000   
"RUNFBI"=0x040000000000000000000000   
"DisableStartScreen"=0x040000000000000000000000   
"IgfxTray"=0x060000000000000000000000   
"HotKeysCmds"=0x060000000000000000000000   
"Persistence"=0x060000000000000000000000   
"RTHDVCPL"=0x060000000000000000000000   
"SynTPEnh"=0x060000000000000000000000   
"RtHDVBg"=0x020000000000000000000000   
"Logitech Download Assistant"=0x020000000000000000000000   
"Malwarebytes TrayApp"=0x020000000000000000000000   
"AvastUI.exe"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"Wondershare Helper Compact.exe"=0x060000000000000000000000   
"YouCam Service"=0x060000000000000000000000   
"mcpltui_exe"=0x040000000000000000000000   
"HPMessageService"=0x060000000000000000000000   
"avgnt"=0x020000000000000000000000   
"HP Software Update"=0x020000000000000000000000   
"ArcSoft Connection Service"=0x020000000000000000000000   
"Avira Systray"=0x020000000000000000000000   
"Nikon Message Center 2"=0x03000000DEC7396D5809D001   
"KiesTrayAgent"=0x03000000D161225393A7D001   
"Avira SystrayStartTrigger"=0x020000000000000000000000   
"YouCam Service7"=0x020000000000000000000000   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
"Win32kLastWriteTime"=1D33928A8E92551   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s   
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe   [30/05/2013 14:50:10]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s   
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe   [19/11/2014 12:40:35]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe   [17/12/2014 06:41:28]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe   [01/12/2014 15:19:56]
"YouCam Service7"="C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe" /s   
"Wondershare Helper Compact.exe"=C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe   [03/09/2017 11:11:37]
"Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"{4b629f54-1d82-40c9-9979-4485bb58d155}"="C:\ProgramData\Package Cache\{4b629f54-1d82-40c9-9979-4485bb58d155}\Avira.OE.Setup.Bundle.exe" /burn.runonce   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc   
"AppInit_DLLs"=   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"DeviceNotSelectedTimeout"=15   
"DwmInputUsesIoCompletionPort"=1   
"EnableDwmInputProcessing"=7   
"EnableMitInputProcessing"=7   
"GDIProcessHandleQuota"=10000   
"IconServiceLib"=IconCodecService.dll   
"LoadAppInit_DLLs"=0   
"NaturalInputHandler"=Ninput.dll   
"ShutdownWarningDialogTimeout"=4294967295   
"Spooler"=yes   
"ThreadUnresponsiveLogTimeout"=500   
"TransmissionRetryTimeout"=90   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Acrobat Update Task
Adobe Flash Player NPAPI Notifier
Adobe Flash Player PPAPI Notifier
Adobe Flash Player Updater
Avira_Antivirus_Systray
CCleaner Update
CCleanerSkipUAC
CLMLSvc_P2G8
CLVDLauncher
FaxApplications.exe_{45E822B1-C73F-4E5F-A624-E109FB835485}
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
HP AR Program Upload - 4ba89dd2808145be9d415a1b82b2d4c59d7a2adb9e264a46961bacc5917ba472
HP AR Program Upload - 7295639e1a004599bcffec441ede2c5798bcf81e62644a03b6b591401e723d1b
HP AR Program Upload - 96b43d4ae8474ca5a8ff25a3650ca34b45bfb6d4fe2b4a54aeaf95b319742780
HP AR Program Upload - 9ea29ba2ad7345eba2699d268bf2df89266c0c46bd1a4e7f9ca478333e472aac
HPCustPartic.exe_{F54DD2A7-31EA-4B22-928D-327BBE0F47B1}
HPCustParticipation HP Officejet 4630 series
OneDrive Standalone Update Task
OneDrive Standalone Update Task-S-1-5-21-3311965274-403475795-341010734-1001
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1001
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1007
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1016
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1018
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1020
Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-500
ScanToPCActivationApp.exe_{A6B02579-26A1-4ED8-A0D4-638E878B6A0D}
Synaptics TouchPad Enhancements
Toolbox.exe_{9C327167-1BE0-45B0-B986-F3CDEE099BD7}
User_Feed_Synchronization-{2C8672C2-4390-4918-A9C7-8218CA6BF238}
User_Feed_Synchronization-{5ECF1D0E-F3A4-4274-91B7-15FCC0EEF301}
User_Feed_Synchronization-{B1E3F979-EBB4-43D5-9B9D-B5A2D1DE05B3}
User_Feed_Synchronization-{BB5C9BCD-4838-4092-9816-BD2E6F13DDF5}
User_Feed_Synchronization-{D813C16D-3859-4383-9C47-BCC62C7A9A93}
User_Feed_Synchronization-{FC0FA157-B231-480E-9377-03545953143B}
YCMServiceAgent
{8EAA4BA4-005B-446F-ACDA-0428861C99C4}
{B90BE772-893A-4871-BAB2-FF70C4B45845}

---------- | Startings up registry ? Folder


---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28   
"CurrentUser"=USERNAME   
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc   
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller   
"SvcHostSplitThresholdInKB"=3670016   
"WaitToKillServiceTimeout"=200   
"SystemStartOptions"= NOEXECUTE=OPTIN  NOVGA   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   
"LastBootSucceeded"=1   
"LastBootShutdown"=1   
"DirtyShutdownCount"=10   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0   
"auditbaseobjects"=0   
"Bounds"=0x0030000000200000   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Security Packages"=""   [22/06/2014 07:34:22]
"Notification Packages"=scecli   
"Authentication Packages"=msv1_0   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"LsaPid"=704   
"ProductType"=3   
"restrictanonymous"=0   
"restrictanonymoussam"=1   
"SamConnectedAccountsExist"=1   
"SecureBoot"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8   
"BootExecute"=autocheck autochk *   
"BootShell"=%SystemRoot%\system32\bootim.exe   
"CriticalSectionTimeout"=2592000   
"ExcludeFromKnownDlls"=   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"InitConsoleFlags"=0   
"NumberOfInitialSessions"=2   
"ObjectDirectories"=\Windows
\RPC Control   
"ProcessorControl"=2   
"ProtectionMode"=1   
"ResourceTimeoutCount"=648000   
"RunLevelExecute"=WinInit
ServiceControlManager   
"RunLevelValidate"=ServiceControlManager   
"SETUPEXECUTE"=   
"AutoChkSkipSystemPartition"=0   
"PendingFileRenameOperations"=\??\C:\WINDOWS\TEMP\D186.tmp

\??\C:\WINDOWS\TEMP\RarSFX0\addr_file.html

\??\C:\WINDOWS\TEMP\RarSFX0\aebb.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aecore.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aecrypto.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aedroid.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aeemu.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aeexp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aegen.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aehelp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aeheur.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aeheur_agen.dat

\??\C:\WINDOWS\TEMP\RarSFX0\aelibinf.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aelidb.dat

\??\C:\WINDOWS\TEMP\RarSFX0\aemobile.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aemvdb.dat

\??\C:\WINDOWS\TEMP\RarSFX0\aeoffice.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aepack.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aerdl.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aesbx.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aescn.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aescript.dll

\??\C:\WINDOWS\TEMP\RarSFX0\aeset.dat

\??\C:\WINDOWS\TEMP\RarSFX0\aevdf.dat

\??\C:\WINDOWS\TEMP\RarSFX0\aevdf.dll

\??\C:\WINDOWS\TEMP\RarSFX0\apcfile.dll

\??\C:\WINDOWS\TEMP\RarSFX0\auccert.crt

\??\C:\WINDOWS\TEMP\RarSFX0\avacl.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avarkt.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avcenter.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avconfig.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avconfig.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avesvc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avgio.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avgnt.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avgnt.xml

\??\C:\WINDOWS\TEMP\RarSFX0\avguard.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avguard.xml

\??\C:\WINDOWS\TEMP\RarSFX0\avinet.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avipc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avirasecuritycenteragent.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avlode.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avlode.rdf

\??\C:\WINDOWS\TEMP\RarSFX0\avmailc7.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avmcdlg.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avmres.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avpref.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avreg.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avreg.yml

\??\C:\WINDOWS\TEMP\RarSFX0\avrep.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avrestart.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avscan.dat

\??\C:\WINDOWS\TEMP\RarSFX0\avscan.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avscplr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avsmtp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avupgsvc.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avweb.rdf

\??\C:\WINDOWS\TEMP\RarSFX0\avweb.yml

\??\C:\WINDOWS\TEMP\RarSFX0\avwebg7.exe

\??\C:\WINDOWS\TEMP\RarSFX0\avwinll.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avwmi.dll

\??\C:\WINDOWS\TEMP\RarSFX0\avwmifirewall.dll

\??\C:\WINDOWS\TEMP\RarSFX0\build.dat

\??\C:\WINDOWS\TEMP\RarSFX0\cacert.crt

\??\C:\WINDOWS\TEMP\RarSFX0\ccavscanex.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccdevprot.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccdevprotw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccev.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccevw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccfwmgt.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccgen.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccgenw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccgrdw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccguard.dll

\??\C:\WINDOWS\TEMP\RarSFX0\cchips.dll

\??\C:\WINDOWS\TEMP\RarSFX0\cclic.dll

\??\C:\WINDOWS\TEMP\RarSFX0\cclicw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccmguard.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccmsg.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccprofil.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccquamgr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccquaw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccreport.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccrepow.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccscanw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccsched.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccschedw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccuac.exe

\??\C:\WINDOWS\TEMP\RarSFX0\ccupdate.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccupdw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccwebtabs.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccwgrd.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccwgrdw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ccwkrlib.dll

\??\C:\WINDOWS\TEMP\RarSFX0\cfglib.dll

\??\C:\WINDOWS\TEMP\RarSFX0\cfgprofile.dll

\??\C:\WINDOWS\TEMP\RarSFX0\checkt.exe

\??\C:\WINDOWS\TEMP\RarSFX0\checkwindows10drivers.exe

\??\C:\WINDOWS\TEMP\RarSFX0\communicationprotocol.dll

\??\C:\WINDOWS\TEMP\RarSFX0\default.wav

\??\C:\WINDOWS\TEMP\RarSFX0\drvinstall32.exe

\??\C:\WINDOWS\TEMP\RarSFX0\drvinstall64.exe

\??\C:\WINDOWS\TEMP\RarSFX0\extdlgfw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fact.exe

\??\C:\WINDOWS\TEMP\RarSFX0\filelist.ini

\??\C:\WINDOWS\TEMP\RarSFX0\firewall.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fptlcacert.crt

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\avwin.chm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\ccplg.xml

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\defaults.ini

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\product.config

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\productimagerc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\producttextrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\rchelp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150\updjob.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\150

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\207\product.config

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\207

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\207

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\avwin.chm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\ccplg.xml

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\defaults.ini

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\product.config

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\productimagerc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\producttextrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\rchelp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208\updjob.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\208

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\avwin.chm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\ccplg.xml

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\defaults.ini

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\product.config

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\productimagerc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\producttextrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\rchelp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210\updjob.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\210

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\avwin.chm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\ccplg.xml

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\defaults.ini

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\product.config

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\productimagerc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\producttextrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\rchelp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57\updjob.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\57

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_de.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_en.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_es.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_fr.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_id.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_it.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_ja-jp.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_nl.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_pt-br.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_ru.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_tr.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_zh-cn.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\administrativerightsprovider_zh-tw.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\alertcat.htm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\alerttyp.htm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\alertvir.htm

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\alldiscs.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\alldrives.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\android.html

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avconfigrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avesvcr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avevtrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avira_fr____fm.exe

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avmailcr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avmaildlgcr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avscanrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\avwebgrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccavscanexrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccdevprotrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccevrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccfwmgtrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccgenrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccgrdrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\cchipsrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\cclicrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccmainrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccmgrdrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccmsgrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccquarc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccreporc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccscanrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccscherc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccupdrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccwebtabsrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\ccwgrdrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\commonimagerc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\commontextrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\eula.txt

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\factrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\folder.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\guardmsg.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\alert_level.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_bl.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_br.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_ml.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_mr.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_tl.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_bg_tr.jpg

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_btn_gray_hover.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_btn_gray_normal.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_phone.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_red_arrow.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img\android_video.gif

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\img

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\licmgr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\lukeres.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\mydocs.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\prefix_msg.avr

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\process.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\produpd.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\quicksysscan.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\restartrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\rmdiscs.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\rootkit.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\rscdwrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\scanjob.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\scanuirc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\schedr.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\setup.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\setup.inf

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\startupd.avj

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\sweb.zip

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\sysdir.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\sysscan.avp

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\updatemsg.avr

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\updaterc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\updguirc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\webcatrc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr\weblink.url

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr

\??\C:\WINDOWS\TEMP\RarSFX0\fr-fr

\??\C:\WINDOWS\TEMP\RarSFX0\gavidb.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpacp.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpavgio.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpdeviceprotection.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpfirewall.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpgavid.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpgen.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpgenrep.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpgrd.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpgui.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpipc.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gplegacy.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpscan.dll

\??\C:\WINDOWS\TEMP\RarSFX0\gpschd.dll

\??\C:\WINDOWS\TEMP\RarSFX0\grdcore.dll

\??\C:\WINDOWS\TEMP\RarSFX0\guardgui.exe

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\3rdpartylicenses.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\css\antivirus.ui-1.0.0.min.css

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\css\antivirus.ui-vendor-1.0.0.min.css

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\css\partner-1.0.0.min.css

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\css

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\css

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\avira-connect.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\avira-connect.ttf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\avira-connect.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome-webfont.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome-webfont.svg

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome-webfont.ttf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome-webfont.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome-webfont.woff2

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\fontawesome.otf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\icomoon.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\icomoon.svg

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\icomoon.ttf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\icomoon.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitot-light.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitot-light.otf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitot-light.ttf

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitot-light.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitweb-light.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitweb-light.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-bold.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-bold.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-book.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-book.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-medi.eot

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\kievitwebpro-medi.woff

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts\pie.htc

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\fonts

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\index.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js\antivirus.ui-1.0.0-ie8shim.min.js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js\antivirus.ui-1.0.0-ie8shiv.min.js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js\antivirus.ui-1.0.0.min.js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js\antivirus.ui-vendor-1.0.0.min.js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\js

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif\feedback-pulsar.gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif\license-update-animation.gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif\quarantine-delete-animation.gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif\quarantine-rescan-animation.gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif\quarantine-restore-animation.gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\gif

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\about.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\add-button-hover.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\add-button.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\arrow-down.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\arrow-right.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\avira.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\close.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\close_hovered.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\custom-scan-start-hover.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\custom-scan-start.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\custom-scan.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\default-profile.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\defaultadvertisementandroid.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\defaultadvertisementios.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\defaultadvertisementlogo.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\firewall-enabled.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\firewall-not-installed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\firewall-snoozed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\folder.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\harddrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mycomputer.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mycontacts.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mydesktop.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mydocuments.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mydownloads.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\myfavorites.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mylinks.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mymusic.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\myonedrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mypictures.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mysavedgames.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\mysavedsearches.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\myvideos.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\networkdrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\networkdrivenotconnected.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\operatingsystemdrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\opticaldrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\person.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons\unknowndrive.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\foldericons

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\full-scan.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\generic-error.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\help.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\help_hovered.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\hide-password.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\logo.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\mail-protection-enabled.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\mail-protection-not-installed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\mail-protection-snoozed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\minimise.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\minimise_hovered.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\password-wrong.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\password.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\quarantine-question-dialog-warning.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\quarantine_restore_result_dialog_message_notice.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\quarantine_restore_result_dialog_message_warning.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\quarantine_restore_result_dialog_success.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\quick-scan.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\realtime-protection-enabled.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\realtime-protection-snoozed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\scan-edit-hover.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\scan-edit.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\scheduled-scan.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\show-password-enabled.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\show-password.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\updateui-error.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\updateui-success.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\user-profile.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\web-protection-enabled.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\web-protection-not-installed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png\web-protection-snoozed.png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol\png

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\symbol

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\content\activity-view.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\content\quarantine-view.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\content\status-view.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\content

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\content

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-checkbox.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-entry.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-header.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-list-button.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-list.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity\activity-update-success.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\activity

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\app-container.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\default-advertisement.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\feedback.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\header.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\headerprofile.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\headerupgrade.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\icon-ie8.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\icon.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\info-menu.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\loading-progress.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar\menu-entry.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar\menubar.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar\submenu-entry-module.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar\submenu-entry-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\menubar

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\modules\info-box.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\modules\module-state-button.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\modules\modules-subpage.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\modules

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\modules

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay\about-modal-overlay.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay\error-modal-overlay.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay\password-modal-overlay.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay\update-modal-overlay.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\overlay

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-checkbox.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-pagination.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-progress-dialog.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-question-dialog.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-result-dialog.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-selectall-checkbox.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine\quarantine-whitelist-checkbox.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\quarantine

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\radial-progress.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\circle-progress.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\custom-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\full-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\custom-scan-configure-profile.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\custom-scan-profile-entry.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\custom-scan-select-profile.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\filesystem\treeview-entry-checkbox.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\filesystem\treeview.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\filesystem

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile\filesystem

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\profile

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\quick-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scan-entry-drop-down.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduled-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler\scheduled-scan-configure-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler\scheduled-scan-entry.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler\scheduled-scan-select-scan.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler\scheduled-scan-select-week-day.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler\scheduled-scan-select-week-days.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan\scheduler

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\scan

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\settings.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\statusbar.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation\validation-drop-down-list-entry.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation\validation-drop-down-list.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation\validation-text-box.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation\validation-time-box.html

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives\validation

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views\directives

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui\views

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui

\??\C:\WINDOWS\TEMP\RarSFX0\htmlui

\??\C:\WINDOWS\TEMP\RarSFX0\inetset.bin

\??\C:\WINDOWS\TEMP\RarSFX0\ipmgui.exe

\??\C:\WINDOWS\TEMP\RarSFX0\libapr-1.dll

\??\C:\WINDOWS\TEMP\RarSFX0\libapriconv-1.dll

\??\C:\WINDOWS\TEMP\RarSFX0\libaprutil-1.dll

\??\C:\WINDOWS\TEMP\RarSFX0\libcurl.dll

\??\C:\WINDOWS\TEMP\RarSFX0\libeay32.dll

\??\C:\WINDOWS\TEMP\RarSFX0\licmgr.exe

\??\C:\WINDOWS\TEMP\RarSFX0\luke.dll

\??\C:\WINDOWS\TEMP\RarSFX0\mfc120u.dll

\??\C:\WINDOWS\TEMP\RarSFX0\mgrs.dll

\??\C:\WINDOWS\TEMP\RarSFX0\msgclient.dll

\??\C:\WINDOWS\TEMP\RarSFX0\msvcp120.dll

\??\C:\WINDOWS\TEMP\RarSFX0\msvcr120.dll

\??\C:\WINDOWS\TEMP\RarSFX0\netnt.dll

\??\C:\WINDOWS\TEMP\RarSFX0\onlcfg.dll

\??\C:\WINDOWS\TEMP\RarSFX0\productutilities.dll

\??\C:\WINDOWS\TEMP\RarSFX0\rdf.dll

\??\C:\WINDOWS\TEMP\RarSFX0\repair.dll

\??\C:\WINDOWS\TEMP\RarSFX0\repair.rdf

\??\C:\WINDOWS\TEMP\RarSFX0\rscdwld.exe

\??\C:\WINDOWS\TEMP\RarSFX0\scanui.exe

\??\C:\WINDOWS\TEMP\RarSFX0\scewxmlw.dll

\??\C:\WINDOWS\TEMP\RarSFX0\sched.exe

\??\C:\WINDOWS\TEMP\RarSFX0\sched.xml

\??\C:\WINDOWS\TEMP\RarSFX0\securityproductinformation.ini

\??\C:\WINDOWS\TEMP\RarSFX0\servicecommunication.dll

\??\C:\WINDOWS\TEMP\RarSFX0\setup.exe

\??\C:\WINDOWS\TEMP\RarSFX0\setuppending.exe

\??\C:\WINDOWS\TEMP\RarSFX0\shlext.dll

\??\C:\WINDOWS\TEMP\RarSFX0\shlext64.dll

\??\C:\WINDOWS\TEMP\RarSFX0\sqlite3.dll

\??\C:\WINDOWS\TEMP\RarSFX0\ssleay32.dll

\??\C:\WINDOWS\TEMP\RarSFX0\startui.exe

\??\C:\WINDOWS\TEMP\RarSFX0\systemutilities.dll

\??\C:\WINDOWS\TEMP\RarSFX0\systemutilities64.dll

\??\C:\WINDOWS\TEMP\RarSFX0\toastnotifier.exe

\??\C:\WINDOWS\TEMP\RarSFX0\update.dll

\??\C:\WINDOWS\TEMP\RarSFX0\update.exe

\??\C:\WINDOWS\TEMP\RarSFX0\updateutilities.dll

\??\C:\WINDOWS\TEMP\RarSFX0\updgui.dll

\??\C:\WINDOWS\TEMP\RarSFX0\updrgui.exe

\??\C:\WINDOWS\TEMP\RarSFX0\webcat.dll

\??\C:\WINDOWS\TEMP\RarSFX0\webcat0.dat

\??\C:\WINDOWS\TEMP\RarSFX0\webcat1.dat

\??\C:\WINDOWS\TEMP\RarSFX0\webcat2.dat

\??\C:\WINDOWS\TEMP\RarSFX0\webcat3.dat

\??\C:\WINDOWS\TEMP\RarSFX0\webcat4.dat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avdevprot.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avdevprot.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avgntflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avgntflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avgntflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avipbb.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avipbb.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avipbb.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avkmgr.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avkmgr.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avkmgr.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avnetflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avnetflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avnetflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avusbflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64\avusbflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64

\??\C:\WINDOWS\TEMP\RarSFX0\win7x64

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avdevprot.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avdevprot.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avgntflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avgntflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avgntflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avipbb.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avipbb.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avipbb.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avkmgr.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avkmgr.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avkmgr.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avnetflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avnetflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avnetflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avusbflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86\avusbflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86

\??\C:\WINDOWS\TEMP\RarSFX0\win7x86

\??\C:\WINDOWS\TEMP\RarSFX0\wksstats.dll

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avdevprot.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avdevprot.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avgntflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avgntflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avgntflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avipbb.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avipbb.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avipbb.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avipc64.dll

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avkmgr.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avkmgr.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avkmgr.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avnetflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avnetflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avnetflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avshadow.exe

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avusbflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x64\avusbflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x64\wdfcoinstaller01011.dll

\??\C:\WINDOWS\TEMP\RarSFX0\x64

\??\C:\WINDOWS\TEMP\RarSFX0\x64

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avdevprot.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avdevprot.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avgntflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avgntflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avgntflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avipbb.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avipbb.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avipbb.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avkmgr.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avkmgr.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avkmgr.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avnetflt.cat

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avnetflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avnetflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avshadow.exe

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avusbflt.inf

\??\C:\WINDOWS\TEMP\RarSFX0\x86\avusbflt.sys

\??\C:\WINDOWS\TEMP\RarSFX0\x86\wdfcoinstaller01011.dll

\??\C:\WINDOWS\TEMP\RarSFX0\x86

\??\C:\WINDOWS\TEMP\RarSFX0\x86

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00000.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00001.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00002.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00003.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00004.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00005.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00006.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00007.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00008.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00009.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00010.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00011.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00012.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00013.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00014.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00015.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00016.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00017.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00018.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00019.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00020.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00021.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00022.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00023.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00024.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00025.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00026.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00027.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00028.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00029.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00030.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00031.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00032.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00033.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00034.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00035.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00036.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00037.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00038.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00039.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00040.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00041.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00042.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00043.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00044.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00045.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00046.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00047.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00048.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00049.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00050.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00051.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00052.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00053.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00054.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00055.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00056.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00057.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00058.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00059.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00060.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00061.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00062.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00063.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00064.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00065.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00066.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00067.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00068.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00069.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00070.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00071.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00072.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00073.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00074.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00075.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00076.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00077.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00078.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00079.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00080.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00081.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00082.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00083.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00084.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00085.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00086.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00087.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00088.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00089.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00090.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00091.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00092.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00093.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00094.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00095.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00096.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00097.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00098.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00099.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00100.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00101.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00102.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00103.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00104.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00105.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00106.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00107.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00108.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00109.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00110.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00111.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00112.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00113.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00114.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00115.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00116.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00117.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00118.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00119.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00120.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00121.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00122.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00123.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00124.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00125.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00126.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00127.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00128.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00129.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00130.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00131.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00132.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00133.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00134.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00135.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00136.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00137.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00138.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00139.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00140.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00141.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00142.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00143.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00144.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00145.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00146.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00147.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00148.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00149.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00150.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00151.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00152.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00153.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00154.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00155.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00156.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00157.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00158.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00159.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00160.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00161.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00162.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00163.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00164.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00165.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00166.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00167.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00168.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00169.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00170.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00171.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00172.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00173.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00174.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00175.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00176.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00177.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00178.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00179.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00180.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00181.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00182.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00183.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00184.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00185.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00186.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00187.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00188.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00189.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00190.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00191.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00192.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00193.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00194.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00195.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00196.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00197.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00198.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00199.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00200.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00201.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00202.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00203.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00204.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00205.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00206.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00207.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00208.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00209.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00210.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00211.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00212.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00213.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00214.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00215.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00216.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00217.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00218.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00219.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00220.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00221.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00222.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00223.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00224.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00225.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00226.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00227.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00228.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00229.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00230.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00231.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00232.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00233.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00234.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00235.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00236.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00237.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00238.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00239.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00240.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00241.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00242.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00243.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00244.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00245.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00246.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00247.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00248.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00249.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00250.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00251.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00252.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00253.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00254.vdf

\??\C:\WINDOWS\TEMP\RarSFX0\xbv00255.vdf

\??\C:\WINDOWS\TEMP\RarSFX0

\??\C:\WINDOWS\TEMP\DELE1EC.tmp

\??\C:\Program Files (x86)\Avira\Antivirus\aehelp.dll.tmp

\??\C:\Program Files (x86)\Avira\Antivirus\aepack.dll.tmp

\??\C:\Program Files (x86)\Avira\Antivirus\aescript.dll.tmp

\??\C:\Program Files (x86)\Avira\Antivirus\aedroid.dll.tmp
   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"DeleteTempDirsOnExit"=1   
"fDenyTSConnections"=1   
"fSingleSessionPerUser"=1   
"NotificationTimeOut"=0   
"PerSessionTempDir"=0   
"ProductVersion"=5.1   
"RCDependentServices"=CertPropSvc
SessionEnv   
"SnapshotMonitors"=1   
"StartRCM"=0   
"TSUserEnabled"=0   
"InstanceID"=5e321053-7c79-4688-afd2-8444308   
"GlassSessionId"=1   


---------- | .LNK with Arguments

c:\hp\hpqware\dtshortcuts\ca-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=ca_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\aut\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_at&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\aut\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_at) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\che\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=de_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\de-de\deu\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_de) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_gb&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-gb\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_au&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\aus\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_au) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_ca&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\deu\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_gb) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\gbr\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_gb&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\hkg\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_hk&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_in&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\irl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ie) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\mys\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_my&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\nzl\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_nz) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\phl\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_ph&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\sgp\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_sg&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_us&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\en-us\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=es_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=en_us&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\es-es\usa\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_us) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\eu-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=eu_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=fr_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=fr_ca&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\can\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=fr_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\che\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=fr_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\fr-fr\fra\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\gl-es\esp\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=gl_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\hi-in\ind\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=hi_in&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=it_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\che\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=it_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\it-it\ita\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\bel\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=nl_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\nl-nl\nld\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=nl_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-cn\chn\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_cn) - Hidden: False - Status: OK
c:\hp\hpqware\dtshortcuts\zh-hk\hkg\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=dticon&s=ebay&pf=cmnb&locale=zh_hk&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\ca-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=ca_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_at) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\aut\shopping and services\ebay.at.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=de_at&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=de_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_de_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=de_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\music, photos and videos\snapfish fotos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_de) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\de-de\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=de_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_gb&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=EN_IE&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-gb\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_au) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\aus\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_au&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_ca&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\deu\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_de&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_gb) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\gbr\shopping and services\visit ebay.co.uk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_gb&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\hkg\shopping and services\ebay.com.hk.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_hk&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_in&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_ie) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\irl\shopping and services\ebay.ie.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=EN_IE&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\mys\shopping and services\ebay.com.my.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_my&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\nzl\music, photos and videos\snapfish photos.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_nz) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\phl\shopping and services\ebay.ph.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_ph&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\sgp\shopping and services\ebay.com.sg.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_sg&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\en-us\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_us&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=es_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_us) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\es-es\usa\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=en_us&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\eu-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=eu_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=fr_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\music, photos and videos\snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr_ca) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\can\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=fr_ca&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=fr_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\fr-fr\fra\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=fr_fr&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\gl-es\esp\shopping and services\ebay compra y vende de todo.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=gl_es&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\hi-in\ind\shopping and services\ebay.in.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=hi_in&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_it_ch) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\che\shopping and services\ebay.ch.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=it_ch&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\music, photos and videos\snapfish foto.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_it_it) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\it-it\ita\shopping and services\ebay italia.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=it_it&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\bel\shopping and services\bezoek ebay.be.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=nl_be&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\nl-nl\nld\shopping and services\ebay.nl.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=nl_nl&bd=all&c=134) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-cn\chn\music, photos and videos\?????.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_cn) - Hidden: False - Status: OK
c:\hp\hpqware\startmenulink\zh-hk\hkg\shopping and services\?????ebay!.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=zh_hk&bd=all&c=134) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\music, photos and videos\photos snapfish.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://www.snapfish.com/hp_notebook_desktopicon_2013_fr) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\shopping and services\ebay.lnk - Encrypted: False - Target: C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe - Args: (hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=onlinesvs&s=ebay&pf=cmnb&locale=fr_fr&bd=all&c=134) - Hidden: False - Status: OK

---------- | AppCertDlls


---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKLM\Software\Policies\Microsoft\Windows\System]
"DisableCMD"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"ConsentPromptBehaviorUser"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"SmartScreenEnabled"=RequireAdmin   
"GlobalAssocChangedCounter"=2   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"DisableCMD"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"DSCAutomationHostEnabled"=2   
"EnableCursorSuppression"=1   
"EnableFullTrustStartupTasks"=2   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableUwpStartupTasks"=2   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"SupportFullTrustStartupTasks"=1   
"SupportUwpStartupTasks"=1   
"ValidateAdminCodeSignatures"=0   
"undockwithoutlogon"=1   
"ConsentPromptBehaviorUser"=1   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0   
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"NoRecentDocsHistory"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"Id"=2   
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"ValueName"=Hidden   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0   
"ActiveSetupTaskOverride"=1   
"AsyncRunOnce"=1   
"AsyncUpdatePCSettings"=1   
"DisableAppInstallsOnFirstLogon"=1   
"DisableResolveStoreCategories"=1   
"DisableUpgradeCleanup"=1   
"EarlyAppResolverStart"=1   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"FSIASleepTimeInMs"=60000   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"IconUnderline"=2   
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"MachineOobeUpdates"=1   
"NoWaitOnRoamingPayloads"=1   
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
"GlobalAssocChangedCounter"=13   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1   
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"DisableBackButton"=1   
"EnableSIHostIntegration"=1   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"ReportBootOk"=1   
"Shell"=explorer.exe   
"ShellCritical"=0   
"ShellInfrastructure"=sihost.exe   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"WinStationsDisabled"=0   
"scremoveoption"=0   
"LastLogOffEndTimePerfCounter"=172387793829   
"ShutdownFlags"=39   
"Userinit"=C:\WINDOWS\System32\Userinit.exe,   
"ShutdownWithoutLogon"=0   
"DisableCad"=1   
"EnableFirstLogonAnimation"=1   
"AutoLogonSID"=S-1-5-21-3311965274-403475795-341010734   
"LastUsedUsername"=Patrick   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=   
"DefaultUserName"=   
"EnableSIHostIntegration"=1   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Shell"=explorer.exe   
"ShellCritical"=0   
"SiHostCritical"=0   
"SiHostReadyTimeOut"=0   
"SiHostRestartCountLimit"=0   
"SiHostRestartTimeGap"=0   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile   
"Content Type"=application/hta   
"PerceivedType"=text   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2   
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"NeverShowExt"=   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
""=Raccourci Internet   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"BrowserFlags"=4096   
"EditFlags"=4259840   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference   
"EditFlags"=131072   
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
"IsShortcut"=   
"NeverShowExt"=   

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeLayoutPatternForSearch"=alpha   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/04/2018 22:16:18]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe   [10/04/2018 22:16:18]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"Beep"=#USR:Control Panel\Sound   
"CoolSwitch"=USR:Control Panel\Desktop   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131591081343118303

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=1
"TrustedImageIdentifier"=
"ProductType"=2
"ProductStatus"=0
"DisableAntiVirus"=1
"InstallTime"=0x8E677D76BF22D101
"ManagedDefenderProductType"=0
"InstallLocation"=C:\Program Files\Windows Defender\
"OOBEInstallTime"=0x09F0AF0D9C1CD201
"LastEnabledTime"=0x6759815FDFDFD301

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SerCx2.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [2a00:1450:4007:809::200e] avec 32 octets de donn?es?:
R?ponse de 2a00:1450:4007:809::200e?: temps=9 ms 
R?ponse de 2a00:1450:4007:809::200e?: temps=2 ms 
R?ponse de 2a00:1450:4007:809::200e?: temps=3 ms 
R?ponse de 2a00:1450:4007:809::200e?: temps=2 ms 

Statistiques Ping pour 2a00:1450:4007:809::200e:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 2ms, Maximum = 9ms, Moyenne = 4ms

---------- | @

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Start Page"=about:blank
"DoNotTrack"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1
"ProxyEnable"=0

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | Execution FileExts













---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --     
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [29/09/2017 15:41:47]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     


---------- | Toolbar

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{22CC3EBD-C286-43aa-B8E6-06B115F74162}] : (HP Smart Print) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}] : (@C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []

---------- | SearchScopes

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8E9AEB09-3658-4FA2-B85B-40B932D0F5B3}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{8E9AEB09-3658-4FA2-B85B-40B932D0F5B3}] - (Propositions de recherche Amazon.fr) - http://www.amazon.fr/s/ref=azs_osd_ieafr?ie=UTF-8&tag=hp-fr2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}] - (eBay) - http://rover.ebay.com/rover/1/709-29563-11896-9/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll  [06/12/2016 22:18:20]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}] -> (HP Network Check Helper) : C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll  [06/12/2016 22:18:20]

---------- | Chrome

C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\caljgklbbfbcjjanaijlacgncafpegll =  :     __MSG_extDescription__ -     Avira Password Manager - permissions:[webRequestwebRequestBlockingtabscookies\u003Call_urls>contextMenusclipboardWritestorage] - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\efaidnbmnnnibpcajpcglclefindmkaj =  :     __MSG_web2pdfExtnDescription__ -     __MSG_web2pdfExtnName__ - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\flliilndjeohchalpbbcdekjklbdgfkk =  :     __MSG_extDescription__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll]
[HKLM\Software\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox

C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\i7wi9c2o.default\Extensions\abs@avira.com.xpi

[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (AdobeÂ® FlashÂ® Player 29.0.0.140 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (AdobeÂ® FlashÂ® Player 29.0.0.140 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\i7wi9c2o.default\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20171112125346");
user_pref("browser.startup.homepage_override.mstone", "57.0");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"search-container\",\"customizableui-special-spring2\",\"downloads-button\",\"library-button\",\"screenshots_mozilla_org-browser-action\",\"sidebar-button\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"]},\"seen\":[\"pocket-button\",\"developer-button\",\"abs-extension-button\",\"abs_avira_com-browser-action\",\"webide-button\",\"screenshots_mozilla_org-browser-action\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":12,\"newElementCount\":2}");
user_pref("e10s.rollout.cohort", "webextensions-multiBucket4");
user_pref("extensions.Deal Keeper.asul", "1406371082643");
user_pref("extensions.Deal Keeper.aul", "1406370768837");
user_pref("extensions.Deal Keeper.irl", true);
user_pref("extensions.Deal Keeper.is", "isgiwhFR");
user_pref("extensions.Deal Keeper.ug", "927B4C28-BD34-4527-A36F-B874A9CC4041");
user_pref("extensions.blocklist.pingCountTotal", 28);
user_pref("extensions.blocklist.pingCountVersion", 2);
user_pref("extensions.databaseSchema", 23);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", true);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.e10sMultiBlockedByAddons", false);
user_pref("extensions.getAddons.cache.lastUpdate", 1515917983);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppBuildId", "20170926190823");
user_pref("extensions.lastAppVersion", "57.0");
user_pref("extensions.lastPlatformVersion", "57.0");
user_pref("extensions.nspdlrckt.aflt", "rckt_tele_14_29_ff");
user_pref("extensions.nspdlrckt.cd", "2XzuyEtN2Y1L1Qzu0CyEtAyEyC0ByEyCtC0B0D0A0CyCzz0CtN0D0Tzu0SzytAtBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyEzyyE0D0Fzz0FtGzzyDyDyEtG0EyCtAtAtG0E0AzzzytGyCyDzyzztCtC0AyEtA0CyB0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0D0B0AyB0D0EtAtGzyzyyD0BtGtCtA0ByEtG0AyD0AyCtGtA0AyCzz0CyD0FtC0DtAyDzz2Q");
user_pref("extensions.nspdlrckt.cr", "764355113");
user_pref("extensions.nspdlrckt.instlRef", "142905_b");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.pocket.settings.test.panelSignUp", "v2");
user_pref("extensions.shield-recipe-client.first_run", false);
user_pref("extensions.shield-recipe-client.startupExperimentMigrated", true);
user_pref("extensions.shield-recipe-client.user_id", "721dcac7-6585-4e62-89ee-b91a9fdb83e4");
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.webextensions.uuids", "{\"abs@avira.com\":\"73711f00-4203-4d5f-8a66-76e2ecd5f79a\",\"passwordmanager@avira.com\":\"0808edf1-a940-4480-ac95-92943d5bc0f0\",\"screenshots@mozilla.org\":\"e9607363-eb58-4533-ba33-c8f6501ccca6\"}");

C:\Users\VERONIK\AppData\Roaming\Mozilla\Firefox\Profiles\1063jab9.default\Prefs.js

user_pref("browser.newtab.url", "https://google.fr");
user_pref("browser.startup.homepage", "https://google.fr");
user_pref("browser.startup.homepage_override.buildID", "20140716183446");
user_pref("browser.startup.homepage_override.mstone", "31.0");
user_pref("extensions.blocklist.pingCountTotal", 3);
user_pref("extensions.blocklist.pingCountVersion", 3);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi\",\"mtime\":1405354940000},\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1409402266930,\"rdfTime\":1405567031000}}}]");
user_pref("extensions.lastAppVersion", "31.0");
user_pref("extensions.lastPlatformVersion", "31.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://discover/");
user_pref("extensions.ui.locale.hidden", true);


