--------------- QuickDiag | g3n-h@ckm@n | 2_02.11.2016.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 16/11/2016 12:58:06

Updated 02/11/2016 | 17.15 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris
[Power2Go 11 promo (Administrator)] - [BARROW2ETWIDEN] (S-1-5-21-1541472888-895532398-2178115478-1001)

System: Microsoft Windows 7 Édition Starter  - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1036 (040c)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Édition Starter |C:\Windows|\Device\Harddisk0\Partition3
Boot : SafeMode with network
PC: AOD255 - Acer - IdNumber: LUSDG0D0170426EC0E1601 - UUID: 364EE69C-9C82-9CB1-2111-1C750822B622
Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N450   @ 1.66GHz
InsydeH2O Version V3.08(DDR2) -  - Acer - S/N: LUSDG0D0170426EC0E1601 - V3.08(DDR2) - ACRSYS - 1
CoreTemp : 59 Celsius

----------| Extended


---------- | SoundDevice

Realtek High Definition Audio - Status: Unknown - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&350CB3CC&0&0001

---------- | Video

Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors:  - RefreshRate:  -  Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&33FD14CA&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456
Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors:  - RefreshRate:  -  Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&33FD14CA&0&11 - AdapterCompatibility: Intel Corporation - RAM: 
Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 - DriverVersion: 8.14.10.2117 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 -  Manufacturer: Radius Inc. - Status: OK
c:\windows\system32\sirenacm.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48464 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 220672 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK

---------- | CPU

CPU #1 value:62 %
CPU #2 value:100 %
Total Overall CPU Usage value:81 %

---------- | Network

Intel[R] Centrino[R] Wireless-N 1000 : SENT:0 bytes/sec / RECVD:0 bytes/sec
isatap.home : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:81 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec

WAN Miniport (SSTP) -  - Microsoft - Status:  - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) -  - Microsoft - Status:  - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) -  - Microsoft - Status:  - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) -  - Microsoft - Status:  - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) -  - Microsoft - Status:  - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANBH\0000
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) -  -  - Status:  - PnPID : 
WAN Miniport (IP) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANIP\0000
Carte Microsoft ISATAP - Tunnel - Microsoft - Status:  - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter -  -  - Status:  - PnPID : 
Intel(R) Centrino(R) Wireless-N 1000 - Ethernet 802.3 - Intel Corporation - Status:  - PnPID : PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&6FF3C1D&0&00E1
Carte Microsoft ISATAP #2 - Tunnel - Microsoft - Status:  - PnPID : ROOT\*ISATAP\0001
Qualcomm Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.30) -  - Qualcomm Atheros - Status:  - PnPID : PCI\VEN_1969&DEV_2060&SUBSYS_00000000&REV_C1\4&16969C7D&0&00E0

---------- | Memory

RAM = Total (MB) : 1037 | Free (MB) : 65
Pagefile = Total (MB) : 2086 | Free (MB) : 864
Virtual = Total (MB) : 2097 | Free (MB) : 1964

Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: AD00000000000000 - PartNumber: 48594D503131325336344350362D53362020 - S/N: 53733B47

---------- | SID Users

Administrateur : [S-1-5-21-1541472888-895532398-2178115478-500]
barrow 2 & widen : [S-1-5-21-1541472888-895532398-2178115478-1000]
Invité : [S-1-5-21-1541472888-895532398-2178115478-501]
Power2Go 11 promo : [S-1-5-21-1541472888-895532398-2178115478-1001]
Administrateurs : [S-1-5-32-544]
IIS_IUSRS : [S-1-5-32-568]
Invités : [S-1-5-32-546]
Lecteurs des journaux d’événements : [S-1-5-32-573]
Utilisateurs : [S-1-5-32-545]
Utilisateurs de l’Analyseur de performances : [S-1-5-32-558]
Utilisateurs du journal de performances : [S-1-5-32-559]
Utilisateurs du modèle COM distribué : [S-1-5-32-562]

---------- | Drives

V:\ -> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 52.8 Go -> FAT32 [USB]
Q:\ -> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 2.91 Go -> FAT32 [USB]
D:\ -> [Fixed] | [WD My Passport 3To] | Total : 2794.49 Go | Free : 120.38 Go -> NTFS [USB]
C:\ -> [Fixed] | [Acer] | Total : 215.78 Go | Free : 87.63 Go -> NTFS [ATA]

