--------------- QuickDiag | g3n-h@ckm@n | V4_20.06.18.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 01/07/2018 14:46:57

Updated 20/06/2018 | 08:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Jean Morea (Administrator)] - [JEANMOREA-PC] (S-1-5-21-3353024563-3861455640-128521138-1000)

System: Microsoft WindowsÂ 7 Ãdition Familiale Premium - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) -> ()
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft WindowsÂ 7 Ãdition Familiale Premium |C:\Windows|\Device\Harddisk0\Partition1
Boot : Normal boot
PC: System Product Name - System manufacturer - IdNumber: System Serial Number - UUID: 1E29D1A0-D7DA-11DD-80FA-08606EC14CE3
Processor : X64 - 3510 Mhz - Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
BIOS Date: 09/02/14 10:37:51 Ver: 25.01 - en|US|iso8859-1 - American Megatrends Inc. - S/N: System Serial Number - 2501 - _ASUS_ - 1072009
CoreTemp : 29.8 Celsius

----------| Quick


---------- | SoundDevice

Focusrite USB Audio - Status: OK - Manufacturer: Focusrite Audio Engineering Ltd. - PNPDeviceID: FOCUSRITEUSB\AUDIO&ADAPTER\1&2F4F0163&0&ID:0000000012358016
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0040&SUBSYS_14583606&REV_1001\5&134DDE5D&0&0001
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_10438445&REV_1003\4&3AD857FA&0&0001

---------- | Video

NVIDIA GeForce GTX 770 - Resolution: 2560x1080 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1184&SUBSYS_36061458&REV_A1\4&BAB4994&0&0008 - AdapterCompatibility: NVIDIA - RAM: -1048576
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 770 - DriverVersion: 24.21.13.9836 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

---------- | CPU

CPU #1 value:0 %
CPU #2 value:0 %
CPU #3 value:12 %
CPU #4 value:0 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:6 %
Total Overall CPU Usage value:2 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:234 bytes/sec / RECVD:234 bytes/sec
isatap.lan : SENT:0 bytes/sec / RECVD:0 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:234 bytes/sec,  /  RECEIVE Maximum:234 bytes/sec

WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_85051043&REV_09\4&11EB9DBD&0&00E4
WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - - - Status: - PnPID : 
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status: - PnPID : ROOT\*ISATAP\0001

---------- | Memory

RAM = Total (MB) : 8335 | Free (MB) : 5497
Pagefile = Total (MB) : 16668 | Free (MB) : 13059
Virtual = Total (MB) : 4194 | Free (MB) : 3982

Physical Memory 1 : Capacity: 4294967296 - ChannelA-DIMM1 - Posit.: 1 - Manufacturer: 029E - PartNumber: CMZ8GX3M2X2133C9  - S/N: 00000000
Physical Memory 3 : Capacity: 4294967296 - ChannelB-DIMM1 - Posit.: 2 - Manufacturer: 029E - PartNumber: CMZ8GX3M2X2133C9  - S/N: 00000000

---------- | SID Users

Administrateur : [S-1-5-21-3353024563-3861455640-128521138-500]
HomeGroupUser$ : [S-1-5-21-3353024563-3861455640-128521138-1003]
InvitÃ© : [S-1-5-21-3353024563-3861455640-128521138-501]
Jean Morea : [S-1-5-21-3353024563-3861455640-128521138-1000]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
InvitÃ©s : [S-1-5-32-546]
Lecteurs des journaux dÂÃ©vÃ©nements : [S-1-5-32-573]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de lÂAnalyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modÃ¨le COM distribuÃ© : [S-1-5-32-562]
HomeUsers : [S-1-5-21-3353024563-3861455640-128521138-1002]

---------- | SystemAccounts

Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: DROITS DU PROPRIÃTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SystÃ¨me - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Utilisateurs authentifiÃ©s - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: SERVICE RÃSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [RÃ©servÃ© au systÃ¨me] | Total : 390.62 Go | Free : 340.98 Go -> NTFS [ATA]
D:\ -> [Fixed] | [TITAN (2)] | Total : 931.5 Go | Free : 417.76 Go -> NTFS [ATA]
E:\ -> [Fixed] | [SaveData] | Total : 540.89 Go | Free : 420.63 Go -> NTFS [ATA]
G:\ -> [Fixed] | [HERMES] | Total : 596.17 Go | Free : 474.77 Go -> NTFS [ATA]

Disk Usage Information [3 total Physical Disks]

Physical Drive #0 [C:, E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 2 Part. - PnPID : IDE\DISKST1000DM003-1CH162______________________CC47____\4&15828421&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : IDE\DISKWDC_WD10EAVS-32D7B1_____________________01.01A01\4&15828421&0&0.3.0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 1 Part. - PnPID : IDE\DISKWDC_WD6400AAKS-75A7B0___________________01.03B01\4&15828421&0&0.2.0

---------- | Windows updates - Activation - License

Last detection : 2018-07-01 00:49:34
Downloaded last ones : 2018-06-28 23:21:05
Installed last ones : 2018-06-29 01:40:00
Next search : 2018-07-01 20:36:14

Test 1 : Windows Is Activated

Volume License


---------- | Browsers

IE : 8.0.7601.17514     (Â© Microsoft Corporation. Tous droits rÃ©servÃ©s.)
FF : 61.0.0.6746     (Â©Firefox and Mozilla Developers; available under the MPL 2 license.)

Default : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

---------- | FlashPlayer

FlashPlayer ActiveX : 30.0.0.113

---------- | Security

AV : Malwarebytes Enabled
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running



---------- | Running processes

688 | [Owner : SystÃ¨me | Parent : 4(System) | 1.51 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.24150) = C:\Windows\System32\smss.exe     [27/06/2018 11:58:14]    CPU Usage:0 % --> Command Line : 
952 | [Owner : SystÃ¨me | Parent : 944() | 5.74 Mo] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
200 | [Owner : SystÃ¨me | Parent : 944() | 5.37 Mo] - (.Microsoft Corporation - Application de dÃ©marrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [14/07/2009 01:52:37]    CPU Usage:0 % --> Command Line : 
540 | [Owner : SystÃ¨me | Parent : 196() | 21.56 Mo] - (.Microsoft Corporation - Processus dÂexÃ©cution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe     [14/07/2009 01:19:49]    CPU Usage:0 % --> Command Line : 
916 | [Owner : SystÃ¨me | Parent : 200(wininit.exe) | 11.71 Mo] - (.Microsoft Corporation - Applications Services et ContrÃ´leur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [27/06/2018 12:04:55]    CPU Usage:0 % --> Command Line : 
888 | [Owner : SystÃ¨me | Parent : 196() | 8.43 Mo] - (.Microsoft Corporation - Application dÂouverture de session Windows.) - (6.1.7601.24000) = C:\Windows\System32\winlogon.exe     [27/06/2018 11:58:30]    CPU Usage:0 % --> Command Line : 
960 | [Owner : SystÃ¨me | Parent : 200(wininit.exe) | 13.4 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.24150) = C:\Windows\System32\lsass.exe     [27/06/2018 11:58:31]    CPU Usage:0 % --> Command Line : 
968 | [Owner : SystÃ¨me | Parent : 200(wininit.exe) | 5.14 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [21/11/2010 05:23:53]    CPU Usage:0 % --> Command Line : 
1044 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 11.45 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1136 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 12.75 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2431.7967) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe     [27/06/2018 16:09:39]    CPU Usage:0 % --> Command Line : 
1200 | [Owner : SERVICE RÃSEAU | Parent : 916(services.exe) | 10.39 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1288 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 22.98 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1356 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 412.31 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1396 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 42.74 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1500 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 6.86 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1532 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 17.82 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1668 | [Owner : SERVICE RÃSEAU | Parent : 916(services.exe) | 18.48 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1736 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 84.33 Mo] - (.AVAST Software - Avast Service.) - (18.5.3931.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe     [27/06/2018 00:38:32]    CPU Usage:1 % --> Command Line : 
1928 | [Owner : Jean Morea | Parent : 1356(svchost.exe) | 8.94 Mo] - (.Microsoft Corporation - Gestionnaire de fenÃªtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [14/07/2009 01:37:38]    CPU Usage:0 % --> Command Line : 
1952 | [Owner : Jean Morea | Parent : 1920() | 92.51 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) = C:\Windows\explorer.exe     [30/03/2012 07:52:04]    CPU Usage:0 % --> Command Line : 
2040 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 12.86 Mo] - (.Microsoft Corporation - Application sous-systÃ¨me spouleur.) - (6.1.7601.24000) = C:\Windows\System32\spoolsv.exe     [27/06/2018 11:58:31]    CPU Usage:0 % --> Command Line : 
1572 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 15.92 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
1608 | [Owner : Jean Morea | Parent : 916(services.exe) | 8.86 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [01/08/2013 01:01:16]    CPU Usage:0 % --> Command Line : 
2072 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 8.08 Mo] - (.Acronis - Acronis Scheduler 2.) - (1.0.0.473) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe     [23/08/2012 02:48:16]    CPU Usage:0 % --> Command Line : 
2140 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 10.81 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe     [01/06/2012 11:42:18]    CPU Usage:0 % --> Command Line : 
2268 | [Owner : SystÃ¨me | Parent : 1396(svchost.exe) | 6.64 Mo] - (.Microsoft Corporation - Moteur du Planificateur de tÃ¢ches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe     [21/11/2010 05:24:27]    CPU Usage:0 % --> Command Line : 
2284 | [Owner : Jean Morea | Parent : 1952(explorer.exe) | 15.88 Mo] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\RocketDock\RocketDock.exe     [01/08/2013 02:21:56]    CPU Usage:0 % --> Command Line : 
2352 | [Owner : SystÃ¨me | Parent : 2268(taskeng.exe) | 0.53 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.141.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe     [27/06/2018 00:39:09]    CPU Usage:0 % --> Command Line : 
2384 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 6.08 Mo] - (.ASUSTeK Computer Inc. -.) - (0.1.0.18) = C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe     [01/06/2012 11:42:18]    CPU Usage:0 % --> Command Line : 
2424 | [Owner : Jean Morea | Parent : 2260() | 40.46 Mo] - (.AVAST Software - Avast Antivirus.) - (18.5.3931.0) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [27/06/2018 00:38:36]    CPU Usage:0 % --> Command Line : 
2496 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 3.85 Mo] - (.ASUSTeK Computer Inc. - AsSysCtr Application.) - (1.0.0.1) = C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe     [01/08/2013 00:45:56]    CPU Usage:0 % --> Command Line : 
2568 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 5.21 Mo] - (.ASUSTeK Computer Inc. - ASUS Motherboard Fan Control Service.) - (1.0.0.7) = C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe     [01/08/2013 00:46:52]    CPU Usage:0 % --> Command Line : 
2668 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 12.9 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
2736 | [Owner : Jean Morea | Parent : 2528() | 6.19 Mo] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) - (1.0.0.120) = C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe     [01/08/2013 00:41:44]    CPU Usage:0 % --> Command Line : 
2744 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 13.25 Mo] - (.Foxit Software Inc. - Foxit Reader ConnectedPDF Windows Service..) - (9.1.0.4717) = C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe     [27/06/2018 01:09:44]    CPU Usage:0 % --> Command Line : 
2932 | [Owner : SERVICE RÃSEAU | Parent : 916(services.exe) | 10.04 Mo] - (.NVIDIA Corporation - NVIDIA Container.) - (1.11.2393.9975) = C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe     [27/06/2018 16:10:46]    CPU Usage:0 % --> Command Line : 
3032 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 38.72 Mo] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - (2.6.46.217) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe     [27/06/2018 00:48:27]    CPU Usage:0 % --> Command Line : 
2164 | [Owner : Jean Morea | Parent : 2776() | 96.64 Mo] - (.- OnScreenApplication.) - (2.86.0.0) = C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreen Control.exe     [27/06/2018 00:25:56]    CPU Usage:0 % --> Command Line : 
2844 | [Owner : Jean Morea | Parent : 2848() | 2.35 Mo] - (.Piriform Ltd - CCleaner.) - (5.44.162.6575) = C:\Program Files\CCleaner\CCleaner64.exe     [24/06/2018 13:26:52]    CPU Usage:0 % --> Command Line : 
3124 | [Owner : SystÃ¨me | Parent : 2352(AvastBrowserUpdate.exe) | 0.82 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.141.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler.exe     [27/06/2018 00:39:09]    CPU Usage:0 % --> Command Line : 
3144 | [Owner : SystÃ¨me | Parent : 2352(AvastBrowserUpdate.exe) | 0.53 Mo] - (.AVAST Software - Avast Browser Update.) - (1.4.141.333) = C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.141.333\AvastBrowserCrashHandler64.exe     [27/06/2018 00:39:09]    CPU Usage:0 % --> Command Line : 
3352 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 14.26 Mo] - (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - (2.6.46.77) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe     [27/06/2018 00:48:29]    CPU Usage:0 % --> Command Line : 
3392 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 6.47 Mo] - (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - (12.1.0.4625) = C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe     [23/12/2009 23:34:20]    CPU Usage:0 % --> Command Line : 
3412 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 11.81 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
3560 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 209.65 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.667) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [27/06/2018 12:48:51]    CPU Usage:0 % --> Command Line : 
3588 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 11.48 Mo] - (.Safer-Networking Ltd. - Windows Security Center integration..) - (2.6.46.3) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe     [27/06/2018 00:48:30]    CPU Usage:0 % --> Command Line : 
4112 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 15.82 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe     [27/06/2018 11:58:29]    CPU Usage:0 % --> Command Line : 
4148 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 53.4 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:11 % --> Command Line : 
4444 | [Owner : SERVICE RÃSEAU | Parent : 916(services.exe) | 11.16 Mo] - (.Microsoft Corporation - Service Partage rÃ©seau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe     [21/11/2010 05:25:05]    CPU Usage:0 % --> Command Line : 
4776 | [Owner : SERVICE LOCAL | Parent : 916(services.exe) | 16.76 Mo] - (.Microsoft Corporation - Processus hÃ´te pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 01:31:13]    CPU Usage:0 % --> Command Line : 
4996 | [Owner : Jean Morea | Parent : 2440() | 3.06 Mo] - (.Glarysoft Ltd - Glary Utilities 5.) - (5.100.0.122) = C:\Program Files (x86)\Glary Utilities 5\Integrator.exe     [26/06/2018 03:54:26]    CPU Usage:0 % --> Command Line : 
3960 | [Owner : Jean Morea | Parent : 3560(MBAMService.exe) | 32.6 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1496) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe     [27/06/2018 12:48:50]    CPU Usage:0 % --> Command Line : 
5180 | [Owner : Jean Morea | Parent : 2164(OnScreen Control.exe) | 10.64 Mo] - (.LG Electronisc Inc - OSCApplicationManager.) - (1.0.0.1) = C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OSCApplicationManager.exe     [27/06/2018 00:25:56]    CPU Usage:0 % --> Command Line : 
5288 | [Owner : Jean Morea | Parent : 5180(OSCApplicationManager.exe) | 8.86 Mo] - (.TODO: <Company name> - TODO: <File description>.) - (1.0.0.1) = C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook64App.exe     [27/06/2018 00:25:56]    CPU Usage:0 % --> Command Line : 
5760 | [Owner : SystÃ¨me | Parent : 1044(svchost.exe) | 6.36 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe     [14/07/2009 01:47:12]    CPU Usage:0 % --> Command Line : 
6036 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 20.54 Mo] - (.Intel Corporation - IAStorDataSvc.) - (11.1.0.1006) = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe     [01/08/2013 00:42:58]    CPU Usage:0 % --> Command Line : 
6704 | [Owner : Jean Morea | Parent : 1396(svchost.exe) | 8.31 Mo] - (.Microsoft Corporation - Windows Update.) - (7.6.7601.24085) = C:\Windows\System32\wuauclt.exe     [27/06/2018 11:58:16]    CPU Usage:0 % --> Command Line : 
5896 | [Owner : Jean Morea | Parent : 916(services.exe) | 10.1 Mo] - (.Microsoft Corporation - Processus hÃ´te pour TÃ¢ches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [01/08/2013 01:01:16]    CPU Usage:0 % --> Command Line : 
1644 | [Owner : SystÃ¨me | Parent : 916(services.exe) | 13.56 Mo] - (.Acronis - TrueImage Sync Agent Service.) - (16.0.0.6671) = C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe     [18/08/2012 21:20:18]    CPU Usage:0 % --> Command Line : 
2996 | [Owner : SERVICE LOCAL | Parent : 1288(svchost.exe) | ?????] - (.Microsoft Corporation - Isolation graphique de pÃ©riphÃ©rique audio Windows.) - (6.1.7601.23471) = C:\Windows\System32\audiodg.exe     [27/06/2018 11:58:32]    CPU Usage:0 % --> Command Line : 
6628 | [Owner : Jean Morea | Parent : 1952(explorer.exe) | 320.98 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.0.6746) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [30/06/2018 11:05:29]    CPU Usage:13 % --> Command Line : 
1156 | [Owner : SERVICE RÃSEAU | Parent : 1044(svchost.exe) | 11.74 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [21/11/2010 05:24:15]    CPU Usage:0 % --> Command Line : 
4968 | [Owner : Jean Morea | Parent : 6628(firefox.exe) | 272.47 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.0.6746) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [30/06/2018 11:05:29]    CPU Usage:10 % --> Command Line : 
3596 | [Owner : Jean Morea | Parent : 6628(firefox.exe) | 149.16 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.0.6746) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [30/06/2018 11:05:29]    CPU Usage:8 % --> Command Line : 
7052 | [Owner : Jean Morea | Parent : 6628(firefox.exe) | 135.87 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.0.6746) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [30/06/2018 11:05:29]    CPU Usage:11 % --> Command Line : 
2700 | [Owner : Jean Morea | Parent : 6628(firefox.exe) | 43.19 Mo] - (.Mozilla Corporation - Firefox.) - (61.0.0.6746) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe     [30/06/2018 11:05:29]    CPU Usage:0 % --> Command Line : 
6056 | [Owner : Jean Morea | Parent : 1952(explorer.exe) | 36.31 Mo] - (.SosVirus - QuickDiag.) - (20.6.18.1) = C:\Users\Jean Morea\Desktop\QuickDiag.exe     [01/07/2018 14:46:07]    CPU Usage:0 % --> Command Line : 
1468 | [Owner : SystÃ¨me | Parent : 1044(svchost.exe) | 7.64 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe     [21/11/2010 05:24:15]    CPU Usage:0 % --> Command Line : 
6280 | [Owner : SERVICE RÃSEAU | Parent : 1044(svchost.exe) | 7.71 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe     [21/11/2010 05:24:27]    CPU Usage:0 % --> Command Line : 
5768 | [Owner : SERVICE RÃSEAU | Parent : 916(services.exe) | 9.5 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [21/11/2010 05:23:56]    CPU Usage:0 % --> Command Line : 