[Profile0] - Name=default -> Profiles/i7wi9c2o.default

[Profile0] - Name=default -> Profiles/1063jab9.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{13d3b3b4-32e4-44d8-b91d-2260d48c1030}]
"DhcpNameServer"=192.168.40.4
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1ba87505-f6de-4514-9ee0-f003fcb2ac81}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{2d93315f-35aa-42b5-abcf-36c189117fae}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7c643847-8226-471e-a585-f07aef0b04dd}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{13d3b3b4-32e4-44d8-b91d-2260d48c1030}]
"DhcpNameServer"=192.168.40.4
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1ba87505-f6de-4514-9ee0-f003fcb2ac81}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2d93315f-35aa-42b5-abcf-36c189117fae}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7c643847-8226-471e-a585-f07aef0b04dd}]
"DhcpNameServer"=192.168.1.1

---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\7zFM.exe] : "C:\Program Files\7-Zip\7zFM.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\7zFM.exe] : "C:\Program Files\7-Zip\7zFM.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"diagnostics"=DiagSvc
"PrintWorkflow"=PrintWorkflowUserSvc
"DevicesFlow"=DevicesFlowUserSvc
"GraphicsPerfSvcGroup"=GraphicsPerfSvc
"smbsvcs"=lanmanserver
browser
"iissvcs"=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"PrintWorkflow"=PrintWorkflowUserSvc
"smbsvcs"=lanmanserver
"iissvcs"=w3svc
was


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKLM\Software\7-Zip]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Atheros]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\HP]
[HKLM\Software\IM Providers]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Logishrd]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee.com]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nikon]
[HKLM\Software\Nuance]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Orange]
[HKLM\Software\Partner]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SAMSUNG]
[HKLM\Software\SRS Labs]
[HKLM\Software\Synaptics]
[HKLM\Software\sysinternals]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\diagnostics]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GraphicsPerfSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\RmSvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\AppDataLow]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\ArcSoft]
[HKLM\Software\WOW6432Node\Atheros]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Avira]
[HKLM\Software\WOW6432Node\Chorus]
[HKLM\Software\WOW6432Node\Clips]
[HKLM\Software\WOW6432Node\ColorTable]
[HKLM\Software\WOW6432Node\CyberLink]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hewlett-Packard]
[HKLM\Software\WOW6432Node\HP]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Lake]
[HKLM\Software\WOW6432Node\Licenses]
[HKLM\Software\WOW6432Node\LogMeInRescueCallingCard]
[HKLM\Software\WOW6432Node\LogMeInRescueCallingCards]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Myfree Codec]
[HKLM\Software\WOW6432Node\Nikon]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Opera Software]
[HKLM\Software\WOW6432Node\PEPrinter]
[HKLM\Software\WOW6432Node\Qualcomm Atheros]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\RocketLife]
[HKLM\Software\WOW6432Node\Samsung]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\SyncIntegrationClients]
[HKLM\Software\WOW6432Node\Visan]
[HKLM\Software\WOW6432Node\WafCX]
[HKLM\Software\WOW6432Node\WildTangent]
[HKLM\Software\WOW6432Node\Wondershare]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\X-AVCSD]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\PrintWorkflow]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives


D:


---------- | C:

[22/08/2013 17:36:31] - |SHD| - [4808768382] - C:\$Recycle.Bin
[17/03/2017 12:22:02] - |HD| - [87777985] - C:\$SysReset
[MD5.04C91D3AB4CDB766C34A8DC5372BA09E] - [22/08/2013 17:44:03] - |RASH| - (.-.) - [427680] - (0.0.0.0) - C:\bootmgr
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [22/08/2013 17:44:04] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[08/09/2014 14:37:33] - |HD| - [0] - C:\Config.Msi
[22/08/2013 16:45:52] - |SHD| - [0] - C:\Documents and Settings
[07/03/2017 16:45:42] - |D| - [153998349] - C:\FRST
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/06/2017 10:04:58] - |ASH| - (.-.) - [1674616832] - (0.0.0.0) - C:\hiberfil.sys
[04/11/2013 20:37:25] - |HD| - [19920908] - C:\HP
[30/12/2017 11:53:44] - |D| - [185708] - C:\inetpub
[22/04/2014 18:34:43] - |D| - [1256144] - C:\Intel
[28/02/2017 10:08:22] - |D| - [0] - C:\Log
[08/10/2016 09:28:26] - |HD| - [519320093] - C:\OneDriveTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [22/04/2014 20:22:52] - |ASH| - (.-.) - [1879048192] - (0.0.0.0) - C:\pagefile.sys
[18/10/2014 18:26:01] - |D| - [16930837] - C:\PATRICK
[29/09/2017 15:46:33] - |D| - [0] - C:\PerfLogs
[29/09/2017 15:46:33] - |RD| - [3918300317] - C:\Program Files
[29/09/2017 15:46:33] - |RD| - [9816026020] - C:\Program Files (x86)
[29/09/2017 15:46:33] - |HD| - [4374653847] - C:\ProgramData
[28/04/2018 15:01:25] - |D| - [634877] - C:\QuickDiag
[MD5.4823AC99FD071D5E5F8F191E63247E4E] - [29/04/2018 22:26:14] - |A| - (.-.) - [221789] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.60F687CA9489664CA56A7D37B53C0D1D] - [28/04/2018 15:41:12] - |RA| - (.-.) - [562412] - (0.0.0.0) - C:\QuickDiag_28_04_2018_15_41_12.txt
[30/12/2017 12:45:22] - |SHD| - [1040] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/11/2013 12:43:08] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[01/09/2013 05:49:40] - |D| - [4185674713] - C:\SWSetup
[04/11/2013 12:43:06] - |SHD| - [0] - C:\System Volume Information
[01/09/2013 04:03:40] - |HD| - [144777608] - C:\SYSTEM.SAV
[29/09/2017 10:45:11] - |RD| - [52272048869] - C:\Users
[10/11/2014 17:22:07] - |D| - [531871] - C:\VERONIQUE
[29/09/2017 10:45:11] - |D| - [30905426598] - C:\Windows
[30/12/2017 12:25:40] - |D| - [0] - C:\Windows.old
[07/03/2017 10:19:02] - |D| - [15920193] - C:\Windows10Upgrade

---------- | C:\WINDOWS

[29/09/2017 15:46:33] - |D| - [802] - C:\WINDOWS\addins
[29/09/2017 15:46:33] - |D| - [13922663] - C:\WINDOWS\appcompat
[29/09/2017 15:46:33] - |D| - [8191022] - C:\WINDOWS\apppatch
[29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\AppReadiness
[29/09/2017 15:46:33] - |RSD| - [877103526] - C:\WINDOWS\assembly
[17/07/2015 09:46:04] - |D| - [0] - C:\WINDOWS\AUInstallAgent
[29/09/2017 15:46:33] - |D| - [692493] - C:\WINDOWS\bcastdvr
[MD5.55F49769891E4DC7CAB3E293E1238888] - [29/09/2017 15:41:23] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [65536] - (10.0.16299.15) - C:\WINDOWS\bfsvc.exe
[29/09/2017 15:46:33] - |D| - [38262854] - C:\WINDOWS\Boot
[MD5.243BBB76E1A0D1994C3811AC4AB93620] - [30/12/2017 12:49:02] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[29/09/2017 15:46:33] - |D| - [2448464] - C:\WINDOWS\Branding
[29/09/2017 15:37:01] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.A155FFABF2F04265A97274CCAB44D773] - [30/09/2017 16:42:03] - |A| - (.-.) - [35138] - (0.0.0.0) - C:\WINDOWS\Core.xml
[MD5.0505315076F50DE128B8256927B94722] - [22/08/2013 21:12:36] - |A| - (.-.) - [35851] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml
[MD5.98B185DC6013F85A4B377FD6C6FA193A] - [04/11/2013 20:50:07] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\CSUP.txt
[29/09/2017 15:46:33] - |D| - [11482410] - C:\WINDOWS\Cursors
[29/09/2017 15:46:33] - |D| - [8996601] - C:\WINDOWS\debug
[29/09/2017 15:46:33] - |D| - [404045432] - C:\WINDOWS\DeliveryOptimization
[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - [30/12/2017 13:40:49] - |A| - (.-.) - [15243] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[29/09/2017 15:46:33] - |D| - [4795199] - C:\WINDOWS\diagnostics
[MD5.A16E07E6536DF19AE4EA8BDAAEA2C356] - [30/12/2017 13:40:49] - |A| - (.-.) - [15243] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[30/09/2017 16:40:03] - |D| - [0] - C:\WINDOWS\DigitalLocker
[19/11/2014 12:38:15] - |D| - [25435352] - C:\WINDOWS\Downloaded Installations
[29/09/2017 15:46:33] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[29/09/2017 15:46:33] - |HD| - [44608] - C:\WINDOWS\ELAMBKUP
[04/11/2013 21:09:11] - |D| - [116720] - C:\WINDOWS\en-GB
[30/09/2017 16:40:03] - |D| - [0] - C:\WINDOWS\en-US
[MD5.A77D56422C38C1F8A00D95D2D5B1675E] - [14/02/2018 10:11:09] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [3904296] - (10.0.16299.248) - C:\WINDOWS\explorer.exe
[29/09/2017 15:46:33] - |RSD| - [400487132] - C:\WINDOWS\Fonts
[04/11/2013 13:40:51] - |D| - [117232] - C:\WINDOWS\fr
[30/09/2017 16:40:03] - |D| - [109568] - C:\WINDOWS\fr-FR
[29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[29/09/2017 15:46:33] - |D| - [46643166] - C:\WINDOWS\Globalization
[29/09/2017 15:46:33] - |D| - [3377281] - C:\WINDOWS\Help
[MD5.CDC3893777C157B13897B8A9144C1A39] - [29/09/2017 15:41:47] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [976896] - (10.0.16299.15) - C:\WINDOWS\HelpPane.exe
[22/04/2014 18:34:10] - |D| - [30573975] - C:\WINDOWS\Hewlett-Packard
[MD5.620517DFE23E0DEB918F70538DF8AD67] - [29/09/2017 15:41:47] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [17920] - (10.0.16299.15) - C:\WINDOWS\hh.exe
[29/09/2017 15:46:33] - |D| - [173056880] - C:\WINDOWS\IME
[29/09/2017 15:46:33] - |RD| - [7817000] - C:\WINDOWS\ImmersiveControlPanel
[29/09/2017 15:44:34] - |D| - [122644909] - C:\WINDOWS\INF
[29/09/2017 15:46:33] - |D| - [1538308721] - C:\WINDOWS\InfusedApps
[29/09/2017 15:46:33] - |D| - [38118841] - C:\WINDOWS\InputMethod
[29/09/2017 15:46:33] - |SHD| - [1997071982] - C:\WINDOWS\Installer
[29/09/2017 15:46:33] - |D| - [94163] - C:\WINDOWS\L2Schemas
[29/09/2017 15:46:33] - |D| - [641129764] - C:\WINDOWS\LiveKernelReports
[29/09/2017 10:45:14] - |D| - [190956049] - C:\WINDOWS\Logs
[MD5.BBF1106FEF85FD9049506FA8AD454D75] - [30/12/2013 11:52:44] - |A| - (.Copyright (C) 2003-2006, (?)???? - KTMusic Download ActiveX Module.) - [90112] - (1.7.2009.1116) - C:\WINDOWS\MAMCityDownload.ocx
[MD5.F9FCD1220E1B880111258C03D1650994] - [30/12/2013 11:52:44] - |A| - (.Copyright 2004 - (?)???? ContentSAFER ?? ???.) - [330240] - (1.4.2012.508) - C:\WINDOWS\MASetupCaller.dll
[29/09/2017 15:46:33] - |RSD| - [20331141] - C:\WINDOWS\media
[22/08/2013 17:36:31] - |D| - [1619968] - C:\WINDOWS\MediaViewer
[MD5.82976035910EEFF6D2EA062D8838CEA3] - [26/04/2018 11:27:42] - |A| - (.-.) - [739645783] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [29/09/2017 15:42:00] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[29/09/2017 15:46:33] - |RD| - [801708139] - C:\WINDOWS\Microsoft.NET
[29/09/2017 15:46:33] - |D| - [2943] - C:\WINDOWS\Migration
[26/04/2018 11:27:45] - |D| - [681324] - C:\WINDOWS\Minidump
[29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.35783FF1CCAB7CFBFE799EF8D6476C0D] - [30/12/2013 11:52:44] - |A| - (.Copyright (C) 2007 - NYEDownload MFC ?? ????.) - [30568] - (1.0.2007.927) - C:\WINDOWS\MusiccityDownload.exe
[MD5.15750221BBFFA36C055D656C46899460] - [29/09/2017 15:41:38] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [246784] - (10.0.16299.15) - C:\WINDOWS\notepad.exe
[30/09/2017 16:40:54] - |D| - [199472] - C:\WINDOWS\OCR
[29/09/2017 15:46:33] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[22/04/2014 18:32:07] - |D| - [0] - C:\WINDOWS\Options
[29/12/2017 12:08:31] - |DC| - [411628119] - C:\WINDOWS\Panther
[29/09/2017 15:46:33] - |D| - [295128] - C:\WINDOWS\Performance
[MD5.018926D6C04E81DEB14788CD6DAF91EB] - [28/09/2017 13:08:44] - |A| - (.-.) - [558362] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[29/09/2017 15:46:33] - |D| - [1136442] - C:\WINDOWS\PLA
[29/09/2017 15:46:33] - |D| - [2764562] - C:\WINDOWS\PolicyDefinitions
[30/12/2017 12:46:57] - |D| - [21960583] - C:\WINDOWS\Prefetch
[29/09/2017 15:46:33] - |RD| - [2166035] - C:\WINDOWS\PrintDialog
[29/09/2017 15:46:33] - |D| - [3771298] - C:\WINDOWS\Provisioning
[MD5.14A3681D6247758B1F4880022ABEE0D7] - [29/09/2017 15:41:58] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [335872] - (10.0.16299.15) - C:\WINDOWS\regedit.exe
[29/09/2017 15:46:33] - |D| - [1117876] - C:\WINDOWS\Registration
[29/09/2017 15:46:33] - |D| - [2821560] - C:\WINDOWS\rescache
[29/09/2017 15:46:33] - |D| - [4085201] - C:\WINDOWS\Resources
[MD5.429D9EEB1DA2386625DF4601CC1C875A] - [22/04/2014 18:36:39] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2825944] - (1.0.6.5) - C:\WINDOWS\RtlExUpd.dll
[29/09/2017 15:46:33] - |D| - [0] - C:\WINDOWS\SchCache
[29/09/2017 15:46:33] - |D| - [122082] - C:\WINDOWS\schemas
[29/09/2017 15:46:33] - |D| - [8462820] - C:\WINDOWS\security
[30/12/2017 12:07:58] - |D| - [175353897] - C:\WINDOWS\ServiceProfiles
[29/09/2017 10:45:11] - |D| - [154568953] - C:\WINDOWS\servicing
[29/09/2017 15:49:45] - |D| - [42] - C:\WINDOWS\Setup
[MD5.8F6D7BFBA92682F2E489CADB42C281D0] - [03/02/2018 17:44:21] - |A| - (.-.) - [15897] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/02/2018 17:44:21] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[29/09/2017 15:46:33] - |D| - [53788160] - C:\WINDOWS\ShellExperiences
[30/09/2017 16:40:41] - |D| - [3070736] - C:\WINDOWS\SKB
[22/06/2014 07:26:39] - |D| - [365812359] - C:\WINDOWS\SoftwareDistribution
[29/09/2017 15:46:33] - |D| - [86037185] - C:\WINDOWS\Speech
[29/09/2017 15:46:33] - |D| - [61728519] - C:\WINDOWS\Speech_OneCore
[MD5.B3FBABDA876CFA2B4695471D5348F59F] - [29/09/2017 15:42:06] - |A| - (.Â© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.16299.15) - C:\WINDOWS\splwow64.exe
[29/09/2017 15:46:33] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [22/08/2013 15:25:43] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[29/09/2017 10:45:11] - |D| - [5892383154] - C:\WINDOWS\System32
[29/09/2017 15:46:34] - |D| - [199049852] - C:\WINDOWS\SystemApps
[29/09/2017 15:46:34] - |D| - [24143418] - C:\WINDOWS\SystemResources
[29/09/2017 10:45:15] - |D| - [1441682132] - C:\WINDOWS\SysWOW64
[29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\TAPI
[22/08/2013 17:36:30] - |D| - [840] - C:\WINDOWS\Tasks
[29/09/2017 15:46:34] - |D| - [29504652] - C:\WINDOWS\Temp
[29/09/2017 15:46:34] - |D| - [13428736] - C:\WINDOWS\TextInput
[22/08/2013 17:36:30] - |RD| - [0] - C:\WINDOWS\ToastData
[29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\tracing
[29/09/2017 15:46:34] - |D| - [5110314] - C:\WINDOWS\twain_32
[MD5.F6C33A8A65C6AF007812EED398D783B2] - [29/09/2017 15:42:16] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[14/12/2017 18:42:40] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2
[22/08/2013 17:36:30] - |D| - [0] - C:\WINDOWS\vpnplugins
[29/09/2017 15:46:34] - |D| - [12420] - C:\WINDOWS\Vss
[29/09/2017 15:46:34] - |D| - [17683864] - C:\WINDOWS\Web
[MD5.60CDAF0811BF825164C0E246F4F5620D] - [22/08/2013 15:25:43] - |A| - (.-.) - [124] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [29/09/2017 15:41:58] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.2CC83D93DD1DDE691158CF5E9882420B] - [14/01/2018 11:38:22] - |A| - (.-.) - [276] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.02BD03E57C66CB40AEDB7039E93E7CB0] - [29/09/2017 15:42:16] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [11776] - (10.0.16299.15) - C:\WINDOWS\winhlp32.exe
[29/09/2017 10:45:11] - |D| - [13761001169] - C:\WINDOWS\WinSxS
[MD5.F3D39FB1DBF3914B9673814D858F2DC0] - [05/02/2013 23:56:16] - |A| - (.Â© 2012 Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãcran de veille de la Galerie de photos.) - [322048] - (16.4.3508.205) - C:\WINDOWS\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [29/09/2017 15:41:16] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.0D5D4E344F5581C954355D7164DD4BE1] - [29/09/2017 15:41:38] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.16299.15) - C:\WINDOWS\write.exe