Disk Usage Information [4 total Physical Disks]

Physical Drive #0 [C:] : Read:1,112,352 bytes/sec, Written:0 bytes/sec Max Read:1,112,352 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #1 [V:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #2 [Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 
Physical Drive #3 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec 

Overall - Read Maximum:1,112,352 bytes/sec, Write Maximum:0 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKHITACHI_HTS545025B9A300_________________PB2OC60F\4&1BE3E953&0&0.0.0
DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\AC220B280C8CB030D9732DE0&0
DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_VERBATIM&PROD_STORE_N_GO&REV_5.00\070B559AA120B087&0
DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0

---------- | Windows updates

Last detection : 2016-11-13 22:12:53
Downloaded last ones : 2016-11-09 01:50:24
Installed last ones : 2016-11-09 02:19:11
Next search : 2016-11-14 17:35:35


---------- | Browsers

IE : 11.0.9600.18523     (© Microsoft Corporation. Tous droits réservés.)
FF : 49.0.2.6136     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 54.0.2840.87     (Copyright 2016 Google Inc.)

Default : "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1"

---------- | FlashPlayer

FlashPlayer ActiveX : 23.0.0.205

---------- | Security

AV : COMODO Cloud Antivirus Enabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   ( 2.3.173.0)     [Update : 04/11/2016 07:41:32]
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

320 | [Owner : Système | Parent : 4(System) | ?????] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.23569) = C:\Windows\System32\smss.exe     [09/11/2016 02:49:36]    CPU Usage:0 %
444 | [Owner :  | Parent : 388() | ?????] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [14/07/2009 00:36:49]    CPU Usage:0 %
500 | [Owner :  | Parent : 436() | ?????] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [15/10/2016 01:46:03]    CPU Usage:0 %
532 | [Owner :  | Parent : 444(wininit.exe) | ?????] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe     [15/10/2016 01:51:45]    CPU Usage:0 %
548 | [Owner :  | Parent : 444(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.23571) = C:\Windows\System32\lsass.exe     [09/11/2016 02:49:35]    CPU Usage:0 %
556 | [Owner :  | Parent : 444(wininit.exe) | ?????] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [09/10/2016 16:42:24]    CPU Usage:0 %
660 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
732 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
828 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
872 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
948 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
1004 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
1032 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
1116 | [Owner :  | Parent : 532(services.exe) | ?????] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [14/07/2009 00:19:28]    CPU Usage:0 %
1452 | [Owner : Power2Go 11 promo | Parent : 1444() | 54.9 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe     [15/10/2016 01:58:08]    CPU Usage:0 %
1496 | [Owner : Power2Go 11 promo | Parent : 1452(explorer.exe) | 1.49 Mo] - (.Microsoft Corporation - Chargeur CTF.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe     [14/07/2009 00:26:10]    CPU Usage:0 %
1708 | [Owner : Power2Go 11 promo | Parent : 660(svchost.exe) | 7.11 Mo] - (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) = C:\Windows\System32\dllhost.exe     [14/07/2009 00:43:52]    CPU Usage:0 %
972 | [Owner : Power2Go 11 promo | Parent : 1452(explorer.exe) | 166.73 Mo] - (.Mozilla Corporation - Firefox.) - (49.0.2.6136) = C:\Program Files\Mozilla Firefox\firefox.exe     [06/11/2016 10:02:37]    CPU Usage:12 %
996 | [Owner : Power2Go 11 promo | Parent : 972(firefox.exe) | 13.8 Mo] - (. - .) - (10.82.32.4236) = C:\Users\Power2Go 11 promo\Downloads\cyberlink-power2go.exe     [16/11/2016 12:26:15]    CPU Usage:0 %
240 | [Owner : Power2Go 11 promo | Parent : 1416() | 132.62 Mo] - (. - ASP.) - (2.2.1000.21070) = C:\Program Files\ASP\AdvancedSystemProtector.exe     [16/11/2016 12:34:02]    CPU Usage:15 %
3856 | [Owner : Power2Go 11 promo | Parent : 1452(explorer.exe) | 25.63 Mo] - (.CyberLink Corp. - CyberLink Power2Go 11.) - (11.0.1013.0) = C:\Program Files\CyberLink\Power2Go11\Power2Go.exe     [16/11/2016 12:29:27]    CPU Usage:4 %
3472 | [Owner : Power2Go 11 promo | Parent : 1452(explorer.exe) | 28.59 Mo] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe     [18/07/2016 19:25:00]    CPU Usage:46 %
3484 | [Owner : Power2Go 11 promo | Parent : 3472(AdAwareDesktop.exe) | 10.6 Mo] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe     [18/07/2016 19:25:22]    CPU Usage:0 %
2100 | [Owner : Power2Go 11 promo | Parent : 1368() | 41.1 Mo] - (. - .) - (0.0.0.0) = C:\UsbFix\UsbFix.exe     [11/11/2016 09:48:48]    CPU Usage:0 %
2620 | [Owner : Power2Go 11 promo | Parent : 2100(UsbFix.exe) | 43.76 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18523) = C:\Program Files\Internet Explorer\iexplore.exe     [09/11/2016 02:49:51]    CPU Usage:0 %
2660 | [Owner : Power2Go 11 promo | Parent : 2620(iexplore.exe) | 130.87 Mo] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.18523) = C:\Program Files\Internet Explorer\iexplore.exe     [09/11/2016 02:49:51]    CPU Usage:0 %
3456 | [Owner : Power2Go 11 promo | Parent : 1452(explorer.exe) | 20.76 Mo] - (.SosVirus - QuickDiag.) - (2.11.2016.1) = C:\Users\Power2Go 11 promo\Desktop\quickdiag_2_02.11.2016.1.exe     [16/11/2016 12:57:18]    CPU Usage:0 %