---------- | Locked Applications


---------- | Explorer.exe Hook (Microsoft Files Whitelisted)

(.AVAST Software.-.Avast Shell Extension.) - (18.5.3931.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
(.Acronis.-.Acronis True Image Shell Extensions.) - (16.0.0.5551) -- C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
(..-..) - (0.0.0.0) -- C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\ScreenSplitterHook641.dll
(.Malwarebytes.-.Malwarebytes.) - (3.0.0.57) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
(..-..) - (0.0.0.0) -- C:\Program Files (x86)\WinRAR\rarext64.dll
(.Acronis.-.Versions Page.) - (16.0.0.5551) -- C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll
(.Safer-Networking Ltd..-.Windows Explorer context menu integration.) - (2.6.46.0) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll
(.Glarysoft Ltd.-.Context Menu Handler.) - (5.0.0.16) -- C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll
(.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (9.1.0.497) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll
(.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (6.14.13.9836) -- C:\Windows\system32\nv3dappshext.dll
(.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 398.36.) - (24.21.13.9836) -- C:\Windows\system32\nvapi64.dll

---------- | Svchost.exe Hook (Microsoft Files Whitelisted)

(.Copyright CANON INC. 2008-.WIA Scanner Driver 64-bit Edition.) - (1.1.1.0) -- C:\Windows\system32\CNQ2413C.DLL
(.Copyright CANON INC. 2008 -.CanoScan LiDE 100.) - (1.0.1.0) -- C:\Windows\system32\CNQ2413L.DLL

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÃSEAU
RocketDock - ("C:\Program Files (x86)\RocketDock\RocketDock.exe" [HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\...\Run]) - User: JeanMorea-PC\Jean Morea
CCleaner Monitoring - ("C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\...\Run]) - User: JeanMorea-PC\Jean Morea
AvastUI.exe - ("C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe"   
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"UserSelectedDefault"=1   
"Device"=Foxit Reader PDF Printer,winspool,Ne01:   
"ENW7MThreadingNum"=756=5;7>   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"   
"OnScreen Control"=C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe   [27/06/2018 00:25:56]

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"IconServiceLib"=IconCodecService.dll   
"DdeSendTimeout"=0   
"DesktopHeapLogging"=1   
"GDIProcessHandleQuota"=10000   
"ShutdownWarningDialogTimeout"=4294967295   
"USERNestedWindowLimit"=50   
"USERPostMessageLimit"=10000   
"USERProcessHandleQuota"=10000   
""=mnmsrvc   
"DeviceNotSelectedTimeout"=15   
"Spooler"=yes   
"TransmissionRetryTimeout"=90   
"AppInit_DLLs"=   
"LoadAppInit_DLLs"=0   

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   


---------- | Wininit.ini : 

[rename]
NUL=C:\Program Files (x86)\Spybot - Search & Destroy 2\av\smartdb-ntfs.db


---------- | Win.ini : 



---------- | System.ini : 



---------- | Tasks List

Adobe Flash Player Updater
Avast Emergency Update
AvastUpdateTaskMachineCore
AvastUpdateTaskMachineUA
CCleaner Update
CCleanerSkipUAC
GlaryInitialize 5

---------- | Startings up registry ? Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup] : "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon] : C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RocketDock] : "C:\Program Files (x86)\RocketDock\RocketDock.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] : C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray] : "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant] : "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON] : "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"  

---------- | Control - lsa - SecurityProviders - Session Manager - Terminal Server


[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=AcrSch2Svc
wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(1)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=960   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *    
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"SetupExecute"=   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=00e8648b-7903-4413-a066-cd85fab   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedKMRDP"=1   


---------- | .LNK with Arguments


---------- | AppCertDlls


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=0   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"PaintDesktopVersion"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9012038010000000   
"Wallpaper"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [01/08/2013 00:30:24]
"Pattern Upgrade"=TRUE   
"LogPixels"=96   
"WaitToKillAppTimeout"=200   
"HungAppTimeout"=200   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{645FF040-5081-101B-9F08-00AA002F954E}"=1   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{645FF040-5081-101B-9F08-00AA002F954E}"=1   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"link"=0x16000000   
"EnableAutoTray"=1   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=0   
"ListviewShadow"=0   
"TaskbarAnimations"=0   
"StartMenuInit"=4   
""=0   
"TaskbarSizeMove"=0   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x0400000003000000020000000100000000000000FFFFFFFF   
"0"=0x6F006E00730063007200650065006E000000   
"1"=0x610069006D0070000000   
"2"=0x6500780070006C006F007200650072000000   
"3"=0x6500780070006C006F007200650072002E006500780065000000   
"4"=0x2E006100730066000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"EnableLinkedConnections"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=19   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://www.filefacts.net/redirect.php?ext=%s   
"Application.AX.Backup"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   
"EnableLinkedConnections"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=167   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=43   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=userinit.exe   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\.hta]
"PerceivedType"=text   
""=htafile   
"Content Type"=application/hta   

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\Windows\SysWOW64\mshta.exe "%1" %*   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Internet Explorer\iexplore.exe   [21/11/2010 05:25:08]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-E7CF176E110C211B\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files (x86)\Internet Explorer\iexplore.exe   [21/11/2010 05:25:08]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=6E1E80 Bin\ASSETUP.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1
"SIGN.MEDIA=2280730 SETUP.EXE"=1
"C:\Users\Jean Morea\AppData\Roaming\Foxit Software\Addon\Foxit Reader\FoxitReaderUpdater.exe"=1
"C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe"=1
"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"=1


---------- | IFEO


---------- | Mountpoints2

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{19dc114a-d793-11dd-be21-806e6f6e6963}] : F:\Bin\ASSETUP.exe     (AutoRun)
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{d5f7de01-7b93-11e8-a2d4-08606ec14ce3}] : J:\HiSuiteDownLoader.exe     (AutoRun)

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x994B293EA06BC901

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts


---------- | Ping

Envoi d'une requ?te 'ping' sur google.com [216.58.213.174] avec 32 octets de donn?es?:
R?ponse de 216.58.213.174?: octets=32 temps=9 ms TTL=56
R?ponse de 216.58.213.174?: octets=32 temps=9 ms TTL=56
R?ponse de 216.58.213.174?: octets=32 temps=8 ms TTL=56
R?ponse de 216.58.213.174?: octets=32 temps=7 ms TTL=56

Statistiques Ping pour 216.58.213.174:
    Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%),
Dur?e approximative des boucles en millisecondes :
    Minimum = 7ms, Maximum = 9ms, Moyenne = 8ms

---------- | @

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://www.google.fr/
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE60000004100000000050000D1020000
"OperationalData"=1
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x36F9FD84A10DD401
"IE10TourShown"=1
"IE10TourShownTime"=0xD1A40085A10DD401
"IconCache"=xslvli7
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ImageStoreRandomFolder"=ti9nawp

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0xC72B17D3460FD401
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"ProxyServer"=:0
"GlobalUserOffline"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://www.google.fr/
"Default_Page_URL"=http://www.google.fr/
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://www.google.fr/
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://www.google.fr/?q={searchTerms}
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Tabs"=res://ieframe.dll/tabswelcome.htm
"OfflineInformation"=res://ieframe.dll/offcancl.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://www.google.fr/
"Default_Page_URL"=http://www.google.fr/
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://www.google.fr/
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Search Page"=http://www.google.fr/?q={searchTerms}
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Tabs"=res://ieframe.dll/tabswelcome.htm
"OfflineInformation"=res://ieframe.dll/offcancl.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | Proxy


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon] : SDWinLogon.dll

---------- | Execution FileExts









---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [27/06/2018 00:38:43]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [27/06/2018 00:38:43]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncError] - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [23/08/2012 02:48:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncInProgress] - {00F848DC-B1D4-4892-9C25-CAADC86A215D} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [23/08/2012 02:48:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\AcronisSyncOk] - {71573297-552E-46fc-BE3D-3DFAF88D47B7} --  C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll   [23/08/2012 02:48:54]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  %SystemRoot%\system32\EhStorShell.dll   
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} --  %SystemRoot%\system32\ntshrui.dll   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=   


---------- | Toolbar

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1   
"ShowDiscussionButton"=Yes   

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={96BBC430-9900-4299-9F5D-7951AB36EFDF}   
"KnownProvidersUpgradeTime"=0x6E202688A10DD401   
"Version"=3   
"UpgradeTime"=0xC0185E88A10DD401   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions


---------- | SearchScopes

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96BBC430-9900-4299-9F5D-7951AB36EFDF}] - (Google) - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} : 

---------- | Browser Helper Objects


---------- | Chrome

C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  :     Create share and access your Google Docs from anywhere. -     Docs - http://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck =  :     __MSG_avastAppDesc__ -     __MSG_avastAppName__ - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Jean Morea\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm =  :     Provider for discovery and services for mirroring of Chrome Media Router -     Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]

---------- | Opera


---------- | Firefox


[HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/GENUINE] - () : disabled
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.3] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