---------- | C:\WINDOWS\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[12/02/2015 10:08:40] - C:\WINDOWS\Installer\10aaaa.msi : ( - Â© 2008-2014 Hewlett-Packard Development Compay, L.P.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/08/2015 14:42:01] - C:\WINDOWS\Installer\15b29ecb.msi : (HP Wireless Button Driver - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/10/2013 04:52:22] - C:\WINDOWS\Installer\1cfc1.msi : ( - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2012 03:14:52] - C:\WINDOWS\Installer\1cfc5.msi : ( - Hewlett-Packard Company)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2013 01:29:58] - C:\WINDOWS\Installer\1cfd1.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/09/2013 07:25:42] - C:\WINDOWS\Installer\1cfd9.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/09/2013 06:24:30] - C:\WINDOWS\Installer\1cfe6.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[30/08/2013 02:18:54] - C:\WINDOWS\Installer\1cfea.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/10/2013 13:43:38] - C:\WINDOWS\Installer\1cfee.msi : (HP Documentation - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/10/2013 16:54:08] - C:\WINDOWS\Installer\1cff2.msi : (Blank Project Template - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/02/2013 00:53:16] - C:\WINDOWS\Installer\1cff6.msi : ( - Hewlett-Packard Company)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 12:35:59] - C:\WINDOWS\Installer\1dda4c1e.msi : (ViewNX 2 - Nikon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 12:37:12] - C:\WINDOWS\Installer\1dda4c24.msi : (Blank Project Template - InstallShield)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 12:38:15] - C:\WINDOWS\Installer\1dda4c2a.msi : (Blank Project Template - Nikon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 12:38:53] - C:\WINDOWS\Installer\1dda4c30.msi : (Blank Project Template - Nikon)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/08/2013 07:12:01] - C:\WINDOWS\Installer\1f9128.msi : (HP Update - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/08/2013 07:12:01] - C:\WINDOWS\Installer\1f912e.msi : (I.R.I.S. OCR - HP)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/08/2013 07:12:01] - C:\WINDOWS\Installer\1f913a.msi : (HP Officejet 4630 series Get product specific help to easily troubleshoot and fix problems. - Hewlett Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/04/2018 10:34:10] - C:\WINDOWS\Installer\23dacb.msi : (Avira Software Updater - Avira Operations GmbH & Co. KG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/08/2017 19:24:04] - C:\WINDOWS\Installer\25b344ed.msi : (Blank Project Template - Samsung Electronics Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/11/2017 13:29:02] - C:\WINDOWS\Installer\27629235.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/03/2018 15:53:26] - C:\WINDOWS\Installer\2919dd9c.msi : (Google Earth Pro - Google)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/04/2014 18:31:38] - C:\WINDOWS\Installer\34f8c.msi : (Blank Project Template - InstallShield)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2013 07:30:48] - C:\WINDOWS\Installer\34f95.msi : (Intel(R) Trusted Execution Engine Driver - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/09/2013 07:30:48] - C:\WINDOWS\Installer\34f99.msi : (Intel(R) Trusted Execution Engine - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2017 11:41:12] - C:\WINDOWS\Installer\3bdb08.msi : (HP Support Solutions Framework - HP Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2014 12:44:19] - C:\WINDOWS\Installer\43419b1c.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/12/2014 15:32:22] - C:\WINDOWS\Installer\484635.msi : (Blank Project Template - Samsung Electronics Co., Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/06/2017 19:08:45] - C:\WINDOWS\Installer\486d7fcf.msi : (Skype - Skype Technologies S.A.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2014 03:38:42] - C:\WINDOWS\Installer\59094.msi : (HP Officejet 4630 series Basic Device Software - Hewlett-Packard Co.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/03/2018 16:29:12] - C:\WINDOWS\Installer\5b769.msi : (Avira - Avira Operations GmbH & Co. KG)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/07/2013 10:58:06] - C:\WINDOWS\Installer\63a380f.msi : (HP FWUpdateEDO2 - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2017 22:25:33] - C:\WINDOWS\Installer\8189391c.msi : (Adobe ARM Installer - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/07/2014 00:21:34] - C:\WINDOWS\Installer\85aa18.msi : (HPDiagnosticCoreDll - Hewlett Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 10:41:29] - C:\WINDOWS\Installer\a8f9556.msi : ( - Adobe Systems Incorporated)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/07/2014 03:38:51] - C:\WINDOWS\Installer\aa51bad.msi : (Product Improvement Study for HP Officejet 4630 series - Hewlett-Packard Co.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/08/2013 08:11:56] - C:\WINDOWS\Installer\b1c40.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/08/2013 09:52:22] - C:\WINDOWS\Installer\b1c44.msi : (HP Postscript Converter - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2017 13:32:25] - C:\WINDOWS\Installer\c06b8.msi : (HP Support Assistant - HP Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2017 13:34:35] - C:\WINDOWS\Installer\c06bd.msi : (Blank Project Template - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/07/2016 11:41:14] - C:\WINDOWS\Installer\d330ef8.msi : (Blank Project Template - Macrovision Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/09/2012 20:10:06] - C:\WINDOWS\Installer\df19.msi : (7-Zip (x64 edition) Package - Igor Pavlov)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/09/2013 20:52:18] - C:\WINDOWS\Installer\df23.msi : ( - Hewlett-Packard)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/09/2013 11:45:54] - C:\WINDOWS\Installer\df2f.msi : (swMSM - Adobe Systems, Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/02/2018 10:08:59] - [3329] - C:\WINDOWS\System32\ieuinit.inf
[30/12/2017 12:52:18] - [2525686] - C:\WINDOWS\System32\PerfStringBackup.INI
[29/09/2017 15:41:57] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[29/09/2017 15:41:41] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[14/02/2018 10:08:59] - [3329] - C:\WINDOWS\Syswow64\ieuinit.inf
[11/09/2015 00:10:13] - [942] - C:\WINDOWS\Syswow64\InstallUtil.InstallLog
[03/06/2017 09:39:22] - [1970168] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[29/09/2017 15:42:13] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.8FBA97117C78AD5C62C1A2CBE730B311] - |A| - [31/01/2018 21:55:32] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\310c76e0db0a879e.avt
[MD5.ECBA4F3F4A9AE5221BAF9F9CD90A52AA] - |A| - [01/03/2018 20:04:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\420101cd878a12c6.avt
[MD5.A750678E7A010A9835F2B6D0524367DE] - |A| - [29/03/2018 20:04:36] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\5048ac5a60c9977c.avt
[MD5.CF381AB10AF86C0A5DEDB941E06B3B7C] - |A| - [26/04/2018 20:04:47] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\658ec4c7aa18a4a5.avt
[MD5.0ABA930943AD946D1858530BAD204F52] - |A| - [16/02/2018 15:30:54] - (.-.) - [3.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AdobeARM.log
[MD5.634008A13559B650BC3D786214AB2375] - |A| - [17/02/2018 15:43:23] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\AdobeARM_NotLocked.log
[MD5.883D7A02F00170542AADEF3839203A71] - |A| - [06/02/2018 09:39:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc1109.tmp
[MD5.BDFC2BAC09AE0B09B03029FD11BE9637] - |ASH| - [06/02/2018 09:39:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc1109.tmp.LOG1
[MD5.BA0E9BFC7E1005FCA119EBDA7CF081F7] - |ASH| - [06/02/2018 09:39:21] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc1109.tmp.LOG2
[MD5.5ACBA4CE06B919210FBA2CE32C08E7D7] - |A| - [06/02/2018 09:35:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc3780.tmp
[MD5.5BF0DB348A0240DC3901F913A07938EE] - |ASH| - [06/02/2018 09:35:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc3780.tmp.LOG1
[MD5.3A6FD017C883A51C17FA29AF647AC2D3] - |ASH| - [06/02/2018 09:35:08] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amc3780.tmp.LOG2
[MD5.7840D900430E9A6C0EC2FED19282D8DA] - |A| - [25/01/2018 20:14:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amcE253.tmp
[MD5.D27E5871D8F492B165D30F0EEACADEA1] - |ASH| - [25/01/2018 20:14:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amcE253.tmp.LOG1
[MD5.08D411B7F3E3DD2F3DACF5A0F13B7701] - |ASH| - [25/01/2018 20:14:05] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\amcE253.tmp.LOG2
[MD5.DBCF27D991A6F467D57B1F4C7356F093] - |AT| - [06/03/2018 23:05:21] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.1bvjloiw9orxdavn8a2vdiz4.tmp
[MD5.C9DFAED27BE8110F8B995130E696CA78] - |AT| - [06/03/2018 23:04:27] - (.-.) - [29.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.2cgctxfox9kvmvey6nhxwb4yc.tmp
[MD5.ECA186085481E68A47126A5F87C62D64] - |AT| - [06/03/2018 23:00:11] - (.-.) - [444.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.3g5_h_brk0eru3w89v4ckcpub.tmp
[MD5.5778661553EB213EB2218FDE5C1981C2] - |AT| - [06/03/2018 23:04:26] - (.-.) - [0.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.3l7hv8gbt1z5rmrv8rkxhfylg.tmp
[MD5.A136ED07D50F427E45A8F01A4459E237] - |AT| - [06/03/2018 23:05:27] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.3ua6eltt519guguo203cp7ngc.tmp
[MD5.4B4E2A66DB38378B15F9141987294A48] - |AT| - [06/03/2018 23:00:12] - (.-.) - [130.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.4jftlak0ep53qgrdwuh1rmh_h.tmp
[MD5.87FB1D6A7F4B00A275A0E0482C92D488] - |AT| - [06/03/2018 23:05:28] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.78amux9bv0bih49n06cbyzucf.tmp
[MD5.E4DAC7D51A912DC97CF814B99EE2B511] - |AT| - [06/03/2018 23:05:20] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.979lcpyiyuaa096ebf7rf4_2c.tmp
[MD5.D530D37CBFA9BDB20B26B2DE8953A621] - |AT| - [06/03/2018 23:00:42] - (.-.) - [11.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.bdpfh_y_15hwi14tvcatwof_h.tmp
[MD5.FA33F32C0351E17BF191EB0AD30F63B1] - |AT| - [06/03/2018 23:00:11] - (.-.) - [10.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.boakslhtp_b8xvnyj9h2q6v0h.tmp
[MD5.8906E7DDEF1D18A5F63A85D51BE9BFB0] - |AT| - [06/03/2018 23:00:42] - (.-.) - [3.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.bvvc4lkz34pmkeoexwhkcclde.tmp
[MD5.81B1D62CE78E71AD1F9CB0AA11952C05] - |AT| - [06/03/2018 23:00:42] - (.-.) - [10.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ejge7nlq3luwnsfjy11otsn7c.tmp
[MD5.7936F44E5ECA9A3532EF49C7EF05E4A8] - |AT| - [06/03/2018 23:05:28] - (.-.) - [3.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.g6s7w_dgrxvoiw96x7b3otg2.tmp
[MD5.202089CD9A64DAA6E2622B4099FFB0CA] - |AT| - [06/03/2018 23:05:20] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ghnqmltt06k3ngo75phkmes2.tmp
[MD5.62972A87280C6220C4EC5558A0A65167] - |AT| - [06/03/2018 23:04:27] - (.-.) - [29.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.jh0g1oc_rflbc0o7muu5srkeh.tmp
[MD5.96DC6653650761CD17048A424AF416EB] - |AT| - [06/03/2018 23:04:49] - (.-.) - [10.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.kf4c76qt3_15x8t20ry80k_qe.tmp
[MD5.941632D550F7EE9FE1A54EDB3891C3B6] - |AT| - [06/03/2018 23:04:47] - (.-.) - [10.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ky6_chiw9e_6vxqi8100qibyf.tmp
[MD5.B559A03AB59B84C9174865C703F0BC5A] - |AT| - [06/03/2018 23:05:21] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.nffzxd5bzbdf6mb0z4hwwlrcd.tmp
[MD5.41CEB5960B69468E58FD6E597933BEDD] - |AT| - [06/03/2018 23:04:27] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.nla_jgqxza4n19_388fos7sgf.tmp
[MD5.951BD39084E9186C9CF28BA4310F2B23] - |AT| - [06/03/2018 23:05:27] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.p2wu97ck8zp8zz1w3v9ywk25c.tmp
[MD5.CD480297D8FE5942BFA06FA47A95B1EB] - |AT| - [06/03/2018 23:04:49] - (.-.) - [32.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.qcvea7kf_np3lq0nplf41emkh.tmp
[MD5.3690C4BB9C15E104FF43E1387EBBE090] - |AT| - [06/03/2018 23:04:27] - (.-.) - [0.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.qj_o9el6roja3wam56dh0vhgd.tmp
[MD5.FA297911A0C73AA68C5302DE297A3719] - |AT| - [06/03/2018 23:05:21] - (.-.) - [0.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.rwtl6yqizfuv8brgw9hozvv0f.tmp
[MD5.877CC82E32D4F5F9947942EDBDB74F07] - |AT| - [06/03/2018 23:05:28] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.ry2fpco6x2oj6x9t7dxv6pjmb.tmp
[MD5.38EB5649DF0139E370898652F386BD03] - |AT| - [06/03/2018 23:04:49] - (.-.) - [11.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.s0_8209q0qygqljf_l9ckx97g.tmp
[MD5.608C928B99F2D0E1315943946AEAFA1F] - |AT| - [06/03/2018 23:04:47] - (.-.) - [31.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.skpaq36ivmkxerewtodh31qd.tmp
[MD5.2F9524C35C426620ABBA84162A2DCF11] - |AT| - [06/03/2018 23:00:11] - (.-.) - [22.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.swrmxyuvlxet3oydj4hx1s35b.tmp
[MD5.2C5C3D7D55A1C3B12C1134C6691720C9] - |AT| - [06/03/2018 23:05:21] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.uuz2i3y6xh8_55jkje31x8drh.tmp
[MD5.56BDB33E034C6A4294114A703FFA8686] - |AT| - [06/03/2018 23:04:49] - (.-.) - [5.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.xa79mykqr35y3s6loi7lr214g.tmp
[MD5.B8D8EFB3A992CEA88D34483A1097A351] - |AT| - [06/03/2018 23:04:27] - (.-.) - [10.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.z1r87_xhr37jis7q13e12qgob.tmp
[MD5.3378156B16979AA9830753E3544D3F48] - |AT| - [06/03/2018 23:05:28] - (.-.) - [0.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX.zqydh6e0pw1i18rp3c730ke7f.tmp
[MD5.9255630DB417EFB408A9E3C20610CF31] - |AT| - [06/03/2018 23:00:42] - (.-.) - [0.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX._22x5eqqr6peduqvucazm678b.tmp
[MD5.3B9D88F37DACD697F7DC8C9AC61E8A2A] - |AT| - [06/03/2018 23:04:47] - (.-.) - [5.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX._8e8zg_1hcrddw8xb_14aji7e.tmp
[MD5.3321FB717871CCE260151758A83108D0] - |AT| - [06/03/2018 23:04:47] - (.-.) - [11.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\APPX._tz9zdydfsgg1uzomzp4xe3xd.tmp
[MD5.864C22FB9A1C0670EDF01C6ED3E4FBE4] - |A| - [17/02/2018 15:38:45] - (.-.) - [251.88 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\ArmUI.ini
[MD5.00000000000000000000000000000000] - |D| - [23/04/2018 11:11:54] - [345.38 Ko] - C:\WINDOWS\Temp\avast_ash2
[MD5.1BF618EA6D0D54704913AC0C64DD903A] - |A| - [15/01/2018 20:44:03] - (.-.) - [25.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180115194403.log
[MD5.31DD0AD3666B4F8F5B12BA9D7DCFEF0B] - |A| - [15/01/2018 20:44:06] - (.-.) - [1583.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180115194403_001_Id.Avira.OE.Setup.Msi.log
[MD5.DD2C656CCCDDB93B9CF7AC15DFFA8514] - |A| - [15/01/2018 20:45:54] - (.-.) - [18.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180115194554.log
[MD5.5DE7105ACCBC9A0BD8EC786B726F46D4] - |A| - [13/02/2018 14:33:05] - (.-.) - [25.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180213133305.log
[MD5.9F534C68E5427BD7B6876005D92B6E48] - |A| - [13/02/2018 14:33:09] - (.-.) - [1615.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180213133305_001_Id.Avira.OE.Setup.Msi.log
[MD5.DE7D9E564BFCE25EF0E30B3C5F8EE7F8] - |A| - [13/02/2018 14:34:22] - (.-.) - [18.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180213133422.log
[MD5.7BF6D5BE3AE3B4D9A727153577DF88B6] - |A| - [24/02/2018 17:28:21] - (.-.) - [42.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180224162821.log
[MD5.3B26B536934B722770BE957092B97968] - |A| - [24/02/2018 17:28:24] - (.-.) - [1632.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180224162821_001_Id.Avira.OE.Setup.Msi.log
[MD5.88B016F04582E71EADFB33C7EA2C48D5] - |A| - [09/04/2018 16:47:18] - (.-.) - [25.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180409164718.log
[MD5.D9A70957D2E349B85A8318049B3244A4] - |A| - [09/04/2018 16:47:23] - (.-.) - [1634.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180409164718_001_Id.Avira.OE.Setup.Msi.log
[MD5.62BC3A1E3CEFE2846C751C97D66225E9] - |A| - [09/04/2018 16:48:52] - (.-.) - [18.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180409164852.log
[MD5.476D5C776637ED864157FE393AB63B5C] - |A| - [29/04/2018 19:38:06] - (.-.) - [24.89 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180429193806.log
[MD5.EA6AEDBA5F97F78E0F15D7833FF79550] - |A| - [29/04/2018 19:39:00] - (.-.) - [1618.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\Avira_20180429193806_001_Id.Avira.OE.Setup.Msi.log
[MD5.00000000000000000000000000000000] - |D| - [29/04/2018 19:41:36] - [0.5 Ko] - C:\WINDOWS\Temp\AVSETUP_5ae603d0
[MD5.00000000000000000000000000000000] - |D| - [28/04/2018 20:26:38] - [0 Ko] - C:\WINDOWS\Temp\BDFE58AC-1F95-46D8-BF59-300F02D99153-Sigs
[MD5.571A42192642FE4E2957F098DE5A9A71] - |A| - [08/02/2018 11:35:32] - (.-.) - [43.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [30/12/2017 13:22:50] - [0 Ko] - C:\WINDOWS\Temp\CLDigitalHome
[MD5.00000000000000000000000000000000] - |D| - [08/02/2018 11:35:32] - [0.04 Ko] - C:\WINDOWS\Temp\Crashpad
[MD5.00000000000000000000000000000000] - |D| - [14/01/2018 14:18:00] - [138 Ko] - C:\WINDOWS\Temp\Crc32C.NET-1.0.5.0
[MD5.00000000000000000000000000000000] - |D| - [22/03/2018 09:43:00] - [1969.94 Ko] - C:\WINDOWS\Temp\CR_557D5.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/04/2018 19:38:06] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\D186.tmp
[MD5.3B177EF340E9C143A1555CCBA637821C] - |A| - [28/03/2018 16:24:44] - (.Copyright Â© 2016 Avira Operations GmbH & Co. KG and its Licensors - Avira.OE.FileNameParser.) - [635.44 Ko] - (1.2.109.23832) - C:\WINDOWS\Temp\DELE1EC.tmp
[MD5.00000000000000000000000000000000] - |D| - [29/04/2018 19:30:33] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_alternativeTrace
[MD5.00000000000000000000000000000000] - |D| - [29/04/2018 19:30:33] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_aot
[MD5.00000000000000000000000000000000] - |D| - [29/04/2018 19:30:33] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_diag
[MD5.00000000000000000000000000000000] - |D| - [29/04/2018 19:30:33] - [0 Ko] - C:\WINDOWS\Temp\DiagTrack_miniTrace
[MD5.74C55F11380AA9B3FF978701A523F26F] - |A| - [04/03/2018 08:12:04] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_27829.txt
[MD5.74C55F11380AA9B3FF978701A523F26F] - |A| - [03/03/2018 10:11:52] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FailureReportMetadata_31300.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/01/2018 14:17:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [14/01/2018 14:17:04] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.00000000000000000000000000000000] - |D| - [17/01/2018 22:55:33] - [3.61 Ko] - C:\WINDOWS\Temp\HP
[MD5.00000000000000000000000000000000] - |D| - [14/01/2018 14:16:54] - [87.36 Ko] - C:\WINDOWS\Temp\HP Support Framework
[MD5.00000000000000000000000000000000] - |D| - [19/02/2018 17:47:14] - [35.36 Ko] - C:\WINDOWS\Temp\HPWC
[MD5.D18F0D81AEAB214F9C951825191C865F] - |A| - [11/04/2018 12:22:31] - (.-.) - [47.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 12:31:01] - [0 Ko] - C:\WINDOWS\Temp\MPInstrumentation
[MD5.234D0C8D051FE47B7BC42B493C905785] - |A| - [28/04/2018 20:26:37] - (.-.) - [21.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpSigStub.log
[MD5.00000000000000000000000000000000] - |D| - [11/04/2018 12:41:03] - [0 Ko] - C:\WINDOWS\Temp\MPTelemetrySubmit
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/02/2018 17:57:28] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_c2ruidll(201802121657281618).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/03/2018 19:06:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_c2ruidll(2018032519062529F0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2018 19:35:10] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_c2ruidll(20180420193510278C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |N| - [11/01/2018 21:11:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180111201114C8C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [12/02/2018 17:56:11] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201802121656111618).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/02/2018 14:41:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201802151341403304).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/02/2018 14:50:57] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(201802151350572160).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/03/2018 19:05:01] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(2018032519050129F0).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [11/04/2018 00:20:15] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180411002015C94).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/04/2018 09:57:05] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180415095705D84).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2018 19:23:40] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180420192340EB50).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2018 19:32:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180420193243278C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [29/04/2018 19:30:41] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20180429193041D88).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [17/01/2018 22:57:35] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\OLicenseHeartbeat.exe_c2rdll(201801172157341A1C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/02/2018 14:41:49] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\OLicenseHeartbeat.exe_c2rdll(201802151340501D3C).log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [25/03/2018 19:04:25] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\OLicenseHeartbeat.exe_c2rdll(2018032519041330BC).log
[MD5.EB129DC77C3668D0126DF6554C7599BA] - |N| - [11/01/2018 21:11:08] - (.-.) - [285.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180111-2011.log
[MD5.AF513EEE099EB257F85DA91066FE5478] - |A| - [13/01/2018 19:04:08] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180113-1804.log
[MD5.43C2DA4F11CBB515B752A8D4226D1E22] - |A| - [14/01/2018 09:51:19] - (.-.) - [3.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180114-0851.log
[MD5.BCD43A18D65F92083E6FBFD14B2F884E] - |A| - [14/01/2018 09:51:24] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180114-0851a.log
[MD5.8BE00987ED2C2A5FCF84A65D309AB173] - |A| - [14/01/2018 10:13:10] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180114-0913.log
[MD5.8A3ECD543EA9105D40E71C2D81619F6A] - |A| - [14/01/2018 19:03:16] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180114-1803.log
[MD5.F2C6A398A60DBCEB4E6DA56FBC47B730] - |A| - [15/01/2018 07:24:27] - (.-.) - [6.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180115-0624.log
[MD5.9873411302786CCDD81F91072A16F5EF] - |A| - [15/01/2018 07:27:12] - (.-.) - [2.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180115-0627.log
[MD5.59BB0BAC7576393454CA56493FFA6F00] - |A| - [15/01/2018 19:05:37] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180115-1805.log
[MD5.EB87834EB21AC8FAFDEF121814EA60E3] - |A| - [16/01/2018 20:41:33] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180116-1941.log
[MD5.3731D17CEAE96D75E6D7C4F97083DAFB] - |A| - [16/01/2018 20:41:33] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180116-1941a.log
[MD5.54764A717EAD34EB4159C1184F8188C2] - |A| - [16/01/2018 20:42:43] - (.-.) - [95.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180116-1942.log
[MD5.F91ED7A4908DC14A46F114617F93727B] - |A| - [17/01/2018 22:53:40] - (.-.) - [35.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180117-2153.log
[MD5.022EAC44FE7E076917E2E7FE8E6929D4] - |A| - [17/01/2018 22:54:45] - (.-.) - [52.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180117-2154.log
[MD5.670A90A20CD1E8C305F544C6440CD12D] - |A| - [17/01/2018 22:58:01] - (.-.) - [517.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180117-2158.log
[MD5.A49C51101B11FBB9F2CE84466D4B56C5] - |A| - [17/01/2018 22:59:54] - (.-.) - [9.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180117-2159.log
[MD5.4F52656DCDB80DD540CE15EEF2301AA5] - |A| - [17/01/2018 23:00:39] - (.-.) - [26.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180117-2200.log
[MD5.1067FCA6B5E7D47E9CB4C884A9D6219B] - |A| - [18/01/2018 20:10:43] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180118-1910.log
[MD5.D31464F14ECB1D021D8C09F65C59E063] - |A| - [19/01/2018 17:39:16] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180119-1639.log
[MD5.0B9C38BB2F5C1C1DD7C922D9354AB041] - |A| - [19/01/2018 17:42:34] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180119-1642.log
[MD5.77F3FBF1F98012D3A6A1CA9CE306E8C4] - |A| - [19/01/2018 17:42:34] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180119-1642a.log
[MD5.112759DB8E6877E1D396ED248C204525] - |A| - [19/01/2018 17:42:54] - (.-.) - [58.87 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180119-1642b.log
[MD5.4E777E0DC6D15791447F6BC7634AB814] - |A| - [19/01/2018 20:08:43] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180119-1908.log
[MD5.44FEEA6EA29776872FD63D73F8350A72] - |A| - [20/01/2018 15:52:18] - (.-.) - [6.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180120-1452.log
[MD5.DE44C6AB28868D673C605CD93C79F1B1] - |A| - [20/01/2018 15:54:47] - (.-.) - [2.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180120-1454.log
[MD5.40E7736F374969428C2FDB9DCF5D62F6] - |A| - [20/01/2018 17:41:03] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180120-1641.log
[MD5.B57209BE28A1DBFEF7D17D005978B63F] - |A| - [20/01/2018 20:08:47] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180120-1908.log
[MD5.7407BFB04C92B3BBE79F2098C1099CC5] - |A| - [21/01/2018 09:34:31] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180121-0834.log
[MD5.0CF0147D9D4E81CFE887E3F5E8D5C1C7] - |A| - [21/01/2018 09:37:47] - (.-.) - [3.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180121-0837.log
[MD5.EF16C40D2911D276AC25B036DE00D362] - |A| - [21/01/2018 09:37:48] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180121-0837a.log
[MD5.EEA3879A383416C062BE131DF36F2874] - |A| - [21/01/2018 15:53:59] - (.-.) - [6.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180121-1453.log
[MD5.DEEC053A0F28CD8130A6D463BE84B6B1] - |A| - [22/01/2018 21:35:03] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180122-2035.log
[MD5.3D0BF753F0C55D9BFB103D575E3418A0] - |A| - [23/01/2018 21:41:04] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180123-2041.log
[MD5.7D156FEED66FA69621404D41787C40A1] - |A| - [23/01/2018 21:43:34] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180123-2043.log
[MD5.83D3D03C7DA7DB04DEC87964313741C7] - |A| - [23/01/2018 21:44:27] - (.-.) - [93.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180123-2044.log
[MD5.40A6BC6FB1E26390444D75C7D601E771] - |A| - [25/01/2018 20:10:18] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180125-1910.log
[MD5.2D926542FA378F17DA12EAF32F3D86A3] - |A| - [25/01/2018 21:33:37] - (.-.) - [2.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180125-2033.log
[MD5.35B20885C7326D58EFCF21E640D725AC] - |A| - [25/01/2018 21:42:29] - (.-.) - [2.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180125-2042.log
[MD5.C1891E73E684717976B9F0E842E49777] - |A| - [26/01/2018 09:11:12] - (.-.) - [2.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-0811.log
[MD5.CFEB4B11C7FE182A9375BBFD2F4703A7] - |A| - [26/01/2018 09:11:12] - (.-.) - [11.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-0811a.log
[MD5.EDE8B086441089172CD76EEC7B5B8DE5] - |A| - [26/01/2018 09:11:33] - (.-.) - [37.78 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-0811b.log
[MD5.41F7A2A5792B4EFC01FFA5BC528DCEC0] - |A| - [26/01/2018 09:36:33] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-0836.log
[MD5.C2440A2F7C8AF2AF54632440925C7770] - |A| - [26/01/2018 15:53:57] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-1453.log
[MD5.4F80A9742258E48052CD2C2120917602] - |A| - [26/01/2018 17:41:07] - (.-.) - [2.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-1641.log
[MD5.CD5BFEC85CFB08C751CDB72512E92C3F] - |A| - [26/01/2018 20:08:54] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-1908.log
[MD5.4C5570A68C7113CEFD0752BBCFD6BBBB] - |A| - [26/01/2018 20:10:38] - (.-.) - [8.59 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180126-1910.log
[MD5.6B4FFB68E43878210FE7977EC6C35488] - |A| - [27/01/2018 16:02:16] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-1502.log
[MD5.835FAE78145DB23BED89E7D8969D2281] - |A| - [27/01/2018 17:41:10] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-1641.log
[MD5.2FE52118D35B79D2793FC05C78A69E55] - |A| - [27/01/2018 20:08:43] - (.-.) - [2.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-1908.log
[MD5.2BE1E84CDE524437DE5FA56AA904BB4F] - |A| - [27/01/2018 20:10:32] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-1910.log
[MD5.C35AE8527C7DAEC328712B77917209BE] - |A| - [27/01/2018 21:33:33] - (.-.) - [6.93 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-2033.log
[MD5.2154CC5BFB1F1A90843588272A55FC37] - |A| - [27/01/2018 21:42:23] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180127-2042.log
[MD5.F24E7BAFA3C4D5F5C1449965A27F8C61] - |A| - [28/01/2018 10:09:12] - (.-.) - [3.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-0909.log
[MD5.66D8CB1BE3E9BBECB2661E6B16549C2B] - |A| - [28/01/2018 10:09:38] - (.-.) - [10.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-0909a.log
[MD5.1BDAC29FA180FB88EF692D5DBE28AB46] - |A| - [28/01/2018 10:10:00] - (.-.) - [37.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-0910.log
[MD5.33AF1881C2BEEDC671B9910C4A89233F] - |A| - [28/01/2018 10:30:20] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-0930.log
[MD5.A18AD4462BF05C40DC9F3F7F2CD0BA0F] - |A| - [28/01/2018 15:53:55] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-1453.log
[MD5.343CCBF2D242619AB923E3D19BA0D17D] - |A| - [28/01/2018 15:58:03] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-1458.log
[MD5.1635F9FE3EE092FC76CF88D6F84C67B3] - |A| - [28/01/2018 20:32:47] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-1932.log
[MD5.37F7ADA99B4C4578156CF889DD11B39B] - |A| - [28/01/2018 21:33:30] - (.-.) - [3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-2033.log
[MD5.502D43FF54D6E156FC510FCFC1BABDCC] - |A| - [28/01/2018 21:42:23] - (.-.) - [9.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180128-2042.log
[MD5.9CC61BE9C30921B64268D34B668511DF] - |A| - [29/01/2018 09:58:16] - (.-.) - [3.15 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-0858.log
[MD5.2459509F3CD9FE3AD688C1B9B385471A] - |A| - [29/01/2018 10:00:27] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-0900.log
[MD5.17364646D643BE7C15643422DD86495F] - |A| - [29/01/2018 10:30:21] - (.-.) - [3.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-0930.log
[MD5.1EE43BE5A37E3664AD57D43509263659] - |A| - [29/01/2018 15:53:56] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-1453.log
[MD5.94862C73994686AF8FF76AF0B67FD8A6] - |A| - [29/01/2018 15:58:03] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-1458.log
[MD5.87A6CAD01379BB78F8130BED67AA9F3B] - |A| - [29/01/2018 19:15:50] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-1815.log
[MD5.C6954BB92877A1BD4B96FAA28C4033D2] - |A| - [29/01/2018 20:08:41] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-1908.log
[MD5.1F2E96CB3B1FADFB62D0656F80797473] - |A| - [29/01/2018 20:10:37] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-1910.log
[MD5.4283B8AAD605CC22D9FD24C7AA887FAF] - |A| - [29/01/2018 21:33:30] - (.-.) - [2.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-2033.log
[MD5.F1A3791986F1258659B89478447EFE53] - |A| - [29/01/2018 21:42:23] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180129-2042.log
[MD5.E73D430651BF019C3AD0F68C365E4728] - |A| - [30/01/2018 09:07:18] - (.-.) - [6.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0807.log
[MD5.7A26A6F62AFC780CA629DE0FC82C6611] - |A| - [30/01/2018 09:09:48] - (.-.) - [10.72 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0809.log
[MD5.B853304875F28863645EF66E64F4D546] - |A| - [30/01/2018 09:10:13] - (.-.) - [34.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0810.log
[MD5.2B23F672FC6DFC33541C7CA78D14B08C] - |A| - [30/01/2018 09:10:57] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0810a.log
[MD5.FBE64CC626980FD7A7240CDBE271AC5D] - |A| - [30/01/2018 09:35:22] - (.-.) - [3.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0835.log
[MD5.BB94EDF355058383898DDEF4E7476777] - |A| - [30/01/2018 09:36:31] - (.-.) - [4.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0836.log
[MD5.EB8D201B94E211DEE803A28A52ABD515] - |A| - [30/01/2018 10:00:26] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0900.log
[MD5.AD232250C33A5644904AA06D94E15C77] - |A| - [30/01/2018 10:30:21] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-0930.log
[MD5.453E7B20E419398FB79433465F4B196F] - |A| - [30/01/2018 23:04:25] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2204.log
[MD5.609B846246A04648915035F10ABB90C6] - |A| - [30/01/2018 23:15:51] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2215.log
[MD5.5091532D2243E69AEBE0AC862F972963] - |A| - [30/01/2018 23:16:25] - (.-.) - [49.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2216.log
[MD5.81FC1077198D1B8241A1D728B4FED4EE] - |A| - [30/01/2018 23:18:02] - (.-.) - [1261.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2218.log
[MD5.1FD0298973CE0551BCA1D418B52A8E3B] - |A| - [30/01/2018 23:19:24] - (.-.) - [15.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2219.log
[MD5.91FF49DFDE70126BA8823F46C3F13FA6] - |A| - [30/01/2018 23:19:46] - (.-.) - [34.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180130-2219a.log
[MD5.9B3E74916B683EB0E1390151EAED1BA0] - |A| - [31/01/2018 09:51:22] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-0851.log
[MD5.DD75441FE500F8933584B8436BDC3214] - |A| - [31/01/2018 10:03:00] - (.-.) - [10.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-0903.log
[MD5.AA7899BDC9ABDCBA726C18989347B71F] - |A| - [31/01/2018 10:04:15] - (.-.) - [58.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-0904.log
[MD5.6630E82A1AA7423B4BE6748F9A22C566] - |A| - [31/01/2018 10:31:24] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-0931.log
[MD5.9A3E677BC7E6E83C96A4B3D04D940A2E] - |A| - [31/01/2018 11:38:47] - (.-.) - [10.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1038.log
[MD5.1B18BEA747C50D5C3067C71E6034B99A] - |A| - [31/01/2018 13:41:43] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1241.log
[MD5.1B308777FD147FEBE472261CA768812B] - |A| - [31/01/2018 13:52:44] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1252.log
[MD5.E4513FF8463C523856AEAFE7B00E9376] - |A| - [31/01/2018 16:16:36] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1516.log
[MD5.1991AB6F57D262BCD1AB1D20DCC2CEE0] - |A| - [31/01/2018 16:22:35] - (.-.) - [10.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1522.log
[MD5.D0FDAC8FB66D8F61539DBC3187AA0482] - |A| - [31/01/2018 16:46:28] - (.-.) - [11.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1546.log
[MD5.9F139B38F93D0816704E8AECC9917411] - |A| - [31/01/2018 17:16:28] - (.-.) - [11.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180131-1616.log
[MD5.598FD47927DE3069C018D718424B46B5] - |A| - [01/02/2018 10:03:50] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180201-0903.log
[MD5.6C38F48C37E197207D2717DEF717CDA9] - |A| - [01/02/2018 10:15:07] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180201-0915.log
[MD5.8B8102A3D06B22078A744A01588E3DC4] - |A| - [01/02/2018 10:44:58] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180201-0944.log
[MD5.45AFF354A19006B3879B16BE8F5F9B1D] - |A| - [02/02/2018 11:22:58] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180202-1022.log
[MD5.5786E3B7CAEB57421A95D7FF9B0ABC1C] - |A| - [02/02/2018 11:23:01] - (.-.) - [10.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180202-1023.log
[MD5.053BADB5903CF17420B0AA8CFA4AC368] - |A| - [02/02/2018 11:37:47] - (.-.) - [10.25 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180202-1037.log
[MD5.FAA38DF123A77BED92574E8774EE1381] - |A| - [02/02/2018 12:07:48] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180202-1107.log
[MD5.F21455B66694565570C001409A2ABD19] - |A| - [02/02/2018 12:37:51] - (.-.) - [11.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180202-1137.log
[MD5.625081BF33E8374C79F9035976B3DE76] - |A| - [03/02/2018 10:43:12] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180203-0943.log
[MD5.E8539D844DDDE5D7C7D3D80AC2471386] - |A| - [03/02/2018 10:45:47] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180203-0945.log
[MD5.92F913F7C582D3C6D66D54474CA96BC3] - |A| - [03/02/2018 11:22:49] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180203-1022.log
[MD5.D9CA65367D24A1EC77A63BDA97A4CECB] - |A| - [04/02/2018 10:42:38] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180204-0942.log
[MD5.59000C19D92C1DDCAECFCD34FE4BF066] - |A| - [04/02/2018 10:44:09] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180204-0944.log
[MD5.1E66BC417ECB4B28A837ECCB335F8260] - |A| - [04/02/2018 10:44:09] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180204-0944a.log
[MD5.B350528CCFA479C8C004468C0CF9ACD5] - |A| - [04/02/2018 10:45:10] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180204-0945.log
[MD5.49B78AB9E4F6EF4B6808DC6281D2D31C] - |A| - [04/02/2018 11:22:42] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180204-1022.log
[MD5.02121C38A76EA1AE50269FC4E0222682] - |A| - [05/02/2018 10:53:45] - (.-.) - [7.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180205-0953.log
[MD5.9025120B616C7FCEEF84AB2D96FAE7E2] - |A| - [05/02/2018 10:55:37] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180205-0955.log
[MD5.C99993CC392CA4751E59EDA3B7FFE426] - |A| - [05/02/2018 11:22:45] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180205-1022.log
[MD5.4317C481B020CA10798E5AE9568D1B91] - |A| - [06/02/2018 09:32:47] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0832.log
[MD5.ABEC20B2B04894C2FA591B71130269CA] - |A| - [06/02/2018 09:33:34] - (.-.) - [3.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0833.log
[MD5.73EDE62CB9420D8DE49F417E31DC35AB] - |A| - [06/02/2018 09:49:13] - (.-.) - [5.04 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0849.log
[MD5.5A48F11BC8F536B5495CC9C8DB0F4B66] - |A| - [06/02/2018 09:49:18] - (.-.) - [11.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0849a.log
[MD5.0CFF904DC635AD7E42F97A7F77D3A5A9] - |A| - [06/02/2018 10:01:21] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0901.log
[MD5.BBFD9E3007E7BD042BDA06E2DDFC9D4E] - |A| - [06/02/2018 10:19:26] - (.-.) - [11.85 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-0919.log
[MD5.2748A6B6C8048975ACEFB83FB0CDF3CE] - |A| - [06/02/2018 16:12:42] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1512.log
[MD5.131647F1825840FE4CAC48D5058C7F05] - |A| - [06/02/2018 16:22:23] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1522.log
[MD5.F6B0061AADFC05A6E4625D9271E1EDB1] - |A| - [06/02/2018 16:22:57] - (.-.) - [94.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1522a.log
[MD5.D40C42652FC0EF584B9B5E4E60FBA040] - |A| - [06/02/2018 16:52:18] - (.-.) - [9.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1552.log
[MD5.1916C63C33C745792DA58CA3E08075DE] - |A| - [06/02/2018 16:52:40] - (.-.) - [37.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1552a.log
[MD5.57BF9456713D7D1028E6B3A33D86B392] - |A| - [06/02/2018 17:22:19] - (.-.) - [9.71 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1622.log
[MD5.BA113CA1BEA56D0F84F3A1FFAE72FD23] - |A| - [06/02/2018 17:22:38] - (.-.) - [35.03 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180206-1622a.log
[MD5.61747470AFAA76510188DCA2D6AEC0DC] - |A| - [07/02/2018 11:21:16] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180207-1021.log
[MD5.85441114794CD51199AB6A152AAA9092] - |A| - [08/02/2018 11:33:36] - (.-.) - [7.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180208-1033.log
[MD5.5E1E3405191DECFAB31B3A2EAFC4B2F0] - |A| - [09/02/2018 10:46:07] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-0946.log
[MD5.888B8466BBE3F14027DADC69CB38ABB0] - |A| - [09/02/2018 10:46:45] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-0946a.log
[MD5.4DF103CABDF63A758664BAF81C83604B] - |A| - [09/02/2018 10:47:12] - (.-.) - [36.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-0947.log
[MD5.CBFA2B4F81F63AB435C278BB69902512] - |A| - [09/02/2018 10:55:34] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-0955.log
[MD5.10420D39033A763C77A2307722B22386] - |A| - [09/02/2018 11:22:03] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-1022.log
[MD5.F2F2EE93D5DC21A3A115729E5A0C14C6] - |A| - [09/02/2018 11:22:42] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-1022a.log
[MD5.1A5412E7C131A0C86CC5D8C4EEBF3FC3] - |A| - [09/02/2018 11:34:53] - (.-.) - [8.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180209-1034.log
[MD5.823DD55BC08AD7B7E9D2F286D7522D3D] - |A| - [10/02/2018 09:34:03] - (.-.) - [2.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0834.log
[MD5.62C3017DD342C7B7F392E20354D0793E] - |A| - [10/02/2018 09:49:14] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0849.log
[MD5.E488679ABD32DE33F416C875F6F6163D] - |A| - [10/02/2018 10:01:21] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0901.log
[MD5.2B9785080B7438E8B98BA299F30DE0D7] - |A| - [10/02/2018 10:42:39] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0942.log
[MD5.EE6A4232F1C6DFEA4692C782CE29F7F2] - |A| - [10/02/2018 10:43:56] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0943.log
[MD5.BBEE60709270EAF1D96AFBC10EF7EFBC] - |A| - [10/02/2018 10:45:11] - (.-.) - [3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0945.log
[MD5.992DA9D5ECEC6679C83FC39CAF262BAF] - |A| - [10/02/2018 10:55:27] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-0955.log
[MD5.6CB1AC47B0F846671952EDE63AF86137] - |A| - [10/02/2018 11:22:05] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-1022.log
[MD5.06AF49A6A2F1AE84B5FF12F99BE922E9] - |A| - [10/02/2018 11:22:42] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-1022a.log
[MD5.9473F5CF297B8AC7DFC76B99D529DD2F] - |A| - [10/02/2018 11:34:56] - (.-.) - [8.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180210-1034.log
[MD5.7AD450B31B24FF2C41AACEF15764B2DF] - |A| - [11/02/2018 12:01:28] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180211-1101.log
[MD5.0C896F84501898EAFAF43C87B8061B80] - |A| - [11/02/2018 12:03:07] - (.-.) - [10.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180211-1103.log
[MD5.9674D3A575BA763C4D820F2873D21EE6] - |A| - [11/02/2018 12:03:09] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180211-1103a.log
[MD5.75CA158F36C9E897B10C64BC2C8A442D] - |A| - [11/02/2018 12:03:31] - (.-.) - [37.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180211-1103b.log
[MD5.639EC19DC54D479C6E1D8BD8FAB633F7] - |A| - [12/02/2018 09:12:12] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0812.log
[MD5.E64FA15E1E2BFF7E31F2A27A947CBA40] - |A| - [12/02/2018 09:32:33] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0832.log
[MD5.F84B77B61AC012B501AF0C2E5FEDDF74] - |A| - [12/02/2018 09:33:34] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0833.log
[MD5.76DBB13CC6A20BDF37FFA4D82F7E982E] - |A| - [12/02/2018 09:47:02] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0847.log
[MD5.7516008C49C3F512B4E0BDE73E44A02F] - |A| - [12/02/2018 09:49:13] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0849.log
[MD5.3E8D8BF44D00A15FBAEA523E74EB5194] - |A| - [12/02/2018 10:01:21] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0901.log
[MD5.9D51C9EB103A9D391776ED7C10918735] - |A| - [12/02/2018 10:42:36] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0942.log
[MD5.A50598A1F892EB695DD0E372DB0D8BEA] - |A| - [12/02/2018 10:43:56] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0943.log
[MD5.E645D00645168D5774E226E678E4DD57] - |A| - [12/02/2018 10:45:12] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0945.log
[MD5.5A3D4514439E1325A15319FCD985D435] - |A| - [12/02/2018 10:55:27] - (.-.) - [3.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-0955.log
[MD5.0D51CECCD39052D81AB479B20BEB74BF] - |A| - [12/02/2018 11:22:02] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1022.log
[MD5.C9E4D73F9F5FEA946B1585D12BCC67CE] - |A| - [12/02/2018 11:22:42] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1022a.log
[MD5.0616D203F0165E92216BE9E5A588F79D] - |A| - [12/02/2018 17:17:41] - (.-.) - [6.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1617.log
[MD5.DD9CC0283547CC2BB3FBA0F95C5B6971] - |A| - [12/02/2018 17:54:27] - (.-.) - [60.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1654.log
[MD5.D44B03E0A78D3039B5643FE4718D8A06] - |A| - [12/02/2018 17:56:11] - (.-.) - [161.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1656.log
[MD5.FE15AFCBF51456D76EA45140B1C7B8A7] - |A| - [12/02/2018 17:57:16] - (.-.) - [9.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1657.log
[MD5.92FDE9323B51954844E5B9C33E73BBF4] - |A| - [12/02/2018 17:57:30] - (.-.) - [37.21 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180212-1657a.log
[MD5.63396B62FFE12BFC7523446DBB684950] - |A| - [13/02/2018 08:21:17] - (.-.) - [136.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180213-0721.log
[MD5.FA8FD47E18F28AF619A0056E79B74BC2] - |A| - [13/02/2018 08:36:37] - (.-.) - [9.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180213-0736.log
[MD5.45C14CE8E14DA4996899B75EC39EF260] - |A| - [13/02/2018 08:37:02] - (.-.) - [58.92 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180213-0737.log
[MD5.0266E62D7CE656FC184E71EA079C3E8F] - |A| - [13/02/2018 09:08:13] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180213-0808.log
[MD5.3D5495CA249170CF23CA4274E684EEEB] - |A| - [13/02/2018 09:38:13] - (.-.) - [10.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180213-0838.log
[MD5.C82AAAA44D7D3CCC2E8BDAB92922947C] - |A| - [14/02/2018 08:35:54] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180214-0735.log
[MD5.92244F04BF44BB87FF1ED8C0F578B769] - |A| - [14/02/2018 10:45:48] - (.-.) - [2.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180214-0945.log
[MD5.FA1EC789EF2C93E57D82D9CE41B6AAD0] - |A| - [15/02/2018 14:41:23] - (.-.) - [7.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1341.log
[MD5.8EF01C32F661F98604A8088520532F90] - |A| - [15/02/2018 14:42:19] - (.-.) - [2.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1342.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [15/02/2018 14:42:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1342a.log
[MD5.713CA30098CD055631AA1B632A67E6BA] - |A| - [15/02/2018 14:50:55] - (.-.) - [250.39 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1350.log
[MD5.DD0B6DA63CD40D904EC14F7ACE763729] - |A| - [15/02/2018 15:04:19] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1404.log
[MD5.0B7D264B785D29D537C352213D8C7E6E] - |A| - [15/02/2018 15:32:47] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1432.log
[MD5.3A8B7B71D25C02DD37C7FE5AAFC96469] - |A| - [15/02/2018 16:02:45] - (.-.) - [11.73 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180215-1502.log
[MD5.C7DB635417FB4567E82ECF75F06DA7FE] - |A| - [16/02/2018 13:31:02] - (.-.) - [6.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180216-1231.log
[MD5.0325380CDDF88EA3CA2DC1CE8C0AF400] - |A| - [16/02/2018 13:33:41] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180216-1233.log
[MD5.1F59C1C496F4A09B32EE2E1D0D09DD26] - |A| - [16/02/2018 13:33:42] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180216-1233a.log
[MD5.D26468EAE3AA86DB71FDD07C5FB95E98] - |A| - [17/02/2018 09:51:37] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180217-0851.log
[MD5.3398F914BF6BC97E678A778000AE1C53] - |A| - [17/02/2018 09:54:12] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180217-0854.log
[MD5.D0CAE1299C4BC036A0D399A8E9815D24] - |A| - [17/02/2018 13:32:41] - (.-.) - [6.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180217-1232.log
[MD5.80A9AB44DCFB32EDE1708FB48EB02698] - |A| - [18/02/2018 11:15:41] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180218-1015.log
[MD5.BEE6D241CFD832CA050ADA08FFC0EFC6] - |A| - [18/02/2018 11:18:32] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180218-1018.log
[MD5.1E9BC3A9C53F8FEE984628C3F6A9A453] - |A| - [18/02/2018 11:18:34] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180218-1018a.log
[MD5.4EE818D8857C1BDE2AD1417E56302EC4] - |A| - [18/02/2018 13:32:42] - (.-.) - [6.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180218-1232.log
[MD5.6EA55EA4F0F507F2A885D5217BA0559F] - |A| - [19/02/2018 17:42:28] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180219-1642.log
[MD5.230B55FF46769E3E1BEB0B2827E05C0E] - |A| - [20/02/2018 15:02:35] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180220-1402.log
[MD5.2CF896CE6FA78199D01FFB3B33DE7EFC] - |A| - [20/02/2018 15:05:58] - (.-.) - [9.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180220-1405.log
[MD5.4E6D85D1432FECBED0E7E7354411574E] - |A| - [20/02/2018 17:40:45] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180220-1640.log
[MD5.C12C1DF6D7CD4F3AF079AD5F640D737D] - |A| - [21/02/2018 12:21:23] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180221-1121.log
[MD5.EAA676491021FF01A253DC5DC23D8654] - |A| - [21/02/2018 12:23:44] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180221-1123.log
[MD5.59F4C255DE4A2B2E9683A88612FB674B] - |A| - [21/02/2018 13:32:42] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180221-1232.log
[MD5.D70D7727C85FA1243B7E90A3046B723E] - |A| - [21/02/2018 15:03:28] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180221-1403.log
[MD5.E5502FB6E2A7643541897534465C1F8B] - |A| - [21/02/2018 17:40:43] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180221-1640.log
[MD5.8E9E0B932AEE1C6B146C1709747602D4] - |A| - [22/02/2018 10:19:11] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-0919.log
[MD5.B659C105751BC9582348843DE2E9C7DE] - |A| - [22/02/2018 10:19:36] - (.-.) - [3.9 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-0919a.log
[MD5.1E2C7A4BC0C5090631C36834E5A9E38D] - |A| - [22/02/2018 11:17:47] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1017.log
[MD5.108F8FC99231007E7354B095CBC030F5] - |A| - [22/02/2018 12:23:24] - (.-.) - [6.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1123.log
[MD5.9B61296FF7C1AEE742BAAAEA52F95927] - |A| - [22/02/2018 13:32:42] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1232.log
[MD5.947D8F3E1C22C0581F830C845F256B5A] - |A| - [22/02/2018 16:08:38] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1508.log
[MD5.A1BD5AA0B46F33A7227D70EAD45F8FF4] - |A| - [22/02/2018 16:22:12] - (.-.) - [75.8 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1522.log
[MD5.8EC8198001DE8D2DDD575B9FCF3FE815] - |A| - [22/02/2018 16:41:24] - (.-.) - [10.17 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1541.log
[MD5.C482BDE399D8BBE51A6508FE11A3B057] - |A| - [22/02/2018 16:41:59] - (.-.) - [107.08 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1541a.log
[MD5.666C4578226325D9B4D424A2564823A7] - |A| - [22/02/2018 16:48:23] - (.-.) - [467.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1548.log
[MD5.C30CEB3CDFF84D3044ACF5964A9A46A9] - |A| - [22/02/2018 16:49:23] - (.-.) - [9.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1549.log
[MD5.16E0A788A149A3575F15FC41F38877C5] - |A| - [22/02/2018 16:49:35] - (.-.) - [26.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180222-1549a.log
[MD5.964980C0DDEE448482A39BAFF4844112] - |A| - [23/02/2018 09:53:13] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180223-0853.log
[MD5.F8E221E3E73552CB765E8244D0A9E241] - |A| - [23/02/2018 09:55:39] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180223-0855.log
[MD5.C127A57DFC967E582C2C58A91A761C6C] - |A| - [23/02/2018 09:55:39] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180223-0855a.log
[MD5.176E86F104823304D298C6CB393F3178] - |A| - [23/02/2018 09:56:00] - (.-.) - [59.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180223-0856.log
[MD5.FAEB1925825D077978E25791BE5105AC] - |A| - [24/02/2018 09:25:51] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180224-0825.log
[MD5.57B19AD75AAEF512A7A616355FF52698] - |A| - [24/02/2018 09:27:22] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180224-0827.log
[MD5.5F5AEB4792861CA4B86086559118022E] - |A| - [24/02/2018 09:55:25] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180224-0855.log
[MD5.F305326763C126A8549677CB20F31B26] - |A| - [25/02/2018 14:55:33] - (.-.) - [7.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180225-1355.log
[MD5.273E5C21EDB4276CB155C7FD8CB6D51C] - |A| - [25/02/2018 14:56:27] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180225-1356.log
[MD5.EDA56AA0C032EE937BAC30F84C549B78] - |A| - [25/02/2018 14:56:28] - (.-.) - [11.43 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180225-1356a.log
[MD5.7C04F96DB042CAF6D69228B801467528] - |A| - [26/02/2018 10:20:26] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180226-0920.log
[MD5.88167A1FD0EB2ACB54CE3D7926125B39] - |A| - [26/02/2018 10:22:54] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180226-0922.log
[MD5.1D4D9205842151A4D937508E360CA73A] - |A| - [26/02/2018 22:03:57] - (.-.) - [6.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180226-2103.log
[MD5.69C4E4FCE2A85906C53CE89F4EA5680B] - |A| - [27/02/2018 14:51:17] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180227-1351.log
[MD5.99B0A6D3BFFE7EA35EA59D4D386CEB78] - |A| - [27/02/2018 14:52:17] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180227-1352.log
[MD5.702F119F56D09994110755A2AD026F16] - |A| - [27/02/2018 14:52:18] - (.-.) - [11.79 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180227-1352a.log
[MD5.2E54C3CA58C5ECEAC9513725FC6309D6] - |A| - [27/02/2018 14:56:27] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180227-1356.log
[MD5.ED0E26900DD80F79D8DECCF68B263796] - |A| - [28/02/2018 07:36:55] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180228-0636.log
[MD5.8DB4842453F59787092951956EB6E88A] - |A| - [28/02/2018 08:12:44] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180228-0712.log
[MD5.DD6AA678148D47270A088B22BC745520] - |A| - [28/02/2018 09:26:17] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180228-0826.log
[MD5.91327A75164BF34978DC2C7EACE13E05] - |A| - [28/02/2018 09:55:19] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180228-0855.log
[MD5.E07E026E493A5690F3377966A9AB4450] - |A| - [28/02/2018 12:06:39] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180228-1106.log
[MD5.3CCDFFC75D505F206BBD6C7A882E118C] - |A| - [01/03/2018 20:10:28] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180301-1910.log
[MD5.82AE9886E330A9A48198559729220663] - |A| - [02/03/2018 10:10:44] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-0910.log
[MD5.5605CFACBC4AF2D712A73591107741D7] - |A| - [02/03/2018 10:10:46] - (.-.) - [10.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-0910a.log
[MD5.0A66CD974E854A358AC9051583FC9A5A] - |A| - [02/03/2018 10:11:26] - (.-.) - [96.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-0911.log
[MD5.9959F3893C45EED544D978367E0B7EE4] - |A| - [02/03/2018 10:22:31] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-0922.log
[MD5.BE4424A8352AE1A60D4A251AF4CC8A1D] - |A| - [02/03/2018 14:51:58] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-1351.log
[MD5.0082F59C8C13BCE8115F5EF9B14A8336] - |A| - [02/03/2018 14:56:23] - (.-.) - [11.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180302-1356.log
[MD5.BA8F3A8D302C45AF9293827D42976FFE] - |A| - [03/03/2018 10:02:51] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180303-0902.log
[MD5.6E636DA671445CB4AE3181AFD16AC7D9] - |A| - [03/03/2018 10:11:05] - (.-.) - [2.51 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180303-0911.log
[MD5.274A1266A378101EA0BA14E9366C1F4D] - |A| - [03/03/2018 10:22:25] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180303-0922.log
[MD5.4A26909DB2EB7D6C592CECA9C057EEFB] - |A| - [03/03/2018 20:31:04] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180303-1931.log
[MD5.75C9A213F4FD98503305335A4C1B78A8] - |A| - [04/03/2018 08:08:28] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0708.log
[MD5.008ACF791233A9845C4ABC820BE2E258] - |A| - [04/03/2018 08:09:30] - (.-.) - [10.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0709.log
[MD5.F4AD64C2CB2D8987BCDAE622F3884B88] - |A| - [04/03/2018 08:09:32] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0709a.log
[MD5.37257DAD9AAC51491C752BA176C1B65D] - |A| - [04/03/2018 08:09:54] - (.-.) - [37.05 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0709b.log
[MD5.3590A134EBE4136AEA643AD6ECC86EDC] - |A| - [04/03/2018 08:12:47] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0712.log
[MD5.DA826869162B26A18E1DBFC69D418509] - |A| - [04/03/2018 09:26:17] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0826.log
[MD5.9E6C3330E28A024925B82EF9ED97B7CC] - |A| - [04/03/2018 09:55:19] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0855.log
[MD5.83A31B07B106E0A6847272248F09F7DB] - |A| - [04/03/2018 09:59:42] - (.-.) - [11.49 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0859.log
[MD5.6E2C5670CD6DC312AF0DEEBDD12669A4] - |A| - [04/03/2018 10:10:47] - (.-.) - [6.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0910.log
[MD5.6DABF017CD0064825C73F1652BD11B93] - |A| - [04/03/2018 10:22:26] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180304-0922.log
[MD5.827F4185F2AC72B743FDCED58210CE5D] - |A| - [06/03/2018 22:48:16] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2148.log
[MD5.BC2E24B25864ED53C0CA6DD073154E45] - |A| - [06/03/2018 22:48:16] - (.-.) - [9.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2148a.log
[MD5.CBB589BE282D26A332C2CD85F751FFB3] - |A| - [06/03/2018 22:49:00] - (.-.) - [36.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2149.log
[MD5.9C8B9DE1EB44A6DC54F4226F0D0EF322] - |A| - [06/03/2018 23:09:24] - (.-.) - [83.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2209.log
[MD5.33AF15D9AE0C58E2E4661CC5D8DE0ACD] - |A| - [06/03/2018 23:10:07] - (.-.) - [6.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2210.log
[MD5.FF632D7E5A4A3BC552C7A9E50009BBF4] - |A| - [06/03/2018 23:26:06] - (.-.) - [9.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2226.log
[MD5.394EDE083B9F6FB9DA634511101F00F2] - |A| - [06/03/2018 23:26:29] - (.-.) - [51.19 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2226a.log
[MD5.B466D4780DFC5042BF19B8BDF6F034A9] - |A| - [06/03/2018 23:28:33] - (.-.) - [298.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2228.log
[MD5.C91976E549F6EA2CE08AF1EADC922B0F] - |A| - [06/03/2018 23:29:34] - (.-.) - [10.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2229.log
[MD5.1FBBEDF91A9DD237AB04E92A44610225] - |A| - [06/03/2018 23:29:46] - (.-.) - [39.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180306-2229a.log
[MD5.CD9151362D80A43D8A55225721EF3835] - |A| - [07/03/2018 22:28:22] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180307-2128.log
[MD5.768CE9452303059100F55AAAE0BC7F38] - |A| - [08/03/2018 23:46:12] - (.-.) - [6.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180308-2246.log
[MD5.6D0CADB12BB74A660CC49280C02DE2B7] - |A| - [09/03/2018 11:18:13] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180309-1018.log
[MD5.71DB9929F0C05796267F5E780C5FA1BF] - |A| - [09/03/2018 11:20:05] - (.-.) - [9.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180309-1020.log
[MD5.6712E7E2F08CAC51182F1351CEA20E65] - |A| - [09/03/2018 11:20:05] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180309-1020a.log
[MD5.5FBD749364FCFF36C584FA17A57BD825] - |A| - [09/03/2018 11:20:25] - (.-.) - [57.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180309-1020b.log
[MD5.91C399BCD49E4990C7E01B46B0CEC60F] - |A| - [09/03/2018 22:26:20] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180309-2126.log
[MD5.FF6B9953C02C485605CCD2028DBB541F] - |A| - [10/03/2018 08:40:14] - (.-.) - [6.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180310-0740.log
[MD5.C58ED485BAD427DF2DBB170FFEACD765] - |A| - [10/03/2018 08:41:17] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180310-0741.log
[MD5.E6EC7679F2DBBA030B3E610996EF2496] - |A| - [11/03/2018 09:31:48] - (.-.) - [6.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180311-0831.log
[MD5.BB1434DB1CF66F292358FE5353102A7B] - |A| - [11/03/2018 09:31:50] - (.-.) - [9.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180311-0831a.log
[MD5.80221571A1D78896AFFF883EACAF489D] - |A| - [11/03/2018 11:19:53] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180311-1019.log
[MD5.649C1FF47D6DE8A0C4B41D12C4D53745] - |A| - [12/03/2018 10:28:36] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180312-0928.log
[MD5.9AE9A1787F52D0D3EDAF714358AEE0E1] - |A| - [12/03/2018 10:31:39] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180312-0931.log
[MD5.C94661C658947EED558AC1E856F3CA59] - |A| - [12/03/2018 11:19:51] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180312-1019.log
[MD5.9F58D9BFC5A61ED615D3B1C8312FC5D6] - |A| - [13/03/2018 11:01:06] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180313-1001.log
[MD5.8AA29081CED1621BEF0632BAE0BA300E] - |A| - [13/03/2018 11:03:03] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180313-1003.log
[MD5.6F59627DA44D94EF0232636DF2BB6D12] - |A| - [13/03/2018 11:03:04] - (.-.) - [11.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180313-1003a.log
[MD5.DB6E08AAF2EC1598A0365F606C9D9D79] - |A| - [13/03/2018 11:19:54] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180313-1019.log
[MD5.4745FFDCCA80E62DB29A5710B32CCCC9] - |A| - [14/03/2018 20:06:37] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180314-1906.log
[MD5.41F8047B310C7B46CE2110BC035BC026] - |A| - [14/03/2018 22:15:46] - (.-.) - [128.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180314-2115.log
[MD5.E745C0ED610289DC12045A177D0D93A6] - |A| - [14/03/2018 22:34:30] - (.-.) - [9.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180314-2134.log
[MD5.7B7D76002957C95CE8BB210FDBF16663] - |A| - [14/03/2018 23:04:24] - (.-.) - [10.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180314-2204.log
[MD5.C7216E8607F9465AD993C5E0EA08BBBC] - |A| - [14/03/2018 23:34:28] - (.-.) - [9.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180314-2234.log
[MD5.BB5BDE2630C87F26A23F26F8EB10C049] - |A| - [15/03/2018 08:40:42] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180315-0740.log
[MD5.D0D1FD0D3D9AAEC6A1DF4AB5FC72FECB] - |A| - [15/03/2018 22:09:15] - (.-.) - [370.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180315-2109.log
[MD5.09E75E054D3E682076C56646E3717C92] - |A| - [15/03/2018 22:24:35] - (.-.) - [9.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180315-2124.log
[MD5.30B7A0EEEEB2A4E2BF2FA91D7ED3C0C7] - |A| - [15/03/2018 22:54:28] - (.-.) - [11.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180315-2154.log
[MD5.892BE545F366050955810177C0AB89E3] - |A| - [15/03/2018 23:24:28] - (.-.) - [11.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180315-2224.log
[MD5.9A8E7EDFDF27D051A7D274A967E1EB7F] - |A| - [16/03/2018 08:55:50] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180316-0755.log
[MD5.0BDDB95E5876FC2DAFB87786E548BE7F] - |A| - [16/03/2018 08:58:04] - (.-.) - [9.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180316-0758.log
[MD5.B9D389BD17910D9DE3BF8E4BB4131F5E] - |A| - [16/03/2018 10:12:50] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180316-0912.log
[MD5.DC2AB1C9640693118E1BFF92D4BA5BF1] - |A| - [17/03/2018 19:31:59] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180317-1831.log
[MD5.75DD33ADB2E5ECBD9D348D579799E034] - |A| - [18/03/2018 20:35:23] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180318-1935.log
[MD5.53681EA4EA131CDA1BE528489EB17BBB] - |A| - [18/03/2018 20:35:54] - (.-.) - [9.58 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180318-1935a.log
[MD5.CCAD027B9441C5D6F01EA52F0594778E] - |A| - [18/03/2018 20:36:34] - (.-.) - [92.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180318-1936.log
[MD5.B64DD602FB16A5000D79FDE9DAA06F26] - |A| - [19/03/2018 18:59:46] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180319-1759.log
[MD5.1B2133E60B9A0F800087941E7833C820] - |A| - [19/03/2018 19:31:09] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180319-1831.log
[MD5.5560BB6DCA3C94088EF0916AE52C5546] - |A| - [19/03/2018 20:34:56] - (.-.) - [2.99 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180319-1934.log
[MD5.28301925F8012F2D790394DCEC18E696] - |A| - [20/03/2018 10:04:23] - (.-.) - [7.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-0904.log
[MD5.5221916114777B54AF8CE7D8C21DCB41] - |A| - [20/03/2018 10:04:53] - (.-.) - [10.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-0904a.log
[MD5.FE415774E1D06D59C08C79381E026507] - |A| - [20/03/2018 10:04:53] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-0904b.log
[MD5.B1FF7BFCD6F79B00AADF093AFF2BB9F3] - |A| - [20/03/2018 10:05:14] - (.-.) - [35.11 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-0905.log
[MD5.77816534595CCB46F3EB721F9AE2252B] - |A| - [20/03/2018 10:13:04] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-0913.log
[MD5.4AC64A0833A6AA8670D5950BAA51858D] - |A| - [20/03/2018 19:33:50] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-1833.log
[MD5.61453DA73D9074F351695FB8C238124F] - |A| - [20/03/2018 20:34:57] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180320-1934.log
[MD5.85E18FB78EC8F2890A005C4E41D55843] - |A| - [21/03/2018 10:23:26] - (.-.) - [6.42 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180321-0923.log
[MD5.A5FD75330898AB9CAEF0251FADD1427F] - |A| - [21/03/2018 10:23:36] - (.-.) - [3.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180321-0923a.log
[MD5.29941523D9E06D85318DB976AA21716A] - |A| - [22/03/2018 09:43:06] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180322-0843.log
[MD5.AA9202CCEE39440C1D5FA05968E9B5D6] - |A| - [22/03/2018 10:04:52] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180322-0904.log
[MD5.7C8588E2CF6A52B64873B143AB6C3E86] - |A| - [22/03/2018 10:12:49] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180322-0912.log
[MD5.C2521CC66B329A31F9568EB5A45B3063] - |A| - [22/03/2018 10:23:34] - (.-.) - [7.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180322-0923.log
[MD5.5F3A5A317213DC2CD224D5E454040930] - |A| - [23/03/2018 09:21:50] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0821.log
[MD5.14F4C33AAAB9B361FC94C1645AA3C990] - |A| - [23/03/2018 09:24:59] - (.-.) - [9.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0824.log
[MD5.CA6E82CCA42431AD2B6455B6F1DDEA55] - |A| - [23/03/2018 09:24:59] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0824a.log
[MD5.FDF677F2CD79B870286E2A3FA532D3DF] - |A| - [23/03/2018 09:25:20] - (.-.) - [35.95 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0825.log
[MD5.11F93DE6BF4A06B0A8C5581D2C02F2BF] - |A| - [23/03/2018 09:43:25] - (.-.) - [3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0843.log
[MD5.6FDDE92A475FA4980D7D4050304D71DD] - |A| - [23/03/2018 10:04:51] - (.-.) - [2.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0904.log
[MD5.5BEEABC54D0D626988EB0DC06D439C5C] - |A| - [23/03/2018 10:12:50] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0912.log
[MD5.FCC8B4BF957B130785090F82EFD3EFAE] - |A| - [23/03/2018 10:23:34] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-0923.log
[MD5.99A9CAF98B6E6B4BABB5727A0A7353E5] - |A| - [23/03/2018 20:28:51] - (.-.) - [7.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-1928.log
[MD5.600C6DAE7F04C722FE711F8CE0AC23CF] - |A| - [23/03/2018 20:34:55] - (.-.) - [3.01 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180323-1934.log
[MD5.29B4AEB748DB8B175B67088397A260AB] - |A| - [24/03/2018 14:52:11] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180324-1352.log
[MD5.D864D46612B99BFF01DC443A03337194] - |A| - [25/03/2018 19:02:15] - (.-.) - [8.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1902.log
[MD5.42E4F721D6CAD86F150BBF73BA6797AA] - |A| - [25/03/2018 19:03:15] - (.-.) - [47.94 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1903.log
[MD5.D5868062BA56D000DF791731E3B9E531] - |A| - [25/03/2018 19:04:41] - (.-.) - [10.75 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1904.log
[MD5.8BA9FB9AF8358AEA50E21DAB262EF92E] - |A| - [25/03/2018 19:05:01] - (.-.) - [287.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1905.log
[MD5.EB8D9BA46D5673BAF56C6D140B38B7A0] - |A| - [25/03/2018 19:06:11] - (.-.) - [10.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1906.log
[MD5.260FECFD4E729467D6A8DAB8C7E4220D] - |A| - [25/03/2018 19:06:26] - (.-.) - [26.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180325-1906a.log
[MD5.73BB113DF574D474000045AFBDD816CA] - |A| - [26/03/2018 19:17:35] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180326-1917.log
[MD5.A4D5F07091954A02787A9E8F9C105AB7] - |A| - [27/03/2018 19:05:45] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180327-1905.log
[MD5.3E54FC0C5303B132AF9D3109D0C2D5BA] - |A| - [27/03/2018 19:06:43] - (.-.) - [11.33 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180327-1906.log
[MD5.699A0F36258A7A46C3294DEFB9E3A10D] - |A| - [27/03/2018 19:07:04] - (.-.) - [58.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180327-1907.log