---------- | MD5

[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [15/10/2016 01:58:08] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2903 Ko] - (6.1.7601.23537) : C:\Windows\Explorer.exe
[MD5.AD7B9C14083B52BC532FBA5948342B98] - [09/10/2016 16:42:16] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 00:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.4D1BC518FF64EB70F6B9218A6FBFDEF6] - [15/10/2016 02:07:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.23392) : C:\Windows\System32\Kernel32.dll
[MD5.55A1F001FE2A16C15B494EA6F63C3C45] - [09/11/2016 02:49:35] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.23571) : C:\Windows\System32\lsass.exe
[MD5.1F54F58D7FA2B3442084E32CDE5E309E] - [15/10/2016 02:10:32] - (.© Microsoft Corporation. - Distributed COM Services.) - [367.5 Ko] - (6.1.7601.19143) : C:\Windows\System32\rpcss.dll
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 00:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [15/10/2016 01:51:45] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe
[MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.CC157E3445C86456494ED940E1250247] - [15/10/2016 01:54:29] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.23528) : C:\Windows\System32\user32.dll
[MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [09/10/2016 16:41:27] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.52449FD429D6053B78AE564DEF303870] - [15/10/2016 01:46:03] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.93B49FA857F7036A4EFF32371F6E7391] - [15/10/2016 02:02:08] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\afd.sys
[MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [15/10/2016 01:47:07] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 00:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [09/10/2016 16:40:16] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - [15/10/2016 01:59:04] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [79.5 Ko] - (6.1.7601.23542) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - [09/10/2016 16:40:00] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 00:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.51D115C4C8A7BD8EB732D0221664E8C9] - [14/10/2016 20:25:25] - (.Copyright(C) Intel Corporation 1994-2012  - Intel Rapid Storage Technology driver - x86.) - [459.81 Ko] - (11.1.5.1001) : C:\Windows\System32\Drivers\iastor.sys
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 00:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.E15146EA99447CDBD2C952CF9B792BEA] - [09/11/2016 02:49:37] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.23571) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.9804FB2E46077F2977552347DFCA7E05] - [15/10/2016 02:01:06] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.94 Ko] - (6.1.7601.19030) : C:\Windows\System32\Drivers\ndis.sys
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [15/10/2016 01:43:58] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [15/10/2016 01:40:55] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 00:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 00:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 00:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.C7E41209132B9CF084CCEA8593F61328] - [15/10/2016 01:54:52] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - [15/10/2016 02:02:08] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.19031) : C:\Windows\System32\Drivers\tdx.sys
[MD5.F497F67932C6FA693D7DE2780631CFE7] - [09/10/2016 16:42:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.COMODO.-.COMODO Cloud Antivirus.) - (1.7.9514.374) -- C:\Windows\system32\CcavGuard32.dll
(.TODO: <Company name>.-.TODO: <File description>.) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySyncExplorerOverlay.dll
(.Egis Technology Inc..-.PSD DragDrop Protection.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\psdprotect.dll
(.Egis Technology Inc..-.WinLocker System Environment Library.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\sysenv.dll
(.Paramount Software UK Ltd.-.Reflect Shell Extension Context Menu.) - (6.1.865.0) -- C:\Program Files\Macrium\Reflect\RContextMenu.dll
(.Egis Technology Inc..-.ShredderContextMenu.) - (2.0.8.3) -- C:\Program Files\EgisTec Shredder\x86\ShredderContextMenu.dll
(.Egis Technology Inc..-.Frame Utility Dynamic Link Library.) - (1.6.34.0) -- C:\Program Files\EgisTec Shredder\x86\FrameUtility.dll