C:\Users\Jean Morea\AppData\Roaming\Mozilla\Firefox\Profiles\r1uum7hi.default\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20180621125625");
user_pref("browser.startup.homepage_override.mstone", "61.0");
user_pref("extensions.blocklist.lastModified", "Thu, 07 Jun 2018 21:59:30 GMT");
user_pref("extensions.blocklist.pingCountTotal", 3);
user_pref("extensions.blocklist.pingCountVersion", 3);
user_pref("extensions.databaseSchema", 26);
user_pref("extensions.getAddons.cache.lastUpdate", 1530442328);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.lastAppBuildId", "20180621125625");
user_pref("extensions.lastAppVersion", "61.0");
user_pref("extensions.lastPlatformVersion", "61.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.webextensions.uuids", "{\"webcompat@mozilla.org\":\"f9e0b9c0-8282-4e16-9fd6-ad0762c530b3\",\"screenshots@mozilla.org\":\"57cb7dbb-f6f7-4d5a-8a0a-50ba3c71dd43\"}");


[Profile0] - Name=default -> Profiles/r1uum7hi.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{1357313F-1540-45F3-92DE-E8EF07CBD5D1}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{1357313F-1540-45F3-92DE-E8EF07CBD5D1}]
"DhcpNameServer"=192.168.1.254
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{1357313F-1540-45F3-92DE-E8EF07CBD5D1}]
"DhcpNameServer"=192.168.1.254

---------- | Applications

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Classes\Applications\AIMP.exe] : "C:\Program Files (x86)\AIMP3\AIMP.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\nero.exe] : "C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\nero.exe] : "C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~2\MICROS~1\Office12\OIS.EXE /shellOpen "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"regsvc"=RemoteRegistry
"DcomLaunch"=Power
PlugPlay
DcomLaunch
"secsvcs"=WinDefend
"bthsvcs"=bthserv
"GPSvcGroup"=GPSvc

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
PlugPlay
DcomLaunch


---------- | SvcHost - Netsvcs (Whitelist)


---------- | Software

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Acronis]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Alcohol Soft]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\AppDataLow]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\ASUS]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\AVAST Software]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Browser Cleanup]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Chromium]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Clients]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Foxit Software]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\GlarySoft]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Google]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\LG Soft India]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Macromedia]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Malwarebytes]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Mozilla]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Nero]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Netscape]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\ODBC]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\pdfforge]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Piriform]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Policies]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Realtek]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\RocketDock]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Safer Networking Limited]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\sysinternals]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\VS Revo Group]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\VSRevoGroup]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\WinRAR]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Wow6432Node]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\ZHP]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Acronis]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ASIO]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Canon]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\Dolby]
[HKLM\Software\DTS]
[HKLM\Software\Focusrite]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\Macromedia]
[HKLM\Software\MCCI]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\PDF Architect 6]
[HKLM\Software\pdfforge]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Sonic]
[HKLM\Software\SonicFocus]
[HKLM\Software\sysinternals]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\GPSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\Software\WOW6432Node\8169Diag]
[HKLM\Software\WOW6432Node\Acronis]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Ahead]
[HKLM\Software\WOW6432Node\Alcohol Soft]
[HKLM\Software\WOW6432Node\ASIO]
[HKLM\Software\WOW6432Node\ASUS]
[HKLM\Software\WOW6432Node\AVAST Software]
[HKLM\Software\WOW6432Node\Canon]
[HKLM\Software\WOW6432Node\Focusrite]
[HKLM\Software\WOW6432Node\Foxit Software]
[HKLM\Software\WOW6432Node\GlarySoft]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\InstallShield]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\LG Electronics Inc]
[HKLM\Software\WOW6432Node\LGDDCIStack]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Safer Networking Limited]
[HKLM\Software\WOW6432Node\VideoLAN]
[HKLM\Software\WOW6432Node\WinRAR]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]

---------- | Drives


D:


E:


G:

[05/01/2002 04:48:16] - |A| - (.Â© Microsoft Corporation. - MFCDLL Shared Library - Retail Version.) - [974848] - (7.0.9466.0) - G:\mfc70.dll
[05/01/2002 04:36:38] - |A| - (.Â© Microsoft Corporation. - MFCDLL Shared Library - Retail Version.) - [964608] - (7.0.9466.0) - G:\mfc70u.dll
[05/01/2002 03:37:28] - |A| - (.Â© Microsoft Corporation. - MicrosoftÂ® C Runtime Library.) - [344064] - (7.0.9466.0) - G:\msvcr70.dll

---------- | C:

[14/07/2009 05:18:56] - |SHD| - [129] - C:\$Recycle.Bin
[01/01/2009 01:30:35] - |SHD| - [14626972] - C:\Boot
[MD5.259525CFB422E6AC8E87BC9777B1DF73] - [01/01/2009 01:30:35] - |RASH| - (.-.) - [383786] - (0.0.0.0) - C:\bootmgr
[MD5.45B9929FA14AE8566BC94AAF44C2790B] - [01/01/2009 01:30:37] - |RASH| - (.-.) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK
[MD5.D8D7B8BCF6D0782A720F58F82544D57C] - [27/06/2018 00:55:50] - |A| - (.-.) - [75] - (0.0.0.0) - C:\DiskDefrag.log
[14/07/2009 07:08:56] - |SHD| - [0] - C:\Documents and Settings
[27/06/2018 11:44:32] - |D| - [0] - C:\GvTemp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2018 00:01:45] - |ASH| - (.-.) - [6401171456] - (0.0.0.0) - C:\hiberfil.sys
[01/08/2013 00:41:12] - |D| - [928222] - C:\Intel
[MD5.F81B15DE8B3658232B69260187562A50] - [01/08/2013 01:49:28] - |RSH| - (.-.) - [338866] - (0.0.0.0) - C:\LGUXY
[01/08/2013 02:38:19] - |RHD| - [529670008] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [27/06/2018 00:01:44] - |ASH| - (.-.) - [8534896640] - (0.0.0.0) - C:\pagefile.sys
[14/07/2009 05:20:08] - |D| - [0] - C:\PerfLogs
[14/07/2009 05:20:08] - |RD| - [2813304693] - C:\Program Files
[14/07/2009 05:20:08] - |RD| - [2796528237] - C:\Program Files (x86)
[14/07/2009 05:20:08] - |HD| - [651147998] - C:\ProgramData
[01/07/2018 14:46:50] - |D| - [68686] - C:\QuickDiag
[MD5.BD2E41FC9B44B843F0F54B0A3A983400] - [01/07/2018 14:46:57] - |A| - (.-.) - [103459] - (0.0.0.0) - C:\QuickDiag.txt
[01/08/2013 00:30:11] - |SHD| - [174130820] - C:\Recovery
[01/01/2009 01:31:13] - |SHD| - [0] - C:\System Volume Information
[14/07/2009 05:20:08] - |RD| - [3399431265] - C:\Users
[14/07/2009 05:20:08] - |D| - [23706296011] - C:\Windows

---------- | C:\Windows

[14/07/2009 07:32:38] - |D| - [802] - C:\Windows\addins
[MD5.065BE7092B2D15DC0EC841065E2CFA04] - [01/08/2013 02:48:50] - |A| - (.-.) - [88064] - (0.0.0.0) - C:\Windows\AMUninst01c.exe
[14/07/2009 05:20:08] - |D| - [107568] - C:\Windows\AppCompat
[14/07/2009 05:20:08] - |D| - [11036668] - C:\Windows\AppPatch
[MD5.A8E99B48E39BDED22DB12B0DED9386C3] - [01/08/2013 00:32:59] - |A| - (.-.) - [41429] - (0.0.0.0) - C:\Windows\Ascd_tmp.ini
[14/07/2009 05:20:08] - |RSD| - [1460864585] - C:\Windows\assembly
[MD5.9FCFE78AFBA95C1F3AD8E3F99C5C4636] - [01/08/2013 00:37:15] - |A| - (.Copyright (C) 2009 - AsTaskSchedule.) - [16896] - (0.1.0.4) - C:\Windows\AsTaskSched.dll
[MD5.06F0416D17BF0C34A419D8CED28D54CE] - [01/08/2013 02:09:07] - |A| - (.Copyright (c) 2013 AVAST Software - avast! Screen Saver stub.) - [41664] - (8.0.1506.399) - C:\Windows\avastSS.scr
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [21/11/2010 05:24:22] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de fichier de dÃ©marrage.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[14/07/2009 05:20:09] - |D| - [29189358] - C:\Windows\Boot
[MD5.D194008FD439FE30B1E4533AA6A195BD] - [14/07/2009 07:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 05:20:09] - |D| - [3233280] - C:\Windows\Branding
[01/08/2013 00:37:16] - |D| - [276728718] - C:\Windows\Chipset
[14/07/2009 05:20:09] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 06:45:54] - |D| - [743] - C:\Windows\debug
[14/07/2009 07:32:38] - |D| - [3330461] - C:\Windows\diagnostics
[14/07/2009 07:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[14/07/2009 07:32:38] - |D| - [0] - C:\Windows\Downloaded Program Files
[21/11/2010 08:29:32] - |D| - [118084593] - C:\Windows\ehome
[14/07/2009 07:37:46] - |D| - [0] - C:\Windows\en-US
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [30/03/2012 07:52:04] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Explorateur Windows.) - [2871808] - (6.1.7601.17567) - C:\Windows\explorer.exe
[14/07/2009 05:20:09] - |RSD| - [966345735] - C:\Windows\Fonts
[21/11/2010 08:19:00] - |D| - [142336] - C:\Windows\fr-FR
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [14/07/2009 01:22:13] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 05:20:09] - |D| - [17807100] - C:\Windows\Globalization
[14/07/2009 05:20:09] - |D| - [111127264] - C:\Windows\Help
[MD5.A66E522F3CBFB8709EA37844922A002E] - [27/06/2018 11:58:25] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Aide et support Microsoft.) - [733696] - (6.1.7601.23834) - C:\Windows\HelpPane.exe
[MD5.12589371C087A76B6E8E152939E59E98] - [27/06/2018 11:58:16] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - ExÃ©cutable de lÂaide HTML MicrosoftÂ®.) - [16896] - (6.1.7601.24134) - C:\Windows\hh.exe
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [21/11/2010 08:30:23] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml
[14/07/2009 05:20:09] - |D| - [143547244] - C:\Windows\IME
[14/07/2009 05:20:10] - |D| - [131151230] - C:\Windows\inf
[01/08/2013 00:36:35] - |SHD| - [750934071] - C:\Windows\Installer
[14/07/2009 05:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[MD5.718FECF22BF4BD4FC05B79AA4BEC75D0] - [01/08/2013 00:33:07] - |A| - (.-.) - [1769] - (0.0.0.0) - C:\Windows\Language_trs.ini
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\LiveKernelReports
[14/07/2009 05:20:10] - |D| - [139483074] - C:\Windows\Logs
[14/07/2009 05:20:10] - |RSD| - [13358214] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 02:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 05:20:10] - |D| - [1043032113] - C:\Windows\Microsoft.NET
[27/06/2018 12:43:06] - |D| - [2943] - C:\Windows\Migration
[27/06/2018 15:48:13] - |D| - [0] - C:\Windows\Minidump
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[MD5.B32189BDFF6E577A92BAA61AD49264E6] - [27/06/2018 12:03:07] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Bloc-notes.) - [193536] - (6.1.7601.18917) - C:\Windows\notepad.exe
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [27/06/2018 16:09:39] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvContainerRecovery.bat
[MD5.74F28574BB8F61FFC7DD419FE6B6E0D5] - [27/06/2018 16:10:46] - |A| - (.-.) - [1951] - (0.0.0.0) - C:\Windows\NvTelemetryContainerRecovery.bat
[14/07/2009 07:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[01/01/2009 01:30:49] - |D| - [1402770] - C:\Windows\Panther
[01/08/2013 02:40:11] - |D| - [0] - C:\Windows\PCHEALTH
[14/07/2009 07:32:38] - |D| - [62535621] - C:\Windows\Performance
[MD5.080A084FC8AE87BB9DC7BC29D3FFF2F4] - [27/06/2018 01:38:17] - |A| - (.-.) - [28352] - (0.0.0.0) - C:\Windows\PFRO.log
[14/07/2009 05:20:10] - |D| - [1124149] - C:\Windows\PLA
[14/07/2009 05:20:10] - |D| - [4012006] - C:\Windows\PolicyDefinitions
[01/01/2009 01:31:47] - |D| - [47866104] - C:\Windows\Prefetch
[MD5.2E2C937846A0B8789E5E91739284D17A] - [14/07/2009 01:27:10] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Ãditeur du Registre.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 05:20:10] - |D| - [22588] - C:\Windows\registration
[14/07/2009 05:20:10] - |D| - [8934864] - C:\Windows\rescache
[14/07/2009 05:20:10] - |D| - [1679394] - C:\Windows\Resources
[MD5.2A7B78F4CFA0F1A5655891DDAACEFAD9] - [01/08/2013 00:38:32] - |R| - (.Copyright (C) 2012 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1706640] - (1.0.3.8) - C:\Windows\RtlExUpd.dll
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 05:20:10] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 05:20:10] - |D| - [5269946] - C:\Windows\security
[14/07/2009 06:45:47] - |D| - [60897256] - C:\Windows\ServiceProfiles
[14/07/2009 05:20:10] - |D| - [73078318] - C:\Windows\servicing
[14/07/2009 06:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.AC849B99E032F4017BB1CE37934DD4AF] - [01/07/2018 02:43:55] - |A| - (.-.) - [112] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/07/2018 02:43:55] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[21/11/2010 08:29:32] - |D| - [97307] - C:\Windows\ShellNew
[01/08/2013 00:30:06] - |D| - [2612397846] - C:\Windows\SoftwareDistribution
[14/07/2009 05:20:10] - |D| - [70579144] - C:\Windows\Speech
[MD5.127AA81343A7C6F665C22CB1293B0A90] - [01/08/2013 01:01:21] - |A| - (.Â© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 07:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[14/07/2009 05:20:10] - |D| - [0] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[14/07/2009 05:20:10] - |D| - [4465917471] - C:\Windows\System32
[14/07/2009 05:20:14] - |D| - [1272012759] - C:\Windows\SysWOW64
[14/07/2009 05:20:14] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 05:20:14] - |D| - [15424] - C:\Windows\Tasks
[14/07/2009 05:20:14] - |D| - [15720] - C:\Windows\Temp
[14/07/2009 05:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 07:32:38] - |D| - [54800565] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [21/11/2010 05:25:10] - |A| - (.- Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[14/07/2009 05:20:14] - |D| - [12420] - C:\Windows\Vss
[MD5.43A439A2DDB813C24FF8F22DEAE64B11] - [30/03/2012 04:50:54] - |A| - (.-.) - [33] - (0.0.0.0) - C:\Windows\W7T.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [30/03/2012 04:52:26] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\W7TDrivers.txt
[14/07/2009 05:20:14] - |D| - [40681427] - C:\Windows\Web
[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - [14/07/2009 04:34:57] - |A| - (.-.) - [478] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.6EE5D8B83BC0226FF9705508FACFB413] - [01/08/2013 05:01:22] - |A| - (.-.) - [1466260] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.Â© Microsoft Corporation. Tous droits rÃ©servÃ©s. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[MD5.0A34066D56D57C0DA73BFFC1E4169FF2] - [27/06/2018 00:42:23] - |A| - (.-.) - [85] - (0.0.0.0) - C:\Windows\wininit.ini
[14/07/2009 05:20:14] - |D| - [9692649487] - C:\Windows\winsxs
[MD5.C1B426321CA9446D919891EE7F5D6864] - [01/05/2012 20:40:52] - |A| - (.-.) - [37] - (0.0.0.0) - C:\Windows\WinToolkit.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/05/2012 20:42:34] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\WinToolkitDrivers.txt
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [14/07/2009 01:56:28] - |A| - (.Â© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe

---------- | C:\Windows\System32\GroupPolicy


---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[01/08/2013 03:10:07] - C:\Windows\Installer\186f1d.msi : (AcronisÂ TrueÂ ImageÂ Home - Acronis)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/08/2013 02:31:02] - C:\Windows\Installer\2bd37e.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[14/07/2009 06:57:09] - [73] - C:\Windows\System32\desktop.ini
[14/07/2009 01:01:52] - [71951] - C:\Windows\System32\ieuinit.inf
[14/07/2009 07:13:15] - [1669584] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 23:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[14/07/2009 00:38:23] - [71951] - C:\Windows\Syswow64\ieuinit.inf
[14/07/2009 06:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[27/06/2018 12:17:49] - [1643716] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.6A01A3C85007427C4C2B64D8AA8F66F9] - |A| - [27/06/2018 11:58:28] - (.-.) - [124.53 Ko] - (0.0.0.0) - C:\Windows\AppPatch\AppPatch64\sysmain.sdb
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:08] - [0 Ko] - C:\Windows\AppPatch\Custom\Custom64
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [30/06/2018 13:41:14] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\Temp\BitDefender Threat Scanner.dmp
[MD5.17F7B26D1AF22CDC3899CC23FF6E2D49] - |A| - [30/06/2018 11:04:35] - (.-.) - [15.18 Ko] - (0.0.0.0) - C:\Windows\Temp\chrome_installer.log
[MD5.00000000000000000000000000000000] - |D| - [30/06/2018 11:03:57] - [0.04 Ko] - C:\Windows\Temp\Crashpad
[MD5.BD2C74B7EFE96DADC7B66219D04A031E] - |A| - [30/06/2018 11:23:49] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\Windows\Temp\fwtsqmfile00.sqm
[MD5.00000000000000000000000000000000] - |D| - [27/06/2018 14:59:32] - [0 Ko] - C:\Windows\Temp\_avast_
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:58] - [0 Ko] - C:\Windows\System32\040C
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [27.86 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AH| - [14/07/2009 06:45:49] - (.-.) - [27.86 Ko] - (0.0.0.0) - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [4987.5 Ko] - C:\Windows\System32\AdvancedInstallers
[MD5.B9C0739D0B0A8DCB826A045379BCAD7C] - |A| - [27/06/2018 00:38:48] - (.Copyright (c) 2018 AVAST Software - Avast start-up scanner.) - [369.21 Ko] - (18.5.3931.0) - C:\Windows\System32\aswBoot.exe
[MD5.77493E0A7EAF4020A6C0D346B4FFA9D4] - |A| - [23/12/2009 12:15:54] - (.Copyright(C) 2002-2010 Alcohol Soft Development Team - Alcohol iSCSI Sharing Center Controal Panel Applet.) - [78.84 Ko] - (2.0.0.1022) - C:\Windows\System32\AxSWindCx64.cpl
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [173 Ko] - C:\Windows\System32\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [2592.52 Ko] - C:\Windows\System32\Boot
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |A| - [14/07/2009 03:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\System32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |A| - [14/07/2009 02:07:04] - (.Copyright (C) 2008 - Gestionnaire de contexte pour rÃ©seau personnel Bluetooth.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\System32\BthpanContextHandler.dll
[MD5.6794D9D442E31DC5E95BDF65F37E4386] - |A| - [14/07/2009 01:56:54] - (.Copyright (C) 2006 - CardGames Resources.) - [6068.5 Ko] - (1.0.0.1) - C:\Windows\System32\CardGames.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [49032.92 Ko] - C:\Windows\System32\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [31147.14 Ko] - C:\Windows\System32\catroot2
[MD5.29BDC55FB487EA8979E08ABC2DFDAF67] - |A| - [02/04/2009 09:12:56] - (.Copyright CANON INC. 2008 All Rights Reserved - WIA Scanner Driver 64-bit Edition.) - [1322.5 Ko] - (1.1.1.0) - C:\Windows\System32\CNQ2413C.DLL
[MD5.9B46CCCF4BB73DA333C81AFB4FA5C7C5] - |A| - [02/04/2009 09:12:24] - (.Copyright CANON INC. 2008 All Rights Reserved - WIA Scanner Driver Image Enhancement dll 64-bit Edition.) - [90.5 Ko] - (1.1.1.0) - C:\Windows\System32\CNQ2413I.DLL
[MD5.2135952DA29FAD2F7A3F3BA01EF48078] - |A| - [02/05/2008 00:14:48] - (.Copyright CANON INC. 2008  All Rights Reserved - CanoScan LiDE 100.) - [662 Ko] - (1.0.1.0) - C:\Windows\System32\CNQ2413L.DLL
[MD5.CC2229EEC61D2E2C40A5EF7C8E99B98A] - |A| - [15/03/2007 05:13:02] - (.Copyright (C) 2007 Canon Inc. - Canon WIA scanner co-installer 64bit Edition.) - [224.5 Ko] - (2.0.4.0) - C:\Windows\System32\CNQ2413O.DLL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [5764.06 Ko] - C:\Windows\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [357 Ko] - C:\Windows\System32\com
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [345004.53 Ko] - C:\Windows\System32\config
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [219.5 Ko] - C:\Windows\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [216.5 Ko] - C:\Windows\System32\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [240.5 Ko] - C:\Windows\System32\de-DE
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |ASH| - [14/07/2009 06:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\System32\desktop.ini
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [5335 Ko] - C:\Windows\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:10] - [78140.56 Ko] - C:\Windows\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1749297.32 Ko] - C:\Windows\System32\DriverStore
[MD5.8B5A737AD11EF45D9B1AEB4ED6884968] - |A| - [01/08/2013 00:38:46] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [711.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBassEnhancementDLL64.dll
[MD5.21B38D4D86A87909491F690883AE6D1E] - |A| - [01/08/2013 00:38:46] - (.(c) DTS. - DTS Boost COM DLL.) - [1452.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSBoostDLL64.dll
[MD5.FF31A2F57AAAB58DB78FCC961A58B206] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [418.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSGainCompensatorDLL64.dll
[MD5.BC0474E5476E5EA0D0E1AA5AC41E2061] - |A| - [01/08/2013 00:38:46] - (.(c) DTS. - DTS GFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPO64.dll
[MD5.3B8FB5376F5431C0101747D5138BCB9B] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS GFX APO.) - [236.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSGFXAPONS64.dll
[MD5.B3977C8BA77559F4F8752AE8EB724C87] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS LFX APO.) - [237.1 Ko] - (1.0.0.3) - C:\Windows\System32\DTSLFXAPO64.dll
[MD5.192A03A21636D3775CEE4C049C3BEB2A] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS Limiter COM DLL.) - [422.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSLimiterDLL64.dll
[MD5.2EF5442E8E7ED20F7634EEFB09640C8F] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS NEO:PC COM DLL.) - [479.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSNeoPCDLL64.dll
[MD5.F7C357462077156DC211AC2112FC8C53] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1531.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2HeadphoneDLL64.dll
[MD5.F132C08BD8C58579B400DFAA71F34CFB] - |A| - [01/08/2013 00:38:47] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1715.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSS2SpeakerDLL64.dll
[MD5.9948969B2C1987B1D64789EFEB284A84] - |A| - [01/08/2013 00:38:48] - (.(c) DTS. - DTS Symmetry COM DLL.) - [695.6 Ko] - (1.0.0.1) - C:\Windows\System32\DTSSymmetryDLL64.dll
[MD5.424411366097BB2FCC794584CEF7B431] - |A| - [01/08/2013 00:38:48] - (.(c) DTS. - DTS GFX APO.) - [512.36 Ko] - (2.0.20.0) - C:\Windows\System32\DTSU2PGFX64.dll
[MD5.A05662BE44A1506F7D095D9881B1AF28] - |A| - [01/08/2013 00:38:48] - (.(c) DTS. - DTS LFX APO.) - [524.86 Ko] - (2.0.20.0) - C:\Windows\System32\DTSU2PLFX64.dll
[MD5.C135973204D45335C61DB4722FFAA5C4] - |A| - [01/08/2013 00:38:48] - (.(c) DTS. - DTS LFX APO.) - [438.86 Ko] - (2.0.20.0) - C:\Windows\System32\DTSU2PREC64.dll
[MD5.DE32448E6B40141C80DAABFF6FBE1744] - |A| - [01/08/2013 00:38:48] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [677.1 Ko] - (1.0.0.1) - C:\Windows\System32\DTSVoiceClarityDLL64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [240.5 Ko] - C:\Windows\System32\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [227.65 Ko] - C:\Windows\System32\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [230.5 Ko] - C:\Windows\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [160.5 Ko] - C:\Windows\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [218 Ko] - C:\Windows\System32\fi-FI
[MD5.C1D32D5720162BDD96B852F96E285D10] - |A| - [14/07/2009 06:45:34] - (.-.) - [16429.52 Ko] - (0.0.0.0) - C:\Windows\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:58] - [1840 Ko] - C:\Windows\System32\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [40554.6 Ko] - C:\Windows\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\FxsTmp
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |A| - [10/06/2009 22:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [191.5 Ko] - C:\Windows\System32\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [168 Ko] - C:\Windows\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [221 Ko] - C:\Windows\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [5.36 Ko] - C:\Windows\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36.27 Ko] - C:\Windows\System32\icsxml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [36875.94 Ko] - C:\Windows\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [0 Ko] - C:\Windows\System32\inetsrv
[MD5.AAA0C03BF54FC8A4E895B576861A9848] - |A| - [21/11/2010 05:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\System32\InstallPackage_ETW.Log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [235 Ko] - C:\Windows\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [163 Ko] - C:\Windows\System32\ja-JP
[MD5.6F7D1601DA55BBE5C7A79E01E236D7B9] - |A| - [01/08/2013 00:38:53] - (.Â© Knowles Electronics. - Knowles HD Audio APO.) - [589.83 Ko] - (4.1105.6000.53) - C:\Windows\System32\KAAPORT64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [162 Ko] - C:\Windows\System32\ko-KR
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\System32\korwbrkr.lex
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\System32\LocalGroupAdminAdd.log
[MD5.563C3703A9B57CC9B370A76D6173D09C] - |A| - [21/11/2010 04:52:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\System32\Local_LLU.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [2369.42 Ko] - C:\Windows\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [165 Ko] - C:\Windows\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [166 Ko] - C:\Windows\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [27/06/2018 01:04:04] - [28732.8 Ko] - C:\Windows\System32\Macromed
[MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [13/07/2009 22:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\System32\manage-bde.wsf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [1981.88 Ko] - C:\Windows\System32\manifeststore
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |A| - [01/08/2013 00:38:54] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\Windows\System32\MaxxAudioAPO20.dll
[MD5.03E0955A7D8E5E74E7F6986A56A66196] - |A| - [01/08/2013 00:38:54] - (.Â© Waves Audio Ltd. - MaxxAudio APO.) - [333.34 Ko] - (3.2.1.1) - C:\Windows\System32\MaxxAudioAPO30.dll
[MD5.A543F21F7AD2C1105F8E36872F934B56] - |A| - [01/08/2013 00:38:54] - (.Copyright (C) 2010-2012 - MaxxAudio APO Shell.) - [991.84 Ko] - (4.2.2.0) - C:\Windows\System32\MaxxAudioAPOShell64.dll
[MD5.350823AC8941C4F34ABC0FF7C8AE7CCA] - |A| - [01/08/2013 00:38:55] - (.Copyright Â© 1996-2011 -.) - [2081.34 Ko] - (4.0.3.1) - C:\Windows\System32\MaxxAudioEQ.dll
[MD5.FF537C40A1F28FE6EBCCE536B33AFF7C] - |A| - [01/08/2013 00:38:55] - (.Copyright ÃÂ© 1996-2012 -.) - [8167.84 Ko] - (4.0.5.0) - C:\Windows\System32\MaxxAudioRealtek.dll
[MD5.3276DFD6A6EA1E6CE78B5FE4340DFF60] - |A| - [01/08/2013 00:38:57] - (.Copyright Â© 1996-2011 - Waves Realtek App.) - [1313.84 Ko] - (4.0.7.2) - C:\Windows\System32\MaxxAudioRealtek264.dll
[MD5.6E818111FD38D944F93A8A79EF3D5D7C] - |A| - [01/08/2013 00:38:57] - (.Â© Waves Audio Ltd. - MaxxVolumeSD APO.) - [387.34 Ko] - (3.2.1.1) - C:\Windows\System32\MaxxVolumeSDAPO.dll
[MD5.00000000000000000000000000000000] - |SD| - [14/07/2009 06:45:42] - [5.55 Ko] - C:\Windows\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [3516.93 Ko] - C:\Windows\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [37856.93 Ko] - C:\Windows\System32\migwiz
[MD5.39E801545FFF6230C80140E0F8A06629] - |A| - [14/07/2009 06:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\System32\migwiz.lnk
[MD5.00000000000000000000000000000000] - |D| - [01/08/2013 01:33:05] - [0 Ko] - C:\Windows\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [4148.28 Ko] - C:\Windows\System32\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [24.48 Ko] - C:\Windows\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [212 Ko] - C:\Windows\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [640 Ko] - C:\Windows\System32\NDF
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |A| - [14/07/2009 00:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [85 Ko] - C:\Windows\System32\NetworkList
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |A| - [21/11/2010 04:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\System32\Network_LLU.log
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [229 Ko] - C:\Windows\System32\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\System32\noise.kor
[MD5.29DAE1D38E05917512E39047C2EF4761] - |A| - [27/06/2018 16:03:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\System32\nv-vk64.json
[MD5.191FCFC35E1A772CDBB7C554E8883B41] - |A| - [01/08/2013 00:56:25] - (.-.) - [8015.06 Ko] - (0.0.0.0) - C:\Windows\System32\nvcoproc.bin
[MD5.19C66FC789F0155866EF06BA1C644430] - |A| - [01/08/2013 00:55:29] - (.-.) - [40.62 Ko] - (0.0.0.0) - C:\Windows\System32\nvinfo.pb
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [13/07/2009 22:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [13095.58 Ko] - C:\Windows\System32\oobe
[MD5.B0126264FAD9BFE883A2783EC00A69CF] - |A| - [29/06/2018 02:13:13] - (.Copyright (c) by pdfforge - pdfcmon.) - [114.5 Ko] - (0.9.7.0) - C:\Windows\System32\pdfcmon.dll
[MD5.E35EB22C115291911FC6C8E9A77DD165] - |A| - [14/07/2009 04:36:59] - (.-.) - [119.26 Ko] - (0.0.0.0) - C:\Windows\System32\perfc009.dat
[MD5.AACA42E6D01D8128E18F2B84E9F3AA44] - |A| - [21/11/2010 08:19:09] - (.-.) - [146.65 Ko] - (0.0.0.0) - C:\Windows\System32\perfc00C.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 22:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\System32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |A| - [14/07/2009 04:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\System32\perfd009.dat
[MD5.07BA000B2E67565BDF112C35171865A5] - |A| - [21/11/2010 08:19:09] - (.-.) - [37.27 Ko] - (0.0.0.0) - C:\Windows\System32\perfd00C.dat
[MD5.8E4E62E5C1B542C7353E60A128DE0ECF] - |A| - [14/07/2009 04:36:59] - (.-.) - [638.92 Ko] - (0.0.0.0) - C:\Windows\System32\perfh009.dat
[MD5.6EDB8F5EB7FCB808182BCAD406F7372F] - |A| - [21/11/2010 08:19:09] - (.-.) - [730.12 Ko] - (0.0.0.0) - C:\Windows\System32\perfh00C.dat
[MD5.09F137925F2753ABAD1E631B3C63D286] - |A| - [14/07/2009 07:13:15] - (.-.) - [1630.45 Ko] - (0.0.0.0) - C:\Windows\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [224 Ko] - C:\Windows\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:58] - [420.42 Ko] - C:\Windows\System32\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [222.5 Ko] - C:\Windows\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [224 Ko] - C:\Windows\System32\pt-PT
[MD5.50F72AF2BFB62447E92FB587A2662B3F] - |A| - [01/08/2013 00:38:58] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 ASL Analog x64.) - [120.84 Ko] - (7.2.8000.13) - C:\Windows\System32\R4EEA64A.dll
[MD5.FDCD60D37EC56685E819CC6EF60BA240] - |A| - [01/08/2013 00:38:58] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 COM DLL x64.) - [423.34 Ko] - (7.2.8000.13) - C:\Windows\System32\R4EED64A.dll
[MD5.CAD7F981E9562C494B036FFB8CB800C4] - |A| - [01/08/2013 00:38:58] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 GFX APO x64.) - [72.84 Ko] - (7.2.8000.13) - C:\Windows\System32\R4EEG64A.dll
[MD5.D1AB43E6333A875C0A0880714CE2B404] - |A| - [01/08/2013 00:38:58] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 LFX APO x64.) - [137.84 Ko] - (7.2.8000.13) - C:\Windows\System32\R4EEL64A.dll
[MD5.C0E719800041A6FEF4C847795E2D956D] - |A| - [01/08/2013 00:38:58] - (.Â©2012 Dolby Laboratories. - Dolby PCEE4 Control Panel x64.) - [6995.84 Ko] - (7.2.8000.13) - C:\Windows\System32\R4EEP64A.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:11] - [23.75 Ko] - C:\Windows\System32\ras