[MD5.B2A5ECD12EF665F9784778BCB13F083D] - |A| - [27/03/2018 19:14:41] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180327-1914.log
[MD5.9B30877C9075458474EBAD410FDFEDC8] - |A| - [28/03/2018 21:38:07] - (.-.) - [6.82 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180328-2138.log
[MD5.575DB2D173AD18CE50699C10D312E6DA] - |A| - [29/03/2018 06:36:19] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180329-0636.log
[MD5.ECAB946B071D920DF203452815B3ADA2] - |A| - [29/03/2018 06:37:04] - (.-.) - [4.26 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180329-0637.log
[MD5.1E287FAEA73F7101FDA1C447B1611C33] - |A| - [29/03/2018 19:48:30] - (.-.) - [2.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180329-1948.log
[MD5.3617023E98B67941ECAB83A8606B41E7] - |A| - [29/03/2018 21:36:36] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180329-2136.log
[MD5.63A3B01EC1810E21BCB529A038352527] - |A| - [30/03/2018 15:02:51] - (.-.) - [9.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180330-1502.log
[MD5.937FA44A8F261D9D0312B03EEDFDCAF0] - |A| - [30/03/2018 15:02:54] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180330-1502a.log
[MD5.D3A6AB7B57E581ACFEDBF62B124A9325] - |A| - [31/03/2018 09:16:30] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180331-0916.log
[MD5.74F27F5C4AF26498FE000AEDF12DACC3] - |A| - [31/03/2018 09:17:07] - (.-.) - [4.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180331-0917.log
[MD5.A7FFC35666DAEC1FD9CF90E5828B08FF] - |A| - [31/03/2018 15:00:56] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180331-1500.log
[MD5.ABD61DFEA05EEBAE6D7992CF5CD22BA0] - |A| - [01/04/2018 08:24:42] - (.-.) - [9.74 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-0824.log
[MD5.6897731202204A18CBEA417BEAD7EB03] - |A| - [01/04/2018 08:25:40] - (.-.) - [11.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-0825.log
[MD5.A10D90C1F676533E8049A0A3212235C5] - |A| - [01/04/2018 09:17:02] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-0917.log
[MD5.DD9D9E19C342059C50347124E2B6EB2F] - |A| - [01/04/2018 09:29:07] - (.-.) - [4.27 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-0929.log
[MD5.D4FB90BDF29692E3D3D2AC6736F0BF95] - |A| - [01/04/2018 15:33:21] - (.-.) - [296.29 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-1533.log
[MD5.CD7670AE9F405B24A0507997E73E1CD4] - |A| - [01/04/2018 15:50:59] - (.-.) - [9.55 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-1550.log
[MD5.04FBDB4282E792F45B0810C23B6729B2] - |A| - [01/04/2018 16:20:51] - (.-.) - [11.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-1620.log
[MD5.36B289AF7EE6AF71870A31EBB1D5BA1F] - |A| - [01/04/2018 16:50:54] - (.-.) - [9.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180401-1650.log
[MD5.8E1721CA50796DD27A83CC07C06C6747] - |A| - [02/04/2018 10:42:28] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180402-1042.log
[MD5.848888A49FDAFB052DB63A313A710ED6] - |A| - [03/04/2018 21:48:56] - (.-.) - [9.76 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180403-2148.log
[MD5.BFE30990502F8AA1E74E45287453D4A6] - |A| - [03/04/2018 21:48:56] - (.-.) - [6.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180403-2148a.log
[MD5.E2F0614BCEB51D03E47758F421468C70] - |A| - [03/04/2018 21:49:36] - (.-.) - [96.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180403-2149.log
[MD5.DDEBEECAC1B1A9EAD0C15FEF874EF051] - |A| - [04/04/2018 18:09:58] - (.-.) - [3.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180404-1809.log
[MD5.7866E419EF2711A22AC3578B9EA0CEBC] - |A| - [05/04/2018 20:18:34] - (.-.) - [6.44 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180405-2018.log
[MD5.F4542DF24A6E1AD0B1460F1FCDDBC7B6] - |A| - [05/04/2018 21:44:11] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180405-2144.log
[MD5.AB157F075D4B1D1DAD7A319C9B84BE53] - |A| - [06/04/2018 06:45:02] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180406-0645.log
[MD5.D9B5EEBB74D6AE196782E9E783D1B8BB] - |A| - [06/04/2018 06:46:55] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180406-0646.log
[MD5.D4251E70E733D8080331643C31576328] - |A| - [06/04/2018 06:51:11] - (.-.) - [11.64 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180406-0651.log
[MD5.8765C152A848C0161891D830F9686F64] - |A| - [06/04/2018 06:51:32] - (.-.) - [34.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180406-0651a.log
[MD5.9893952886C99A5376F901CF51FEC418] - |A| - [09/04/2018 13:42:38] - (.-.) - [9.53 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1342.log
[MD5.3EB9A177DB1F36D40CBB3643686A413B] - |A| - [09/04/2018 13:42:41] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1342a.log
[MD5.97468ECC48FAC2A633974CC356A45FB2] - |A| - [09/04/2018 13:43:12] - (.-.) - [50.83 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1343.log
[MD5.F8C5BEAA91239B58EA40930F5F0896FA] - |A| - [09/04/2018 13:45:04] - (.-.) - [169.37 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1345.log
[MD5.E80A982E039DF0EBAAC3B0030299737C] - |A| - [09/04/2018 13:46:16] - (.-.) - [9.81 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1346.log
[MD5.4F37CC04675BDAD662D241FB57CF06CC] - |A| - [09/04/2018 13:46:41] - (.-.) - [38.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180409-1346a.log
[MD5.A17623998EC7612964758E2367D09299] - |A| - [10/04/2018 07:18:01] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180410-0718.log
[MD5.06D82B1471981624A07CBF88FDD34628] - |A| - [10/04/2018 07:18:12] - (.-.) - [8.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180410-0718a.log
[MD5.7AC61F4D54143BF7F83EB8AA95E8837D] - |A| - [10/04/2018 08:39:59] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180410-0839.log
[MD5.C6FCF4A03E7B07BAF257C0B6B068AEA2] - |A| - [11/04/2018 00:20:00] - (.-.) - [99.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180411-0020.log
[MD5.229E16E7756A302D38090AF3521193FD] - |A| - [11/04/2018 12:18:46] - (.-.) - [6.96 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180411-1218.log
[MD5.D2837D6CF58CD5303A5816770C39C5F4] - |A| - [11/04/2018 12:18:53] - (.-.) - [16.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180411-1218a.log
[MD5.D96D89DE970536BB92C2FE8D30E066AA] - |A| - [11/04/2018 12:20:15] - (.-.) - [58.32 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180411-1220.log
[MD5.5578C593BFB38980739659FD1104C3E0] - |A| - [11/04/2018 12:27:38] - (.-.) - [10.07 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180411-1227.log
[MD5.D13B9D66B8BB71ED9C7B30E45F6B37E7] - |A| - [12/04/2018 08:52:19] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180412-0852.log
[MD5.AACEAE6955FAF2DF6723510755A7FC7E] - |A| - [12/04/2018 08:54:11] - (.-.) - [10.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180412-0854.log
[MD5.20F42DFCB85C6A7ACB78B2CD6F53D919] - |A| - [12/04/2018 12:17:04] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180412-1217.log
[MD5.0C532987D000A36EA0B75B24049F3293] - |A| - [13/04/2018 19:20:51] - (.-.) - [6.45 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180413-1920.log
[MD5.7896E6403E7DF3499E276BB6999321CD] - |A| - [13/04/2018 19:27:21] - (.-.) - [18.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180413-1927.log
[MD5.DAF41CF438613571939BBA3D12444933] - |A| - [13/04/2018 19:28:01] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180413-1928.log
[MD5.DFF68B41C09C3D33A8E14B935E029F5C] - |A| - [15/04/2018 09:52:10] - (.-.) - [8.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180415-0952.log
[MD5.ECEE953F203FEF43FD9192796432F7AF] - |A| - [15/04/2018 09:56:54] - (.-.) - [233.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180415-0956.log
[MD5.365B5F577DBE55F0BA7AF237078EF0D6] - |A| - [15/04/2018 10:28:51] - (.-.) - [15.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180415-1028.log
[MD5.9E568BAA0A4D100CE7DA8A17CED61DD7] - |A| - [15/04/2018 10:31:03] - (.-.) - [92.24 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180415-1031.log
[MD5.6674DADE9D1E230EBA8EDAEA513CF1A8] - |A| - [16/04/2018 07:25:30] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180416-0725.log
[MD5.EFAE4E05B0928CF925499D1384C1BEFF] - |A| - [16/04/2018 07:26:20] - (.-.) - [8.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180416-0726.log
[MD5.623BC9219588757EBE9982F5C39D48FF] - |A| - [16/04/2018 07:26:38] - (.-.) - [37.66 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180416-0726a.log
[MD5.B80AED2BA51310C1EC1C68F3E23DDE05] - |A| - [17/04/2018 19:38:16] - (.-.) - [6.48 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180417-1938.log
[MD5.8F073066F1D93614498A5D1C5240B208] - |A| - [17/04/2018 19:45:25] - (.-.) - [16.35 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180417-1945.log
[MD5.5F34A8911005BA9077BD0067C12C4600] - |A| - [17/04/2018 19:46:40] - (.-.) - [35.61 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180417-1946.log
[MD5.711566552D521482BC6FD17416EBC0AC] - |A| - [18/04/2018 14:39:31] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180418-1439.log
[MD5.094793D28379C89DD5403828887C0FDB] - |A| - [18/04/2018 14:44:56] - (.-.) - [9.23 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180418-1444.log
[MD5.83C95E01FF8E553F0164D434F8C834AA] - |A| - [18/04/2018 14:45:46] - (.-.) - [35.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180418-1445.log
[MD5.EF99F2DA3432B496440693953D38B211] - |A| - [18/04/2018 19:37:23] - (.-.) - [3.12 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180418-1937.log
[MD5.5AD9E704444E3C868F46F22FC4BACFE2] - |A| - [19/04/2018 13:59:49] - (.-.) - [6.47 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180419-1359.log
[MD5.965E47931E44282CF1BBC65750371331] - |A| - [19/04/2018 14:02:06] - (.-.) - [17.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180419-1402.log
[MD5.491A09AA75E7D51918228BBB34EE40E6] - |A| - [19/04/2018 14:03:17] - (.-.) - [34.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180419-1403.log
[MD5.4D37E8D7D9AB3A3897D2BFACF64F9753] - |A| - [19/04/2018 14:39:39] - (.-.) - [3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180419-1439.log
[MD5.E81AC613C58CAA3124C6AC1F8775CCF6] - |A| - [19/04/2018 19:36:52] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180419-1936.log
[MD5.60455F4385425CCBE85F993775D1FEF5] - |A| - [20/04/2018 08:20:04] - (.-.) - [2.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-0820.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2018 19:23:39] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1923.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [20/04/2018 19:23:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1923a.log
[MD5.A15F8A00417DFB93417FD8BD82748ECB] - |A| - [20/04/2018 19:25:20] - (.-.) - [37.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1925.log
[MD5.46C3914C7570740D0763F009CD86E23F] - |A| - [20/04/2018 19:26:11] - (.-.) - [54.54 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1926.log
[MD5.BCF6C654F6DB0D374E2B64764A64B77A] - |A| - [20/04/2018 19:30:19] - (.-.) - [8.67 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1930.log
[MD5.8741AEADBD7F19258D34C069F7C7DCFF] - |A| - [20/04/2018 19:32:42] - (.-.) - [306.28 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1932.log
[MD5.0F77AF13549345113C22FF1A88210F51] - |A| - [20/04/2018 19:34:44] - (.-.) - [10.34 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1934.log
[MD5.0D13AC47C2FE9434F3C54EC67DB1DEF0] - |A| - [20/04/2018 19:35:13] - (.-.) - [28.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1935.log
[MD5.1F6AF9274559727A1BF5DB08DC85FB45] - |A| - [20/04/2018 19:37:26] - (.-.) - [8.69 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180420-1936.log
[MD5.74210D07BFBF1236CDFCB3E76D6F4BE7] - |A| - [21/04/2018 07:22:28] - (.-.) - [6.98 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180421-0722.log
[MD5.BD2E7BB71A37C204993D175C94101C4C] - |A| - [21/04/2018 07:24:33] - (.-.) - [8.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180421-0724.log
[MD5.0BF1727C76564104CF0D6EA917C120B1] - |A| - [21/04/2018 08:54:40] - (.-.) - [2.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180421-0854.log
[MD5.2F3DE21CEC2A004EC26462BBD2CE8AD8] - |A| - [22/04/2018 08:44:03] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180422-0844.log
[MD5.01CB628B30F071187BEED76B5FDCDE62] - |A| - [22/04/2018 08:46:19] - (.-.) - [17.4 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180422-0846.log
[MD5.6DC11295E9A1A67F7ECDF516EA5652CC] - |A| - [22/04/2018 08:47:09] - (.-.) - [57.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180422-0847.log
[MD5.D21BB51E36632D3A7CF71ED2B68DD906] - |A| - [22/04/2018 08:58:01] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180422-0858.log
[MD5.EE90FE7C9EBDD9C0DC5142A02B61486D] - |A| - [23/04/2018 08:16:11] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180423-0816.log
[MD5.AE86C09632CCDE2D10C15E6CE81AF7EA] - |A| - [23/04/2018 08:19:24] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180423-0819.log
[MD5.187792BE45994D490356262286F9D256] - |A| - [23/04/2018 08:44:18] - (.-.) - [7.31 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180423-0844.log
[MD5.D95288A5AAF09587FA00FE73233B0A48] - |A| - [23/04/2018 08:54:38] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180423-0854.log
[MD5.D43CBF8982432085A02CD7E177D73CC0] - |A| - [23/04/2018 09:31:18] - (.-.) - [16.16 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180423-0931.log
[MD5.1C43A9B969AFFDB85CC31722CD250FFF] - |A| - [24/04/2018 15:43:36] - (.-.) - [7.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180424-1543.log
[MD5.81E707501B094B43F6DF7E1720143B27] - |A| - [24/04/2018 15:48:52] - (.-.) - [15.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180424-1548.log
[MD5.3BBFDB36187F9B8F1B8B33FC0E27BCCD] - |A| - [25/04/2018 11:34:51] - (.-.) - [8.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180425-1134.log
[MD5.C2ECFC0744C07806238FA63761DA965A] - |A| - [25/04/2018 11:34:51] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180425-1134a.log
[MD5.B0DAC2AD79CE2983F5CDC9E38475B546] - |A| - [25/04/2018 21:41:32] - (.-.) - [7.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180425-2141.log
[MD5.08DD66828E6DCC1757F0C8C77C128E92] - |A| - [26/04/2018 07:25:35] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0725.log
[MD5.CEFFE4EA2664DC54EAC7E616EF24E08C] - |A| - [26/04/2018 07:25:35] - (.-.) - [15.63 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0725a.log
[MD5.0C44A813428EF1E4244E24808F005078] - |A| - [26/04/2018 08:18:03] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0818.log
[MD5.404524E9EA695F4445A046AF24BB7A09] - |A| - [26/04/2018 08:44:18] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0844.log
[MD5.1B2E045C635A173A941BAB3B529A1F5A] - |A| - [26/04/2018 08:54:43] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0854.log
[MD5.E137DA61D0FFDAB7138F9B5A1D68990F] - |A| - [26/04/2018 08:56:15] - (.-.) - [3.91 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-0856.log
[MD5.18E3F8ABDDF96A051CF979261966F939] - |A| - [26/04/2018 11:28:47] - (.-.) - [11.97 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-1128.log
[MD5.59D822FB5F9C12084A6CC16252F3A430] - |A| - [26/04/2018 19:04:27] - (.-.) - [8.7 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180426-1904.log
[MD5.23DE61CCE461CCF8686E692FA0FD534E] - |A| - [27/04/2018 07:28:55] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180427-0728.log
[MD5.7DF54F8B15135F113D37BDA7B0CEAED3] - |A| - [28/04/2018 07:00:01] - (.-.) - [66.13 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-0700.log
[MD5.0E53E00306A80671359622F375279FE9] - |A| - [28/04/2018 07:13:02] - (.-.) - [15.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-0713.log
[MD5.0447AE7CEE93535BDB10926A653A3D92] - |A| - [28/04/2018 19:25:05] - (.-.) - [12.5 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-1925.log
[MD5.2D92314BAB490EA427DE09A192B76033] - |A| - [28/04/2018 19:35:57] - (.-.) - [8.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-1935.log
[MD5.06467600495CDF44EFE6D1F8C7D75DE7] - |A| - [28/04/2018 20:08:07] - (.-.) - [9.22 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-2008.log
[MD5.8D7ED3D595D5BFF2D09B3136903DF158] - |A| - [28/04/2018 20:18:31] - (.-.) - [12.56 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-2018.log
[MD5.1A58F46876AE3BEAEF7901AB8F84B399] - |A| - [28/04/2018 20:30:48] - (.-.) - [49.2 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-2030.log
[MD5.46B3DF023C8C84A6B7D5134F240BFEF2] - |A| - [28/04/2018 20:41:19] - (.-.) - [8.68 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180428-2041.log
[MD5.406EA5A381B076883F07640B44B87AE6] - |A| - [29/04/2018 09:28:17] - (.-.) - [6.46 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180429-0928.log
[MD5.1B03DF64EF5FAE53FF6061E625728B1D] - |A| - [29/04/2018 09:28:17] - (.-.) - [15.6 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180429-0928a.log
[MD5.1329199C40D5A63CBEACF67384D80001] - |A| - [29/04/2018 19:30:39] - (.-.) - [10.3 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180429-1930.log
[MD5.AFFD0C5F2A50EC197D1C936A2B4B8291] - |A| - [29/04/2018 19:41:46] - (.-.) - [9.06 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\PATRICK-20180429-1941.log
[MD5.00000000000000000000000000000000] - |D| - [14/01/2018 14:17:58] - [264 Ko] - C:\WINDOWS\Temp\Snappy.NET-1.1.1.8
[MD5.CB8458307BDA56929CEE2B2EFB810B68] - |AT| - [17/01/2018 22:51:15] - (.-.) - [5412 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\WAXCD98.tmp
[MD5.00000000000000000000000000000000] - |D| - [23/04/2018 11:10:40] - [0 Ko] - C:\WINDOWS\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 15:41:41] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [29/09/2017 15:41:27] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [29/09/2017 15:41:47] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 15:41:33] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.C2A332DE50FE519DA21AFB8BD6E134F4] - |A| - [29/09/2017 15:41:50] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.A119D69B4C29845D3F8CE2E5638C8E65] - |A| - [29/09/2017 15:41:56] - (.-.) - [0.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 15:41:58] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [29/09/2017 15:42:07] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [29/09/2017 15:41:33] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-black.png
[MD5.DAD405CBDE259DE527EBF71BCC28099C] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.contrast-white.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 15:41:41] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WirelessDisplayToast.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [29/09/2017 15:41:31] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [29/09/2017 15:41:31] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:14] - [2985.4 Ko] - C:\WINDOWS\System32\AdvancedInstallers
[MD5.C03F0062C0749CDB59A4D60862C3E83E] - |A| - [29/09/2017 15:41:25] - (.-.) - [134.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\be-BY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [287 Ko] - C:\WINDOWS\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [4638.66 Ko] - C:\WINDOWS\System32\Boot
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\bs-Latn-BA
[MD5.3B7D067144F242117B7DE592B9466BC7] - |A| - [13/07/2016 17:47:38] - (.Qualcomm Atheros Communications Inc. - Qualcomm Atheros Bluetooth Driver Coinstaller.) - [262.74 Ko] - (1.0.0.0) - C:\WINDOWS\System32\btcoinst.dll
[MD5.62AF8B80DD43C5F6576E68B987BC9217] - |A| - [13/07/2016 17:47:38] - (.Â© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [265.23 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll
[MD5.DCC2E4D9E18D28D6B9EA0830418A5FCE] - |A| - [13/07/2016 17:47:38] - (.Â© Qualcomm Atheros, Inc. - Atheros Bluetooth Module.) - [96.24 Ko] - (8.0.1.302) - C:\WINDOWS\System32\BtContextMenu.dll.muien-US
[MD5.5712256A8FAB555CC50AEAC2A899A17A] - |A| - [29/09/2017 15:41:41] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [180.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0.1 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\System32\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [100091.53 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [46543.89 Ko] - C:\WINDOWS\System32\catroot2
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [23 Ko] - C:\WINDOWS\System32\chr-CHER-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [3080.59 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [358 Ko] - C:\WINDOWS\System32\com
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |A| - [23/11/2015 21:40:48] - (.2013 Â© Real Sound Lab SIA, iSoft Solutions - CONEQÂ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [374766.19 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [53.11 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [346 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [30/12/2015 23:52:34] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CustomModeApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/12/2015 23:52:34] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CustomModeAppv2_0.exe.config
[MD5.66E6010C31A70C8C5C2853AF597D853E] - |A| - [23/11/2015 21:40:48] - (.Â©Conexant Systems Inc. - Conexant APO.) - [1540.02 Ko] - (1.28.0.0) - C:\WINDOWS\System32\CX64APO.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [342 Ko] - C:\WINDOWS\System32\da-DK
[MD5.ACAC0D435BC0ACAD92784D0668AC2D5E] - |A| - [29/09/2017 15:41:38] - (.-.) - [83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [203.41 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [386 Ko] - C:\WINDOWS\System32\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 15:41:26] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultAccountTile.png
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [29/09/2017 15:41:25] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [29/09/2017 15:46:41] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.DCF2510E0745720E543E84F5E921FCC0] - |A| - [05/08/2014 08:34:03] - (.-.) - [256.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dfpinc.dat
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [864.5 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.5FF3FA1BFBB0CD05534F650EA27A6651] - |A| - [29/09/2017 15:41:45] - (.-.) - [90.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:13] - [8759.8 Ko] - C:\WINDOWS\System32\Dism
[MD5.0E2B7D35E3DDD21AF04FB4D98C2BCF7F] - |A| - [30/12/2015 23:52:34] - (.-.) - [308.83 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DisplayAudiox64.cab
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [30/12/2015 23:52:34] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyApp.exe.config
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/12/2015 23:52:34] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DPTopologyAppv2_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:04] - [133716.98 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [1788004.35 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [22/04/2014 18:55:43] - [101.58 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [161.5 Ko] - C:\WINDOWS\System32\dsc
[MD5.DF84EB7B44D1414284BA384F0061D1DC] - |A| - [29/09/2017 15:41:25] - (.-.) - [728.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicLong.bin
[MD5.346870077DFD18867A9693C7A59AA3E6] - |A| - [29/09/2017 15:41:25] - (.-.) - [503.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicMedium.bin
[MD5.2BEC13D68312ADE8C0065D8BCC146D2F] - |A| - [29/09/2017 15:41:25] - (.-.) - [315.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DynamicShort.bin
[MD5.4D1B8C9983D257EE86B6CC57C639E8E5] - |A| - [29/09/2017 15:41:12] - (.-.) - [3.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [381.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.4050DF2C91853BACEAC7F6FD4483C9C6] - |A| - [19/11/2015 13:37:26] - (.-.) - [22.66 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [0 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [271 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [2169.03 Ko] - C:\WINDOWS\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [371.5 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [298.5 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [266.5 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:33] - [28352.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\fa-IR
[MD5.4C3F9C29272215D7C6D07D03BC30E877] - |A| - [30/12/2017 12:02:21] - (.-.) - [953 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessor.dll
[MD5.9100FDF61D7977FD2C2E1D62589171DC] - |A| - [30/12/2017 12:02:21] - (.-.) - [263.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceProcessorCore.dll
[MD5.812CDFD967D2E82A3D24FCAA5784749D] - |A| - [29/09/2017 15:41:33] - (.-.) - [1325.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FaceTrackerInternal.dll
[MD5.E65D2A37B6D4445D0CD9234BA933475B] - |A| - [14/02/2018 10:10:30] - (.-.) - [72.96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FeatureToastHeroImg.jpg
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [346 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\fil-PH
[MD5.5308B2D6CBEEAD98525BD7DCAD57C67F] - |A| - [30/12/2017 12:46:20] - (.-.) - [391.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:04] - [3403 Ko] - C:\WINDOWS\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [306.5 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [45065.6 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\ga-IE
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [29/09/2017 15:42:03] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\System32\gd-GB
[MD5.899E708E589C09700BFF1C73CB7D7002] - |A| - [30/12/2015 23:52:36] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv2_0.exe.config
[MD5.59075B2A63DF6A568123218BF4DC2696] - |A| - [30/12/2015 23:52:36] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Gfxv4_0.exe.config
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\System32\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [284 Ko] - C:\WINDOWS\System32\he-IL
[MD5.4CD16A9C15397E1FAD5F19E35A13BE58] - |A| - [29/09/2017 15:41:27] - (.-.) - [215.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\hi-IN
[MD5.7B22F443577847796E4BB70D3BDBB612] - |A| - [22/04/2014 18:40:09] - (.Â© Copyright 2013 HPDC - Port Monitor Server DLL.) - [395.5 Ko] - (0.3.1282.12202) - C:\WINDOWS\System32\hpbprtmon.dll
[MD5.205DA90FEF81EEA38948F70A784E1A4E] - |A| - [22/04/2014 18:40:09] - (.Â© Copyright 2013 HPDC - Port Monitor UI DLL.) - [221.5 Ko] - (0.3.1282.12202) - C:\WINDOWS\System32\hpbprtmonui.dll
[MD5.0028C9BB7E220D951E0EAE196949B108] - |A| - [22/04/2014 18:40:09] - (.Â© Copyright 2013 HPDC - Real Port Monitor DLL.) - [415 Ko] - (0.3.1282.12202) - C:\WINDOWS\System32\hpbrprtmon.dll
[MD5.1A4695BDC5017B37E6D23A88CFEC0760] - |A| - [04/11/2013 12:54:44] - (.Copyright (C) 2011 -.) - [114.5 Ko] - (1.3.0.0) - C:\WINDOWS\System32\HPMUIDir.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [13/07/2014 11:31:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [278 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [352.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\System32\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:33] - [124.21 Ko] - C:\WINDOWS\System32\hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [29/09/2017 15:41:23] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.69EA6698680C130BB37C7CE74B70E583] - |A| - [03/05/2016 23:30:46] - (.-.) - [109.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IccLibDll_x64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.FC7A71725A4887AD88FB4A0B764FFBF4] - |RA| - [29/09/2017 15:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1856 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuin.dll
[MD5.FB96578635DB1CFC08871A599539349E] - |RA| - [29/09/2017 15:41:30] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1309.5 Ko] - (59.1.0.0) - C:\WINDOWS\System32\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\id-ID
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\System32\ig-NG
[MD5.B6E428E02148357877B157CC0639DA9E] - |A| - [03/05/2016 23:30:44] - (.-.) - [175.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdail64.dll
[MD5.3E492F4CC8B2A725C51B68086593CCA1] - |A| - [03/05/2016 23:30:46] - (.-.) - [233.01 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igdde64.dll
[MD5.8D48192378591B7020555BE0F2053F7D] - |A| - [03/05/2016 23:30:46] - (.Copyright (C) 2012-2013 - MDF(CM) Runtime DX11 Dynamic Link Library.) - [197.51 Ko] - (3.0.0.1284) - C:\WINDOWS\System32\igfx11cmrt64.dll
[MD5.99381DBFE7D1EC55EBFFC818D5B4C261] - |A| - [03/05/2016 23:30:46] - (.Copyright (C) 2010 - 2013 - MDF(CM) JIT Dynamic Link Library.) - [1996.51 Ko] - (3.0.0.1284) - C:\WINDOWS\System32\igfxcmjit64.dll
[MD5.FA1BC8B5D88A67BF5893BEB18729E0D8] - |A| - [03/05/2016 23:31:28] - (.Copyright (C) 2010 - 2013 - MDF(CM) Runtime Dynamic Link Library.) - [204.73 Ko] - (3.0.0.1284) - C:\WINDOWS\System32\igfxcmrt64.dll
[MD5.BE8148B25062A0008741050DDC831CD3] - |A| - [03/05/2016 23:30:46] - (.-.) - [266.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCPL.cpl
[MD5.A93B4E0D9F460480D6273A3D77CBC41B] - |A| - [03/05/2016 23:30:46] - (.-.) - [101.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\igfxCUIServicePS.dll
[MD5.2645C797FA81819282FFA26F1B1743B2] - |A| - [03/05/2016 23:30:46] - (.-.) - [75.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLib.dll
[MD5.78D2D935BE4765FDB8161552F2522181] - |A| - [03/05/2016 23:30:46] - (.-.) - [85.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDHLibv2_0.dll
[MD5.C6B5714EE703CE75BF4CC2F0A068C7C2] - |A| - [03/05/2016 23:30:46] - (.-.) - [27.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILib.dll
[MD5.B4607D004BAC24D0204FB60FC5A28D48] - |A| - [03/05/2016 23:30:46] - (.-.) - [27.51 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxDILibv2_0.dll
[MD5.BDB7715B7121BAC65B49ED1A20EB4762] - |A| - [03/05/2016 23:30:46] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLib.dll
[MD5.DC09F79852DFE9A957ADC4A917AAE29D] - |A| - [03/05/2016 23:30:46] - (.-.) - [27.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxEMLibv2_0.dll
[MD5.CE12AB540A39C6D695DD556118150A2D] - |A| - [03/05/2016 23:30:46] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLib.dll
[MD5.26D5D96A154CA199F3F11DCE1242B29F] - |A| - [03/05/2016 23:30:46] - (.-.) - [22.01 Ko] - (1.0.0.0) - C:\WINDOWS\System32\igfxLHMLibv2_0.dll
[MD5.6C0F36ABFE80433B352FA7748ED887BF] - |A| - [30/12/2015 23:52:52] - (.-.) - [2748 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.cpa
[MD5.2FCCF7939D4D3F392AB3C0F5F40039DD] - |A| - [30/12/2015 23:52:52] - (.-.) - [1.1 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxa64.vp
[MD5.B226B85123619EF1394339C1B5EB5A8D] - |A| - [30/12/2015 23:52:52] - (.-.) - [42.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64.vp
[MD5.55C71EDC47B57E5115B40095EEC9E205] - |A| - [30/12/2015 23:52:52] - (.-.) - [42.79 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxc64_dev.vp
[MD5.94ED4F871997E5DFC610DC1649C38911] - |A| - [30/12/2015 23:52:52] - (.-.) - [42.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64.vp
[MD5.04590E9E52E13EF34B2AA02C7EA2431B] - |A| - [30/12/2015 23:52:52] - (.-.) - [42.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxg64_dev.vp
[MD5.3B6EF4F03F2DE75A3B7DDF627A3EC146] - |A| - [30/12/2015 23:52:52] - (.-.) - [42.99 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64.vp
[MD5.715DBDBED4599E798F94EDF6003F75B6] - |A| - [30/12/2015 23:52:52] - (.-.) - [41.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxo64_dev.vp
[MD5.6E9392C7BC5A96AAC89882D910A6F2AD] - |A| - [30/12/2015 23:52:52] - (.-.) - [2.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\iglhxs64.vp
[MD5.19C3C8394B1A8EBE7CF61A8C0221C024] - |A| - [29/09/2017 15:41:25] - (.-.) - [168.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [24877.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [4829.26 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.B98C0E77C3C1034303C20843DE05455E] - |A| - [29/09/2017 15:41:31] - (.-.) - [180.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [6484 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.3FF007DCE48038E858DA50353324D50D] - |A| - [03/05/2016 23:30:46] - (.Copyright Â© The Khronos Group Inc 2011 - OpenCL Client DLL.) - [79.51 Ko] - (1.2.11.0) - C:\WINDOWS\System32\Intel_OpenCL_ICD64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\is-IS
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [371.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [270.91 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.F0CC83E1BA7E24F9B3292160C28AECD7] - |A| - [29/09/2017 15:41:25] - (.-.) - [145.56 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [33 Ko] - C:\WINDOWS\System32\lb-LU
[MD5.FDB03E10C048F68C50D2949A4907FF18] - |A| - [20/09/2012 17:02:06] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2401.3 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [212.14 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\System32\lo-LA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [12768.63 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.1C1C3C5D7DF9D6B19410168E7724F48E] - |A| - [20/09/2012 17:02:06] - (.Copyright Â© 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3841.3 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [274.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [276 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:33] - [91192.51 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.B209D959831AEF092817ECF8756F71B3] - |A| - [29/09/2017 15:41:58] - (.-.) - [776 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.69D04DE701CF1E8CE69C65D1671D2B3F] - |A| - [29/09/2017 15:41:25] - (.-.) - [107.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.82A0AAB105316A159E4FC15EE6E6612D] - |A| - [22/04/2014 19:18:54] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ndCPrepLog
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [384 Ko] - C:\WINDOWS\System32\NDF
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\ne-NP
[MD5.2503E79394065F26C2F01016A2965CE6] - |A| - [03/06/2017 09:34:29] - (.-.) - [72.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [29/09/2017 15:42:03] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [51 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [359.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [3781.5 Ko] - C:\WINDOWS\System32\Nui
[MD5.5D4A5E27D573738E0C8C8FF4C0715DAF] - |A| - [29/09/2017 15:46:43] - (.-.) - [17.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-black.png
[MD5.BFE1CCA08FEFC8A3422F7DA615567D75] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.contrast-white.png
[MD5.F3DC097E834C1A11F2BEDFD429C644A9] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OkDone_80.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [13570.09 Ko] - C:\WINDOWS\System32\oobe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\or-IN
[MD5.459FB33AA2114A28C5932FEAA115B072] - |A| - [29/09/2017 15:41:25] - (.-.) - [45.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\pa-IN
[MD5.70CF1DB5AA32FE67923C6BDD3F7128D0] - |A| - [29/09/2017 15:48:30] - (.-.) - [224.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.CB59214CCAB10BE3334ECA8A5048D225] - |A| - [30/09/2017 16:40:07] - (.-.) - [256.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc00C.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [29/09/2017 15:48:30] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.9F9AF8517189B0D61B2615007E071084] - |A| - [30/09/2017 16:40:07] - (.-.) - [39.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd00C.dat
[MD5.2BD96F47A75AB2DC61ED7CDCE54D0383] - |A| - [29/09/2017 15:48:30] - (.-.) - [850.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.D5B506E5C31EAFE55FFDA4BFE9FD6122] - |A| - [30/09/2017 16:40:07] - (.-.) - [1126.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh00C.dat
[MD5.45DED38EB55B712AF7AF6FDEA7FBB556] - |A| - [30/12/2017 12:52:18] - (.-.) - [2466.49 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [358.5 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [673 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [420.42 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\System32\ProximityToast
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\prs-AF
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [29/09/2017 15:42:04] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [359.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [355 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [29/09/2017 15:41:23] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.45B13DCD38BD8D5400FCAD7488B3A776] - |A| - [30/12/2015 23:53:10] - (.-.) - [161.07 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resARA.cui
[MD5.6659852D082515116691907217EE12CF] - |A| - [30/12/2015 23:53:10] - (.-.) - [145.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resCHS.cui
[MD5.4C753D32EE16231059379157A5F13EB2] - |A| - [30/12/2015 23:53:10] - (.-.) - [146.41 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resCHT.cui
[MD5.7EE04EA51220641630C60B6C1D381766] - |A| - [30/12/2015 23:53:10] - (.-.) - [152.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resCSY.cui
[MD5.7500547A42B144BAECCF3FB2F8C394AC] - |A| - [30/12/2015 23:53:10] - (.-.) - [149.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resDAN.cui
[MD5.90B669D2378C6C604C66E7A3EF10A30E] - |A| - [30/12/2015 23:53:10] - (.-.) - [154.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resDEU.cui
[MD5.02233DAB3FA1D7E0D29E4A92E39B27EA] - |A| - [30/12/2015 23:53:10] - (.-.) - [179.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resELL.cui
[MD5.2A494F1A69642804A69EEC07B1961DDA] - |A| - [30/12/2015 23:53:10] - (.-.) - [148.13 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resENU.cui
[MD5.93BFE18055C725BE62F326BF21A8BBEE] - |A| - [30/12/2015 23:53:10] - (.-.) - [153.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resESN.cui
[MD5.D2DC0F286A18CD604D614796EEF43DD7] - |A| - [30/12/2015 23:53:10] - (.-.) - [151.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resFIN.cui
[MD5.DF222231EEB1A30C571C939E8D093B3E] - |A| - [30/12/2015 23:53:10] - (.-.) - [155.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resFRA.cui
[MD5.6CFDEC7F925B4FB7B790691604CB45D8] - |A| - [30/12/2015 23:53:10] - (.-.) - [160.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resHEB.cui
[MD5.7D71A8DA29E4793E4903A69F7E1904DB] - |A| - [30/12/2015 23:53:10] - (.-.) - [151.43 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resHRV.cui
[MD5.2E20C34A1C4187F74B595095E588B661] - |A| - [30/12/2015 23:53:10] - (.-.) - [155.99 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resHUN.cui
[MD5.C4635F995A560E940CB53D856C4C2262] - |A| - [30/12/2015 23:53:10] - (.-.) - [154.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resITA.cui
[MD5.0B3FF7F09EE2F2CB46E5A6666295E8F4] - |A| - [30/12/2015 23:53:10] - (.-.) - [160.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resJPN.cui
[MD5.7A746D9E4CE17816EF79A9D281549C9C] - |A| - [30/12/2015 23:53:10] - (.-.) - [154.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resKOR.cui
[MD5.F437178473513F674448DDD563E21EC6] - |A| - [30/12/2015 23:53:10] - (.-.) - [153.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resNLD.cui
[MD5.C0E4A8CD76BAF7E34DD884C2B11F9157] - |A| - [30/12/2015 23:53:10] - (.-.) - [149.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resNOR.cui
[MD5.8DA2EE8AF3BA9795D5858A03419E2582] - |A| - [30/12/2015 23:53:10] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resPLK.cui
[MD5.E17EAD4E09FB96BD6DB717CB605B17F1] - |A| - [29/09/2017 15:42:06] - (.-.) - [8.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.8286304CD9A20E2A4621D931F1CEF5CB] - |A| - [29/09/2017 15:42:06] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.7FF2CC47007D028C70D260CD3BE3A3E9] - |A| - [30/12/2015 23:53:10] - (.-.) - [152.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resPTB.cui
[MD5.53BC9C2E21EFB2F6383316B8F7E49B5E] - |A| - [30/12/2015 23:53:10] - (.-.) - [152.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resPTG.cui
[MD5.DD636076410053695210D7FE335B4612] - |A| - [30/12/2015 23:53:10] - (.-.) - [153.97 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resROM.cui
[MD5.D49A6F32AF0C0CACD3E28011752CD7BB] - |A| - [30/12/2015 23:53:10] - (.-.) - [175.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resRUS.cui
[MD5.BE427823C85F7356B08F87D7A3652A0F] - |A| - [30/12/2015 23:53:10] - (.-.) - [153.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resSKY.cui
[MD5.790ABA99CCCA436A7F14BED99054676C] - |A| - [30/12/2015 23:53:10] - (.-.) - [150.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resSLV.cui
[MD5.B61D17AB060B76EF699D5C561DF5937D] - |A| - [30/12/2015 23:53:10] - (.-.) - [151 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resSVE.cui
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-black.png
[MD5.DF286186041C6BF73C5DC21CEEEFFED5] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.contrast-white.png
[MD5.831C579709F4761E4AB7053FCF4176EC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\RestartNowPower_80.png
[MD5.F92CD71D1F33737C1B44520A4FA46F41] - |A| - [30/12/2015 23:53:10] - (.-.) - [186.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resTHA.cui
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.6811F7D1D1DD791AD5EF4B34021DDA41] - |A| - [30/12/2015 23:53:10] - (.-.) - [152.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\resTRK.cui
[MD5.69337631E82DBD2E53FF57163EA83F1D] - |A| - [22/04/2014 18:41:51] - (.-.) - [14.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\results.xml
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [23/11/2015 21:41:19] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [23/11/2015 21:41:19] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [23/11/2015 21:41:23] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [23/11/2015 21:41:23] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [23/11/2015 21:41:23] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [23/11/2015 21:41:23] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.F0908588473B8D92BD62D6C99C3739BB] - |A| - [10/04/2018 22:15:42] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\runexehelper.exe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\rw-RW
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [29/09/2017 15:43:11] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-black.png
[MD5.E72B1B6800DE45AA9AE7E10F899E5999] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.contrast-white.png
[MD5.2F24BC74DCB28FE032C1596755385917] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.53 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScheduleTime_80.png
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\sd-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [29/09/2017 15:42:04] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\si-LK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [283 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [279.5 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.DBB99601D716F92CDD97CE4E60865319] - |A| - [23/11/2015 21:41:27] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [921.66 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sl3apo64.dll
[MD5.6F8B108E8B57AC88F90D6EA13B2A1755] - |A| - [23/11/2015 21:41:27] - (.Copyright (C) 2011 SRS Labs, Inc. - SRS Labs.) - [1078.16 Ko] - (3.1.38.0) - C:\WINDOWS\System32\slcnt64.dll
[MD5.00000000000000000000000000000000] - |D| - [30/12/2017 12:46:28] - [64423.26 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [52.14 Ko] - C:\WINDOWS\System32\slmgr
[MD5.2E4C258CB2FF3D249FD0ABBCABC664A1] - |A| - [23/11/2015 21:41:27] - (.TODO: (c) <Company name>. - TODO: <File description>.) - [244.66 Ko] - (1.0.0.1) - C:\WINDOWS\System32\slprp64.dll
[MD5.EC05C33DF2CF20D839FE3650505ED6ED] - |A| - [23/11/2015 21:41:27] - (.Copyright (C) 2013 DTS, Inc. - DTS Studio Sound.) - [717.16 Ko] - (3.1.38.0) - C:\WINDOWS\System32\sltech64.dll
[MD5.DAC275ABAAD2B689D7BB3685E4032072] - |A| - [29/09/2017 15:41:25] - (.-.) - [68.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:11] - [13409.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-black.png
[MD5.E30B7D226E7B5B0EC2B9FC2316694ECC] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.contrast-white.png
[MD5.55121989BE7B289813D419BA0FDEE8B7] - |A| - [29/09/2017 15:41:12] - (.-.) - [0.9 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Snooze_80.png
[MD5.8D30AAF519A40D69F6BABFFD60C75E56] - |A| - [14/03/2018 20:56:55] - (.-.) - [37 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [7488.9 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [12685.58 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [240448.74 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [11863.52 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.61 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\System32\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [282 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.A5F6491F71A0DAF25140CA915600AB37] - |A| - [23/11/2015 21:41:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRAPO.DLL.) - [443.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRAPO64.dll
[MD5.48435D12B45AB1F954CB579D1EA15D52] - |A| - [23/11/2015 21:41:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [321.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM.dll
[MD5.18F4327F7A659F4B1017C0E4C03EB50B] - |A| - [23/11/2015 21:41:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRCOM.DLL.) - [360.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRCOM64.dll
[MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 15:42:07] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms-apr.dat
[MD5.047BCF71FB0E5EC754437879E8DAA7F6] - |A| - [29/09/2017 15:42:00] - (.-.) - [56.38 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.D47D28D2AD44318805CF5EF15665D570] - |A| - [23/11/2015 21:41:27] - (.Copyright (c) 2006-2012 Synopsys, Inc. All Rights Reserved - SRRPTR.DLL.) - [1380.64 Ko] - (4.0.0.59) - C:\WINDOWS\System32\SRRPTR64.dll
[MD5.00000000000000000000000000000000] - |D| - [03/06/2017 09:38:38] - [2144.28 Ko] - C:\WINDOWS\System32\SRSLabs
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [23/11/2015 21:41:27] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [23/11/2015 21:41:27] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [40088 Ko] - C:\WINDOWS\System32\sru
[MD5.1BA92CDCF58B0D7D298CC09799B4D431] - |A| - [29/09/2017 15:41:25] - (.-.) - [410 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [341 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\sw-KE
[MD5.CA146D554527E03EE97CB539DD19D848] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [796.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynCOM.dll
[MD5.4B6E766A42B94C14D7A6EB091679D73D] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynTPAPI.) - [282.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynTPAPI.dll
[MD5.51E12820565F26AD1859F17DA12FE060] - |A| - [20/09/2013 07:10:14] - (.Copyright (C) Synaptics Incorporated 1996-2013 - Synaptics Pointing Device Driver Co-Installer.) - [412.73 Ko] - (17.0.15.0) - C:\WINDOWS\System32\SynTPCo19.dll
[MD5.D4F925B962863266B965A43972521943] - |A| - [28/04/2016 00:53:50] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [261.17 Ko] - (19.0.12.98) - C:\WINDOWS\System32\SynTPCo31-1.dll
[MD5.A45DEFEC90B2B15CB32F17BC3231F063] - |A| - [17/07/2015 08:51:46] - (.Copyright (C) Synaptics Incorporated 1996-2015 - Synaptics Pointing Device Driver Co-Installer.) - [249.7 Ko] - (19.0.12.95) - C:\WINDOWS\System32\SynTPCo31.dll
[MD5.991BBE005A8CB7440CB705CC0448F46F] - |A| - [02/09/2016 03:02:54] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [281.09 Ko] - (19.2.4.10) - C:\WINDOWS\System32\SynTPCo41.dll
[MD5.A26472F6B435386B807525434F775902] - |A| - [27/12/2016 03:38:32] - (.Copyright (C) Synaptics Incorporated 1996-2016 - Synaptics Pointing Device Driver Co-Installer.) - [339.09 Ko] - (19.3.11.45) - C:\WINDOWS\System32\SynTPCo54.dll
[MD5.A52459D3D0D67115C4B770F8FAA261CB] - |A| - [18/08/2017 02:23:52] - (.Copyright (C) Synaptics Incorporated 1996-2017 - Synaptics Pointing Device Driver Co-Installer.) - [342.59 Ko] - (19.3.31.31) - C:\WINDOWS\System32\SynTPCo59.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:13] - [1267.91 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [907.28 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\System32\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [730.5 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 23:03:29] - [705.55 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [29/09/2017 15:41:57] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\te-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\System32\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [260 Ko] - C:\WINDOWS\System32\th-TH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [22.5 Ko] - C:\WINDOWS\System32\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\System32\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\System32\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [336 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [29/09/2017 15:42:07] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [29/09/2017 15:42:07] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\System32\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28 Ko] - C:\WINDOWS\System32\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [277.5 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [2739.52 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\System32\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\System32\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\System32\vi-VN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [89115.47 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [97463.65 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [29/09/2017 15:41:40] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:30] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [80245.93 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.1E38A547C9380DAB0F0692E1EE9CC5B3] - |A| - [29/09/2017 15:41:27] - (.-.) - [102.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [14.53 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Media.Shared
[MD5.00000000000000000000000000000000] - |D| - [22/08/2013 17:36:31] - [27.59 Ko] - C:\WINDOWS\System32\WindowsInternal.Inbox.Shared
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [9466.27 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [151352 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [5286.48 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [107.53 Ko] - C:\WINDOWS\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\System32\wo-SN
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [29/09/2017 15:42:07] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.D224E07A6F89FD14C3FD8A83127811CC] - |A| - [29/09/2017 15:41:43] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.39CE9171A0B5BD08244CDD49D849A2AA] - |A| - [23/02/2018 18:23:37] - (.Copyright Â© 2012 Wondershare. -.) - [265 Ko] - (1.0.0.1) - C:\WINDOWS\System32\WSPDFelementMonitor.dll
[MD5.200BCDE9B44C32B1633B68A9AADA8AAA] - |A| - [29/09/2017 15:41:25] - (.-.) - [78 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\System32\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [260.04 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [225.5 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\System32\zu-ZA
[MD5.CB136B267569A62EF63D798BC90ABD5A] - |A| - [19/11/2015 14:16:42] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[MD5.9F45771914360A925252A1B7226EC7EC] - |A| - [19/11/2015 13:50:43] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00EC541EA46F1CFF806E5DC3458D9CB0] - |A| - [30/04/2014 20:47:48] - (.-.) - [140 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\3DAudio.ax
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [29/09/2017 15:42:13] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [29/09/2017 15:42:11] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [29/09/2017 15:42:24] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.DB71001FC261F6685BE410527DAE3942] - |A| - [29/09/2017 15:42:13] - (.-.) - [0.67 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@WirelessDisplayToast.png
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 10:45:15] - [2001.4 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\af-ZA
[MD5.2C396F89F2B48613C310C62F17921619] - |A| - [18/10/2015 14:31:39] - (.- F-SECURE SDC InnoSetup Extensions.) - [12.5 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\aginnoext.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [22 Ko] - C:\WINDOWS\SysWOW64\am-ET
[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - |A| - [21/09/2006 10:09:51] - (.-.) - [16.44 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amcompat.$$A
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [280.5 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\as-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\az-Latn-AZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\be-BY
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [265.5 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bn-BD
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\bn-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\bs-Latn-BA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.1 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\ca-ES
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\ca-ES-valencia
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [23 Ko] - C:\WINDOWS\SysWOW64\chr-CHER-US
[MD5.209FDF5096AFD1312B98527B8B7B852E] - |A| - [30/12/2013 11:52:40] - (.-.) - [952 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cis-2.4.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [539.26 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [53.11 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.98A81688B47AB0015F70B31672300F06] - |A| - [22/04/2014 18:34:53] - (.Copyright 2013 - CSVer.) - [52 Ko] - (9.4.4.1006) - C:\WINDOWS\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\cy-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [322 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [364 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.C04ED7B2794D40E8E777FD44ED44FC50] - |A| - [29/09/2017 15:42:09] - (.-.) - [0.36 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DefaultAccountTile.png
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [200.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [6895.31 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.222C24B038B689FD357A797C3FF68891] - |A| - [13/07/2014 11:32:05] - (.-.) - [16.95 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\DOErrors.log
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1079.58 Ko] - C:\WINDOWS\SysWOW64\downlevel
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [3387.65 Ko] - C:\WINDOWS\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.32 Ko] - C:\WINDOWS\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [358.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [0 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [251.5 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1533.03 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [349.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [277 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [247.5 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\eu-ES
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [24198.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\fa-IR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [325 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\fil-PH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:05] - [3149.5 Ko] - C:\WINDOWS\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [284 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [37555.15 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ga-IE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\gd-GB
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\gl-ES
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\gu-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\ha-Latn-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [266.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.3A7F920893FD6F49BC4CC07B72914013] - |A| - [29/09/2017 15:42:09] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\hi-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [258 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [331 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\hy-AM
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.F0851D76262FF35F76156F628A04099B] - |RA| - [29/09/2017 15:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU I18N DLL.) - [1602.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuin.dll
[MD5.40E2D734687DAF397D472B70FC305781] - |RA| - [29/09/2017 15:42:11] - (.Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html - ICU Common DLL.) - [1131.5 Ko] - (59.1.0.0) - C:\WINDOWS\SysWOW64\icuuc.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\id-ID
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27 Ko] - C:\WINDOWS\SysWOW64\ig-NG
[MD5.E19A3AA5AA3A5BBE4A2FA912B52A3789] - |A| - [03/05/2016 23:30:44] - (.-.) - [157.51 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\igdail32.dll
[MD5.A0CE0247D48FECAAC607EDB1E2D87FD8] - |A| - [08/09/2006 14:07:57] - (.Copyright Â© 1999 - IntelÂ® JPEG Library - Retail Version.) - [176 Ko] - (1.1.2.16) - C:\WINDOWS\SysWOW64\ijl11.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [20706.67 Ko] - C:\WINDOWS\SysWOW64\IME
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [6821.94 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.4F6BFC6464D620149C2BB60243C6A3B8] - |A| - [29/09/2017 15:42:11] - (.-.) - [146.33 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [218.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.EC22FD0EFEDCE70F3B8898E6BE39F8FA] - |A| - [11/09/2015 00:10:13] - (.-.) - [0.92 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
[MD5.6587CEC591522F2D0EFE091B59ACCBCC] - |A| - [03/05/2016 23:30:46] - (.Copyright Â© The Khronos Group Inc 2011 - OpenCL Client DLL.) - [76.01 Ko] - (1.2.11.0) - C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\is-IS
[MD5.D8D6FA22135619B3C3B32441571B3C4F] - |A| - [30/12/2013 11:52:40] - (.-.) - [80 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_bs-2.3.dll
[MD5.18DB794E8C223A248671D4A9409AED23] - |A| - [30/12/2013 11:52:40] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_pe-2.3.dll
[MD5.F7D4D358EE74ADF1ECDEEFBA35765D22] - |A| - [30/12/2013 11:52:42] - (.-.) - [56 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\issacapi_se-2.3.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [350 Ko] - C:\WINDOWS\SysWOW64\it-IT
[MD5.84579149908232A54CC0DB20FD3AC103] - |A| - [01/07/2013 19:44:46] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\IusEventLog.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [252 Ko] - C:\WINDOWS\SysWOW64\ja-JP
[MD5.8901A0803B5601DC1DF5ECC99339C09B] - |A| - [30/12/2013 11:52:42] - (.Copyright (C) 2003-2004, (?) ???? - ????? ???? ?????.) - [44 Ko] - (1.2.2005.128) - C:\WINDOWS\SysWOW64\MACXMLProto.dll
[MD5.C2CDFD61447D278C96B441C13F8F71BE] - |A| - [30/12/2013 11:52:42] - (.Copyright (C) 2003 - MaDRM DLL.) - [116 Ko] - (3.0.2004.1011) - C:\WINDOWS\SysWOW64\MaDRM.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.B5B76E18B10724CF0D88CCC9B1F4FB37] - |A| - [30/12/2013 11:52:42] - (.Copyright (C) 2003, (?) ???? - MaJGUILib DLL.) - [48 Ko] - (1.0.2004.301) - C:\WINDOWS\SysWOW64\MaJGUILib.dll
[MD5.9B2F9CC5BD4D266A2E76DBFECDDB0122] - |A| - [30/12/2013 11:52:40] - (.Copyright ? 2004 MarkAny Inc. - ???? MAC ?? ?? DLL.) - [44.26 Ko] - (1.0.2009.930) - C:\WINDOWS\SysWOW64\MAMACExtract.dll
[MD5.2C16CF611C87FAB86B287CFFBA91B647] - |A| - [30/12/2013 11:52:40] - (.Copyright (C) 2004 - (?)???? ContentSAFER Cleaner.) - [24 Ko] - (3.0.2006.925) - C:\WINDOWS\SysWOW64\MASetupCleaner.exe
[MD5.AD2454F9D19FDCA0FF26F48E809F5361] - |A| - [30/12/2013 11:52:42] - (.Copyright (C) 2003-2004, (?) ???? - MaXMLProto DLL.) - [44 Ko] - (1.0.2004.602) - C:\WINDOWS\SysWOW64\MaXMLProto.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\mi-NZ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [3365.84 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [815.4 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\mk-MK
[MD5.01FB39AD6F00AEF968372027259E8F13] - |A| - [30/12/2013 11:52:40] - (.Copyright ? 2004 - MK_Lyric.) - [56 Ko] - (1.0.1124.1) - C:\WINDOWS\SysWOW64\MK_Lyric.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\ml-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\mn-MN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\mr-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\ms-MY
[MD5.422D36A4743BF9CC2A787A68D9C9A988] - |A| - [30/12/2013 11:52:40] - (.Copyright (C) 2005 Teruten Inc. - MSCLib DLL.) - [240 Ko] - (1.0.0.8) - C:\WINDOWS\SysWOW64\MSCLib.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [52.28 Ko] - C:\WINDOWS\SysWOW64\Msdtc
[MD5.99089A2B318765568F2745BBF1A4F870] - |A| - [30/12/2013 11:52:40] - (.Copyright (C) 2005 Teruten Inc. - MSFLib DLL.) - [152 Ko] - (1.0.0.7) - C:\WINDOWS\SysWOW64\MSFLib.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31 Ko] - C:\WINDOWS\SysWOW64\mt-MT
[MD5.CF25249C36368124E0FF9E6B68194460] - |A| - [30/12/2013 11:52:42] - (.Copyright (C) 2001 Telechips Inc., - USB Dynamic Link Library for TCC730.) - [40 Ko] - (1.9.4.2) - C:\WINDOWS\SysWOW64\MTTELECHIP.dll
[MD5.E8558EFAD97B3D10A73E8DC9426E4DCA] - |A| - [30/12/2013 11:52:40] - (.Copyright 2004 Marktek Inc. - MTXSYNCICON Module.) - [56 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\MTXSYNCICON.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [19.15 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.8CB1DDC3EAC6B60213C75B21DAE06FF5] - |A| - [30/04/2014 20:47:48] - (.Copyright Musiccity Co.Ltd. - AOD Sourcer Filter.) - [132 Ko] - (1.0.0.60410) - C:\WINDOWS\SysWOW64\muzaf1.dll
[MD5.4F9BD5F58F631920BBAAEB9D9960286D] - |A| - [30/04/2014 20:47:48] - (.Copyright 2003 - MUZAoDAppCtrl Module.) - [480 Ko] - (1.3.9.303) - C:\WINDOWS\SysWOW64\muzapp.dll
[MD5.A12FB1A9FC4433CD64C77A7250821A02] - |A| - [30/04/2014 20:47:48] - (.Copyright Musiccity Co.Ltd. - MUZAoDApp Module.) - [168 Ko] - (1.0.9.222) - C:\WINDOWS\SysWOW64\muzapp.exe
[MD5.C763946CD9EDB212ADE1930E7B1F4037] - |A| - [30/04/2014 20:47:48] - (.Copyright (c) 2002 - 2007, PeeringPortal - PCube Audio Decoder Filter.) - [556 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzdecode.ax
[MD5.A198190A504C60B1F9BEE4B32AD843B4] - |A| - [30/04/2014 20:47:48] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - P3AudioEffect Filter.) - [120 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzeffect.ax
[MD5.92B0830A8EED421ECFE454747379A13C] - |A| - [30/04/2014 20:47:48] - (.Copyright (c) PeeringPortal - P3MP4Splitter Filter.) - [108 Ko] - (1.0.0.60210) - C:\WINDOWS\SysWOW64\muzmp4sp.ax
[MD5.D93808F389158531CAE0766FE51E9D8E] - |A| - [30/04/2014 20:47:46] - (.Copyright (c) 2002 - 2007, (c) PeeringPortal - PCube MPEG Splitter Filter.) - [128 Ko] - (1.1.7.911) - C:\WINDOWS\SysWOW64\muzmpgsp.ax
[MD5.1B84845FB7372D457B3CBC3CE518F997] - |A| - [30/04/2014 20:47:48] - (.Copyright (c) 2004 SK TELECOM. - OGG Splitter.) - [252 Ko] - (1.0.0.60207) - C:\WINDOWS\SysWOW64\muzoggsp.ax
[MD5.0A2003F4CFD58C350C7B2E2D9807D12D] - |A| - [30/04/2014 20:47:48] - (.Copyright  (c) PeeringPortal All rights reserved - P3WMTSplitter Filter.) - [196 Ko] - (1.0.0.60208) - C:\WINDOWS\SysWOW64\muzwmts.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [315 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\ne-NP
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [338 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\nn-NO
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\nso-ZA
[MD5.00000000000000000000000000000000] - |SD| - [29/09/2017 15:46:34] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [641.72 Ko] - C:\WINDOWS\SysWOW64\oobe
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\or-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\pa-Arab-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\pa-IN
[MD5.F2B247E8E2AF7231E35A2056CC86A93C] - |A| - [03/06/2017 09:39:22] - (.-.) - [1923.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [336.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [420.42 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\prs-AF
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [338.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [333.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\quc-Latn-GT
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\quz-PE
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.A64711C9CF690718EADA750370EC5EB2] - |A| - [28/12/2014 15:34:43] - (.Copyright (c) 2000 - 2010 Dmitry Streblechenko - Outlook Redemption COM library.) - [4550.5 Ko] - (4.8.0.1184) - C:\WINDOWS\SysWOW64\Redemption.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [261.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [03/06/2017 09:38:33] - [3560.64 Ko] - C:\WINDOWS\SysWOW64\RTCOM
[MD5.7753FC56F9CAC4B5AFDA3196DB654F21] - |A| - [28/12/2014 15:34:44] - (.Copyright Â© 2004-2010 MAPILab Ltd. & Add-in Express Ltd. - Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard.) - [141.27 Ko] - (3.0.0.0) - C:\WINDOWS\SysWOW64\secman.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\si-LK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [261 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [259 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [52.14 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [4119.9 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [9089.49 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [1319.31 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [23.61 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30.5 Ko] - C:\WINDOWS\SysWOW64\sq-AL
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-BA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\sr-Cyrl-RS
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [262 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.B461D2CE1D93ADAB10E0E5495A06E403] - |A| - [29/09/2017 15:42:27] - (.-.) - [16.74 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\srms-apr.dat
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.30FE146E2F0712AFEEA1ECF3E0EA270C] - |A| - [29/09/2017 15:42:09] - (.-.) - [302 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.70AED6AE41D2F3E95375102830760AD9] - |A| - [15/04/2018 10:45:29] - (.-.) - [426.66 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\STPackager.log
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [321.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\sw-KE
[MD5.5AC4694C49BC95E92FB7656C7C10278B] - |A| - [18/08/2017 02:23:50] - (.Copyright (C) Synaptics Incorporated 1996-2017 - SynCOM.) - [427.09 Ko] - (19.3.31.31) - C:\WINDOWS\SysWOW64\SynCom.dll
[MD5.0FA800F4F59EDEFE068DE0378B82A30B] - |A| - [20/09/2013 07:10:16] - (.Copyright (C) Synaptics Incorporated 1996-2013 - Synaptics TouchPad Interfaces.) - [165.73 Ko] - (17.0.15.0) - C:\WINDOWS\SysWOW64\SynTPCom.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [34 Ko] - C:\WINDOWS\SysWOW64\ta-IN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\te-IN
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [241 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [22.5 Ko] - C:\WINDOWS\SysWOW64\ti-ET
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\tk-TM
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32.5 Ko] - C:\WINDOWS\SysWOW64\tn-ZA
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [316.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28.5 Ko] - C:\WINDOWS\SysWOW64\tt-RU
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [28 Ko] - C:\WINDOWS\SysWOW64\ug-CN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [257 Ko] - C:\WINDOWS\SysWOW64\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29.5 Ko] - C:\WINDOWS\SysWOW64\ur-PK
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [32 Ko] - C:\WINDOWS\SysWOW64\uz-Latn-UZ
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [31.5 Ko] - C:\WINDOWS\SysWOW64\vi-VN
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [15685.13 Ko] - C:\WINDOWS\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.ACC1181C0AA4D01B537F53A1CC33E766] - |A| - [29/09/2017 15:42:09] - (.-.) - [90 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [8698.68 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [5286.49 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:40:06] - [107.53 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [27.5 Ko] - C:\WINDOWS\SysWOW64\wo-SN
[MD5.12D91C9A9837995A137ACE4B2E674918] - |A| - [29/09/2017 15:42:09] - (.-.) - [54.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\xh-ZA
[MD5.00000000000000000000000000000000] - |D| - [30/12/2017 11:53:14] - [10.16 Ko] - C:\WINDOWS\SysWOW64\XPSViewer
[MD5.1CD08C0FA0C5BD53450E332F35304381] - |A| - [06/10/2009 09:16:02] - (.-.) - [800 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xvidcore.dll
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [29 Ko] - C:\WINDOWS\SysWOW64\yo-NG
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [220.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 13:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [29/09/2017 15:46:34] - [214.5 Ko] - C:\WINDOWS\SysWOW64\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [30/09/2017 16:41:02] - [30 Ko] - C:\WINDOWS\SysWOW64\zu-ZA