(.Egis Technology Inc..-.LibFrame Release Library.) - (1.6.37.0) -- C:\Program Files\EgisTec Shredder\x86\LibFrame.dll
(.Malwarebytes.-.Malwarebytes Anti-Malware.) - (3.1.1.0) -- C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll
(..-..) - (11.12.945.9202) -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareShellExtension.dll
(.CHENGDU YIWO Tech Development Co.,Ltd.-.EaseUS Todo Backup Application.) - (3.0.0.1) -- C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll
(.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files\KillSoft\KillCopy\killcopy.dll
(.CHENGDU Yiwo Tech Development Co., Ltd..-.EverySync.) - (1.0.0.1) -- C:\Program Files\EaseUS\EaseUS EverySync\bin\EUSyncExtMenu.dll
(.Egis Technology Inc..-.Shell Extention.) - (3.1.212.0) -- C:\Program Files\EgisTec MyWinLocker\x86\mwlshellext.dll
(.COMODO.-.COMODO Cloud Antivirus.) - (1.7.9514.374) -- C:\Program Files\COMODO\COMODO Cloud Antivirus\ccavhelper32.dll
(.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (11.0.914.0) -- C:\Program Files\Common Files\CyberLink\ShellExtComponent\CLVDShellExt11_20161116_11_29_43.dll
(..-..) - (0.0.0.0) -- C:\Users\Power2Go 11 promo\AppData\Local\Systweak\Advanced System Protector\aspcontexthelper32.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.COMODO.-.COMODO Cloud Antivirus.) - (1.7.9514.374) -- C:\Windows\system32\CcavGuard32.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: AUTORITE NT\SERVICE LOCAL
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU
Power2GoExpress11 - ("C:\Program Files\CyberLink\Power2Go11\Power2GoExpress.exe" /Startup [HKU\S-1-5-21-1541472888-895532398-2178115478-1001\...\Run]) - User: barrow2etwiden\Power2Go 11 promo
Acer VCM - (C:\PROGRA~1\Acer\ACERVC~1\AcerVCM.exe  [Common Startup]) - User: Public
LManager - (C:\Program Files\Launch Manager\LManager.exe [HKLM\...\Run]) - User: Public
IAStorIcon - (C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\...\Run]) - User: Public
RtHDVCpl - (C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [HKLM\...\Run]) - User: Public
SuiteTray - ("C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [HKLM\...\Run]) - User: Public
EgisUpdate - ("C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d [HKLM\...\Run]) - User: Public
EgisTecPMMUpdate - ("C:\Program Files\EgisTec IPS\PmmUpdate.exe" [HKLM\...\Run]) - User: Public
mwlDaemon - (C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe [HKLM\...\Run]) - User: Public
Adobe Reader Speed Launcher - ("C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\...\Run]) - User: Public
IgfxTray - (C:\Windows\system32\igfxtray.exe [HKLM\...\Run]) - User: Public
HotKeysCmds - (C:\Windows\system32\hkcmd.exe [HKLM\...\Run]) - User: Public
Persistence - (C:\Windows\system32\igfxpers.exe [HKLM\...\Run]) - User: Public
ETDWare - (%ProgramFiles%\Elantech\ETDCtrl.exe [HKLM\...\Run]) - User: Public
PLFSetI - (C:\Windows\PLFSetI.exe [HKLM\...\Run]) - User: Public
iSyncData - (C:\Program Files\Acer\Android Manager\iSync.exe [HKLM\...\Run]) - User: Public
AndroidManager - (C:\Program Files\Acer\Android Manager\AML.exe [HKLM\...\Run]) - User: Public
iPatchData - (C:\Program Files\Acer\Updater\iUpdate.exe [HKLM\...\Run]) - User: Public
Acer ePower Management - (C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [HKLM\...\Run]) - User: Public
 - ( [HKLM\...\Run]) - User: Public
AdAwareTray - ("C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe" [HKLM\...\Run]) - User: Public
Wondershare Helper Compact.exe - (C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [HKLM\...\Run]) - User: Public
EaseUS EPM tray - (C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe [HKLM\...\Run]) - User: Public
EaseUS Cleanup - ("C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300 [HKLM\...\Run]) - User: Public
ETDCtrl - (%ProgramFiles%\Elantech\ETDCtrl.exe [HKLM\...\Run]) - User: Public
ALU - (C:\Program Files\Acer\Acer Updater\ALU.exe -r [HKLM\...\Run]) - User: Public
tvncontrol - ("C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [HKLM\...\Run]) - User: Public
CCAV - ("C:\Program Files\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" -autorun [HKLM\...\Run]) - User: Public
IseUI - (C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [HKLM\...\Run]) - User: Public
CLMLServer_For_P2G11 - ("C:\Program Files\CyberLink\Power2Go11\CLMLSvc_P2G11.exe" [HKLM\...\Run]) - User: Public
Advanced System Protector_startup - ("C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch [HKLM\...\Run]) - User: Public