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |A| - [01/08/2013 00:39:03] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |A| - [01/08/2013 00:39:03] - (.Â© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\System32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |A| - [01/08/2013 00:39:03] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |A| - [01/08/2013 00:39:03] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |A| - [01/08/2013 00:39:03] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |A| - [01/08/2013 00:39:03] - (.Â©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [21/11/2010 05:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\System32\ScavengeSpace.xml
[MD5.AC9E53EA53FA841346FD76E272F65304] - |A| - [27/06/2018 00:48:27] - (.Copyright Â© 2008-2017 Safer-Networking Limited. -.) - [31.48 Ko] - (2.6.46.1001) - C:\Windows\System32\sdnclean64.exe
[MD5.17ABCAD44A75C635583A238ED6333357] - |A| - [01/08/2013 00:39:08] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFAPO.DLL.) - [76.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFAPO64.dll
[MD5.2C25AF115BDDC05D9A84D26227A08E63] - |A| - [01/08/2013 00:39:08] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFCOM.DLL.) - [79.34 Ko] - (3.0.0.16) - C:\Windows\System32\SFCOM64.dll
[MD5.7B3E9344FB43D799C6462227A0E65877] - |A| - [01/08/2013 00:39:08] - (.Copyright (c) 2006-2011 Synopsys, Inc. All Rights Reserved - SFNHK.DLL.) - [215.84 Ko] - (3.0.0.16) - C:\Windows\System32\SFNHK64.dll
[MD5.C74D61FCA22F36791105D7878AF73572] - |A| - [10/06/2009 23:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\System32\spcinstrumentation.man
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [17378 Ko] - C:\Windows\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [45227.43 Ko] - C:\Windows\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [1956.87 Ko] - C:\Windows\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [30.19 Ko] - C:\Windows\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [170 Ko] - C:\Windows\System32\sr-Latn-CS
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [01/08/2013 00:39:08] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\Windows\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [01/08/2013 00:39:08] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\Windows\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [01/08/2013 00:39:08] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [01/08/2013 00:39:08] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [216.5 Ko] - C:\Windows\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:13] - [137.88 Ko] - C:\Windows\System32\sysprep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |A| - [21/11/2010 05:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\System32\systemsf.ebd
[MD5.47F22CAD4A16BB40153555D631546B94] - |A| - [10/06/2009 23:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\System32\tcpmon.ini
[MD5.05F9840831C29F5BE93AD8BE810D5614] - |A| - [14/07/2009 06:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup.etl
[MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |A| - [14/07/2009 06:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\System32\umstartup000.etl
[MD5.00000000000000000000000000000000] - |D| - [27/06/2018 16:08:55] - [2188.17 Ko] - C:\Windows\System32\unknown
[MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\Windows\System32\vulkan-1-999-0-0-0.dll
[MD5.79C3017E4269435193E078B61EDD5DE1] - |A| - [20/04/2018 17:30:06] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [938.8 Ko] - (1.1.73.0) - C:\Windows\System32\vulkan-1.dll
[MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe
[MD5.041E19EC4A66F32383651A7C12070398] - |A| - [20/04/2018 17:29:52] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [684.3 Ko] - (1.1.73.0) - C:\Windows\System32\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [29/06/2018 01:07:22] - [1754.83 Ko] - C:\Windows\System32\Wat
[MD5.F3D4450E34F9718026FDB0CFF3609A4F] - |A| - [01/08/2013 00:39:09] - (.Copyright Â© 1996-2012 - General Library for Plug-Ins.) - [2544.34 Ko] - (4.0.5.0) - C:\Windows\System32\WavesGUILib.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [65521.08 Ko] - C:\Windows\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:58] - [47.61 Ko] - C:\Windows\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [45917.46 Ko] - C:\Windows\System32\wdi
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [13/07/2009 23:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [128 Ko] - C:\Windows\System32\wfp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [73.5 Ko] - C:\Windows\System32\WinBioPlugIns
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9124.89 Ko] - C:\Windows\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24340 Ko] - C:\Windows\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [106.26 Ko] - C:\Windows\System32\winrm
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [141.5 Ko] - C:\Windows\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [63 Ko] - C:\Windows\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [141.5 Ko] - C:\Windows\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [0 Ko] - C:\Windows\SysWOW64\040C
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2258.5 Ko] - C:\Windows\SysWOW64\AdvancedInstallers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [201.5 Ko] - C:\Windows\SysWOW64\ar-SA
[MD5.8128B54EAA48F9C06B19A86C87752996] - |RA| - [01/08/2013 00:45:04] - (.Copyright (C) 2010 - AsIO DLL.) - [28 Ko] - (1.0.0.4) - C:\Windows\SysWOW64\AsIO.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [173 Ko] - C:\Windows\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\catroot2
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [302.5 Ko] - C:\Windows\SysWOW64\com
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [389.31 Ko] - C:\Windows\SysWOW64\config
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [01/08/2013 02:09:51] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\config.nt
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [219.5 Ko] - C:\Windows\SysWOW64\cs-CZ
[MD5.F2A1B71072E64F3CBF1045CDA048C945] - |RA| - [01/08/2013 00:52:09] - (.Copyright  2011 - CSVer.) - [52 Ko] - (9.3.0.1019) - C:\Windows\SysWOW64\CSVer.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [216.5 Ko] - C:\Windows\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [240.5 Ko] - C:\Windows\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [4156 Ko] - C:\Windows\SysWOW64\Dism
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [6389.74 Ko] - C:\Windows\SysWOW64\drivers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1.09 Ko] - C:\Windows\SysWOW64\DriverStore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [240.5 Ko] - C:\Windows\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [227.65 Ko] - C:\Windows\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [230.5 Ko] - C:\Windows\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [160.5 Ko] - C:\Windows\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [218 Ko] - C:\Windows\SysWOW64\fi-FI
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [1680 Ko] - C:\Windows\SysWOW64\fr
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36861.48 Ko] - C:\Windows\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [191.5 Ko] - C:\Windows\SysWOW64\he-IL
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [168 Ko] - C:\Windows\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [221 Ko] - C:\Windows\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [36.27 Ko] - C:\Windows\SysWOW64\icsxml
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |A| - [14/07/2009 04:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\korwbrkr.lex
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [27/06/2018 00:48:21] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\last.dump
[MD5.6E81809ACFF6D04FA4852335CA038EFB] - |A| - [27/06/2018 00:25:56] - (.Copyright (C) 2009 - DeviceManager.) - [192 Ko] - (1.0.0.73) - C:\Windows\SysWOW64\LGDeviceManager.dll
[MD5.001A64940F1FDC816391E9F9202A6686] - |A| - [27/06/2018 00:25:56] - (.Copyright (C) 2006 - ErrorHandler DLL.) - [48 Ko] - (1.0.0.73) - C:\Windows\SysWOW64\LGErrorHandler.dll
[MD5.83347AD5F48ECD84601B811579D97055] - |A| - [27/06/2018 00:25:56] - (.Copyright (C) 2009 - MonitorDDCCISDK.) - [132 Ko] - (1.0.0.73) - C:\Windows\SysWOW64\LGMonitorDDCCISDK.dll
[MD5.321689CF0646C6A526386DB016EE8E65] - |A| - [27/06/2018 00:25:56] - (.Copyright (C) 2009 - ProtocolEngine.) - [100 Ko] - (1.0.0.73) - C:\Windows\SysWOW64\LGProtocolEngine.dll
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [165 Ko] - C:\Windows\SysWOW64\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [166 Ko] - C:\Windows\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [01/08/2013 00:48:20] - [22588.79 Ko] - C:\Windows\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1968.26 Ko] - C:\Windows\SysWOW64\manifeststore
[MD5.98071B6EE16AA76DABFF377A5DC69C86] - |A| - [14/07/2009 06:55:01] - (.-.) - [0.52 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\mapisvc.inf
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [3211.43 Ko] - C:\Windows\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [32763.45 Ko] - C:\Windows\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [52.28 Ko] - C:\Windows\SysWOW64\Msdtc
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [24.48 Ko] - C:\Windows\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [212 Ko] - C:\Windows\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [51 Ko] - C:\Windows\SysWOW64\NetworkList
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [229 Ko] - C:\Windows\SysWOW64\nl-NL
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |A| - [14/07/2009 04:35:50] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\noise.kor
[MD5.37E642DB850561A2BC2F2169A1CBD888] - |A| - [27/06/2018 16:03:08] - (.-.) - [0.65 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\nv-vk32.json
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |A| - [10/06/2009 23:17:19] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfCenterCpl.ico
[MD5.7EDEA6C74158125363D756951E93CA28] - |A| - [27/06/2018 12:17:49] - (.-.) - [1605.19 Ko] - (0.0.0.0) - C:\Windows\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [224 Ko] - C:\Windows\SysWOW64\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [420.42 Ko] - C:\Windows\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [222.5 Ko] - C:\Windows\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [224 Ko] - C:\Windows\SysWOW64\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [23.75 Ko] - C:\Windows\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0.64 Ko] - C:\Windows\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [0 Ko] - C:\Windows\SysWOW64\restore
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [169 Ko] - C:\Windows\SysWOW64\ro-RO
[MD5.00000000000000000000000000000000] - |D| - [01/08/2013 00:39:22] - [1387.8 Ko] - C:\Windows\SysWOW64\RTCOM
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [219 Ko] - C:\Windows\SysWOW64\ru-RU
[MD5.24B9C94B37A4D6F5DF311A92011AB9CA] - |A| - [16/08/2012 17:51:22] - (.Copyright (c) Acronis 2000-2012 - Acronis Snapshot Dynamic Link Library.) - [281.38 Ko] - (4.4.0.1059) - C:\Windows\SysWOW64\snapapi.dll
[MD5.24B9C94B37A4D6F5DF311A92011AB9CA] - |A| - [16/08/2012 17:51:22] - (.Copyright (c) Acronis 2000-2012 - Acronis Snapshot Dynamic Link Library.) - [281.38 Ko] - (4.4.0.1059) - C:\Windows\SysWOW64\snapapi.dll.bak
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [2803 Ko] - C:\Windows\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [1142.37 Ko] - C:\Windows\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [30.19 Ko] - C:\Windows\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [170 Ko] - C:\Windows\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [216.5 Ko] - C:\Windows\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [0 Ko] - C:\Windows\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [0 Ko] - C:\Windows\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [157 Ko] - C:\Windows\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [212.5 Ko] - C:\Windows\SysWOW64\tr-TR
[MD5.CC7C694B2BD1510C5AAE7374A5B52B92] - |A| - [03/02/1999 07:45:42] - (.-.) - [26.46 Ko] - (2.0.0.5215) - C:\Windows\SysWOW64\VBAFR32.OLB
[MD5.15BD0F8D507546F512EE5D73C3721FA8] - |A| - [14/07/2009 04:35:41] - (.Copyright Â© 2000 - vfpodbc.) - [20.05 Ko] - (1.0.2.0) - C:\Windows\SysWOW64\vfpodbc.dll
[MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
[MD5.047160E9A985AE80F988902BB7B94D8C] - |A| - [20/04/2018 17:30:40] - (.Copyright (C) 2015-2018 - Vulkan Loader.) - [809.3 Ko] - (1.1.73.0) - C:\Windows\SysWOW64\vulkan-1.dll
[MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
[MD5.3F4C946E1B5BA748BDFE02C004A8A2BA] - |A| - [20/04/2018 17:30:24] - (.Copyright (C) 2015-2018 - Vulkan Info.) - [577.3 Ko] - (1.1.73.0) - C:\Windows\SysWOW64\vulkaninfo.exe
[MD5.00000000000000000000000000000000] - |D| - [29/06/2018 01:07:22] - [237.33 Ko] - C:\Windows\SysWOW64\Wat
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [9054.64 Ko] - C:\Windows\SysWOW64\wbem
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [47.61 Ko] - C:\Windows\SysWOW64\WCN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [88.24 Ko] - C:\Windows\SysWOW64\wdi
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 07:32:38] - [9079.89 Ko] - C:\Windows\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:19:00] - [106.26 Ko] - C:\Windows\SysWOW64\winrm
[MD5.00000000000000000000000000000000] - |D| - [21/11/2010 08:18:59] - [10.16 Ko] - C:\Windows\SysWOW64\XPSViewer
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [141.5 Ko] - C:\Windows\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [63 Ko] - C:\Windows\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [14/07/2009 05:20:14] - [141.5 Ko] - C:\Windows\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
"AppData"=C:\Users\Jean Morea\AppData\Roaming   [01/08/2013 00:30:14]
"Local AppData"=C:\Users\Jean Morea\AppData\Local   [01/08/2013 00:30:14]
"My Video"=C:\Users\Jean Morea\Videos   [01/08/2013 00:30:14]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Libraries   [01/08/2013 00:30:35]
"My Pictures"=C:\Users\Jean Morea\Pictures   [01/08/2013 00:30:14]
"Desktop"=C:\Users\Jean Morea\Desktop   [01/08/2013 00:30:14]
"History"=C:\Users\Jean Morea\AppData\Local\Microsoft\Windows\History   [01/08/2013 00:30:14]
"NetHood"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [01/08/2013 00:30:14]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Jean Morea\Contacts   [01/08/2013 00:30:25]
"Cookies"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Cookies   [01/08/2013 00:30:14]
"Favorites"=C:\Users\Jean Morea\Favorites   [01/08/2013 00:30:14]
"SendTo"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\SendTo   [01/08/2013 00:30:14]
"Start Menu"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu   [01/08/2013 00:30:14]
"My Music"=C:\Users\Jean Morea\Music   [01/08/2013 00:30:14]
"Programs"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [01/08/2013 00:30:14]
"Recent"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Recent   [01/08/2013 00:30:14]
"CD Burning"=C:\Users\Jean Morea\AppData\Local\Microsoft\Windows\Burn\Burn   [01/08/2013 00:30:39]
"PrintHood"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [01/08/2013 00:30:14]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Jean Morea\Searches   [01/08/2013 00:30:35]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Jean Morea\Downloads   [01/08/2013 00:30:14]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Jean Morea\AppData\LocalLow   [01/08/2013 00:30:14]
"Startup"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [01/08/2013 00:30:35]
"Administrative Tools"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [01/08/2013 00:30:35]
"Personal"=C:\Users\Jean Morea\Documents   [01/08/2013 00:30:14]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Jean Morea\Links   [01/08/2013 00:30:14]
"Cache"=C:\Users\Jean Morea\AppData\Local\Microsoft\Windows\Temporary Internet Files   [01/08/2013 00:30:14]
"Templates"=C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Templates   [01/08/2013 00:30:14]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Jean Morea\Saved Games   [01/08/2013 00:30:14]
"Fonts"=C:\Windows\Fonts   [14/07/2009 05:20:09]