---------- | Shell Folders

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [29/09/2017 15:46:33]
"Common AppData"=C:\ProgramData   [29/09/2017 15:46:33]
"Common Desktop"=C:\Users\Public\Desktop   [22/08/2013 17:36:30]
"Common Documents"=C:\Users\Public\Documents   [22/08/2013 17:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [29/09/2017 15:46:33]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [29/09/2017 15:46:33]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [29/09/2017 15:46:33]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [22/08/2013 17:36:30]
"CommonMusic"=C:\Users\Public\Music   [22/08/2013 17:36:30]
"CommonPictures"=C:\Users\Public\Pictures   [22/08/2013 17:36:30]
"CommonVideo"=C:\Users\Public\Videos   [22/08/2013 17:36:30]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [29/09/2017 15:46:33]
"Common AppData"=C:\ProgramData   [29/09/2017 15:46:33]
"Common Desktop"=C:\Users\Public\Desktop   [22/08/2013 17:36:30]
"Common Documents"=C:\Users\Public\Documents   [22/08/2013 17:36:30]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [29/09/2017 15:46:33]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [29/09/2017 15:46:33]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [29/09/2017 15:46:33]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [22/08/2013 17:36:30]
"CommonMusic"=C:\Users\Public\Music   [22/08/2013 17:36:30]
"CommonPictures"=C:\Users\Public\Pictures   [22/08/2013 17:36:30]
"CommonVideo"=C:\Users\Public\Videos   [22/08/2013 17:36:30]
"OEM Links"=C:\ProgramData\OEM\Links   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%   
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
"CommonMusic"=%PUBLIC%\Music   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   


---------- | [InvitÃ©]

[30/12/2017 12:53:24] - |HD| - [77393401] - C:\Users\InvitÃ©\AppData
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Application Data
[26/08/2014 18:06:43] - |RD| - [412] - C:\Users\InvitÃ©\Contacts
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Cookies
[26/08/2014 18:06:24] - |RD| - [282] - C:\Users\InvitÃ©\Desktop
[26/08/2014 18:06:24] - |RD| - [939] - C:\Users\InvitÃ©\Documents
[26/08/2014 18:06:24] - |RD| - [282] - C:\Users\InvitÃ©\Downloads
[26/08/2014 18:06:24] - |RD| - [1703] - C:\Users\InvitÃ©\Favorites
[26/08/2014 18:06:24] - |RD| - [2374] - C:\Users\InvitÃ©\Links
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Local Settings
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Menu DÃ©marrer
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Mes documents
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\ModÃ¨les
[26/08/2014 18:06:24] - |RD| - [504] - C:\Users\InvitÃ©\Music
[30/12/2017 12:53:24] - |AH| - [524288] - C:\Users\InvitÃ©\NTUSER.DAT
[30/12/2017 12:53:25] - |ASH| - [65536] - C:\Users\InvitÃ©\ntuser.dat.LOG1
[30/12/2017 12:53:25] - |ASH| - [166912] - C:\Users\InvitÃ©\ntuser.dat.LOG2
[30/12/2017 12:53:25] - |ASH| - [65536] - C:\Users\InvitÃ©\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TM.blf
[30/12/2017 12:53:25] - |ASH| - [524288] - C:\Users\InvitÃ©\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000001.regtrans-ms
[30/12/2017 12:53:25] - |ASH| - [524288] - C:\Users\InvitÃ©\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000002.regtrans-ms
[26/08/2014 18:06:24] - |RD| - [504] - C:\Users\InvitÃ©\Pictures
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Recent
[26/08/2014 18:06:24] - |RD| - [282] - C:\Users\InvitÃ©\Saved Games
[26/08/2014 18:06:43] - |RD| - [1020] - C:\Users\InvitÃ©\Searches
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\SendTo
[26/08/2014 18:06:24] - |RD| - [504] - C:\Users\InvitÃ©\Videos
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Voisinage d'impression
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\Voisinage rÃ©seau
[30/12/2017 12:53:25] - |D| - [77346393] - C:\Users\InvitÃ©\AppData\Local
[26/08/2014 18:06:26] - |D| - [7350] - C:\Users\InvitÃ©\AppData\LocalLow
[30/12/2017 12:53:24] - |D| - [39658] - C:\Users\InvitÃ©\AppData\Roaming
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\AppData\Local\Application Data
[26/08/2014 18:07:51] - |D| - [156] - C:\Users\InvitÃ©\AppData\Local\CyberLink
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\AppData\Local\Historique
[30/12/2017 12:53:25] - |D| - [76520034] - C:\Users\InvitÃ©\AppData\Local\Microsoft
[26/08/2014 18:06:34] - |D| - [785243] - C:\Users\InvitÃ©\AppData\Local\Packages
[26/08/2014 18:07:24] - |D| - [40960] - C:\Users\InvitÃ©\AppData\Local\Power2Go8
[30/12/2017 12:53:25] - |D| - [0] - C:\Users\InvitÃ©\AppData\Local\Temp
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\AppData\Local\Temporary Internet Files
[26/08/2014 18:06:33] - |D| - [0] - C:\Users\InvitÃ©\AppData\Local\VirtualStore
[26/08/2014 18:06:29] - |SD| - [7350] - C:\Users\InvitÃ©\AppData\LocalLow\Microsoft
[26/08/2014 18:06:34] - |D| - [0] - C:\Users\InvitÃ©\AppData\Roaming\Adobe
[26/08/2014 18:12:26] - |D| - [0] - C:\Users\InvitÃ©\AppData\Roaming\Avira
[30/12/2017 12:53:24] - |SD| - [39658] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft
[26/08/2014 18:07:16] - |D| - [0] - C:\Users\InvitÃ©\AppData\Roaming\Synaptics
[26/08/2014 18:06:43] - |ASH| - [174] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[30/12/2017 12:53:25] - |SHD| - [0] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[02/10/2016 11:56:57] - |D| - [17880] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 12:53:25] - |RD| - [3888] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 12:53:25] - |RD| - [1486] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[26/08/2014 18:06:44] - |RD| - [174] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[26/08/2014 18:06:24] - |A| - [369] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[30/12/2017 12:53:24] - |D| - [170] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[26/08/2014 18:06:24] - |A| - [369] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[26/08/2014 18:06:44] - |RD| - [174] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 12:53:24] - |RD| - [3496] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 12:53:24] - |RD| - [7754] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[26/08/2014 18:06:44] - |ASH| - [174] - C:\Users\InvitÃ©\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [NULL]