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress11"="C:\Program Files\CyberLink\Power2Go11\Power2GoExpress.exe" /Startup   

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=explorer\1   
"MRUList"=a   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files\Launch Manager\LManager.exe   [17/09/2010 08:18:29]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60   
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s   
"SuiteTray"="C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"   
"EgisUpdate"="C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d   
"EgisTecPMMUpdate"="C:\Program Files\EgisTec IPS\PmmUpdate.exe"   
"mwlDaemon"=C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe   [27/05/2010 03:41:24]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"   
"IgfxTray"=C:\Windows\system32\igfxtray.exe   [17/09/2010 08:19:01]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe   [17/09/2010 08:19:00]
"Persistence"=C:\Windows\system32\igfxpers.exe   [17/09/2010 08:19:00]
"ETDWare"=%ProgramFiles%\Elantech\ETDCtrl.exe   
"PLFSetI"=C:\Windows\PLFSetI.exe   [08/10/2016 15:38:21]
"iSyncData"=C:\Program Files\Acer\Android Manager\iSync.exe   [08/01/2010 10:53:30]
"AndroidManager"=C:\Program Files\Acer\Android Manager\AML.exe   [08/01/2010 10:47:52]
"iPatchData"=C:\Program Files\Acer\Updater\iUpdate.exe   [21/07/2010 02:53:50]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe   [08/10/2016 15:45:46]
""=   
"AdAwareTray"="C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe"   
"Wondershare Helper Compact.exe"=C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe   [09/10/2016 07:20:16]
"EaseUS EPM tray"=C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe   [11/10/2016 15:52:16]
"EaseUS Cleanup"="C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe" 10 300   
"ETDCtrl"=%ProgramFiles%\Elantech\ETDCtrl.exe   
"ALU"=C:\Program Files\Acer\Acer Updater\ALU.exe -r   
"tvncontrol"="C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave   
"CCAV"="C:\Program Files\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" -autorun   
"IseUI"=C:\Program Files\COMODO\Internet Security Essentials\vkise.exe   [28/10/2016 15:07:12]
"CLMLServer_For_P2G11"="C:\Program Files\CyberLink\Power2Go11\CLMLSvc_P2G11.exe"   
"Advanced System Protector_startup"="C:\Program Files\ASP\AdvancedSystemProtector.exe" autolaunch   

[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   


---------- | Startings up registry ¦ Folder


---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=3faf867f-06ce-43cb-bb6f-1bbb6ad   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *   
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"SetupExecute"=   
"PendingFileRenameOperations"=\??\C:\Users\POWER2~1\AppData\Local\Temp\1479295605755\poinstaller.exe