[HKU\S-1-5-21-3353024563-3861455640-128521138-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming   
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files   
"Cookies"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies   
"Desktop"=%USERPROFILE%\Desktop   
"Favorites"=%USERPROFILE%\Favorites   
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
"Local AppData"=%USERPROFILE%\AppData\Local   
"My Music"=%USERPROFILE%\Music   
"My Pictures"=%USERPROFILE%\Pictures   
"My Video"=%USERPROFILE%\Videos   
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
"Personal"=%USERPROFILE%\Documents   
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop"=C:\Users\Public\Desktop   [14/07/2009 05:20:08]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [14/07/2009 05:20:08]
"CommonVideo"=C:\Users\Public\Videos   [14/07/2009 05:20:08]
"CommonPictures"=C:\Users\Public\Pictures   [14/07/2009 05:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [14/07/2009 05:20:08]
"CommonMusic"=C:\Users\Public\Music   [14/07/2009 05:20:08]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [14/07/2009 07:32:38]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [14/07/2009 05:20:08]
"Common Documents"=C:\Users\Public\Documents   [14/07/2009 05:20:08]
"OEM Links"=C:\ProgramData\OEM Links   
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [14/07/2009 05:20:08]
"Common AppData"=C:\ProgramData   [14/07/2009 05:20:08]

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Desktop"=%PUBLIC%\Desktop   
"Common Documents"=%PUBLIC%\Documents   
"CommonPictures"=%PUBLIC%\Pictures   
"CommonMusic"=%PUBLIC%\Music   
"CommonVideo"=%PUBLIC%\Videos   
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads   
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
"Common AppData"=%ProgramData%   
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates   


---------- | [Jean Morea]

[01/08/2013 00:30:14] - |HD| - [774621942] - C:\Users\Jean Morea\AppData
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Application Data
[01/08/2013 00:30:25] - |RD| - [68791] - C:\Users\Jean Morea\Contacts
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Cookies
[01/08/2013 00:30:14] - |RD| - [4068054] - C:\Users\Jean Morea\Desktop
[01/08/2013 00:30:14] - |RD| - [6142663] - C:\Users\Jean Morea\Documents
[01/08/2013 00:30:14] - |RD| - [1548009711] - C:\Users\Jean Morea\Downloads
[01/08/2013 00:30:14] - |RD| - [2187] - C:\Users\Jean Morea\Favorites
[01/08/2013 00:30:14] - |RD| - [2450] - C:\Users\Jean Morea\Links
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Local Settings
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Menu DÃ©marrer
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Mes documents
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\ModÃ¨les
[01/08/2013 00:30:14] - |RD| - [504] - C:\Users\Jean Morea\Music
[01/08/2013 00:30:14] - |AH| - [1835008] - C:\Users\Jean Morea\NTUSER.DAT
[01/08/2013 00:30:14] - |ASH| - [262144] - C:\Users\Jean Morea\ntuser.dat.LOG1
[01/08/2013 00:30:14] - |ASH| - [0] - C:\Users\Jean Morea\ntuser.dat.LOG2
[01/08/2013 00:30:14] - |ASH| - [65536] - C:\Users\Jean Morea\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[01/08/2013 00:30:14] - |ASH| - [524288] - C:\Users\Jean Morea\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[01/08/2013 00:30:14] - |ASH| - [524288] - C:\Users\Jean Morea\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[01/08/2013 00:30:14] - |SH| - [20] - C:\Users\Jean Morea\ntuser.ini
[01/08/2013 00:30:14] - |RD| - [344500753] - C:\Users\Jean Morea\Pictures
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Recent
[01/08/2013 00:30:14] - |RD| - [282] - C:\Users\Jean Morea\Saved Games
[01/08/2013 00:30:35] - |RD| - [1960] - C:\Users\Jean Morea\Searches
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\SendTo
[01/08/2013 00:30:14] - |RD| - [504] - C:\Users\Jean Morea\Videos
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Voisinage d'impression
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\Voisinage rÃ©seau
[01/08/2013 00:30:14] - |D| - [676410466] - C:\Users\Jean Morea\AppData\Local
[01/08/2013 00:30:14] - |D| - [1373615] - C:\Users\Jean Morea\AppData\LocalLow
[01/08/2013 00:30:14] - |D| - [96837861] - C:\Users\Jean Morea\AppData\Roaming
[27/06/2018 01:03:45] - |D| - [0] - C:\Users\Jean Morea\AppData\Local\Adobe
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\AppData\Local\Application Data
[27/06/2018 00:39:09] - |D| - [95992590] - C:\Users\Jean Morea\AppData\Local\AVAST Software
[27/06/2018 00:48:37] - |D| - [0] - C:\Users\Jean Morea\AppData\Local\CEF
[27/06/2018 16:49:33] - |D| - [801673] - C:\Users\Jean Morea\AppData\Local\CrashDumps
[01/08/2013 00:54:23] - |A| - [204176] - C:\Users\Jean Morea\AppData\Local\GDIPFONTCACHEV1.DAT
[01/08/2013 00:36:31] - |D| - [19031989] - C:\Users\Jean Morea\AppData\Local\Google
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\AppData\Local\Historique
[01/08/2013 00:49:26] - |AH| - [1891975] - C:\Users\Jean Morea\AppData\Local\IconCache.db
[01/08/2013 00:30:14] - |D| - [162005089] - C:\Users\Jean Morea\AppData\Local\Microsoft
[01/08/2013 02:38:34] - |D| - [0] - C:\Users\Jean Morea\AppData\Local\Microsoft Help
[30/06/2018 11:06:33] - |D| - [381505225] - C:\Users\Jean Morea\AppData\Local\Mozilla
[29/06/2018 02:17:12] - |D| - [562] - C:\Users\Jean Morea\AppData\Local\PDFCreator
[01/08/2013 02:13:55] - |D| - [0] - C:\Users\Jean Morea\AppData\Local\Programs
[30/06/2018 10:32:25] - |A| - [7616] - C:\Users\Jean Morea\AppData\Local\Resmon.ResmonCfg
[01/08/2013 00:30:14] - |D| - [14618507] - C:\Users\Jean Morea\AppData\Local\Temp
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\AppData\Local\Temporary Internet Files
[01/08/2013 00:30:24] - |D| - [0] - C:\Users\Jean Morea\AppData\Local\VirtualStore
[30/06/2018 10:38:24] - |D| - [351064] - C:\Users\Jean Morea\AppData\Local\ZHP
[01/08/2013 01:28:07] - |SD| - [1373615] - C:\Users\Jean Morea\AppData\LocalLow\Microsoft
[27/06/2018 11:51:30] - |D| - [0] - C:\Users\Jean Morea\AppData\LocalLow\Mozilla
[01/08/2013 05:01:50] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\Acronis
[01/08/2013 01:40:32] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\Adobe
[27/06/2018 01:06:42] - |D| - [565030] - C:\Users\Jean Morea\AppData\Roaming\AIMP
[01/08/2013 03:03:08] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\AIMP3
[27/06/2018 00:48:43] - |D| - [6886964] - C:\Users\Jean Morea\AppData\Roaming\AVAST Software
[27/06/2018 00:55:23] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\DiskDefrag
[27/06/2018 01:09:52] - |D| - [12] - C:\Users\Jean Morea\AppData\Roaming\Foxit AgentInformation
[01/08/2013 04:09:36] - |D| - [8690308] - C:\Users\Jean Morea\AppData\Roaming\Foxit Software
[01/08/2013 03:02:23] - |D| - [29068095] - C:\Users\Jean Morea\AppData\Roaming\GlarySoft
[01/08/2013 00:30:27] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\Identities
[01/08/2013 00:42:10] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\InstallShield
[01/08/2013 00:54:23] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\Intel Corporation
[01/08/2013 02:04:55] - |D| - [410] - C:\Users\Jean Morea\AppData\Roaming\Macromedia
[01/08/2013 00:30:14] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\Media Center Programs
[01/08/2013 00:30:14] - |SD| - [2885902] - C:\Users\Jean Morea\AppData\Roaming\Microsoft
[27/06/2018 11:51:26] - |D| - [26294247] - C:\Users\Jean Morea\AppData\Roaming\Mozilla
[29/06/2018 02:16:12] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\PDF Architect 6
[27/06/2018 01:02:32] - |D| - [93773] - C:\Users\Jean Morea\AppData\Roaming\vlc
[01/08/2013 04:44:07] - |D| - [0] - C:\Users\Jean Morea\AppData\Roaming\WinRAR
[29/06/2018 00:31:34] - |D| - [15163769] - C:\Users\Jean Morea\AppData\Roaming\Yamicsoft
[30/06/2018 10:38:24] - |D| - [7189351] - C:\Users\Jean Morea\AppData\Roaming\ZHP
[01/08/2013 00:30:35] - |SH| - [174] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[01/08/2013 00:30:14] - |SHD| - [0] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
[01/08/2013 00:30:14] - |RD| - [27262] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[01/08/2013 00:30:14] - |RD| - [14687] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[01/08/2013 00:30:35] - |RD| - [174] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[01/08/2013 00:30:35] - |SH| - [476] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[29/06/2018 03:16:39] - |A| - [1443] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[01/08/2013 00:30:36] - |A| - [1477] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[01/08/2013 00:30:14] - |RD| - [580] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/08/2013 00:30:35] - |RD| - [174] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[01/08/2013 02:40:19] - |D| - [5093] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[01/08/2013 02:39:32] - |D| - [3158] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[01/08/2013 00:30:35] - |SH| - [174] - C:\Users\Jean Morea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | [Public]