[24/11/2014 13:03:45] - |D| - [0] - C:\Users\NULL\AppData
[24/11/2014 13:03:45] - |D| - [0] - C:\Users\NULL\AppData\Local
[24/11/2014 13:03:45] - |D| - [0] - C:\Users\NULL\AppData\Local\Hewlett-Packard

---------- | [Patrick]

[30/12/2017 14:19:18] - |RD| - [298] - C:\Users\Patrick\3D Objects
[30/12/2017 12:53:28] - |HD| - [4905911292] - C:\Users\Patrick\AppData
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Application Data
[22/06/2014 07:35:19] - |RD| - [412] - C:\Users\Patrick\Contacts
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Cookies
[22/06/2015 17:38:43] - |RD| - [165] - C:\Users\Patrick\Creative Cloud Files
[22/06/2014 07:34:22] - |RD| - [4018681] - C:\Users\Patrick\Desktop
[22/06/2014 07:34:22] - |RD| - [7350502387] - C:\Users\Patrick\Documents
[22/06/2014 07:34:22] - |RD| - [457649272] - C:\Users\Patrick\Downloads
[22/06/2014 07:34:22] - |RD| - [88037] - C:\Users\Patrick\Favorites
[19/11/2015 13:50:56] - |SHD| - [24444] - C:\Users\Patrick\IntelGraphicsProfiles
[22/06/2014 07:34:22] - |RD| - [5531] - C:\Users\Patrick\Links
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Local Settings
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Menu DÃ©marrer
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Mes documents
[30/12/2017 14:21:42] - |HD| - [251067] - C:\Users\Patrick\MicrosoftEdgeBackups
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\ModÃ¨les
[22/06/2014 07:34:22] - |RD| - [1274247614] - C:\Users\Patrick\Music
[30/12/2017 12:53:28] - |AH| - [15990784] - C:\Users\Patrick\NTUSER.DAT
[30/12/2017 12:53:28] - |ASH| - [3145728] - C:\Users\Patrick\ntuser.dat.LOG1
[30/12/2017 12:53:28] - |ASH| - [2228224] - C:\Users\Patrick\ntuser.dat.LOG2
[30/12/2017 12:53:28] - |ASH| - [65536] - C:\Users\Patrick\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TM.blf
[30/12/2017 12:53:28] - |ASH| - [524288] - C:\Users\Patrick\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000001.regtrans-ms
[30/12/2017 12:53:28] - |ASH| - [524288] - C:\Users\Patrick\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000002.regtrans-ms
[30/12/2017 14:17:42] - |SH| - [20] - C:\Users\Patrick\ntuser.ini
[13/05/2015 16:53:38] - |RD| - [98] - C:\Users\Patrick\OneDrive
[22/06/2014 07:34:22] - |RD| - [108999278] - C:\Users\Patrick\Pictures
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Recent
[22/06/2014 07:34:22] - |RD| - [282] - C:\Users\Patrick\Saved Games
[22/06/2014 07:35:19] - |RD| - [3267] - C:\Users\Patrick\Searches
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\SendTo
[22/06/2014 09:24:44] - |RAD| - [21701562643] - C:\Users\Patrick\SkyDrive
[22/06/2014 07:37:05] - |RADO| - [154] - C:\Users\Patrick\SkyDrive.old
[29/06/2015 16:45:31] - |D| - [14442496] - C:\Users\Patrick\Tracing
[22/06/2014 07:34:22] - |RD| - [504] - C:\Users\Patrick\Videos
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Voisinage d'impression
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\Voisinage rÃ©seau
[30/12/2017 12:53:28] - |D| - [4076200560] - C:\Users\Patrick\AppData\Local
[22/06/2014 07:34:22] - |D| - [186145098] - C:\Users\Patrick\AppData\LocalLow
[30/12/2017 12:53:28] - |D| - [643434562] - C:\Users\Patrick\AppData\Roaming
[19/11/2015 13:52:22] - |D| - [0] - C:\Users\Patrick\AppData\Local\ActiveSync
[31/03/2015 11:35:44] - |D| - [27269326] - C:\Users\Patrick\AppData\Local\Adobe
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\Application Data
[19/11/2014 12:43:16] - |D| - [467] - C:\Users\Patrick\AppData\Local\ArcSoft
[15/07/2015 14:01:26] - |D| - [446149] - C:\Users\Patrick\AppData\Local\CEF
[19/11/2015 13:51:55] - |D| - [39020616] - C:\Users\Patrick\AppData\Local\Comms
[02/10/2016 12:59:09] - |D| - [3443837] - C:\Users\Patrick\AppData\Local\ConnectedDevicesPlatform
[22/06/2014 07:36:32] - |D| - [28803467] - C:\Users\Patrick\AppData\Local\CyberLink
[12/06/2017 19:17:56] - |D| - [0] - C:\Users\Patrick\AppData\Local\DBG
[10/08/2014 10:59:27] - |D| - [1168681] - C:\Users\Patrick\AppData\Local\Diagnostics
[19/11/2014 12:35:59] - |D| - [223981032] - C:\Users\Patrick\AppData\Local\Downloaded Installations
[10/08/2014 10:57:12] - |D| - [0] - C:\Users\Patrick\AppData\Local\ElevatedDiagnostics
[13/11/2014 20:24:27] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\EmieBrowserModeList
[29/08/2014 07:17:58] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\EmieSiteList
[29/08/2014 07:17:58] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\EmieUserList
[23/06/2014 08:54:42] - |D| - [276608451] - C:\Users\Patrick\AppData\Local\Google
[04/06/2015 07:39:48] - |D| - [71] - C:\Users\Patrick\AppData\Local\GWX
[22/06/2014 08:43:04] - |D| - [10719] - C:\Users\Patrick\AppData\Local\Hewlett-Packard
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\Historique
[22/06/2014 09:41:30] - |D| - [671130] - C:\Users\Patrick\AppData\Local\HP
[11/11/2016 20:54:29] - |D| - [5745] - C:\Users\Patrick\AppData\Local\HP_Development_Company,_L
[06/03/2018 23:06:32] - |AH| - [34444] - C:\Users\Patrick\AppData\Local\IconCache.db
[07/01/2018 18:31:08] - |AH| - [51670] - C:\Users\Patrick\AppData\Local\IconCache.db.backup
[30/10/2014 20:24:38] - |D| - [13893842] - C:\Users\Patrick\AppData\Local\Le Cloud Orange
[26/08/2014 17:35:55] - |D| - [0] - C:\Users\Patrick\AppData\Local\Macromedia
[24/12/2016 15:53:23] - |D| - [0] - C:\Users\Patrick\AppData\Local\MediaServer
[24/12/2016 15:55:11] - |D| - [0] - C:\Users\Patrick\AppData\Local\MediaShow
[30/12/2017 12:53:28] - |D| - [1323134231] - C:\Users\Patrick\AppData\Local\Microsoft
[05/08/2014 08:14:08] - |D| - [481300] - C:\Users\Patrick\AppData\Local\Microsoft Help
[19/11/2015 13:58:40] - |D| - [75927] - C:\Users\Patrick\AppData\Local\MicrosoftEdge
[22/06/2014 09:04:08] - |D| - [103248936] - C:\Users\Patrick\AppData\Local\Mozilla
[21/11/2015 10:16:50] - |D| - [0] - C:\Users\Patrick\AppData\Local\NetworkTiles
[19/11/2014 12:43:48] - |D| - [259341206] - C:\Users\Patrick\AppData\Local\Nikon
[07/10/2016 12:40:53] - |D| - [0] - C:\Users\Patrick\AppData\Local\Opera Software
[18/10/2015 14:32:05] - |D| - [401092] - C:\Users\Patrick\AppData\Local\Orange
[30/12/2017 12:58:42] - |D| - [1043298121] - C:\Users\Patrick\AppData\Local\Packages
[22/05/2016 11:49:16] - |D| - [0] - C:\Users\Patrick\AppData\Local\PackageStaging
[22/06/2014 07:35:29] - |D| - [40960] - C:\Users\Patrick\AppData\Local\Power2Go8
[01/09/2014 07:43:18] - |D| - [0] - C:\Users\Patrick\AppData\Local\Programs
[19/11/2015 13:54:04] - |D| - [162274] - C:\Users\Patrick\AppData\Local\Publishers
[08/08/2015 16:36:40] - |A| - [17] - C:\Users\Patrick\AppData\Local\resmon.resmoncfg
[28/12/2014 15:37:38] - |D| - [71911] - C:\Users\Patrick\AppData\Local\Samsung
[26/07/2014 14:07:57] - |D| - [0] - C:\Users\Patrick\AppData\Local\Skype
[04/12/2016 10:43:09] - |D| - [1880] - C:\Users\Patrick\AppData\Local\speech
[23/04/2018 10:50:28] - |D| - [51205] - C:\Users\Patrick\AppData\Local\SquirrelTemp
[30/12/2017 12:53:28] - |D| - [317392416] - C:\Users\Patrick\AppData\Local\Temp
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\AppData\Local\Temporary Internet Files
[19/11/2015 13:50:34] - |D| - [14831046] - C:\Users\Patrick\AppData\Local\TileDataLayer
[01/06/2017 19:34:32] - |D| - [0] - C:\Users\Patrick\AppData\Local\UNP
[22/06/2014 07:35:13] - |D| - [2110] - C:\Users\Patrick\AppData\Local\VirtualStore
[24/04/2018 16:17:30] - |D| - [398256145] - C:\Users\Patrick\AppData\Local\WhatsApp
[27/02/2017 20:59:24] - |D| - [82] - C:\Users\Patrick\AppData\Local\Wondershare
[17/09/2015 18:13:06] - |D| - [54] - C:\Users\Patrick\AppData\Local\_NkvPrint@
[31/03/2015 11:43:57] - |D| - [2484935] - C:\Users\Patrick\AppData\LocalLow\Adobe
[13/11/2014 20:22:16] - |SHD| - [0] - C:\Users\Patrick\AppData\LocalLow\EmieBrowserModeList
[30/08/2014 14:18:19] - |SHD| - [0] - C:\Users\Patrick\AppData\LocalLow\EmieSiteList
[30/08/2014 14:18:19] - |SHD| - [0] - C:\Users\Patrick\AppData\LocalLow\EmieUserList
[14/01/2018 11:11:24] - |D| - [165291925] - C:\Users\Patrick\AppData\LocalLow\Google
[03/10/2016 09:42:04] - |D| - [0] - C:\Users\Patrick\AppData\LocalLow\Hewlett-Packard
[22/06/2014 07:34:24] - |SD| - [4217754] - C:\Users\Patrick\AppData\LocalLow\Microsoft
[14/03/2017 15:57:21] - |D| - [0] - C:\Users\Patrick\AppData\LocalLow\Mozilla
[15/09/2014 09:37:05] - |D| - [14150484] - C:\Users\Patrick\AppData\LocalLow\PlayReady
[18/09/2014 09:56:48] - |D| - [0] - C:\Users\Patrick\AppData\LocalLow\Temp
[22/06/2014 07:35:14] - |D| - [9257386] - C:\Users\Patrick\AppData\Roaming\Adobe
[31/10/2014 15:58:21] - |D| - [4556] - C:\Users\Patrick\AppData\Roaming\Apowersoft
[19/11/2014 12:42:10] - |D| - [524] - C:\Users\Patrick\AppData\Roaming\ArcSoft
[26/07/2014 13:16:03] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Avira
[04/09/2017 09:10:47] - |D| - [23] - C:\Users\Patrick\AppData\Roaming\BlueLabelSoft
[12/09/2015 10:16:49] - |D| - [6096058] - C:\Users\Patrick\AppData\Roaming\BSD Concept
[20/07/2014 20:26:55] - |D| - [154985] - C:\Users\Patrick\AppData\Roaming\CyberLink
[19/03/2017 11:05:15] - |ASH| - [46] - C:\Users\Patrick\AppData\Roaming\desktop.ini
[31/08/2014 19:46:31] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\DiskDefrag
[31/08/2014 19:46:30] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\GlarySoft
[22/06/2014 17:56:20] - |D| - [21795] - C:\Users\Patrick\AppData\Roaming\Google
[22/06/2014 07:39:36] - |D| - [4867] - C:\Users\Patrick\AppData\Roaming\Hewlett-Packard
[20/02/2017 10:45:19] - |D| - [94711] - C:\Users\Patrick\AppData\Roaming\HPPSDr
[22/06/2014 08:43:08] - |D| - [226342] - C:\Users\Patrick\AppData\Roaming\hpqlog
[22/06/2014 09:46:59] - |D| - [45897] - C:\Users\Patrick\AppData\Roaming\HpUpdate
[18/03/2015 10:07:18] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Identities
[20/07/2014 21:15:07] - |D| - [408] - C:\Users\Patrick\AppData\Roaming\Kingsoft
[22/06/2014 07:37:42] - |D| - [2053] - C:\Users\Patrick\AppData\Roaming\Macromedia
[01/09/2014 07:44:09] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Malwarebytes
[30/12/2017 12:53:28] - |SD| - [131867630] - C:\Users\Patrick\AppData\Roaming\Microsoft
[22/06/2014 09:04:08] - |D| - [33960359] - C:\Users\Patrick\AppData\Roaming\Mozilla
[19/11/2014 12:43:49] - |D| - [135373] - C:\Users\Patrick\AppData\Roaming\Nikon
[07/10/2016 12:40:45] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Opera Software
[30/10/2014 20:24:50] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Orange-France
[19/11/2014 12:36:26] - |RAH| - [268] - C:\Users\Patrick\AppData\Roaming\Overdrive
[19/11/2014 12:37:34] - |RAH| - [268] - C:\Users\Patrick\AppData\Roaming\PDEs
[19/11/2014 12:36:26] - |RAH| - [268] - C:\Users\Patrick\AppData\Roaming\PPD Plugins
[28/12/2014 15:37:36] - |D| - [16142690] - C:\Users\Patrick\AppData\Roaming\Samsung
[26/07/2014 14:07:53] - |D| - [65256495] - C:\Users\Patrick\AppData\Roaming\Skype
[22/06/2014 07:35:24] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Synaptics
[01/12/2016 10:48:08] - |D| - [3604480] - C:\Users\Patrick\AppData\Roaming\U3
[23/04/2018 10:52:36] - |D| - [11703856] - C:\Users\Patrick\AppData\Roaming\WhatsApp
[03/09/2017 11:09:43] - |D| - [3065455] - C:\Users\Patrick\AppData\Roaming\Wondershare
[09/03/2017 12:34:28] - |D| - [336502324] - C:\Users\Patrick\AppData\Roaming\ZHP
[13/10/2016 10:28:50] - |D| - [25285445] - C:\Users\Patrick\AppData\Roaming\Zoom
[22/06/2014 07:35:19] - |SH| - [174] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[30/12/2017 12:53:28] - |SHD| - [0] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[02/10/2016 11:57:01] - |RD| - [37325] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 12:53:28] - |RD| - [3888] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 12:53:28] - |RD| - [2932] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[22/06/2014 07:35:19] - |RD| - [174] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[22/06/2014 17:53:08] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Capturino 1.4
[30/12/2017 14:19:19] - |SH| - [174] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[30/10/2014 20:24:42] - |D| - [2313] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Le Cloud d'Orange - Transfert de fichiers
[30/12/2017 12:53:28] - |D| - [170] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[19/11/2015 14:00:53] - |A| - [2458] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[18/10/2015 14:31:43] - |D| - [2244] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orange
[15/06/2015 19:58:44] - |D| - [5079] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[20/07/2014 21:12:48] - |D| - [0] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
[22/06/2014 07:35:19] - |RD| - [174] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 12:53:28] - |RD| - [3496] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[24/04/2018 16:02:54] - |D| - [2330] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
[30/12/2017 12:53:28] - |RD| - [7754] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[13/10/2016 10:28:56] - |D| - [4139] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
[22/06/2014 07:35:19] - |SH| - [174] - C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[22/06/2014 05:22:01] - |RHD| - [187105] - C:\Users\Public\AccountPictures
[22/04/2014 18:54:46] - |D| - [617] - C:\Users\Public\CyberLink
[22/08/2013 17:36:30] - |D| - [25066] - C:\Users\Public\Desktop
[29/09/2017 15:46:38] - |ASH| - [174] - C:\Users\Public\desktop.ini
[22/08/2013 17:36:30] - |RD| - [100978879] - C:\Users\Public\Documents
[22/08/2013 17:36:30] - |RD| - [174] - C:\Users\Public\Downloads
[29/09/2017 15:46:33] - |RHD| - [1135] - C:\Users\Public\Libraries
[22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Music
[26/07/2014 13:03:00] - |A| - [262144] - C:\Users\Public\NTUSER.DAT
[26/07/2014 13:03:00] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG1
[26/07/2014 13:03:00] - |A| - [8192] - C:\Users\Public\NTUSER.DAT.LOG2
[26/07/2014 13:03:00] - |A| - [65536] - C:\Users\Public\NTUSER.DAT{c591158d-0a6e-11e4-8269-b8ee652537d4}.TM.blf
[26/07/2014 13:03:00] - |A| - [524288] - C:\Users\Public\NTUSER.DAT{c591158d-0a6e-11e4-8269-b8ee652537d4}.TMContainer00000000000000000001.regtrans-ms
[26/07/2014 13:03:00] - |A| - [524288] - C:\Users\Public\NTUSER.DAT{c591158d-0a6e-11e4-8269-b8ee652537d4}.TMContainer00000000000000000002.regtrans-ms
[22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Pictures
[22/08/2013 17:36:30] - |RD| - [380] - C:\Users\Public\Videos

---------- | [TEMP]

[05/10/2016 12:10:05] - |HD| - [1464947] - C:\Users\TEMP\AppData
[05/10/2016 12:10:05] - |D| - [1464947] - C:\Users\TEMP\AppData\Local
[05/10/2016 12:10:05] - |D| - [128] - C:\Users\TEMP\AppData\Local\Microsoft
[05/10/2016 12:10:21] - |D| - [1464819] - C:\Users\TEMP\AppData\Local\Packages

---------- | [TEMP.PATRICK]

[30/12/2017 14:00:58] - |HD| - [191120] - C:\Users\TEMP.PATRICK\AppData
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Desktop
[30/12/2017 14:00:58] - |RD| - [537] - C:\Users\TEMP.PATRICK\Documents
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Downloads
[30/12/2017 14:00:58] - |RD| - [1013] - C:\Users\TEMP.PATRICK\Favorites
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Links
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Music
[30/12/2017 14:00:58] - |AH| - [262144] - C:\Users\TEMP.PATRICK\NTUSER.DAT
[30/12/2017 14:01:00] - |ASH| - [0] - C:\Users\TEMP.PATRICK\ntuser.dat.LOG1
[30/12/2017 14:01:00] - |ASH| - [0] - C:\Users\TEMP.PATRICK\ntuser.dat.LOG2
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Pictures
[30/12/2017 14:00:58] - |D| - [0] - C:\Users\TEMP.PATRICK\Saved Games
[30/12/2017 14:00:58] - |RD| - [0] - C:\Users\TEMP.PATRICK\Videos
[30/12/2017 14:00:58] - |D| - [171808] - C:\Users\TEMP.PATRICK\AppData\Local
[30/12/2017 14:00:58] - |D| - [19312] - C:\Users\TEMP.PATRICK\AppData\Roaming
[30/12/2017 14:00:58] - |D| - [171808] - C:\Users\TEMP.PATRICK\AppData\Local\Microsoft
[30/12/2017 14:00:58] - |D| - [0] - C:\Users\TEMP.PATRICK\AppData\Local\Temp
[30/12/2017 14:00:58] - |SD| - [19312] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft
[30/12/2017 14:00:58] - |D| - [16794] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:00:58] - |RD| - [3888] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:00:58] - |RD| - [1486] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:00:58] - |D| - [170] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:00:58] - |D| - [0] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:00:58] - |RD| - [3496] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:00:58] - |RD| - [7754] - C:\Users\TEMP.PATRICK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [TEMP.PATRICK.000]

[30/12/2017 14:01:33] - |HD| - [191120] - C:\Users\TEMP.PATRICK.000\AppData
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Desktop
[30/12/2017 14:01:33] - |RD| - [537] - C:\Users\TEMP.PATRICK.000\Documents
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Downloads
[30/12/2017 14:01:33] - |RD| - [1013] - C:\Users\TEMP.PATRICK.000\Favorites
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Links
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Music
[30/12/2017 14:01:33] - |AH| - [262144] - C:\Users\TEMP.PATRICK.000\NTUSER.DAT
[30/12/2017 14:01:34] - |ASH| - [0] - C:\Users\TEMP.PATRICK.000\ntuser.dat.LOG1
[30/12/2017 14:01:34] - |ASH| - [0] - C:\Users\TEMP.PATRICK.000\ntuser.dat.LOG2
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Pictures
[30/12/2017 14:01:33] - |D| - [0] - C:\Users\TEMP.PATRICK.000\Saved Games
[30/12/2017 14:01:33] - |RD| - [0] - C:\Users\TEMP.PATRICK.000\Videos
[30/12/2017 14:01:33] - |D| - [171808] - C:\Users\TEMP.PATRICK.000\AppData\Local
[30/12/2017 14:01:33] - |D| - [19312] - C:\Users\TEMP.PATRICK.000\AppData\Roaming
[30/12/2017 14:01:33] - |D| - [171808] - C:\Users\TEMP.PATRICK.000\AppData\Local\Microsoft
[30/12/2017 14:01:33] - |D| - [0] - C:\Users\TEMP.PATRICK.000\AppData\Local\Temp
[30/12/2017 14:01:33] - |SD| - [19312] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft
[30/12/2017 14:01:33] - |D| - [16794] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:01:33] - |RD| - [3888] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:01:33] - |RD| - [1486] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:01:33] - |D| - [170] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:01:33] - |D| - [0] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:01:33] - |RD| - [3496] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:01:33] - |RD| - [7754] - C:\Users\TEMP.PATRICK.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [TEMP.PATRICK.001]

[30/12/2017 14:10:36] - |HD| - [191120] - C:\Users\TEMP.PATRICK.001\AppData
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Desktop
[30/12/2017 14:10:36] - |RD| - [537] - C:\Users\TEMP.PATRICK.001\Documents
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Downloads
[30/12/2017 14:10:36] - |RD| - [1013] - C:\Users\TEMP.PATRICK.001\Favorites
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Links
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Music
[30/12/2017 14:10:36] - |AH| - [262144] - C:\Users\TEMP.PATRICK.001\NTUSER.DAT
[30/12/2017 14:10:37] - |ASH| - [0] - C:\Users\TEMP.PATRICK.001\ntuser.dat.LOG1
[30/12/2017 14:10:37] - |ASH| - [0] - C:\Users\TEMP.PATRICK.001\ntuser.dat.LOG2
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Pictures
[30/12/2017 14:10:36] - |D| - [0] - C:\Users\TEMP.PATRICK.001\Saved Games
[30/12/2017 14:10:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.001\Videos
[30/12/2017 14:10:36] - |D| - [171808] - C:\Users\TEMP.PATRICK.001\AppData\Local
[30/12/2017 14:10:36] - |D| - [19312] - C:\Users\TEMP.PATRICK.001\AppData\Roaming
[30/12/2017 14:10:36] - |D| - [171808] - C:\Users\TEMP.PATRICK.001\AppData\Local\Microsoft
[30/12/2017 14:10:36] - |D| - [0] - C:\Users\TEMP.PATRICK.001\AppData\Local\Temp
[30/12/2017 14:10:36] - |SD| - [19312] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft
[30/12/2017 14:10:36] - |D| - [16794] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:10:36] - |RD| - [3888] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:10:36] - |RD| - [1486] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:10:36] - |D| - [170] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:10:36] - |D| - [0] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:10:36] - |RD| - [3496] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:10:36] - |RD| - [7754] - C:\Users\TEMP.PATRICK.001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [TEMP.PATRICK.002]

[30/12/2017 14:11:26] - |HD| - [1321616] - C:\Users\TEMP.PATRICK.002\AppData
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Desktop
[30/12/2017 14:11:26] - |RD| - [537] - C:\Users\TEMP.PATRICK.002\Documents
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Downloads
[30/12/2017 14:11:26] - |RD| - [1013] - C:\Users\TEMP.PATRICK.002\Favorites
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Links
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Music
[30/12/2017 14:11:26] - |AH| - [262144] - C:\Users\TEMP.PATRICK.002\NTUSER.DAT
[30/12/2017 14:11:27] - |ASH| - [114688] - C:\Users\TEMP.PATRICK.002\ntuser.dat.LOG1
[30/12/2017 14:11:27] - |ASH| - [114688] - C:\Users\TEMP.PATRICK.002\ntuser.dat.LOG2
[31/12/2017 13:51:28] - |ASH| - [65536] - C:\Users\TEMP.PATRICK.002\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TM.blf
[31/12/2017 13:51:28] - |ASH| - [524288] - C:\Users\TEMP.PATRICK.002\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000001.regtrans-ms
[31/12/2017 13:51:28] - |ASH| - [524288] - C:\Users\TEMP.PATRICK.002\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000002.regtrans-ms
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Pictures
[30/12/2017 14:11:26] - |D| - [0] - C:\Users\TEMP.PATRICK.002\Saved Games
[30/12/2017 14:11:26] - |RD| - [0] - C:\Users\TEMP.PATRICK.002\Videos
[30/12/2017 14:11:26] - |D| - [1302304] - C:\Users\TEMP.PATRICK.002\AppData\Local
[30/12/2017 14:11:26] - |D| - [19312] - C:\Users\TEMP.PATRICK.002\AppData\Roaming
[30/12/2017 14:11:26] - |D| - [1302304] - C:\Users\TEMP.PATRICK.002\AppData\Local\Microsoft
[30/12/2017 14:11:26] - |D| - [0] - C:\Users\TEMP.PATRICK.002\AppData\Local\Temp
[30/12/2017 14:11:26] - |SD| - [19312] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft
[30/12/2017 14:11:26] - |D| - [16794] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:11:26] - |RD| - [3888] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:11:26] - |RD| - [1486] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:11:26] - |D| - [170] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:11:26] - |D| - [0] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:11:26] - |RD| - [3496] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:11:26] - |RD| - [7754] - C:\Users\TEMP.PATRICK.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [TEMP.PATRICK.003]

[30/12/2017 14:12:03] - |HD| - [191120] - C:\Users\TEMP.PATRICK.003\AppData
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Desktop
[30/12/2017 14:12:03] - |RD| - [537] - C:\Users\TEMP.PATRICK.003\Documents
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Downloads
[30/12/2017 14:12:03] - |RD| - [1013] - C:\Users\TEMP.PATRICK.003\Favorites
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Links
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Music
[30/12/2017 14:12:03] - |AH| - [262144] - C:\Users\TEMP.PATRICK.003\NTUSER.DAT
[30/12/2017 14:12:04] - |ASH| - [0] - C:\Users\TEMP.PATRICK.003\ntuser.dat.LOG1
[30/12/2017 14:12:04] - |ASH| - [0] - C:\Users\TEMP.PATRICK.003\ntuser.dat.LOG2
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Pictures
[30/12/2017 14:12:03] - |D| - [0] - C:\Users\TEMP.PATRICK.003\Saved Games
[30/12/2017 14:12:03] - |RD| - [0] - C:\Users\TEMP.PATRICK.003\Videos
[30/12/2017 14:12:03] - |D| - [171808] - C:\Users\TEMP.PATRICK.003\AppData\Local
[30/12/2017 14:12:03] - |D| - [19312] - C:\Users\TEMP.PATRICK.003\AppData\Roaming
[30/12/2017 14:12:03] - |D| - [171808] - C:\Users\TEMP.PATRICK.003\AppData\Local\Microsoft
[30/12/2017 14:12:03] - |D| - [0] - C:\Users\TEMP.PATRICK.003\AppData\Local\Temp
[30/12/2017 14:12:03] - |SD| - [19312] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft
[30/12/2017 14:12:03] - |D| - [16794] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:12:03] - |RD| - [3888] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:12:03] - |RD| - [1486] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:12:03] - |D| - [170] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:12:03] - |D| - [0] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:12:03] - |RD| - [3496] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:12:03] - |RD| - [7754] - C:\Users\TEMP.PATRICK.003\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [TEMP.PATRICK.005]

[30/12/2017 14:13:36] - |HD| - [191120] - C:\Users\TEMP.PATRICK.005\AppData
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Desktop
[30/12/2017 14:13:36] - |RD| - [537] - C:\Users\TEMP.PATRICK.005\Documents
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Downloads
[30/12/2017 14:13:36] - |RD| - [1013] - C:\Users\TEMP.PATRICK.005\Favorites
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Links
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Music
[30/12/2017 14:13:36] - |AH| - [262144] - C:\Users\TEMP.PATRICK.005\NTUSER.DAT
[30/12/2017 14:13:37] - |ASH| - [0] - C:\Users\TEMP.PATRICK.005\ntuser.dat.LOG1
[30/12/2017 14:13:37] - |ASH| - [0] - C:\Users\TEMP.PATRICK.005\ntuser.dat.LOG2
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Pictures
[30/12/2017 14:13:36] - |D| - [0] - C:\Users\TEMP.PATRICK.005\Saved Games
[30/12/2017 14:13:36] - |RD| - [0] - C:\Users\TEMP.PATRICK.005\Videos
[30/12/2017 14:13:37] - |D| - [171808] - C:\Users\TEMP.PATRICK.005\AppData\Local
[30/12/2017 14:13:36] - |D| - [19312] - C:\Users\TEMP.PATRICK.005\AppData\Roaming
[30/12/2017 14:13:37] - |D| - [171808] - C:\Users\TEMP.PATRICK.005\AppData\Local\Microsoft
[30/12/2017 14:13:37] - |D| - [0] - C:\Users\TEMP.PATRICK.005\AppData\Local\Temp
[30/12/2017 14:13:36] - |SD| - [19312] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft
[30/12/2017 14:13:36] - |D| - [16794] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 14:13:36] - |RD| - [3888] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 14:13:36] - |RD| - [1486] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[30/12/2017 14:13:36] - |D| - [170] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/12/2017 14:13:36] - |D| - [0] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 14:13:36] - |RD| - [3496] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 14:13:36] - |RD| - [7754] - C:\Users\TEMP.PATRICK.005\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

---------- | [VERONIK]

[30/12/2017 12:53:27] - |HD| - [1234522990] - C:\Users\VERONIK\AppData
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Application Data
[29/08/2014 16:45:19] - |RD| - [412] - C:\Users\VERONIK\Contacts
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Cookies
[29/08/2014 16:45:01] - |RD| - [236262] - C:\Users\VERONIK\Desktop
[29/08/2014 16:45:01] - |RD| - [280647789] - C:\Users\VERONIK\Documents
[29/08/2014 16:45:01] - |RD| - [90153922] - C:\Users\VERONIK\Downloads
[29/08/2014 16:45:01] - |RD| - [37680] - C:\Users\VERONIK\Favorites
[19/11/2015 18:29:50] - |SHD| - [24444] - C:\Users\VERONIK\IntelGraphicsProfiles
[29/08/2014 16:45:01] - |RD| - [2514] - C:\Users\VERONIK\Links
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Local Settings
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Menu DÃ©marrer
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Mes documents
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\ModÃ¨les
[29/08/2014 16:45:01] - |RD| - [504] - C:\Users\VERONIK\Music
[30/12/2017 12:53:26] - |AH| - [6815744] - C:\Users\VERONIK\NTUSER.DAT
[30/12/2017 12:53:27] - |ASH| - [40960] - C:\Users\VERONIK\ntuser.dat.LOG1
[30/12/2017 12:53:27] - |ASH| - [327680] - C:\Users\VERONIK\ntuser.dat.LOG2
[30/12/2017 12:53:27] - |ASH| - [65536] - C:\Users\VERONIK\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TM.blf
[30/12/2017 12:53:27] - |ASH| - [524288] - C:\Users\VERONIK\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000001.regtrans-ms
[30/12/2017 12:53:27] - |ASH| - [524288] - C:\Users\VERONIK\NTUSER.DAT{91a56bde-ed4e-11e7-87ea-fdd748d2fe45}.TMContainer00000000000000000002.regtrans-ms
[29/08/2014 17:30:39] - |RD| - [10250293728] - C:\Users\VERONIK\OneDrive
[29/08/2014 16:45:01] - |RD| - [317102] - C:\Users\VERONIK\Pictures
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Recent
[29/08/2014 16:45:01] - |RD| - [282] - C:\Users\VERONIK\Saved Games
[29/08/2014 16:45:21] - |RD| - [1872] - C:\Users\VERONIK\Searches
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\SendTo
[29/08/2014 16:45:01] - |RD| - [694] - C:\Users\VERONIK\Videos
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Voisinage d'impression
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\Voisinage rÃ©seau
[30/12/2017 12:53:27] - |D| - [1113067105] - C:\Users\VERONIK\AppData\Local
[29/08/2014 16:45:02] - |D| - [15584455] - C:\Users\VERONIK\AppData\LocalLow
[30/12/2017 12:53:27] - |D| - [105871430] - C:\Users\VERONIK\AppData\Roaming
[19/11/2015 18:31:41] - |D| - [0] - C:\Users\VERONIK\AppData\Local\ActiveSync
[03/05/2015 11:10:05] - |D| - [14929844] - C:\Users\VERONIK\AppData\Local\Adobe
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\Application Data
[21/11/2014 20:30:53] - |D| - [53] - C:\Users\VERONIK\AppData\Local\ArcSoft
[04/08/2015 13:02:59] - |D| - [0] - C:\Users\VERONIK\AppData\Local\CEF
[19/11/2015 18:30:43] - |D| - [26763288] - C:\Users\VERONIK\AppData\Local\Comms
[03/10/2016 12:38:39] - |D| - [2547594] - C:\Users\VERONIK\AppData\Local\ConnectedDevicesPlatform
[29/08/2014 16:46:24] - |D| - [156] - C:\Users\VERONIK\AppData\Local\CyberLink
[14/09/2017 08:07:52] - |D| - [0] - C:\Users\VERONIK\AppData\Local\DBG
[17/09/2014 08:31:04] - |D| - [34675542] - C:\Users\VERONIK\AppData\Local\Diagnostics
[13/11/2014 18:11:13] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\EmieBrowserModeList
[29/08/2014 16:48:11] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\EmieSiteList
[29/08/2014 16:48:11] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\EmieUserList
[05/10/2016 15:38:56] - |D| - [40] - C:\Users\VERONIK\AppData\Local\Google
[01/06/2015 12:30:47] - |D| - [71] - C:\Users\VERONIK\AppData\Local\GWX
[03/11/2014 13:12:07] - |D| - [5745] - C:\Users\VERONIK\AppData\Local\Hewlett-Packard
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\Historique
[08/09/2014 14:24:18] - |D| - [44] - C:\Users\VERONIK\AppData\Local\HP
[15/10/2014 10:33:32] - |D| - [1911] - C:\Users\VERONIK\AppData\Local\Intel_Corporation
[30/08/2014 08:14:45] - |D| - [0] - C:\Users\VERONIK\AppData\Local\Macromedia
[30/12/2017 12:53:27] - |D| - [762514969] - C:\Users\VERONIK\AppData\Local\Microsoft
[25/11/2015 11:46:12] - |D| - [70396] - C:\Users\VERONIK\AppData\Local\Microsoft Help
[22/11/2015 10:53:55] - |D| - [78565] - C:\Users\VERONIK\AppData\Local\MicrosoftEdge
[29/08/2014 18:10:53] - |D| - [1475504] - C:\Users\VERONIK\AppData\Local\Mozilla
[22/11/2015 13:00:24] - |D| - [0] - C:\Users\VERONIK\AppData\Local\NetworkTiles
[22/11/2014 17:37:48] - |D| - [272431] - C:\Users\VERONIK\AppData\Local\Nikon
[07/10/2016 16:55:07] - |D| - [6549931] - C:\Users\VERONIK\AppData\Local\Opera Software
[30/12/2017 12:55:17] - |D| - [251056076] - C:\Users\VERONIK\AppData\Local\Packages
[29/08/2014 16:45:38] - |D| - [40960] - C:\Users\VERONIK\AppData\Local\Power2Go8
[19/11/2015 18:34:07] - |D| - [131643] - C:\Users\VERONIK\AppData\Local\Publishers
[30/12/2017 12:53:27] - |D| - [0] - C:\Users\VERONIK\AppData\Local\Temp
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\AppData\Local\Temporary Internet Files
[19/11/2015 18:29:54] - |D| - [11952128] - C:\Users\VERONIK\AppData\Local\TileDataLayer
[29/08/2014 16:45:09] - |D| - [132] - C:\Users\VERONIK\AppData\Local\VirtualStore
[14/09/2017 07:52:53] - |D| - [82] - C:\Users\VERONIK\AppData\Local\Wondershare
[03/05/2015 11:10:05] - |D| - [46080] - C:\Users\VERONIK\AppData\LocalLow\Adobe
[13/11/2014 18:10:32] - |SHD| - [0] - C:\Users\VERONIK\AppData\LocalLow\EmieBrowserModeList
[29/08/2014 16:48:08] - |SHD| - [0] - C:\Users\VERONIK\AppData\LocalLow\EmieSiteList
[29/08/2014 16:48:16] - |SHD| - [0] - C:\Users\VERONIK\AppData\LocalLow\EmieUserList
[29/08/2014 16:45:05] - |SD| - [1387891] - C:\Users\VERONIK\AppData\LocalLow\Microsoft
[17/09/2014 15:24:19] - |D| - [14150484] - C:\Users\VERONIK\AppData\LocalLow\PlayReady
[15/04/2015 11:36:02] - |D| - [0] - C:\Users\VERONIK\AppData\LocalLow\Temp
[29/08/2014 16:45:10] - |D| - [1464601] - C:\Users\VERONIK\AppData\Roaming\Adobe
[21/11/2014 20:28:17] - |D| - [290258] - C:\Users\VERONIK\AppData\Roaming\ArcSoft
[29/08/2014 16:51:03] - |D| - [0] - C:\Users\VERONIK\AppData\Roaming\Avira
[01/10/2014 17:10:53] - |D| - [0] - C:\Users\VERONIK\AppData\Roaming\CyberLink
[13/04/2016 20:12:40] - |D| - [0] - C:\Users\VERONIK\AppData\Roaming\Hewlett-Packard
[31/08/2014 10:26:45] - |D| - [15550] - C:\Users\VERONIK\AppData\Roaming\HpUpdate
[18/03/2015 05:32:56] - |D| - [0] - C:\Users\VERONIK\AppData\Roaming\Identities
[29/08/2014 16:48:14] - |D| - [5136] - C:\Users\VERONIK\AppData\Roaming\Macromedia
[30/12/2017 12:53:27] - |SD| - [84086882] - C:\Users\VERONIK\AppData\Roaming\Microsoft
[29/08/2014 18:10:53] - |D| - [13319990] - C:\Users\VERONIK\AppData\Roaming\Mozilla
[22/11/2014 17:37:49] - |D| - [94413] - C:\Users\VERONIK\AppData\Roaming\Nikon
[07/10/2016 16:55:00] - |D| - [6572614] - C:\Users\VERONIK\AppData\Roaming\Opera Software
[23/08/2016 20:11:52] - |D| - [77] - C:\Users\VERONIK\AppData\Roaming\Skype
[29/08/2014 16:45:23] - |D| - [0] - C:\Users\VERONIK\AppData\Roaming\Synaptics
[29/08/2014 18:49:31] - |A| - [21909] - C:\Users\VERONIK\AppData\Roaming\Valeurs sÃ©parÃ©es par une virgule.ADR
[29/08/2014 16:45:20] - |ASH| - [174] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[30/12/2017 12:53:27] - |SHD| - [0] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[02/10/2016 11:56:59] - |RD| - [19600] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[30/12/2017 12:53:27] - |RD| - [3888] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[30/12/2017 12:53:27] - |RD| - [1486] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[29/08/2014 16:45:21] - |RD| - [174] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[30/12/2017 12:53:27] - |D| - [170] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[19/11/2015 18:36:43] - |A| - [2458] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[29/08/2014 16:45:21] - |RD| - [174] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[30/12/2017 12:53:27] - |RD| - [3496] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[30/12/2017 12:53:27] - |RD| - [7754] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[29/08/2014 16:45:21] - |ASH| - [174] - C:\Users\VERONIK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [veron_000]