\??\C:\Windows\system32\rkinstaller.exe
   

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN  SAFEBOOT:NETWORK  SOS  BOOTLOG  NOGUIBOOT  BOOTLOGO   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=548   
"SecureBoot"=1   
"ProductType"=11   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   


---------- | .LNK

C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk        (/prefetch:1) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Startup\EaseUS EverySync.lnk        (0) 2(l*II6 EVERYS~1.EXEH�II6II6*�$EverySync.exem1l
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Startup\SecurePro.lnk        (/s /a) Tempd2Q=E���SecurePro.exeH�=E��=E��*)ZSecurePro.exeP
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EaseUS EverySync.lnk        (0) 2(l*II6 EVERYS~1.EXEH�II6II6*�$EverySync.exem1l
C:\Users\barrow 2 & widen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecurePro.lnk        (/s /a) Tempd2Q=E���SecurePro.exeH�=E��=E��*)ZSecurePro.exeP
C:\Users\barrow 2 & widen\Desktop\AdsFix_Donate.lnk        (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) 
C:\Users\barrow 2 & widen\Desktop\Pre_Scan_Donate.lnk        (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) 
C:\Users\barrow 2 & widen\Desktop\Pre_Scan_Restore.lnk        (C:\Pre_Scan) 
C:\Users\barrow 2 & widen\Menu Démarrer\Programmes\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\barrow 2 & widen\Menu Démarrer\Programmes\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\barrow 2 & widen\Menu Démarrer\Programmes\Startup\EaseUS EverySync.lnk        (0) 2(l*II6 EVERYS~1.EXEH�II6II6*�$EverySync.exem1l
C:\Users\barrow 2 & widen\Menu Démarrer\Programmes\Startup\SecurePro.lnk        (/s /a) Tempd2Q=E���SecurePro.exeH�=E��=E��*)ZSecurePro.exeP
C:\Users\barrow 2 & widen\Menu Démarrer\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\barrow 2 & widen\Menu Démarrer\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\barrow 2 & widen\Menu Démarrer\Programs\Startup\EaseUS EverySync.lnk        (0) 2(l*II6 EVERYS~1.EXEH�II6II6*�$EverySync.exem1l
C:\Users\barrow 2 & widen\Menu Démarrer\Programs\Startup\SecurePro.lnk        (/s /a) Tempd2Q=E���SecurePro.exeH�=E��=E��*)ZSecurePro.exeP
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk        (/prefetch:1) 
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Power2Go 11 promo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\Power2Go 11 promo\Desktop\AdsFix_Donate.lnk        (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) 
C:\Users\Power2Go 11 promo\Desktop\Pre_Scan_Donate.lnk        (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) 
C:\Users\Power2Go 11 promo\Desktop\Pre_Scan_Restore.lnk        (C:\Pre_Scan) 
C:\Users\Power2Go 11 promo\Menu Démarrer\Programmes\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Power2Go 11 promo\Menu Démarrer\Programmes\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\Power2Go 11 promo\Menu Démarrer\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Power2Go 11 promo\Menu Démarrer\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk        (/name Microsoft.DefaultPrograms) 
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk        (startmenu) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk        (/showgadgets) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk        (/prefetch:1) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk        (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk        (-SpeechUX) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk        (/res) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk        (Identity Card) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk        (-NoExit -ImportSystemModules) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Désinstaller Advanced System Protector.lnk        (/verysilent) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector\Register Advanced System Protector.lnk        (openregister) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk        ("C:\Program Files\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3") 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO\GeekBuddy\GeekBuddy.lnk        ("unit_manager.exe" "lps-ca") 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Carte Bleue LCL\Uninstall e-Carte Bleue LCL.lnk        (/x {DB981AC8-910B-4C0E-8250-829243E85934}) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\Shredder.lnk        (-s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Supprimer HitmanPro 3.7.lnk        (/uninstall) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy\KillCopy configuration (local).lnk        (///q2) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy\KillCopy configuration (network).lnk        (///q1) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy\Resume manager.lnk        (/kcresume) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Laplink PCmover Professional\StartUpThis.lnk        () h2hVTIqM STARTU~1.EXEL�TIqM_I=m*܈:StartUpThis.exep1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk        (/name Microsoft.BackupAndRestore) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee Internet Security Suite.lnk        (/desktopicon) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk        (/resident /hidetray /autovaccinate /experimentalntfs  /shownow) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion\Uninstall Instructions.lnk        ( -prompt:"To uninstall PremierOpinion, go to Control Panel, and then %27Add or Remove Programs%27 on XP %0Aor %27Uninstall a program%27 on Windows Vista or Windows 7.  You can uninstall through the %0A%27PremierOpinion%27 item in the program list.") 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk        () 2AcerVCM.exeD�*AcerVCM.exe9..\..\..\..\..\.