[14/07/2009 05:20:08] - |RHD| - [174] - C:\Users\Public\Desktop
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini
[14/07/2009 05:20:08] - |RD| - [436] - C:\Users\Public\Documents
[14/07/2009 05:20:08] - |RD| - [174] - C:\Users\Public\Downloads
[14/07/2009 05:20:08] - |RHD| - [0] - C:\Users\Public\Favorites
[27/06/2018 01:10:00] - |D| - [1849] - C:\Users\Public\Foxit Software
[14/07/2009 05:20:08] - |RHD| - [3992] - C:\Users\Public\Libraries
[14/07/2009 05:20:08] - |RD| - [17412278] - C:\Users\Public\Music
[14/07/2009 05:20:08] - |RD| - [10136842] - C:\Users\Public\Pictures
[21/11/2010 08:29:25] - |RD| - [9699579] - C:\Users\Public\Recorded TV
[14/07/2009 05:20:08] - |RD| - [26246732] - C:\Users\Public\Videos

---------- | C:\ProgramData

[01/08/2013 03:11:23] - |D| - [22820570] - C:\ProgramData\Acronis
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Application Data
[01/08/2013 00:45:16] - |D| - [13027572] - C:\ProgramData\ASUS
[01/08/2013 00:51:44] - |D| - [92] - C:\ProgramData\ASUS OC Profiles
[01/08/2013 00:51:40] - |D| - [60] - C:\ProgramData\ASUS PowerControl Profiles
[01/08/2013 02:08:19] - |D| - [50050162] - C:\ProgramData\AVAST Software
[01/08/2013 00:30:10] - |SHD| - [0] - C:\ProgramData\Bureau
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Desktop
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Documents
[01/08/2013 00:30:10] - |SHD| - [0] - C:\ProgramData\Favoris
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[27/06/2018 01:09:52] - |D| - [29] - C:\ProgramData\Foxit ContentPlatform
[27/06/2018 01:09:56] - |D| - [16384] - C:\ProgramData\Foxit Software
[27/06/2018 00:55:33] - |D| - [0] - C:\ProgramData\GlarySoft
[27/06/2018 12:48:49] - |D| - [128150384] - C:\ProgramData\Malwarebytes
[01/08/2013 00:30:10] - |SHD| - [0] - C:\ProgramData\Menu DÃ©marrer
[14/07/2009 05:20:08] - |SD| - [401326667] - C:\ProgramData\Microsoft
[01/08/2013 02:38:28] - |D| - [65254] - C:\ProgramData\Microsoft Help
[01/08/2013 00:30:10] - |SHD| - [0] - C:\ProgramData\ModÃ¨les
[01/08/2013 02:57:54] - |D| - [0] - C:\ProgramData\Nero
[01/08/2013 00:56:57] - |D| - [2563928] - C:\ProgramData\NVIDIA
[01/08/2013 00:56:14] - |D| - [3885932] - C:\ProgramData\NVIDIA Corporation
[27/06/2018 16:03:49] - |D| - [30239229] - C:\ProgramData\Package Cache
[01/08/2013 02:14:42] - |D| - [202428] - C:\ProgramData\Spybot - Search & Destroy
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Start Menu
[14/07/2009 07:08:56] - |SHD| - [0] - C:\ProgramData\Templates

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[14/07/2009 07:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009 06:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[01/08/2013 00:30:10] - |SHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
[14/07/2009 05:20:08] - |D| - [229594] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009 06:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[14/07/2009 05:20:08] - |RD| - [42268] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[01/08/2013 02:51:12] - |D| - [23585] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[14/07/2009 07:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[27/06/2018 01:06:43] - |D| - [6644] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
[01/08/2013 02:45:42] - |D| - [7302] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%
[27/06/2018 00:39:54] - |D| - [1958] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[01/08/2013 03:00:14] - |D| - [940] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/07/2009 06:54:23] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[30/06/2018 11:05:31] - |A| - [1177] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
[27/06/2018 14:29:27] - |D| - [1802] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Audio Engineering Ltd
[27/06/2018 01:09:50] - |D| - [2753] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[14/07/2009 07:32:38] - |RD| - [6112] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[27/06/2018 00:55:33] - |D| - [3309] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
[27/06/2018 00:55:33] - |A| - [1110] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
[01/08/2013 00:43:01] - |RD| - [3144] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[14/07/2009 05:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[27/06/2018 12:48:56] - |D| - [3842] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[01/01/2009 01:34:47] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[01/08/2013 02:40:48] - |D| - [32320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[01/08/2013 02:58:09] - |D| - [5108] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[27/06/2018 16:10:45] - |D| - [9778] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[27/06/2018 00:25:42] - |D| - [4202] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnScreen Control
[29/06/2018 02:13:08] - |D| - [5678] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[29/06/2018 02:23:14] - |D| - [1098] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFTK Builder
[01/08/2013 00:44:10] - |D| - [1116] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
[27/06/2018 00:58:11] - |D| - [3333] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[01/08/2013 02:21:57] - |D| - [3954] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[14/07/2009 06:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[27/06/2018 00:48:30] - |D| - [11099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[27/06/2018 00:48:30] - |A| - [1409] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[14/07/2009 05:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[27/06/2018 11:47:37] - |HD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[01/08/2013 03:03:57] - |D| - [8056] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[14/07/2009 06:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[01/01/2009 01:34:34] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009 06:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009 06:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[01/08/2013 02:39:32] - |D| - [3104] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[14/07/2009 06:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[14/07/2009 06:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[01/08/2013 02:51:11] - |D| - [148478088] - C:\Program Files (x86)\Acronis
[01/08/2013 03:03:07] - |D| - [67724328] - C:\Program Files (x86)\AIMP3
[01/08/2013 02:45:35] - |D| - [9594760] - C:\Program Files (x86)\Alcohol Soft
[01/08/2013 00:45:04] - |D| - [9103321] - C:\Program Files (x86)\ASUS
[27/06/2018 00:39:09] - |D| - [2738456] - C:\Program Files (x86)\AVAST Software
[01/08/2013 02:48:50] - |D| - [208280] - C:\Program Files (x86)\Change Extension
[14/07/2009 05:20:08] - |D| - [546950161] - C:\Program Files (x86)\Common Files
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[27/06/2018 01:09:44] - |D| - [211100447] - C:\Program Files (x86)\Foxit Software
[27/06/2018 00:55:15] - |D| - [51762884] - C:\Program Files (x86)\Glary Utilities 5
[01/08/2013 00:36:31] - |D| - [0] - C:\Program Files (x86)\Google
[01/08/2013 00:38:44] - |HD| - [42065933] - C:\Program Files (x86)\InstallShield Installation Information
[01/08/2013 00:41:27] - |D| - [32423527] - C:\Program Files (x86)\Intel
[14/07/2009 05:20:08] - |D| - [4594981] - C:\Program Files (x86)\Internet Explorer
[27/06/2018 00:25:51] - |D| - [76357832] - C:\Program Files (x86)\LG Electronics
[01/08/2013 02:38:28] - |D| - [551722052] - C:\Program Files (x86)\Microsoft Office
[01/08/2013 02:40:20] - |D| - [14904] - C:\Program Files (x86)\Microsoft Visual Studio
[01/08/2013 02:38:56] - |D| - [1387249] - C:\Program Files (x86)\Microsoft Visual Studio 8
[01/08/2013 02:40:24] - |D| - [3178824] - C:\Program Files (x86)\Microsoft Works
[01/08/2013 01:44:10] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[30/06/2018 11:05:28] - |D| - [138482785] - C:\Program Files (x86)\Mozilla Firefox
[30/06/2018 11:05:31] - |D| - [268239] - C:\Program Files (x86)\Mozilla Maintenance Service
[14/07/2009 07:32:38] - |D| - [26521] - C:\Program Files (x86)\MSBuild
[01/08/2013 02:57:54] - |D| - [30640973] - C:\Program Files (x86)\Nero
[01/08/2013 00:56:13] - |D| - [254478688] - C:\Program Files (x86)\NVIDIA Corporation
[29/06/2018 02:23:14] - |D| - [5627074] - C:\Program Files (x86)\PDFTK Builder
[01/08/2013 00:38:45] - |D| - [8759211] - C:\Program Files (x86)\Realtek
[14/07/2009 07:32:38] - |D| - [39183617] - C:\Program Files (x86)\Reference Assemblies
[01/08/2013 02:21:56] - |D| - [11617864] - C:\Program Files (x86)\RocketDock
[01/08/2013 02:14:34] - |D| - [330918423] - C:\Program Files (x86)\Spybot - Search & Destroy 2
[01/08/2013 00:38:34] - |HD| - [0] - C:\Program Files (x86)\Temp
[14/07/2009 06:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[01/08/2013 02:40:19] - |D| - [231948] - C:\Program Files (x86)\Unlocker
[01/08/2013 03:03:51] - |D| - [163974531] - C:\Program Files (x86)\VideoLAN
[01/08/2013 03:01:59] - |D| - [6819275] - C:\Program Files (x86)\VS Revo Group
[27/06/2018 16:10:11] - |D| - [10900] - C:\Program Files (x86)\VulkanRT
[14/07/2009 07:32:38] - |D| - [524800] - C:\Program Files (x86)\Windows Defender
[14/07/2009 05:20:08] - |D| - [6181376] - C:\Program Files (x86)\Windows Mail
[14/07/2009 07:32:38] - |D| - [5024017] - C:\Program Files (x86)\Windows Media Player
[14/07/2009 05:20:08] - |D| - [12197044] - C:\Program Files (x86)\Windows NT
[14/07/2009 07:32:38] - |D| - [4417800] - C:\Program Files (x86)\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [5994626] - C:\Program Files (x86)\Windows Sidebar
[01/08/2013 02:39:31] - |D| - [3376373] - C:\Program Files (x86)\WinRAR

---------- | C:\Program Files

[01/08/2013 00:49:04] - |D| - [371365] - C:\Program Files\ASUS
[01/08/2013 02:08:58] - |D| - [1018914793] - C:\Program Files\AVAST Software
[01/08/2013 03:00:13] - |D| - [37650856] - C:\Program Files\CCleaner
[14/07/2009 05:20:08] - |D| - [68740842] - C:\Program Files\Common Files
[14/07/2009 06:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 07:32:38] - |D| - [90256404] - C:\Program Files\DVD Maker
[01/08/2013 00:30:10] - |SHD| - [0] - C:\Program Files\Fichiers communs
[27/06/2018 14:29:27] - |D| - [4759660] - C:\Program Files\FocusriteUSB
[27/06/2018 01:17:45] - |D| - [0] - C:\Program Files\Google
[14/07/2009 05:20:08] - |D| - [5182765] - C:\Program Files\Internet Explorer
[27/06/2018 12:48:49] - |D| - [160619916] - C:\Program Files\Malwarebytes
[14/07/2009 07:32:38] - |D| - [149237810] - C:\Program Files\Microsoft Games
[01/08/2013 02:38:59] - |D| - [594270] - C:\Program Files\Microsoft Office
[14/07/2009 07:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[01/08/2013 00:54:43] - |D| - [1094459530] - C:\Program Files\NVIDIA Corporation
[29/06/2018 02:13:04] - |D| - [45469538] - C:\Program Files\PDFCreator
[01/08/2013 00:39:22] - |D| - [33818808] - C:\Program Files\Realtek
[14/07/2009 07:32:38] - |D| - [36842665] - C:\Program Files\Reference Assemblies
[14/07/2009 07:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[27/06/2018 00:58:10] - |D| - [22322080] - C:\Program Files\VS Revo Group
[14/07/2009 07:32:38] - |D| - [4039680] - C:\Program Files\Windows Defender
[14/07/2009 05:20:08] - |D| - [6667776] - C:\Program Files\Windows Mail
[14/07/2009 07:32:38] - |D| - [7687085] - C:\Program Files\Windows Media Player
[14/07/2009 05:20:08] - |D| - [12627124] - C:\Program Files\Windows NT
[14/07/2009 07:32:38] - |D| - [5516056] - C:\Program Files\Windows Photo Viewer
[14/07/2009 07:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[14/07/2009 07:32:38] - |D| - [7255441] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files (x86)\Common Files

[01/08/2013 02:51:11] - |D| - [202119937] - C:\Program Files (x86)\Common Files\Acronis
[01/08/2013 02:40:20] - |D| - [92976] - C:\Program Files (x86)\Common Files\DESIGNER
[01/08/2013 00:38:26] - |D| - [5501008] - C:\Program Files (x86)\Common Files\InstallShield
[01/08/2013 00:55:34] - |D| - [11703] - C:\Program Files (x86)\Common Files\Intel Corporation
[14/07/2009 05:20:08] - |D| - [218113104] - C:\Program Files (x86)\Common Files\microsoft shared
[01/08/2013 02:57:54] - |D| - [35898314] - C:\Program Files (x86)\Common Files\Nero
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[14/07/2009 05:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[14/07/2009 05:20:08] - |D| - [44106634] - C:\Program Files (x86)\Common Files\System