[22/06/2014 10:07:22] - |HD| - [0] - C:\Users\veron_000\AppData
[26/07/2014 13:03:00] - |A| - [262144] - C:\Users\veron_000\NTUSER.DAT
[26/07/2014 13:03:00] - |ASH| - [8192] - C:\Users\veron_000\NTUSER.DAT.LOG1
[26/07/2014 13:03:00] - |ASH| - [8192] - C:\Users\veron_000\NTUSER.DAT.LOG2
[26/07/2014 13:03:00] - |ASH| - [65536] - C:\Users\veron_000\NTUSER.DAT{c5911592-0a6e-11e4-8269-b8ee652537d4}.TM.blf
[26/07/2014 13:03:00] - |ASH| - [524288] - C:\Users\veron_000\NTUSER.DAT{c5911592-0a6e-11e4-8269-b8ee652537d4}.TMContainer00000000000000000001.regtrans-ms
[26/07/2014 13:03:00] - |ASH| - [524288] - C:\Users\veron_000\NTUSER.DAT{c5911592-0a6e-11e4-8269-b8ee652537d4}.TMContainer00000000000000000002.regtrans-ms
[22/06/2014 10:07:22] - |D| - [0] - C:\Users\veron_000\AppData\Roaming
[22/06/2014 10:07:22] - |D| - [0] - C:\Users\veron_000\AppData\Roaming\Microsoft

---------- | C:\ProgramData

[19/11/2014 12:35:37] - |D| - [1408] - C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583
[23/02/2018 20:10:38] - |D| - [58084] - C:\ProgramData\ABBYY
[31/03/2015 11:36:47] - |D| - [318327632] - C:\ProgramData\Adobe
[22/06/2014 09:43:17] - |A| - [57] - C:\ProgramData\Ament.ini
[22/04/2014 18:40:11] - |D| - [2682368] - C:\ProgramData\Apple
[30/12/2017 13:49:54] - |SHD| - [0] - C:\ProgramData\Application Data
[19/11/2014 12:42:10] - |D| - [1691177] - C:\ProgramData\ArcSoft
[23/04/2018 10:57:34] - |D| - [3306709] - C:\ProgramData\AVAST Software
[26/07/2014 13:14:44] - |D| - [361168793] - C:\ProgramData\Avira
[22/06/2015 17:37:55] - |D| - [4194316] - C:\ProgramData\boost_interprocess
[12/09/2015 10:17:08] - |D| - [0] - C:\ProgramData\BSD
[31/08/2015 09:46:16] - |D| - [7998673] - C:\ProgramData\BSD Concept
[22/06/2014 05:19:05] - |SHD| - [0] - C:\ProgramData\Bureau
[16/07/2016 13:47:48] - |D| - [0] - C:\ProgramData\Comms
[22/04/2014 18:49:47] - |D| - [1085194] - C:\ProgramData\CyberLink
[30/12/2017 13:49:54] - |SHD| - [0] - C:\ProgramData\Documents
[19/11/2014 12:36:26] - |D| - [12] - C:\ProgramData\Effects
[19/11/2014 12:36:26] - |D| - [484] - C:\ProgramData\EnterNHelp
[19/11/2014 12:37:34] - |D| - [12] - C:\ProgramData\Error Handlers
[19/11/2014 12:36:26] - |D| - [12] - C:\ProgramData\Filters
[04/11/2013 13:34:58] - |D| - [32509252] - C:\ProgramData\Hewlett-Packard
[22/06/2014 09:43:58] - |AD| - [304071591] - C:\ProgramData\HP
[22/06/2014 09:48:11] - |AD| - [2888338] - C:\ProgramData\HP Photo Creations
[22/04/2014 18:45:53] - |D| - [916245] - C:\ProgramData\install_clap
[22/04/2014 18:34:00] - |D| - [31849751] - C:\ProgramData\Intel
[04/09/2017 09:10:26] - |D| - [124] - C:\ProgramData\Licenses
[01/09/2014 07:43:54] - |D| - [932734572] - C:\ProgramData\Malwarebytes
[22/04/2014 18:56:36] - |D| - [176] - C:\ProgramData\McAfee
[22/06/2014 05:19:05] - |SHD| - [0] - C:\ProgramData\Menu DÃ©marrer
[29/09/2017 15:46:33] - |SD| - [1856398269] - C:\ProgramData\Microsoft
[30/12/2017 14:23:04] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[26/08/2014 18:08:28] - |D| - [0] - C:\ProgramData\Microsoft SkyDrive
[22/06/2014 05:19:05] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[21/11/2014 10:15:08] - |D| - [286944] - C:\ProgramData\Nikon
[18/10/2015 14:32:06] - |D| - [48] - C:\ProgramData\Orange
[21/08/2014 10:38:27] - |D| - [47326644] - C:\ProgramData\Package Cache
[26/08/2014 19:43:20] - |D| - [231208455] - C:\ProgramData\PC1Data
[23/02/2018 18:21:02] - |D| - [359] - C:\ProgramData\PDFelement 6 Pro
[19/11/2014 12:36:26] - |A| - [268] - C:\ProgramData\Pedal Hard
[19/11/2014 12:37:34] - |A| - [268] - C:\ProgramData\People
[19/11/2014 12:36:26] - |A| - [268] - C:\ProgramData\Percussion Kit
[05/01/2018 18:59:06] - |A| - [0] - C:\ProgramData\PKP_DLes.DAT
[31/07/2017 08:32:51] - |A| - [0] - C:\ProgramData\PKP_DLet.DAT
[31/07/2017 08:39:50] - |A| - [0] - C:\ProgramData\PKP_DLev.DAT
[22/04/2014 18:32:02] - |D| - [130199] - C:\ProgramData\Qualcomm Atheros
[22/06/2015 18:31:26] - |D| - [1703] - C:\ProgramData\regid.1986-12.com.adobe
[29/09/2017 15:46:33] - |D| - [4303] - C:\ProgramData\regid.1991-06.com.microsoft
[28/12/2014 15:33:52] - |D| - [11686949] - C:\ProgramData\Samsung
[26/07/2014 14:07:41] - |D| - [215740416] - C:\ProgramData\Skype
[29/09/2017 15:46:33] - |D| - [0] - C:\ProgramData\SoftwareDistribution
[06/10/2016 08:45:25] - |D| - [0] - C:\ProgramData\SUPPORTDIR
[22/06/2014 07:35:25] - |D| - [214310] - C:\ProgramData\Synaptics
[22/04/2014 18:45:54] - |AD| - [2120987] - C:\ProgramData\Temp
[19/11/2014 12:36:26] - |D| - [60] - C:\ProgramData\Ultima_T15
[29/09/2017 15:46:33] - |D| - [14364] - C:\ProgramData\USOPrivate
[30/12/2017 12:58:30] - |D| - [1454080] - C:\ProgramData\USOShared
[22/06/2014 09:48:11] - |D| - [95268] - C:\ProgramData\Visan
[04/11/2013 13:49:53] - |D| - [2486041] - C:\ProgramData\WildTangent
[30/09/2017 16:41:33] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices
[27/02/2017 20:59:09] - |D| - [0] - C:\ProgramData\Wondershare

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[29/09/2017 15:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[22/06/2014 05:19:05] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[29/09/2017 15:46:33] - |D| - [191585] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[19/03/2017 03:49:44] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
[29/09/2017 15:46:33] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[29/09/2017 15:46:33] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/04/2017 08:52:09] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[29/04/2015 12:09:20] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat ReaderÂ DC.lnk
[29/09/2017 15:46:33] - |RD| - [21770] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[19/11/2014 12:42:10] - |D| - [4896] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[19/11/2014 12:41:25] - |D| - [1999] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
[07/03/2017 10:19:05] - |A| - [738] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistant Mise Ã  niveau de Windows 10.lnk
[11/06/2017 07:55:25] - |D| - [7143] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[31/08/2015 09:46:58] - |D| - [5662] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BSD Concept
[22/06/2014 17:53:08] - |D| - [2212] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capturino 1.4
[23/02/2017 20:06:21] - |D| - [970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[22/04/2014 18:51:26] - |RD| - [1717] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[06/10/2016 08:48:41] - |A| - [1970] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 7 Mirror.lnk
[06/10/2016 08:48:40] - |A| - [2253] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 7.lnk
[29/09/2017 15:46:38] - |ASH| - [530] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/06/2014 09:47:09] - |A| - [1010] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Enregistrement OCR I.R.I.S..lnk
[19/03/2017 03:49:44] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
[04/11/2013 13:49:59] - |RD| - [12938] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[23/02/2017 20:06:14] - |A| - [2306] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[02/03/2018 15:53:49] - |A| - [2252] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
[22/06/2014 09:46:54] - |D| - [7663] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[04/11/2013 13:47:48] - |RD| - [2406] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[29/09/2017 15:43:11] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[19/11/2014 12:29:37] - |D| - [744] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[29/09/2017 15:46:33] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[10/04/2018 07:17:28] - |D| - [3910] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[22/11/2015 20:22:23] - |D| - [2345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[04/11/2013 13:40:46] - |A| - [1321] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[14/03/2017 15:56:53] - |A| - [1235] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[03/06/2017 09:38:51] - |D| - [8073] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[28/12/2014 15:36:11] - |D| - [1055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[19/11/2014 12:39:21] - |D| - [4449] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[19/03/2017 03:49:44] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[19/03/2017 03:49:44] - |D| - [5209] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office 2016
[19/03/2017 03:49:45] - |A| - [2482] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
[04/11/2013 13:40:42] - |A| - [1390] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[19/03/2017 03:49:45] - |A| - [2521] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
[04/11/2013 13:34:06] - |RD| - [10427] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[19/03/2017 03:49:45] - |A| - [2444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
[28/12/2014 15:34:46] - |D| - [11070] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[04/11/2013 13:34:57] - |RD| - [2545] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[22/06/2014 07:35:09] - |RD| - [2305] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[28/06/2017 19:11:07] - |D| - [2144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[29/09/2017 15:46:33] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
[29/09/2017 15:46:33] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[19/11/2014 12:36:44] - |D| - [6152] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[30/12/2017 13:06:50] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[23/02/2018 18:21:03] - |D| - [2819] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[19/03/2017 03:49:45] - |A| - [2504] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[29/09/2017 15:46:38] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[29/04/2015 12:09:11] - |D| - [284687519] - C:\Program Files (x86)\Adobe
[19/11/2014 12:40:35] - |D| - [42968595] - C:\Program Files (x86)\ArcSoft
[26/07/2014 13:14:44] - |D| - [1010380354] - C:\Program Files (x86)\Avira
[22/04/2014 18:31:41] - |AD| - [1377746] - C:\Program Files (x86)\Bluetooth Suite
[22/04/2014 18:40:11] - |AD| - [631140] - C:\Program Files (x86)\Bonjour
[31/08/2015 09:46:13] - |D| - [246487249] - C:\Program Files (x86)\BSD Concept
[22/06/2014 17:52:48] - |D| - [1083256] - C:\Program Files (x86)\Capturino 1.4
[29/09/2017 15:46:33] - |D| - [528488447] - C:\Program Files (x86)\Common Files
[22/04/2014 18:46:41] - |D| - [1978646175] - C:\Program Files (x86)\CyberLink
[29/09/2017 15:46:37] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[22/06/2014 17:56:20] - |D| - [482986384] - C:\Program Files (x86)\Google
[04/11/2013 12:54:36] - |AD| - [443020712] - C:\Program Files (x86)\Hewlett-Packard
[22/06/2014 09:43:49] - |AD| - [113934514] - C:\Program Files (x86)\HP
[22/06/2014 09:48:11] - |D| - [451059] - C:\Program Files (x86)\HP Photo Creations
[04/11/2013 13:46:33] - |HD| - [199678945] - C:\Program Files (x86)\InstallShield Installation Information
[22/04/2014 18:34:03] - |D| - [12876901] - C:\Program Files (x86)\Intel
[29/09/2017 15:46:33] - |D| - [2017590] - C:\Program Files (x86)\Internet Explorer
[01/09/2014 07:45:18] - |AD| - [60377850] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[01/09/2014 07:43:52] - |D| - [0] - C:\Program Files (x86)\Malwarebytes' Anti-Malware
[18/01/2015 17:53:44] - |D| - [2530872] - C:\Program Files (x86)\MarkAny
[04/11/2013 13:35:35] - |AD| - [2304771260] - C:\Program Files (x86)\Microsoft Office
[22/11/2015 20:22:21] - |AD| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[03/08/2014 10:03:23] - |D| - [5659096] - C:\Program Files (x86)\Microsoft SkyDrive
[04/11/2013 13:40:34] - |AD| - [1829877] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[29/09/2017 15:46:33] - |D| - [8210119] - C:\Program Files (x86)\Microsoft.NET
[03/10/2017 07:46:16] - |AD| - [147834899] - C:\Program Files (x86)\Mozilla Firefox
[14/03/2017 15:56:47] - |D| - [310450] - C:\Program Files (x86)\Mozilla Maintenance Service
[30/12/2017 11:53:11] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[28/12/2014 15:36:09] - |D| - [11273915] - C:\Program Files (x86)\MyFree Codec
[19/11/2014 12:36:41] - |D| - [40440305] - C:\Program Files (x86)\Nikon
[06/10/2016 08:48:38] - |D| - [4472561] - C:\Program Files (x86)\NSIS Uninstall Information
[04/11/2013 13:43:29] - |RD| - [1676037] - C:\Program Files (x86)\Online Services
[07/10/2016 12:39:44] - |D| - [1639] - C:\Program Files (x86)\Opera
[22/04/2014 18:32:06] - |AD| - [4366697] - C:\Program Files (x86)\Qualcomm Atheros
[22/04/2014 18:34:27] - |D| - [32062795] - C:\Program Files (x86)\Realtek
[30/12/2017 11:53:11] - |D| - [38454529] - C:\Program Files (x86)\Reference Assemblies
[28/12/2014 15:33:52] - |D| - [322309355] - C:\Program Files (x86)\Samsung
[26/07/2014 14:07:45] - |RD| - [89861891] - C:\Program Files (x86)\Skype
[28/02/2017 10:08:09] - |AD| - [118] - C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[22/04/2014 18:36:39] - |HD| - [0] - C:\Program Files (x86)\Temp
[19/11/2015 13:24:15] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[15/06/2015 19:58:44] - |D| - [6836169] - C:\Program Files (x86)\VS Revo Group
[04/11/2013 13:50:08] - |AD| - [0] - C:\Program Files (x86)\WildGames
[04/11/2013 13:49:54] - |D| - [22480081] - C:\Program Files (x86)\WildTangent Games
[29/09/2017 15:46:33] - |D| - [1794312] - C:\Program Files (x86)\Windows Defender
[04/11/2013 13:40:15] - |AD| - [91046147] - C:\Program Files (x86)\Windows Live
[29/09/2017 15:46:33] - |D| - [627712] - C:\Program Files (x86)\Windows Mail
[30/09/2017 16:40:33] - |D| - [3294663] - C:\Program Files (x86)\Windows Media Player
[29/09/2017 15:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[29/09/2017 15:46:33] - |D| - [7569090] - C:\Program Files (x86)\windows nt
[29/09/2017 15:46:33] - |D| - [5358896] - C:\Program Files (x86)\Windows Photo Viewer
[29/09/2017 15:46:33] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[29/09/2017 15:46:33] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[29/09/2017 15:46:33] - |D| - [2251143] - C:\Program Files (x86)\WindowsPowerShell
[23/02/2018 18:20:42] - |D| - [1205602859] - C:\Program Files (x86)\Wondershare

---------- | C:\Program Files

[04/11/2013 13:34:04] - |D| - [4588532] - C:\Program Files\7-Zip
[22/04/2014 18:40:11] - |AD| - [613987] - C:\Program Files\Bonjour
[23/02/2017 20:06:17] - |AD| - [37561232] - C:\Program Files\CCleaner
[29/09/2017 15:46:33] - |D| - [208852622] - C:\Program Files\Common Files
[29/09/2017 15:46:37] - |ASH| - [174] - C:\Program Files\desktop.ini
[22/06/2014 05:19:05] - |SHD| - [0] - C:\Program Files\Fichiers communs
[02/03/2018 15:53:37] - |D| - [211004217] - C:\Program Files\Google
[02/10/2013 23:14:48] - |D| - [5260771] - C:\Program Files\Hewlett-Packard
[22/06/2014 09:43:28] - |D| - [211718796] - C:\Program Files\HP
[03/06/2017 09:38:06] - |D| - [35752684] - C:\Program Files\Intel
[29/09/2017 15:46:33] - |D| - [2641165] - C:\Program Files\internet explorer
[09/03/2017 14:16:21] - |D| - [158341528] - C:\Program Files\Malwarebytes
[20/11/2015 08:37:30] - |D| - [8986976] - C:\Program Files\Microsoft Office 15
[22/11/2015 20:22:21] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight
[30/12/2017 11:53:11] - |D| - [25757] - C:\Program Files\MSBuild
[19/11/2014 12:36:40] - |D| - [61468014] - C:\Program Files\Nikon
[04/11/2013 13:43:40] - |RD| - [706508] - C:\Program Files\Online Services
[18/10/2015 14:31:39] - |D| - [31221745] - C:\Program Files\Orange
[03/06/2017 09:38:33] - |D| - [34970806] - C:\Program Files\Realtek
[30/12/2017 11:53:11] - |D| - [36854953] - C:\Program Files\Reference Assemblies
[24/02/2017 11:17:39] - |D| - [829264] - C:\Program Files\ReviverSoft
[03/06/2017 09:36:52] - |D| - [144723048] - C:\Program Files\Synaptics
[22/08/2013 16:47:10] - |HD| - [0] - C:\Program Files\Uninstall Information
[01/06/2017 19:01:04] - |AD| - [6553600] - C:\Program Files\UNP
[29/09/2017 15:46:33] - |RD| - [17900385] - C:\Program Files\Windows Defender
[29/09/2017 15:46:33] - |D| - [638976] - C:\Program Files\Windows Mail
[30/09/2017 16:40:33] - |D| - [4824555] - C:\Program Files\Windows Media Player
[29/09/2017 15:46:33] - |D| - [49680] - C:\Program Files\Windows Multimedia Platform
[29/09/2017 15:46:33] - |D| - [7836866] - C:\Program Files\windows nt
[29/09/2017 15:46:33] - |D| - [6137656] - C:\Program Files\Windows Photo Viewer
[29/09/2017 15:46:33] - |D| - [49688] - C:\Program Files\Windows Portable Devices
[29/09/2017 15:46:33] - |D| - [96880] - C:\Program Files\Windows Security
[29/09/2017 15:46:33] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[29/09/2017 15:46:33] - |HD| - [2619861789] - C:\Program Files\WindowsApps
[29/09/2017 15:46:33] - |D| - [2501937] - C:\Program Files\WindowsPowerShell

---------- | C:\Program Files (x86)\Common Files

[29/04/2015 12:09:12] - |AD| - [151942931] - C:\Program Files (x86)\Common Files\Adobe
[19/11/2014 12:40:33] - |D| - [64612120] - C:\Program Files (x86)\Common Files\ArcSoft
[22/04/2014 18:31:42] - |D| - [35129] - C:\Program Files (x86)\Common Files\Atheros
[22/04/2014 18:55:40] - |D| - [96216] - C:\Program Files (x86)\Common Files\CyberLink
[20/04/2018 19:39:50] - |D| - [24240] - C:\Program Files (x86)\Common Files\DESIGNER
[22/04/2014 18:36:36] - |D| - [3248736] - C:\Program Files (x86)\Common Files\InstallShield
[03/06/2017 09:37:56] - |D| - [107006637] - C:\Program Files (x86)\Common Files\Intel
[29/09/2017 15:46:33] - |D| - [48553671] - C:\Program Files (x86)\Common Files\microsoft shared
[19/11/2014 12:37:45] - |AD| - [13029030] - C:\Program Files (x86)\Common Files\Nikon
[22/04/2014 18:31:41] - |D| - [797540] - C:\Program Files (x86)\Common Files\QCA_Bluetooth
[29/09/2017 15:46:33] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[28/06/2017 19:11:06] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[29/09/2017 15:46:33] - |D| - [9530251] - C:\Program Files (x86)\Common Files\system
[04/11/2013 13:39:32] - |D| - [120107047] - C:\Program Files (x86)\Common Files\Windows Live
[03/09/2017 11:11:37] - |D| - [6927901] - C:\Program Files (x86)\Common Files\Wondershare

---------- | C:\Program Files\Common files

[22/06/2015 18:14:27] - |D| - [247232] - C:\Program Files\Common files\Adobe
[03/06/2017 09:37:25] - |D| - [1369] - C:\Program Files\Common files\Atheros
[23/04/2018 11:04:40] - |D| - [1856480] - C:\Program Files\Common files\AVAST Software
[29/09/2017 15:46:33] - |D| - [153707415] - C:\Program Files\Common files\microsoft shared
[19/11/2014 12:36:41] - |AD| - [42033281] - C:\Program Files\Common files\Nikon
[22/04/2014 18:31:41] - |D| - [797540] - C:\Program Files\Common files\QCA_Bluetooth
[29/09/2017 15:46:33] - |D| - [2702] - C:\Program Files\Common files\Services
[29/09/2017 15:46:33] - |D| - [10206603] - C:\Program Files\Common files\system