---------- | C:\Program Files\Common files

[27/06/2018 00:12:40] - |D| - [2010312] - C:\Program Files\Common files\AVAST Software
[14/07/2009 05:20:08] - |D| - [53928865] - C:\Program Files\Common files\Microsoft Shared
[14/07/2009 05:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[14/07/2009 05:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[14/07/2009 05:20:08] - |D| - [12190195] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [14/07/2009 07:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.128F102D4A607B1691652A419C94E261] - [14/07/2009 07:08:49] - |A| - [15418] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.79FAC6AF2146B79C531DA8BD6BF6EA5E] - [27/06/2018 01:04:08] - |A| - [4496] - C:\Windows\System32\Tasks\Adobe Flash Player Updater         :   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[MD5.E794D4D8FF0511878A8A429A8795DBE2] - [27/06/2018 00:12:49] - |A| - [4168] - C:\Windows\System32\Tasks\Avast Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
[MD5.00000000000000000000000000000000] - [27/06/2018 00:12:56] - |D| - [3876] - C:\Windows\System32\Tasks\Avast Software
[MD5.934B127261D38CCB647916CF5CEB7663] - [27/06/2018 00:39:09] - |A| - [3416] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.13761AF234FE14D16E936BD9705AAF1F] - [27/06/2018 00:39:09] - |A| - [3544] - C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA         :   C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
[MD5.E15352EDCACF32BAF8F501BCF5AE29D8] - [27/06/2018 00:27:35] - |A| - [4128] - C:\Windows\System32\Tasks\CCleaner Update         :   C:\Program Files\CCleaner\CCUpdate.exe
[MD5.9DA8252666C17EAEDACE40E3D6ACBA18] - [01/08/2013 03:00:15] - |A| - [2782] - C:\Windows\System32\Tasks\CCleanerSkipUAC         :   "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.A54DCEDAE8EBC635B452E941E1B76087] - [27/06/2018 00:55:44] - |A| - [3330] - C:\Windows\System32\Tasks\GlaryInitialize 5         :   C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:13] - |D| - [253910] - C:\Windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [01/08/2013 02:14:43] - |D| - [12128] - C:\Windows\System32\Tasks\Safer-Networking
[MD5.00000000000000000000000000000000] - [14/07/2009 07:09:57] - |D| - [0] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [14/07/2009 05:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"TCP Query User{5C54C567-89C9-44E4-82A3-3CE83A8E9CE3}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe|Name=Update|Desc=Update|Defer=User|
"UDP Query User{0B407AEE-51C6-4BC7-A0CE-106337AFB366}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe|Name=Update|Desc=Update|Defer=User|
"{7E4F8F09-286E-49F4-9E8D-320272BFDF28}"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=808|App=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe|Svc=NetTcpActivator|Name=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2000|Desc=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2001|EmbedCtxt=@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelEvents.dll,-2002|
"{22656C27-D4BD-45F7-A5E5-BAF86CE7A776}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update|
"{C7C8C610-F187-42BF-9F0A-8006F3024D10}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe|Name=Avast Emergency Update|
"{BB1BAB48-76B3-4FF0-B6D1-04DF0FDF04A1}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|
"{50EE14DE-70B8-4036-BE87-1146DA1C83B8}"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\CCleaner\CCUpdate.exe|Name=CCleaner Update|

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service




---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1860459D-4692-4825-B761-44A725991050}] : (AcronisDevices) [] -> Acronis Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{41966169-3FD7-4392-AFE4-E6A9D0A92C72}] : (ASUSFILTER) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) [] -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) [] -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) [] -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) [] -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) [] -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) [] -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) [] -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) [] -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) [] -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) [] -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) [] -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) [] -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) [] -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) [] -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) [] -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) [] -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) [] -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) [] -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) [] -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) [] -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) [] -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) [] -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{AB4964A5-4361-4899-BA0A-180305F2BF92}] : (aswTdi) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) [] -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C8B76578-D062-4834-0001-F8B6F2162A22}] : (FocusriteUSB) [] -> @oem27.inf,%ClassName%;Focusrite Audio
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) [] -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) [] -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) [] -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[01/08/2013 02:42:48] - (0.0.0.0) - ( -) - C:\Windows\System32\Drivers\sptd.sys
[01/08/2013 04:48:10] - (1.1.0.1021) - (Acronis - Acronis Virtual Disk Storage Filter) - C:\Windows\system32\DRIVERS\vidsflt.sys
[01/08/2013 04:48:10] - (1.1.0.1021) - (Acronis - Acronis Virtual Disk Driver) - C:\Windows\system32\DRIVERS\vididr.sys
[01/08/2013 04:48:11] - (4.2.0.1026) - (Acronis - Acronis Backup Archive Explorer) - C:\Windows\system32\DRIVERS\tib_mounter.sys
[01/08/2013 04:48:12] - (1.1.0.1061) - (Acronis - Acronis Try&Decide Volume Filter Driver) - C:\Windows\system32\DRIVERS\tdrpman.sys
[01/08/2013 04:48:08] - (4.4.0.1059) - (Acronis - Acronis Snapshot API) - C:\Windows\system32\DRIVERS\snapman.sys
[01/08/2013 04:48:08] - (1.3.0.1022) - (Acronis - Acronis Storage Filter Management Driver) - C:\Windows\system32\DRIVERS\fltsrv.sys
[27/06/2018 00:55:24] - (1.1.0.263) - (Glarysoft Ltd - The driver for the Startup Manager tool) - C:\Windows\System32\drivers\GUBootStartup.sys
[03/08/2010 07:21:24] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsUpIO.sys
[01/08/2013 00:45:04] - (0.0.0.0) - ( -) - C:\Windows\SysWow64\drivers\AsIO.sys
[27/06/2018 16:03:08] - (24.21.13.9836) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 398.36) - C:\Windows\system32\DRIVERS\nvlddmkm.sys
[27/06/2018 14:29:27] - (4.36.5.612) - (Focusrite Audio Engineering Ltd. - FocusriteUSBSwRoot) - C:\Windows\system32\DRIVERS\FocusriteUSBSwRoot.sys
[27/06/2018 16:03:09] - (1.3.37.4) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys
[27/06/2018 14:29:27] - (4.36.5.612) - (Focusrite Audio Engineering Ltd. - FocusriteUSB) - C:\Windows\system32\DRIVERS\FocusriteUSB.sys
[27/06/2018 14:29:27] - (4.36.5.612) - (Focusrite Audio Engineering Ltd. - Focusrite Thunderbolt) - C:\Windows\system32\drivers\FocusriteUSBAudio.sys
[27/06/2018 11:58:15] - (5.1.2.253) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - [Kernel Driver] - ACPI (Pilote ACPI Microsoft) -> system32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - amdxata () -> system32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbidsh (aswbidsh) -> system32\drivers\aswbidsha.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswblog (aswblog) -> system32\drivers\aswbloga.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - aswbuniv (aswbuniv) -> system32\drivers\aswbuniva.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswRvrt (aswRvrt) -> system32\drivers\aswRvrt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - aswVmm (aswVmm) -> system32\drivers\aswVmm.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - atapi (Canal IDE) -> system32\drivers\atapi.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (Pilote de disque) -> system32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fltsrv (Acronis Storage Filter Management) -> system32\DRIVERS\fltsrv.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iaStor (Intel AHCI Controller) -> system32\DRIVERS\iaStor.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iusb3hcs (Pilote de commutateur de contrÃ´leur d'hÃ´te Intel(R) USB 3.0) -> system32\DRIVERS\iusb3hcs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msahci () -> system32\drivers\msahci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> system32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (Pilote de bus PCI) -> system32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - snapman (Acronis Snapshots Manager) -> system32\DRIVERS\snapman.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - spldr (Security Processor Loader Driver) -> (?) - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - tdrpman (Acronis Try&Decide and Restore Points filter) -> system32\DRIVERS\tdrpman.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - tib_mounter (Acronis TIB Mounter) -> system32\DRIVERS\tib_mounter.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (Pilote dÂÃ©numÃ©rateur de lecteur virtuel Microsoft) -> system32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vididr (Acronis Virtual Disk) -> system32\DRIVERS\vididr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vidsflt (Acronis Disk Storage Filter) -> system32\DRIVERS\vidsflt.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgr (Pilote du Gestionnaire de volume) -> system32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (Volumes de stockage) -> system32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswArPot (aswArPot) -> system32\drivers\aswArPot.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswbidsdriver (aswbidsdriver) -> system32\drivers\aswbidsdrivera.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswHdsKe (aswHdsKe) -> system32\drivers\aswHdsKe.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - aswRdr (aswRdr) -> system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSnx (aswSnx) -> system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - aswSP (aswSP) -> system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - blbdrive () -> system32\DRIVERS\blbdrive.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (Pilote de CD-ROM) -> system32\DRIVERS\cdrom.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\Windows\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GUBootStartup (GUBootStartup) -> \??\C:\Windows\System32\drivers\GUBootStartup.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (Pilote BIOS de gestion de systÃ¨mes Microsoft) -> \SystemRoot\system32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Serial (Pilote de port sÃ©rie) -> system32\DRIVERS\serial.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - TermDD (Pilote de pÃ©riphÃ©rique terminal) -> \SystemRoot\system32\drivers\termdd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - VgaSave () -> \SystemRoot\System32\drivers\vga.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
S2 - [Kernel Driver] - aswStm (aswStm) -> system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\System32\Drivers\MbamChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - RtNdPt60 (Realtek NDIS Protocol Driver) -> system32\DRIVERS\RtNdPt60.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - [04/01/2008 07:34:42] - (.-.) - [9.98 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsInsHelp32.sys
[MD5.EDAA17CE771C696655B6585F7CAD2100] - [01/08/2013 00:45:03] - (.-.) - [11.55 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsInsHelp64.sys
[MD5.FEF9DD9EA587F8886ADE43C1BEFBDAFE] - [01/08/2013 00:45:04] - (.-.) - [13.13 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsIO.sys
[MD5.1392B92179B07B672720763D9B1028A5] - [03/08/2010 07:21:24] - (.-.) - [14.13 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\AsUpIO.sys
[MD5.A5E4CDB420540095D1293C874B5F89AA] - [20/09/2011 06:25:56] - (.Copyright (c) MCCI Corporation 1997-2011 - ASUS USB Hub filter driver.) - [45.07 Ko] - (5.28.10.0) - C:\Windows\Syswow64\Drivers\ASUSFILTER.sys
[MD5.19166026A93206F9C6A8CD3A1F010AE4] - [02/04/2009 14:30:14] - (.-.) - [10.05 Ko] - (0.0.0.0) - C:\Windows\Syswow64\Drivers\ASUSHWIO.SYS

---------- | Uninstall (Whitelist)

----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (NVIDIA Ansel.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (Panneau de configuration NVIDIA 398.36.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer] : (DisplayDriverAnalyzer.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer] : (NVIDIA Display Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS] : (NVIDIA Display Container LS.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog] : (NVIDIA Display Watchdog Plugin.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer] : (NVIDIA Display Session Container.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry] : (NVIDIA Telemetry Client.-.NVIDIA Corporation) -> 
----------[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetryContainer] : (NVIDIA Telemetry Container.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Change Extension] : (Change Extension.-.) -> C:\Windows\AMUninst01c.exe C:\Program Files (x86)\Change Extension\Instlog.lsl
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Glary Utilities 5] : (Glary Utilities 5.100.-.Glarysoft Ltd) -> C:\Program Files (x86)\Glary Utilities 5\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PDFTK Builder_is1] : (PDFTK Builder 3.9.9.-.) -> "C:\Program Files (x86)\PDFTK Builder\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Unlocker] : (Unlocker 1.9.1.-.Cedrick Collomb) -> C:\Program Files (x86)\Unlocker\uninst.exe
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{500FD1D4-D3FC-44A0-8187-66B6BD167B48}] : (True Image 2013.-.Acronis) -> MsiExec.exe /X{500FD1D4-D3FC-44A0-8187-66B6BD167B48}
----------[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1] : (Spybot - Search & Destroy.-.Safer-Networking Ltd.) -> "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe"

---------- | Ports 


---------- | Installer

[HKCR\Installer\Products\4D1DF005CF3D0A441878666BDB61B784] : True Image 2013 -> C:\Windows\Installer\{500FD1D4-D3FC-44A0-8187-66B6BD167B48}\product.ico
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper

---------- | ADS


---------- | Drives


---------- | MBR


64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Nom de lÂapplication dÃ©faillante DllHost.exe, version : 6.1.7600.16385, horodatage : 0x4a5bc6b7
Nom du module dÃ©faillant : RPCRT4.dll, version : 6.1.7601.24150, horodatage : 0x5b0cb981
Code dÂexception : 0xc0020043
DÃ©calage dÂerreur : 0x0005d3d1
ID du processus dÃ©faillant : 0x1a90
Heure de dÃ©but de lÂapplication dÃ©faillante : 0x01d411371ca7152e
Chemin dÂaccÃ¨s de lÂapplication dÃ©faillante : C:\Windows\SysWOW64\DllHost.exe
Chemin dÂaccÃ¨s du module dÃ©faillant: C:\Windows\syswow64\RPCRT4.dll
ID de rapport : 6e390cb5-7d2a-11e8-accb-08606ec14ce3
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le filtre dÂÃ©vÃ©nement avec la requÃªte Â«Â SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99Â Â» nÂa pas pu Ãªtre rÃ©activÃ© dans lÂespace de noms Â«Â //./root/CIMV2Â Â» Ã  cause de lÂerreur 0x80041003. Les Ã©vÃ©nements ne peuvent pas Ãªtre dÃ©livrÃ©s Ã  travers ce filtre tant que le problÃ¨me ne sera pas corrigÃ©.
------------

Le service Service Service Service Service %1!s! Update (avast)!s! Update (avast)!s! Update (avast)!s! Update (avast) nÂa pas pu dÃ©marrer en raison de lÂerreurÂ : 
Le service nÂa pas rÃ©pondu assez vite Ã  la demande de lancement ou de contrÃ´le.
------------

Le dÃ©passement de dÃ©lai (30000 millisecondes) a Ã©tÃ© atteint lors de lÂattente de la connexion du service Service 30000!s! Update (avast).
------------

Le serveur {1EF75F33-893B-4E8F-9655-C3D602BA4897} ne sÂest pas enregistrÃ© sur DCOM avant la fin du temps imparti.
------------

Le service Service Service Service Service %1!s! Update (avast)!s! Update (avast)!s! Update (avast)!s! Update (avast) nÂa pas pu dÃ©marrer en raison de lÂerreurÂ : 
Le service nÂa pas rÃ©pondu assez vite Ã  la demande de lancement ou de contrÃ´le.
------------

Le dÃ©passement de dÃ©lai (30000 millisecondes) a Ã©tÃ© atteint lors de lÂattente de la connexion du service Service 30000!s! Update (avast).
------------


----------( EOF)---------- - 2939 | 14:50:31