---------- | Tasks

[MD5.CD2C346E26501438A69C3216EDD23CEA] - [27/02/2017 17:18:34] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
[MD5.06A51E7B65F44F8AA88826A6E8CB36B1] - [26/02/2018 10:29:22] - |A| - [356] - C:\WINDOWS\Tasks\HPCeeScheduleForPatrick.job
[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [30/12/2017 13:48:39] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.12B53E64EC8B2C56FEF060B8EE4E8E35] - [19/11/2015 12:57:25] - |A| - [264] - C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
[MD5.0C7931A39FF1CEE81F9F08BF2FBB7B25] - [30/12/2017 13:48:38] - |A| - [4562] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task         :   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[MD5.422F894295F622EBADCCE17CE050FBBC] - [14/03/2018 20:06:07] - |A| - [4748] - C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier         :   C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe
[MD5.8EE2882A68FBAA300C24EF78D0A5D757] - [30/12/2017 13:48:38] - |A| - [4712] - C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier         :   C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe
[MD5.0498CFABC0772D8303EA647FA02AB128] - [30/12/2017 13:48:38] - |A| - [4558] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater         :   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.F468D9C427053B6BDE8AD382302A194F] - [29/04/2018 19:44:08] - |A| - [3374] - C:\WINDOWS\System32\Tasks\Avira_Antivirus_Systray         :   "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"
[MD5.44A213204D88335C4A45D4865472AB64] - [14/01/2018 10:57:02] - |A| - [3936] - C:\WINDOWS\System32\Tasks\CCleaner Update         :   C:\Program Files\CCleaner\CCUpdate.exe
[MD5.E13FB2AE238C0C95893BB247B30643E1] - [30/12/2017 13:48:38] - |A| - [2858] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.20F75BBD23F925260084EFB0FF65DD2C] - [30/12/2017 13:48:38] - |A| - [2352] - C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8         :   C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
[MD5.2272F072E333CA04E9E0D7EBF37975F0] - [30/12/2017 13:48:38] - |A| - [2352] - C:\WINDOWS\System32\Tasks\CLVDLauncher         :   C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
[MD5.8A9F05A763D3CEEA0DE344DC0B8D1B54] - [30/12/2017 13:48:38] - |A| - [2008] - C:\WINDOWS\System32\Tasks\FaxApplications.exe_{45E822B1-C73F-4E5F-A624-E109FB835485}         :   C:\Program Files\HP\HP Officejet 4630 series\Bin\FaxApplications.exe
[MD5.FDFD5690EC0878A706951A6963B9B75D] - [30/12/2017 13:48:38] - |A| - [3290] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.04641ED3C38BD61245F43281C51DC68D] - [30/12/2017 13:48:38] - |A| - [3514] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA         :   C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] - [30/12/2017 13:48:38] - |D| - [26908] - C:\WINDOWS\System32\Tasks\Hewlett-Packard
[MD5.36AA99C47B2BCE3734C11F2470770CEC] - [30/12/2017 13:48:38] - |A| - [3048] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 4ba89dd2808145be9d415a1b82b2d4c59d7a2adb9e264a46961bacc5917ba472         :   C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe
[MD5.FA71FFD3C631454B061DC17D0FCA67E3] - [30/12/2017 13:48:38] - |A| - [2752] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 7295639e1a004599bcffec441ede2c5798bcf81e62644a03b6b591401e723d1b         :   C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe
[MD5.7AB2C1DDE01FC9FC620DEC98CC8149A3] - [30/12/2017 13:48:38] - |A| - [2752] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 96b43d4ae8474ca5a8ff25a3650ca34b45bfb6d4fe2b4a54aeaf95b319742780         :   C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe
[MD5.9EC9E74319AD02C816102D35CE8F55F3] - [30/12/2017 13:48:38] - |A| - [2752] - C:\WINDOWS\System32\Tasks\HP AR Program Upload - 9ea29ba2ad7345eba2699d268bf2df89266c0c46bd1a4e7f9ca478333e472aac         :   C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe
[MD5.2D61367B981A11C839E536101EEC3DCC] - [30/12/2017 13:48:38] - |A| - [2028] - C:\WINDOWS\System32\Tasks\HPCustPartic.exe_{F54DD2A7-31EA-4B22-928D-327BBE0F47B1}         :   C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe
[MD5.25B784FA22FC74C9C1CC51EFF1F2D606] - [30/12/2017 13:48:38] - |A| - [2502] - C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet 4630 series         :   "C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe"
[MD5.00000000000000000000000000000000] - [29/09/2017 15:46:34] - |D| - [594342] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.A6969FFEE3D9EE7120CAA89B7DFC76F5] - [30/12/2017 13:48:39] - |A| - [2824] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task         :   C:\Users\VERONIK\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
[MD5.5F764036C4A78115D9F105E4798225DE] - [30/12/2017 13:48:39] - |A| - [3362] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3311965274-403475795-341010734-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.867157200359CAD322E198205E18EADE] - [30/12/2017 13:48:39] - |A| - [3596] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1314184813-1300351738-2939004454-500         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.01312EE639EA25EA918C6282AA543BB6] - [30/12/2017 13:48:39] - |A| - [3592] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2323992412-533519598-971084482-500         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.7ABD76276C4067D2CC7D60088A461E46] - [30/12/2017 13:48:39] - |A| - [3596] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2616308211-1586446307-3302517355-500         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.9D63681B7428C93220E4A9B2BB727DE4] - [30/12/2017 13:48:39] - |A| - [2808] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1001         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.E8AAAA5A3698BD52681865ABA9F96BA7] - [30/12/2017 13:48:39] - |A| - [2748] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1007         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.9180DBDFA99F9315DDDCECE77E7B0F56] - [30/12/2017 13:48:39] - |A| - [2748] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1016         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.4FEB9A77D0E5E85E8D785866D90D6D2A] - [30/12/2017 13:48:39] - |A| - [2748] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1018         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.C19EE986CE37B49DDCCFE5645AACC2C8] - [30/12/2017 13:48:39] - |A| - [2808] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-1020         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.3D23AB8BF45A7E601BDD604A28430D63] - [30/12/2017 13:48:39] - |A| - [2316] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3311965274-403475795-341010734-500         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.1B04038C75D7FD7D42FB9BBE154098EA] - [30/12/2017 13:48:39] - |A| - [3592] - C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-670460367-620303816-3470953987-500         :   %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
[MD5.8F07D48F2F9CB42648E1E41D725EC53A] - [30/12/2017 13:48:39] - |A| - [2116] - C:\WINDOWS\System32\Tasks\ScanToPCActivationApp.exe_{A6B02579-26A1-4ED8-A0D4-638E878B6A0D}         :   C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
[MD5.5E64708196B89FB2EB75A771341D8F03] - [30/12/2017 13:48:39] - |A| - [2048] - C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements         :   "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
[MD5.351714321F22376D10CE49BA3067B5D0] - [30/12/2017 13:48:39] - |A| - [1956] - C:\WINDOWS\System32\Tasks\Toolbox.exe_{9C327167-1BE0-45B0-B986-F3CDEE099BD7}         :   C:\Program Files\HP\HP Officejet 4630 series\Bin\Toolbox.exe
[MD5.A8830840B6D7BB56FACEEC1266AC80CE] - [30/12/2017 13:48:39] - |A| - [3082] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2C8672C2-4390-4918-A9C7-8218CA6BF238}         :   C:\Windows\system32\msfeedssync.exe
[MD5.8FBACA94EB0C43698F4256BD9D15FE0B] - [30/12/2017 13:48:39] - |A| - [3086] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5ECF1D0E-F3A4-4274-91B7-15FCC0EEF301}         :   C:\Windows\system32\msfeedssync.exe
[MD5.2E2878B7A8E226D3A5BABD27CEEDE5A9] - [30/12/2017 13:48:39] - |A| - [3082] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1E3F979-EBB4-43D5-9B9D-B5A2D1DE05B3}         :   C:\Windows\system32\msfeedssync.exe
[MD5.EC7481F4C9D103B4223ED1E38C642DC3] - [30/12/2017 13:48:39] - |A| - [3304] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB5C9BCD-4838-4092-9816-BD2E6F13DDF5}         :   C:\Windows\system32\msfeedssync.exe
[MD5.16FC1728F02C0E6E38EB78FA079B14CD] - [30/12/2017 13:48:39] - |A| - [3304] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D813C16D-3859-4383-9C47-BCC62C7A9A93}         :   C:\Windows\system32\msfeedssync.exe
[MD5.0A47D3D236E560B285F29269B7A1B0E4] - [30/12/2017 13:48:39] - |A| - [3082] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC0FA157-B231-480E-9377-03545953143B}         :   C:\Windows\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [30/12/2017 13:48:39] - |D| - [0] - C:\WINDOWS\System32\Tasks\WPD
[MD5.34ABA38F4EE904F69E9C80108C5E1F2C] - [30/12/2017 13:48:39] - |A| - [2486] - C:\WINDOWS\System32\Tasks\YCMServiceAgent         :   C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
[MD5.A1E2F1DD999D6276F0BFC78BC6B5BEED] - [30/12/2017 13:48:39] - |A| - [2218] - C:\WINDOWS\System32\Tasks\{8EAA4BA4-005B-446F-ACDA-0428861C99C4}         :   "c:\windows\system32\launchwinapp.exe"
[MD5.1CAE16D4C8D8F9A1028E70060CFC2256] - [30/12/2017 13:48:39] - |A| - [2178] - C:\WINDOWS\System32\Tasks\{B90BE772-893A-4871-BAB2-FF70C4B45845}         :   C:\WINDOWS\system32\pcalua.exe
[MD5.00000000000000000000000000000000] - [29/09/2017 15:46:34] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"WirelessDisplay-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"{EA97CA34-5FB7-4ACD-B376-26880BB73EBA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{DA731ED6-7874-4232-BFFB-50302DF31F17}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{66EB4310-F5A3-48D7-BC3D-39CF53581136}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Sway|Desc=Sway|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{67D78DD6-B637-48B7-9BE1-E03ADF08C5E7}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=View 3D|Desc=View 3D|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3739514657-3828455176-2936196785-2025316370-1894713875-3268641221-1640234959|EmbedCtxt=View 3D|Platform=2:6:2|Platform2=GTEQ|
"{915F0081-D384-4337-8437-238A1102272A}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
"{F5F8E451-638A-4535-A660-B4FB1F3A3D6A}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{14040A8E-1F89-4312-A3C5-5D2EA3D5E8E4}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{13801C1F-6D1D-465D-B462-AD8B22282F7D}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{92FE4FE9-37EC-4FFD-A948-869FF7A03910}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|
"{A211D1E4-FFC2-4A02-BB33-269FC3AD1F99}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Wallet|Desc=Wallet|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Wallet|Platform=2:6:2|Platform2=GTEQ|
"{0B7BA8B0-2B86-4A0B-B9F4-35DB8093D78C}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F055C1B8-D070-4A92-98E3-D4EC628346BD}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{86EFEADE-CEFC-4BB4-989C-BA7908D64A0F}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Xbox Game bar|Desc=Xbox Game bar|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-1823635404-1364722122-2170562666-1762391777-2399050872-3465541734-3732476201|EmbedCtxt=Xbox Game bar|Platform=2:6:2|Platform2=GTEQ|
"{668CEF3B-076F-4AE6-A83C-B6389E3A8B72}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{789707BA-E2EB-40F4-904B-EEA2D920D74D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|
"{A8A89727-A599-4FA5-ADD9-90A9DDD30CED}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Desc=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/Description}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-968169919-1126953557-685195956-86120492-1320233397-643893155-1374718203|EmbedCtxt=@{EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy?ms-resource://EnvironmentsApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{051207BD-7A62-4CD0-BE38-2301E5638A32}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=Holographic Item Player|Desc=Holographic Item Player|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2848169271-1944770290-2690789639-3499139168-2840136067-3338101526-125811250|EmbedCtxt=Holographic Item Player|Platform=2:6:2|Platform2=GTEQ|
"{E0A08DD9-37D7-41E7-9321-5D2A99D3B911}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices|
"{C3F6BD96-AA21-4B87-8C9C-63FAEFEC1D65}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices|
"{52311B41-DC37-4663-A27A-4F4A5DDDCFB3}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{46AC1DCC-38FB-4EE9-AB67-82004C142A13}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|
"{3CFF0955-AE29-4A1D-A509-DD770B29A312}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=TV d'Orange|Desc=TV d'Orange|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3238998744-1583670706-539037381-3280675213-4183860311-598623723-333492816|EmbedCtxt=TV d'Orange|Platform=2:6:2|Platform2=GTEQ|
"{ED2689A8-7974-48C5-94F3-B66785D47162}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Name=TV d'Orange|Desc=TV d'Orange|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3238998744-1583670706-539037381-3280675213-4183860311-598623723-333492816|EmbedCtxt=TV d'Orange|Platform=2:6:2|Platform2=GTEQ|
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|
"{560448D6-095C-4907-B046-AC7F710701A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=SonicWALL.MobileConnect|Desc=SonicWALL.MobileConnect|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-1141404472-3582312691-3771565717-2155153689-4284170330-1053580937-782359393|EmbedCtxt=SonicWALL.MobileConnect|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{D6980480-941A-4DF6-AB81-3734ECD3D779}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=JuniperNetworks.JunosPulseVpn|Desc=JuniperNetworks.JunosPulseVpn|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-413786399-3497379642-531169432-1175633435-3083429259-2317590812-1892764672|EmbedCtxt=JuniperNetworks.JunosPulseVpn|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{F64300AD-D559-4000-BD45-0997BCC8E70A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=f5.vpn.client|Desc=f5.vpn.client|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3873129616-3864902477-3117653462-838095904-2337665935-1018217662-2152729480|EmbedCtxt=f5.vpn.client|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{9E3D57FC-7C37-4424-9352-4831E97D029D}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Desc=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/Description}|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-2608634532-1453884237-1118350049-1925931850-670756941-1603938316-3764965493|EmbedCtxt=@{C:\Windows\WinStore\resources.pri?ms-resource://WinStore/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Name=CheckPoint.VPN|Desc=CheckPoint.VPN|LUOwn=S-1-1-0|AppPkgId=S-1-15-2-3676279713-3632409675-756843784-3388909659-2454753834-4233625902-1413163418|EmbedCtxt=CheckPoint.VPN|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{63AD27C0-8A6F-4B34-9A50-62ED18AF753C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe|Name=Windows Live Communications Platform|Edge=TRUE|
"{751D8CEE-006F-4DF8-B350-321A978491DB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (UPnP)|
"{6A2585B1-9EF9-44EB-A3C9-1D13C456D190}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|Name=Windows Live Communications Platform (SSDP)|
"{29170172-EA84-4F4B-9F7E-2B9D244C2A2E}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{420D06BC-854B-4071-B135-F6AB09A04149}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{4A8F43A7-9491-4DCE-9A22-ED1D7087163C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{844ABDA4-7A7F-4E4A-A2E2-007CCAD39942}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Service Bonjour|
"{B5F43A77-C598-42BD-B012-7D52363FD987}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe|Name=CyberLink PowerDVD12|Desc=CyberLink PowerDVD12|
"{EAE592CA-A9F2-45E1-980D-19E83C75ADDD}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe|Name=CyberLink PowerDVD 12 Media Server Service|Desc=CyberLink Media Server|
"{35AA7221-C451-4D25-B058-1CC651B10992}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe|Name=CyberLink PowerDVD12 Moovie Live|Desc=CyberLink PowerDVD12 Moovie Live|
"{7F7C95A1-7CC3-45DE-B587-43507ABCBB58}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe|Name=CyberLink PowerDVD12 Movie Module|Desc=CyberLink PowerDVD12 Movie Module|
"{0606851C-5E61-4E42-B0FD-CA659A85F5E5}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3311965274-403475795-341010734-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{8E9A3498-0806-4779-9483-72FA7A2094EC}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{FF9D40CB-2458-4D16-8411-73F4FD757AD3}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{303D9CB7-0E32-469A-8D92-45968C796BAF}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{96989622-9C9E-4BBF-BEDE-A1193B3CE263}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=- Games App -|Desc=- Games App -|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-54699281-1271618622-4162202136-1802718980-1937042405-523788449-2466384431|EmbedCtxt=- Games App -|Platform=2:6:2|Platform2=GTEQ|
"{3816B068-FFCC-496D-AAAD-7BD7177459F3}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo powered by Snapfish|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{2683A7F4-97FD-44AA-B000-AB6ABE33D6A7}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=HP Connected Photo powered by Snapfish|Desc=HP Connected Photo powered by Snapfish|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo powered by Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{049AEF53-E3E2-4C80-B8BB-A21AE38C8008}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=YouCam for HP|Desc=YouCam|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-2858075274-135750454-1334919231-2600657582-2659737398-1936949094-2005953543|EmbedCtxt=YouCam for HP|Platform=2:6:2|Platform2=GTEQ|
"{2898903A-1AB0-4A14-8C12-0890629FC832}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=McAfeeÂ® Central for HP|Desc=McAfee Security Advisor fills all your security needs|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{29E65A71-A091-4F69-B512-368FAEDEB465}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfeeÂ® Central for HP|Desc=McAfee Security Advisor fills all your security needs|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{1D2D285F-313A-4DD7-B653-06BE1627F1A1}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{8B5F5C0A-12A6-4076-840D-CAFD1557FE6B}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|
"{1CB23DCB-814D-41CB-86B4-28A9EA0EED35}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=HP All-in-One Printer Remote|Desc=HP All-in-One Printer Remote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1007|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP All-in-One Printer Remote|Platform=2:6:2|Platform2=GTEQ|
"{026536EA-84B2-4D51-8C74-AB2F29C3F212}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{E1B0E89F-B9C1-49A0-9229-A9B156305070}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{35B42487-0CC8-44E9-B7F8-CB3FD3F557FA}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-501|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{5B95A977-3A6C-45BF-89B4-5886CE167698}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-501|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{37738FD5-958E-4FDC-A046-D5DF5057D5C8}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{D8A1ED8D-98AC-4F2A-8BEE-8901979647A1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{5463A20B-022D-45B2-B89F-AD0F1E1772AF}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{9C61BC07-A46B-428D-9538-DFFACA483643}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{4745006F-0E16-472B-AC08-3BAE76B1066F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{F1FF72AC-17FC-43F0-B5BC-65C0B113A2DF}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=- Games App -|Desc=- Games App -|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-54699281-1271618622-4162202136-1802718980-1937042405-523788449-2466384431|EmbedCtxt=- Games App -|Platform=2:6:2|Platform2=GTEQ|
"{27DB9760-BFBF-439C-A2AB-790AD3185BF1}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Connected Photo|Desc=HP Connected Photo|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo|Platform=2:6:2|Platform2=GTEQ|
"{8BBB66B7-2D6C-4EE0-9898-ADF9D665D732}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=HP Connected Photo|Desc=HP Connected Photo|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo|Platform=2:6:2|Platform2=GTEQ|
"{4CA4FBB4-1690-4EBC-BC17-4EDAD2700274}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{856F0980-03F9-4AED-8E30-1019E61F70BD}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=YouCam for HP|Desc=YouCam|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2858075274-135750454-1334919231-2600657582-2659737398-1936949094-2005953543|EmbedCtxt=YouCam for HP|Platform=2:6:2|Platform2=GTEQ|
"{0EA00176-179D-4B02-B110-A837DE20C035}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{1DEFCD96-4EF9-4F36-AD70-061B93C905CA}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1016|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{D3A726DB-DBCD-410A-A54B-1161B64ACC25}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS|
"{392CC0E0-09E4-49A7-AABD-99EDA1039F9C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS|
"{D035B650-AC70-4451-88E7-34FBC3A0DD04}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{7A54F385-E7CD-42FB-8A34-2C1A395675DB}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{27193D30-37D4-4F60-95BB-26952EF9DB72}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{D595B122-9CFD-4967-8A6D-AD724657E391}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{5950D163-7C3B-4405-83B8-ED73036CDCA1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Box|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box|Platform=2:6:2|Platform2=GTEQ|
"{22199149-58C7-4A0D-9286-11E967673A75}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=- Games App -|Desc=- Games App -|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-54699281-1271618622-4162202136-1802718980-1937042405-523788449-2466384431|EmbedCtxt=- Games App -|Platform=2:6:2|Platform2=GTEQ|
"{1CC82493-DC6C-4E4A-9D41-DC0DA4A354FE}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=HP Connected Photo|Desc=HP Connected Photo|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo|Platform=2:6:2|Platform2=GTEQ|
"{DE304D0C-3272-42D6-AD59-BAD32C570A01}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=HP Connected Photo|Desc=HP Connected Photo|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=HP Connected Photo|Platform=2:6:2|Platform2=GTEQ|
"{4AEF2A15-215E-4D6C-95C7-206B0A91F23F}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=YouCam for HP|Desc=YouCam|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2858075274-135750454-1334919231-2600657582-2659737398-1936949094-2005953543|EmbedCtxt=YouCam for HP|Platform=2:6:2|Platform2=GTEQ|
"{59724CC2-DDEA-436B-8C75-EA907E5AD84B}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{C03CCBB0-B77B-4782-AA3C-07D7A5FFB3C5}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{E0B04ECF-CE7A-4EDC-AE59-35E126CB0163}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1018|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{C8B2A9F4-E96A-4E50-8B54-6CFA49A6E3E9}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{B2A643D7-4CC4-4FCE-93C0-C0CF6D6D2823}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{B3E72D4F-34C8-4301-AB88-2ED5229A7EA1}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{28614E78-B14F-4976-95C9-FC3E68DAD004}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{9A7EF29D-A768-46C9-A8E7-66815833F76B}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{6A91FA04-EBCE-40FE-9957-351DACA26A62}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{0DEB97D6-7427-40FE-BA6E-712C97DE9E7C}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS|
"{293CC390-27EE-4088-90FB-A36104A90E4F}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe|Name=HPSAPS|
"{0FDB2EF4-7BCC-4D98-A653-0616F0E06928}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{C123BA0F-78C6-48E3-9A86-13E2E73DA0B0}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{89FF3CE1-B472-4339-B8BE-A8C8DDEC87FA}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{41D16CA2-BFBA-434C-9097-B579417552FA}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{5542B566-118F-446D-997F-FFA79791B996}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{F149A44E-ED6E-4B95-8283-061D897BFDCE}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{7C4B654C-B813-4230-9544-864EFE46C6DF}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{0EB23A5B-E153-4AB1-A4B6-58115C0BCAB6}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{DAD2D552-5F37-4CF3-8295-CFB78F8968DA}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{1FD237A6-D56A-4B17-B032-701D1FF5D900}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Desc=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2540836248-1980176511-1686232796-3610252712-3450814159-2925262043-1011558333|EmbedCtxt=@{BrowserChoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://BrowserChoice/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
"{A64D10FC-5FF1-4F25-86D4-FD329154C0A4}"=v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe|Name=HP Socket Service|
"{868A846D-60F3-4A2E-866D-E744EAA5A7B1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=53|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-143|Desc=@hnetcfg.dll,-10142|EmbedCtxt=@hnetcfg.dll,-140|
"{E8E1FE25-552A-4159-ACC1-D68D353008A1}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=67|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-144|Desc=@hnetcfg.dll,-10143|EmbedCtxt=@hnetcfg.dll,-140|
"{71AAEF23-E85C-4CC3-9F8E-62C5D268C511}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-145|Desc=@hnetcfg.dll,-10144|EmbedCtxt=@hnetcfg.dll,-140|
"{895CD1C5-DA60-45BD-9580-0AA011EE9C23}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@hnetcfg.dll,-147|Desc=@hnetcfg.dll,-10146|EmbedCtxt=@hnetcfg.dll,-140|
"{0268907F-A72A-4827-89FA-86AD7E17942F}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=ssdpsrv|Name=@hnetcfg.dll,-150|Desc=@hnetcfg.dll,-10150|EmbedCtxt=@hnetcfg.dll,-140|
"{73FA6F1B-019A-4B41-B7D1-8107950C20D9}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=System|Name=@hnetcfg.dll,-146|Desc=@hnetcfg.dll,-10145|EmbedCtxt=@hnetcfg.dll,-140|
"{1286D8C1-980B-4997-A8C4-FF49E54E51AA}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=System|Name=@hnetcfg.dll,-152|Desc=@hnetcfg.dll,-10151|EmbedCtxt=@hnetcfg.dll,-140|
"{322435CB-D60B-4FC3-B9C2-E0CE94B56F66}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=547|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-142|Desc=@hnetcfg.dll,-10141|EmbedCtxt=@hnetcfg.dll,-140|
"{9F5FD188-3B58-4CE5-BAAD-9DE48A4C0CA9}"=v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:0|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|Name=@hnetcfg.dll,-148|Desc=@hnetcfg.dll,-10147|EmbedCtxt=@hnetcfg.dll,-140|
"{FE1D69B0-C88A-479F-974A-92B6AE051B4A}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=upnphost|Name=@hnetcfg.dll,-149|Desc=@hnetcfg.dll,-10148|EmbedCtxt=@hnetcfg.dll,-140|
"{0752F470-E8D3-4436-9FDE-4D0B2ADBC76C}"=v2.22|Action=Allow|Active=TRUE|Dir=Out|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\svchost.exe|Svc=SharedAccess|Name=@hnetcfg.dll,-151|Desc=@hnetcfg.dll,-10149|EmbedCtxt=@hnetcfg.dll,-140|
"{28BC75B2-F2BE-48DD-9121-0FA267305B35}"=v2.22|Action=Allow|Active=TRUE|Dir=In|IF={13D3B3B4-32E4-44D8-B91D-2260D48C1030}|App=%systemroot%\system32\alg.exe|Name=@hnetcfg.dll,-140|Desc=@hnetcfg.dll,-140|EmbedCtxt=@hnetcfg.dll,-140|
"TCP Query User{AC256950-1056-4055-944D-E1E3E4D6664D}C:\program files (x86)\bsd concept\heredis 13\heredis13.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\bsd concept\heredis 13\heredis13.exe|Name=Heredis|Desc=Heredis|
"UDP Query User{39BF504F-5957-4ADF-B636-4774DF74D01E}C:\program files (x86)\bsd concept\heredis 13\heredis13.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\bsd concept\heredis 13\heredis13.exe|Name=Heredis|Desc=Heredis|
"{5CE84F64-D68E-4E36-BBD8-CB97A39A3AB5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=- Games App -|Desc=- Games App -|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-54699281-1271618622-4162202136-1802718980-1937042405-523788449-2466384431|EmbedCtxt=- Games App -|Platform=2:6:2|Platform2=GTEQ|
"{8C8F2586-45C8-4685-B22B-C8817DC91506}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{7B7CBC1B-C341-4397-B294-AB135D58EA5F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=YouCam for HP|Desc=YouCam|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-2858075274-135750454-1334919231-2600657582-2659737398-1936949094-2005953543|EmbedCtxt=YouCam for HP|Platform=2:6:2|Platform2=GTEQ|
"{9B08ADFD-2CF0-48D8-B81F-4A03B10E12BA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{CA235A5E-BCB4-48DD-9D71-8F5ADA105389}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Snapfish|Desc=Snapfish|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{089D40ED-7412-451C-978D-448FB2C1A0F1}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=- Games App -|Desc=- Games App -|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-54699281-1271618622-4162202136-1802718980-1937042405-523788449-2466384431|EmbedCtxt=- Games App -|Platform=2:6:2|Platform2=GTEQ|
"{FBEE451A-39DA-4614-8967-DE30A7EA9472}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=eBay|Desc=eBay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3057257296-3828382797-3810074314-1216619655-2489216617-4232069503-3218356943|EmbedCtxt=eBay|Platform=2:6:2|Platform2=GTEQ|
"{3AA29626-AAE7-410F-9809-EF79046C9FFA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=YouCam for HP|Desc=YouCam|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2858075274-135750454-1334919231-2600657582-2659737398-1936949094-2005953543|EmbedCtxt=YouCam for HP|Platform=2:6:2|Platform2=GTEQ|
"{3573BBE3-F9F5-4179-96F4-0774E43A040B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=HP Registration|Desc=HP_Registration|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2378861296-2015544789-3629328051-2316572820-2405720470-604034908-561769599|EmbedCtxt=HP Registration|Platform=2:6:2|Platform2=GTEQ|
"{D52A6275-14E2-40F6-A95A-41EBBC3DE2B5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Snapfish|Desc=Snapfish|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-24713430-3312609791-1953074073-2220766950-192704244-1768595957-3502366569|EmbedCtxt=Snapfish|Platform=2:6:2|Platform2=GTEQ|
"{50A20A05-15F9-40E5-A9C7-855FEF0133E8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|Desc=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|Platform=2:6:2|Platform2=GTEQ|
"{A2B275FB-24BE-4D7A-94BA-46638215102D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|Desc=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-1896734660-1176741147-3560790752-1583426572-2102545463-3029068088-1728687620|EmbedCtxt=@{AD2F1837.GettingStartedwithWindows8_1.6.0.0_neutral__v10z8vjag6ke6?ms-resource://AD2F1837.GettingStartedwithWindows8/resources/id_app_title}|Platform=2:6:2|Platform2=GTEQ|
"{30E3CBBD-7B56-4C95-A5B0-E3D7486D2D85}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{CFCCDAE3-DD3C-428C-9280-350302416CC5}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=McAfeeÂ® Central for HP|Desc=McAfeeÂ® Central for HP|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-2912287564-2203772181-3272102736-2078102469-3840209635-1596378441-4077894772|EmbedCtxt=McAfeeÂ® Central for HP|Platform=2:6:2|Platform2=GTEQ|
"{D7AB9B61-C723-400E-8673-25F87BCCE875}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Box for Windows 8|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box for Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{A846FD9B-F6B3-40B1-990C-8B006A274195}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Box for Windows 8|Desc=Box|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-92745809-552095679-1089518069-1287299194-2375052659-864180891-2588504011|EmbedCtxt=Box for Windows 8|Platform=2:6:2|Platform2=GTEQ|
"{77330D31-49EE-485B-8A0A-D68FBFF44A78}"=v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Patrick\AppData\Roaming\Zoom\bin\Zoom.exe|Name=Zoom Video Meeting|Desc=Allow network traffic for Zoom Video Conference|EmbedCtxt=Zoom Video Conference|
"{699C9424-655C-41F1-B8EB-F08AB577C224}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|Name=Port TCP WS-Eventing 5357|
"{AB8C300E-5872-4236-9CD1-BD185B4F2C9E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|Desc=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1920593800-2316257579-956453857-2461544589-3957094463-122912046-3740681899|EmbedCtxt=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|Platform=2:6:2|Platform2=GTEQ|
"{7AC05FA3-DAA1-473A-AC9F-75BCA89D6984}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|Desc=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1920593800-2316257579-956453857-2461544589-3957094463-122912046-3740681899|EmbedCtxt=@{AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://AD2F1837.HPScanandCapture/Resources/AppTitle}|Platform=2:6:2|Platform2=GTEQ|
"{E0746538-7F69-4CCE-938E-904CB33E5442}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{CAE340F7-E444-45AA-99D0-06A5A1E8B731}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3311965274-403475795-341010734-1020|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{09ABE992-3D80-4961-811C-F09FA6D0A609}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
"{C835821E-0911-4806-A2D8-C2C86A253E8B}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox TCUI|Desc=Xbox TCUI|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-2603511428-3224021693-1028932517-3941269705-3349582775-2312504883-4057327947|EmbedCtxt=Xbox TCUI|Platform=2:6:2|Platform2=GTEQ|
"{DDB9716E-A27C-4B82-B26E-725F16AFDE61}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|
"{392D1FFF-B504-4036-87B4-81BC19DAE416}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=HP Smart|Desc=HP Smart|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-744533573-2444454674-265863901-3215465728-4115286053-1341080355-789689510|EmbedCtxt=HP Smart|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{60585B0C-E694-410C-A392-3E4F69798BD3}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Shell Input Application|Desc=Shell Input Application|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3945102849-3632965805-3846928828-240845225-3300287824-62672950-817265009|EmbedCtxt=Shell Input Application|Platform=2:6:2|Platform2=GTEQ|
"{0BD15D72-8BAA-4F59-A53F-2C8F90C4D34D}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{B471FB43-6C50-4120-8F32-735E98072DB8}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Print 3D|Desc=Print 3D|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-4177018473-2823706547-3652141868-2730301309-560159678-43221128-488844051|EmbedCtxt=Print 3D|Platform=2:6:2|Platform2=GTEQ|
"{6397FDE8-CD37-42EC-B472-6456DEB69F94}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=GoogleÂ Chrome (mDNS-In)|Desc=RÃ¨gle de trafic entrant pour GoogleÂ Chrome autorisant le trafic mDNS|EmbedCtxt=Google Chrome|
"{47CADC67-04F5-41FB-B589-8581F34CE918}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
"{5C974B8B-7533-4035-9488-9F7A22332921}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
"{8B82EEFA-C776-48FE-99A9-B70697E306CA}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{BB486E9D-491F-4CD9-9097-DBC938785CB5}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
"{DA0D1656-29ED-4BA8-982A-D7B967875CB0}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Pay|Desc=Microsoft Pay|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-567501097-281763132-502764112-1855211022-3143306454-2372101908-561929011|EmbedCtxt=Microsoft Pay|Platform=2:6:2|Platform2=GTEQ|
"{F13C5261-6444-4F2C-900D-8BC762C69925}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=myCANAL|Desc=myCANAL|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1632416125-1416647863-1840667290-1844223772-3805989583-3794928471-1784174128|EmbedCtxt=myCANAL|Platform=2:6:2|Platform2=GTEQ|
"{464AF09C-2AFA-428A-BBDF-DFA164D2ECDB}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=myCANAL|Desc=myCANAL|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1632416125-1416647863-1840667290-1844223772-3805989583-3794928471-1784174128|EmbedCtxt=myCANAL|Platform=2:6:2|Platform2=GTEQ|
"{721E24F5-4506-4F8A-9DDC-2EDAC486DAEF}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ|
"{F78D244A-8288-4147-AC4E-6584A7B71387}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=3D Builder|Desc=3D Builder|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=3D Builder|Platform=2:6:2|Platform2=GTEQ|
"{4C478FF9-A1FD-45AF-A010-049A9C8FA10C}"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{2BCF3021-37E3-471D-B47A-6EBE91C2EBB7}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3311965274-403475795-341010734-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
"{1981A249-A3D3-41C1-987C-E390301138FA}"=v2.27|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe|Name=Avira.SoftwareUpdater.ToastNotificationsBridge|
"{BC75AB24-2D82-4311-9C2A-CD36A6D0B6EE}"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe|Name=Avira.SoftwareUpdater.ToastNotificationsBridge|
"TCP Query User{C29CA434-34D1-4883-A46B-240269A994DF}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe|Name=Avira.SoftwareUpdater.ToastNotificationsBridge|Desc=Avira.SoftwareUpdater.ToastNotificationsBridge|
"UDP Query User{B52A881D-F4BE-4DE8-AA50-901D3E508E2E}C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\avira\softwareupdater\avirasoftwareupdatertoastnotificationsbridge.exe|Name=Avira.SoftwareUpdater.ToastNotificationsBridge|Desc=Avira.SoftwareUpdater.ToastNotificationsBridge|





---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (SecurityAccelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem13.inf,%ClassName%;SAMSUNG Android Phone
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @c_display.inf,%ClassDesc%;Display adapters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53487c23-680f-4585-acc3-1f10d6777e82}] : (SmrDisk) [] -> @c_smrdisk.inf,%ClassDesc%;Shingled magnetic recording disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53b3cf03-8f5a-4788-91b6-d19ed9fcccbf}] : (SmrVolume) [] -> @c_smrvolume.inf,%ClassDesc%;Shingled magnetic recording volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ca3e7ab9-b4c3-4ae6-8251-579ef933890f}] : (Camera) [] -> @c_camera.inf,%ClassDesc%;Cameras
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem41.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[22/04/2014 18:55:43] - (1.0.0.621) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
[29/09/2017 15:40:59] - (3.0.2.201) - (Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver) - C:\WINDOWS\System32\drivers\athw8x.sys
[18/08/2017 02:23:52] - (19.3.31.31) - (Synaptics Incorporated - Synaptics Touchpad Win64 Driver) - C:\WINDOWS\system32\DRIVERS\SynTP.sys
[19/11/2015 15:08:16] - (19.0.12.98) - (Synaptics Incorporated - Synaptics SMBus Driver) - C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
[25/04/2017 17:13:56] - (1.1.19.1) - (HP - HP Wireless Button Driver) - C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys
[22/04/2014 18:51:31] - (1.0.27893.6128) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\WINDOWS\system32\DRIVERS\clwvd.sys
[06/10/2016 08:48:44] - (1.2.0.7524) - (CyberLink Corporation - CyberLink WebCam Virtual Driver) - C:\WINDOWS\system32\DRIVERS\clwvd7.sys
[13/07/2016 17:47:38] - (10.0.1.7) - (Qualcomm Atheros - Qualcomm Atheros BtFilter Driver) - C:\WINDOWS\system32\DRIVERS\btfilter.sys
[29/04/2018 19:43:27] - (15.0.25.81) - (Avira Operations GmbH & Co. KG - Avira Manager Driver) - C:\WINDOWS\system32\DRIVERS\avkmgr.sys
[29/04/2018 19:43:25] - (15.0.36.148) - (Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement) - C:\WINDOWS\system32\DRIVERS\avipbb.sys
[29/04/2018 19:43:27] - (15.0.27.10) - (Avira Operations GmbH & Co. KG - Avira USB Filter Driver) - C:\WINDOWS\System32\Drivers\avusbflt.sys
[29/04/2018 19:43:27] - (15.0.27.10) - (Avira Operations GmbH & Co. KG - Avira USB Feature Driver) - C:\WINDOWS\system32\DRIVERS\avdevprot.sys
[29/04/2018 19:43:25] - (15.0.36.148) - (Avira Operations GmbH & Co. KG - Avira Minifilter Driver) - C:\WINDOWS\system32\DRIVERS\avgntflt.sys
[29/04/2018 19:43:27] - (15.0.25.81) - (Avira Operations GmbH & Co. KG - Avira WFP Network Driver) - C:\WINDOWS\system32\DRIVERS\avnetflt.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - bttflt (@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter) -> System32\drivers\bttflt.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Pilote de disque) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;Pilote de bus PCI) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - Ramdisk (Windows RAM Disk Driver) -> system32\DRIVERS\ramdisk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Lecteur AHCI SATA Microsoft standard) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - avusbflt (avusbflt) -> System32\Drivers\avusbflt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - avdevprot (avdevprot) -> system32\DRIVERS\avdevprot.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - bam (@%SystemRoot%\system32\drivers\bam.sys,-100) -> system32\drivers\bam.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - CLVirtualDrive (CLVirtualDrive) -> \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - avipbb (avipbb) -> \SystemRoot\system32\DRIVERS\avipbb.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - avkmgr (avkmgr) -> \SystemRoot\system32\DRIVERS\avkmgr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - avgntflt (avgntflt) -> system32\DRIVERS\avgntflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - avnetflt (avnetflt) -> \SystemRoot\system32\DRIVERS\avnetflt.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)


---------- | Uninstall (Whitelist)

[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}] : (Picture Control Utility x64.-.Nikon) -> MsiExec.exe /X{11953C65-BB4E-4CA4-B0F0-2600A4B20040}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{23170F69-40C1-2702-0920-000001000000}] : (7-Zip 9.20 (x64 edition).-.Igor Pavlov) -> MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3685B5E8-A0A8-494B-B035-B221547A4B63}] : (Intel(R) Trusted Execution Engine Driver.-.Intel Corporation) -> MsiExec.exe /I{3685B5E8-A0A8-494B-B035-B221547A4B63}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3AAC8F9A-340C-4783-AC57-324C14CAFDB7}] : (Ãtude pour l'amÃ©lioration du produit HP Officejet 4630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{3AAC8F9A-340C-4783-AC57-324C14CAFDB7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}] : (ViewNX 2.-.Nikon) -> MsiExec.exe /X{635BE602-BB9C-4C59-8CC5-93F9366E8A21}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}] : (HP Postscript Converter.-.Hewlett-Packard) -> MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}] : (DisableMSDefender.-.Hewlett-Packard Company) -> MsiExec.exe /I{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}] : (HP Utility Center.-.Hewlett-Packard Company) -> MsiExec.exe /I{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A84A4FB1-D703-48DB-89E0-68B6499D2801}] : (Qualcomm Atheros Bluetooth Suite (64).-.Qualcomm Atheros) -> MsiExec.exe /X{A84A4FB1-D703-48DB-89E0-68B6499D2801}
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}] : (Intel(R) Trusted Execution Engine.-.Intel Corporation) -> MsiExec.exe /I{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1E8F2D7-7794-4245-B286-87ED86C1893C}] : (HP Registration Service.-.Hewlett-Packard) -> MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D9EF644E-2FAE-493B-8180-5617CC774C4F}] : (Google Earth Pro.-.Google) -> MsiExec.exe /I{D9EF644E-2FAE-493B-8180-5617CC774C4F}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}] : (HP Touchpoint Analytics Client.-.HP Inc.) -> C:\Program Files\HP\HP Touchpoint Analytics Client\TAInstaller.exe --uninstall --ignore-deployers --show-ui
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F117E4F6-F88D-44E6-AC71-8CF825DA742A}] : (Logiciel de base du pÃ©riphÃ©rique HP Officejet 4630 series.-.Hewlett-Packard Co.) -> MsiExec.exe /I{F117E4F6-F88D-44E6-AC71-8CF825DA742A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 29 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player PPAPI] : (Adobe Flash Player 29 PPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe -maintain pepperplugin
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{083E4B17-EF54-4FD6-A3C8-CA2069FC1315}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{09F2B047-6D72-47CC-B54A-549F1786E992}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{12225E6B-0028-4417-B43B-E72DA1FB0CD2}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18BD67B4-2BB3-4D1B-A33A-1B57A3BB7A1C}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{34CE35A5-BC22-4045-9F05-6C411D3A74DB}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (SkypeÂ 7.37.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}] : (HP System Event Utility.-.Hewlett-Packard Company) -> MsiExec.exe /I{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40C98ADC-A44D-401E-BDDD-5094E4CF7D09}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{40F72BC9-0C14-4122-8930-4B037EAEAD45}] : (Avira.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{40F72BC9-0C14-4122-8930-4B037EAEAD45}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}] : (HP FWUpdateEDO2.-.Hewlett-Packard) -> MsiExec.exe /I{415FA9AD-DA10-4ABE-97B6-5051D4795C90}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{56D27851-B9A6-430F-875A-E2D7A3802C7B}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}] : (Nikon Movie Editor.-.Nikon) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{612C34C7-5E90-47D8-9B5C-0F717DD82726}] : (swMSM.-.Adobe Systems, Inc) -> MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{64228DFB-7450-49B7-935C-B97342CB6659}] : (HP Customer Experience Enhancements.-.HP Development Company, L.P.) -> MsiExec.exe /X{64228DFB-7450-49B7-935C-B97342CB6659}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A0549A9-1B96-498C-ACBC-3943001FEB19}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6AF775D8-E2DD-4D8B-9636-D0F6992B7A1A}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}] : (Smart Switch.-.Samsung Electronics Co., Ltd.) -> MsiExec.exe /I{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}] : (HP Update.-.Hewlett-Packard) -> MsiExec.exe /X{912D30CF-F39E-4B31-AD9A-123C6B794EE2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}] : (HPDiagnosticCoreDll.-.Hewlett Packard) -> MsiExec.exe /I{9262B08F-E183-4FED-A2BD-23FF1A84EB79}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9D67E683-1144-4C0C-A9F3-5171F7678FF3}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A13A1408-E637-45D5-A5F3-DE0A14E0C7CE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-000182420219}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824161310}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824211354}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC - FranÃ§ais.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-AC0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B014EE44-9197-4513-9613-71E6EB1B514E}] : (Nikon Message Center 2.-.Nikon) -> MsiExec.exe /X{B014EE44-9197-4513-9613-71E6EB1B514E}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B11FEAD6-F19E-473E-A8B1-AE58C058F575}] : (HP Support Solutions Framework.-.HP Inc.) -> MsiExec.exe /X{B11FEAD6-F19E-473E-A8B1-AE58C058F575}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B53443D3-4744-4C9C-95A9-7B3DF727DAE6}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BACFD8CE-8816-4562-B3A6-DAB51A2952A2}] : (Avira Software Updater.-.Avira Operations GmbH & Co. KG) -> MsiExec.exe /X{BACFD8CE-8816-4562-B3A6-DAB51A2952A2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C1578C4F-5453-44FE-A172-01331906BF18}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}] : (I.R.I.S. OCR.-.HP) -> MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CCE5C597-03EA-423E-BA80-6FCD280A8465}] : (HP Documentation.-.Hewlett-Packard) -> MsiExec.exe /X{CCE5C597-03EA-423E-BA80-6FCD280A8465}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFBFB037-56DD-42C7-8DA0-7C0AF7D09B51}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E2ED917A-F98B-4062-B1CC-A91627B79457}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ED0692F7-850B-4D42-A447-FB8411139C31}] : (HP Officejet 4630 series Aide.-.Hewlett Packard) -> MsiExec.exe /I{ED0692F7-850B-4D42-A447-FB8411139C31}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFA01423-3857-468C-B7B6-F30AA08E50BC}] : (HP Wireless Button Driver.-.Hewlett-Packard Company) -> MsiExec.exe /X{EFA01423-3857-468C-B7B6-F30AA08E50BC}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}] : (Energy Star.-.Hewlett-Packard Company) -> MsiExec.exe /I{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FD49537C-C3A6-4F8D-93E6-68C778A1E192}] : (HP Recovery Manager.-.Hewlett-Packard) -> MsiExec.exe /I{FD49537C-C3A6-4F8D-93E6-68C778A1E192}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4b629f54-1d82-40c9-9979-4485bb58d155}.RebootRequired] : (.-.) -> 

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C800C0400000000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration
[HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\07189854C86E20F4AA532C81B63F743A] : Movie Maker
[HKCR\Installer\Products\080BD25A544DBE94092D309BDC975411] : Photo Common
[HKCR\Installer\Products\0A93EF4767BFDC7448AB192EBB1BE72F] : DisableMSDefender
[HKCR\Installer\Products\1038C85769625584FA5435B4210089A0] : Samsung Kies -> C:\Windows\Installer\{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\156929F0615F6594092FFFDBC25D3DE0] : Photo Gallery
[HKCR\Installer\Products\1BF4A48A307DBD84980E866B94D98210] : Qualcomm Atheros Bluetooth Suite (64) -> C:\Windows\Installer\{A84A4FB1-D703-48DB-89E0-68B6499D2801}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\206EB536C9BB95C4C85C399F63E6A812] : ViewNX 2 -> C:\Windows\Installer\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\240E57A703D02C34DBA286F4B43EF87F] : HP Utility Center -> C:\Windows\Installer\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico
[HKCR\Installer\Products\31A99D4FA36F1CF47899FCDF7BD8FD3B] : Galerie de photos
[HKCR\Installer\Products\32410AFE7583C8647B6B3FA00AE805CB] : HP Wireless Button Driver -> C:\Windows\Installer\{EFA01423-3857-468C-B7B6-F30AA08E50BC}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3933DAC50CEEEC44F939CBAA63B577BF] : Nikon Movie Editor -> C:\Windows\Installer\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4135AF478C58A2E409D79DCECC7B077A] : Smart Switch -> C:\WINDOWS\Installer\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42C6FBF1Df1C10144AB2C065F4E9E897] : Media Suite -> C:\Windows\Installer\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\42FA0874D3127814682F00416A6D70B7] : HP Support Assistant -> C:\WINDOWS\Installer\{4780AF24-213D-4187-86F2-0014A6D6077B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\44EE410B791931546931176EBEB115E4] : Nikon Message Center 2 -> C:\Windows\Installer\{B014EE44-9197-4513-9613-71E6EB1B514E}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5B5FADE39AC076941B30BFFF11263C63] : HP System Event Utility -> c:\Windows\Installer\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\63AEB64B17B0E4A4EA1478426134AFA0] : PowerDVD -> C:\Windows\Installer\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA408033019195008142123145] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824211354}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA76301B744CAF070E41400] : Adobe Acrobat Reader DC - FranÃ§ais -> C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\6C9B2DF019BDAE845981BAB586ACE182] : Movie Maker
[HKCR\Installer\Products\6D6E41E65713A1E49B43AC5B8A3676DC] : HP Postscript Converter
[HKCR\Installer\Products\6DAEF11BE91FE3748A1BEA850C855F57] : HP Support Solutions Framework -> C:\WINDOWS\Installer\{B11FEAD6-F19E-473E-A8B1-AE58C058F575}\icon.ico
[HKCR\Installer\Products\6EFCACCB0A1923F4080ADA0CAC40C8B7] : Intel(R) Trusted Execution Engine
[HKCR\Installer\Products\6F4E711FD88F6E44CA17C88F52AD47A2] : Logiciel de base du pÃ©riphÃ©rique HP Officejet 4630 series -> C:\WINDOWS\Installer\{F117E4F6-F88D-44E6-AC71-8CF825DA742A}\ARP_Icon
[HKCR\Installer\Products\795C5ECCAE30E324AB08F6DC82A04856] : HP Documentation -> C:\Windows\Installer\{CCE5C597-03EA-423E-BA80-6FCD280A8465}\NotebookDocs.exe
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
[HKCR\Installer\Products\7C43C21609E58D74B9C5F017D78D7262] : swMSM -> C:\windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7D2F8E1D497754242B6878DE681C98C3] : HP Registration Service -> C:\Windows\Installer\{D1E8F2D7-7794-4245-B286-87ED86C1893C}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\7F2960DEB05824D44A74BF481131C913] : HP Officejet 4630 series Aide -> C:\Windows\Installer\{ED0692F7-850B-4D42-A447-FB8411139C31}\ARP_Icon
[HKCR\Installer\Products\81ABF741BB6A5DA4F8A07383A0AADB67] : Photo Common
[HKCR\Installer\Products\8994BF104C33134458DE70E9E3FE7ED5] : YouCam -> C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\8CDD41E806AE81E43B3E917301D4B5AD] : MSVCRT110
[HKCR\Installer\Products\8E5B58638A0AB4940B532B1245A7B436] : Intel(R) Trusted Execution Engine Driver
[HKCR\Installer\Products\96F071321C0420729002000010000000] : 7-Zip 9.20 (x64 edition)
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\9CB27F0441C022149803B430E7EADA54] : Avira
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : SkypeÂ 7.37 -> C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
[HKCR\Installer\Products\A9F8CAA3C0433874CA7523C441ACDF7B] : Ãtude pour l'amÃ©lioration du produit HP Officejet 4630 series -> C:\Windows\Installer\{3AAC8F9A-340C-4783-AC57-324C14CAFDB7}\ARP_Icon
[HKCR\Installer\Products\BFD8224605477B9439C59B3724BC6695] : HP Customer Experience Enhancements -> C:\WINDOWS\Installer\{64228DFB-7450-49B7-935C-B97342CB6659}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C73594DF6A3CD8F4396E867C871A1E29] : HP Recovery Manager -> C:\windows\Installer\{FD49537C-C3A6-4F8D-93E6-68C778A1E192}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\C971C95CD8669A946BAE1012CCCF2134] : LabelPrint -> C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D4ADA0CF5AF82544A8FF0F0AAB9CE77F] : Energy Star -> C:\Windows\Installer\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\D4DC8700641B77D4C80F62B8631C3ACE] : 
[HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E] : Power2Go -> C:\Windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E446FE9DEAF2B39418086571CC77C4F4] : Google Earth Pro -> C:\WINDOWS\Installer\{D9EF644E-2FAE-493B-8180-5617CC774C4F}\MainIcon.ico
[HKCR\Installer\Products\E80C02025F47F9E4DBA2148FBCE6AB01] : Photo Gallery
[HKCR\Installer\Products\EC8DFCAB618826543B6AAD5BA192252A] : Avira Software Updater -> C:\WINDOWS\Installer\{BACFD8CE-8816-4562-B3A6-DAB51A2952A2}\icon.ico
[HKCR\Installer\Products\F187AF9E08E3993428A5DAE3112CC877] : MSVCRT110_amd64
[HKCR\Installer\Products\F2ACB6ACBEDEF80458B01304B41EA616] : I.R.I.S. OCR -> C:\Windows\Installer\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}\ARP_Icon
[HKCR\Installer\Products\FC03D219E93F13B4DAA921C3B697E42E] : HP Update -> C:\Windows\Installer\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\FE19F5C3B0C531D4CBEBF06CCFE37D9F] : Movie Maker

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x350
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe5d7811ee0
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : be56719d-2ed0-4bb5-ba46-50278c73571f
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x414
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe4f2328e82
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : a9771d11-eb72-42ad-aa1f-302db090b759
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x10bc
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe4d3139772
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : f538d592-06bf-48ff-96e4-21da6aae40c4
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x2774
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe4a8f72955
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : f3a902dc-1dfe-4382-be18-96a428cec694
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x2a0c
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe49222229b
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 5001c78f-cc75-48bf-96f0-84ac9e207db0
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x1f7c
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe488ebf076
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 43e6b147-fa60-4121-82e6-be6c3a78adf1
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x29b0
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe468e769e7
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 9e230b3d-08d1-4a8f-aa64-581176610069
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x50c
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe45966b531
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 062826f9-5d62-457b-b4cb-26ea72e6a794
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0xa00
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe42dbb95d9
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 625b1de4-9b67-44da-a1ce-96cd91b5e057
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x1e34
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe3f0c3d669
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : ae6668d9-b02b-46d7-8cfa-291145bc95d2
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0xd28
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe377f4eba6
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 290605aa-5703-48ce-bce6-a56e0017a88b
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Nom de lÂapplication dÃ©faillante CHXSmartScreen.exe, version : 10.0.16299.15, horodatage : 0x59cdaa2a
Nom du module dÃ©faillant : edgehtml.dll, version : 11.0.16299.371, horodatage : 0x635be5e7
Code dÂexception : 0x80070005
DÃ©calage dÂerreur : 0x000000000052c159
ID du processus dÃ©faillant : 0x394
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d3dfe3481c58a8
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\WINDOWS\SYSTEM32\edgehtml.dll
ID de rapport : 5a550f9f-1a1a-47f4-92ca-73c240545b7e
Nom complet du package dÃ©faillantÂ : Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy
ID de lÂapplication relative au package dÃ©faillantÂ : App
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------

Une vÃ©rification de stratÃ©gie dÂunmarshaling a Ã©tÃ© effectuÃ©e lors de lÂunmarshaling dÂun objet marshalÃ© personnalisÃ© et la classe {95CABCC9-BC57-4C12-B8DF-BA193232AA01} a Ã©tÃ© refusÃ©e
------------


----------( EOF)---------- - 6923 | 23:00:39