---------- | ShortcutFile

c:\backup\dr carribon\appdata\roaming\avanquest\powerdesk\favorites\panneau de configuration.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\avanquest\powerdesk\favorites\poste de travail.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\avanquest\powerdesk\favorites\programmes favoris\bloc-notes.lnk - Encrypted: False - Target: C:\Windows\notepad.exe - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\avanquest\powerdesk\favorites\windows.lnk - Encrypted: False - Target: C:\Windows - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\abbyy, rebit & daemon tools dont pro 7.lnk - Encrypted: False - Target: J:\abbyy, rebit & daemon tools dont pro 7 - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\acer (c).lnk - Encrypted: False - Target: C:\ - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\apps windows 7 26 septembre 2016 cewbé pour tous & widen6.pct.lnk - Encrypted: False - Target: I:\Backup data\APPS WINDOWS 7 26 SEPTEMBRE 2016 CEWBé POUR TOUS & WIDEN6.PCT - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\backup data.lnk - Encrypted: False - Target: I:\Backup data - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\clés de license abbyy, rebit & daemon tools.txt.lnk - Encrypted: False - Target: J:\abbyy, rebit & daemon tools dont pro 7\clés de license abbyy, rebit & daemon tools.txt - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 non sécurisé en 2016 & de la négation du séjour à paris en octobre 2016.lnk - Encrypted: False - Target: J:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016 - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\problèmes usb forums.txt.lnk - Encrypted: False - Target: J:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016\problèmes usb forums.txt - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\recent\téléchargements.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\backup\dr carribon\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\backup\dr carribon\favorites\acer\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\favorites\acer\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\favorites\links\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\favorites\links\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\favorites\site de téléchargement nch software.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup\dr carribon\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\backup\dr carribon\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\backup\dr carribon\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\welcome center.lnk - Encrypted: False - Target: C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\abbyy, rebit & daemon tools dont pro 7.lnk - Encrypted: False - Target: G:\abbyy, rebit & daemon tools dont pro 7 - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\achats ecb janv 2016.lnk - Encrypted: False - Target: G:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive\achats ecb janv 2016.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\avanquest achats 05_08_2016.lnk - Encrypted: False - Target: G:\avanquest achats 05_08_2016 - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\bitdefender, emsisoft & changements.lnk - Encrypted: False - Target: G:\cd de sauvegarde bijoutier parisien 1 -~- bitdefender & emsisoft & changements\bitdefender, emsisoft & changements.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\cd de sauvegarde bijoutier parisien 1 -~- bitdefender & emsisoft & changements.lnk - Encrypted: False - Target: G:\cd de sauvegarde bijoutier parisien 1 -~- bitdefender & emsisoft & changements - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\clés de license abbyy, rebit & daemon tools.lnk - Encrypted: False - Target: G:\abbyy, rebit & daemon tools dont pro 7\clés de license abbyy, rebit & daemon tools.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\d drive.lnk - Encrypted: False - Target: G:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\backup data - riverboats\backup - D Disk, FolderMarker, & Cie\D Drive - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\disque local (g).lnk - Encrypted: False - Target: G:\ - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 non sécurisé en 2016 & de la négation du séjour à paris en octobre 2016.lnk - Encrypted: False - Target: G:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016 - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\matériel et audio.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\ou a i a wonder'dar & le pavillon de l'hor'dar.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ou a i a wonder'dar & le pavillon de l'hor'dar - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\problèmes usb forums.lnk - Encrypted: False - Target: G:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016\problèmes usb forums.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\probs usb, bing bar wondershare forums ultimate.lnk - Encrypted: False - Target: G:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016\probs usb, bing bar wondershare forums ultimate.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\probs usb, bing bar wondershare forums.lnk - Encrypted: False - Target: G:\l'art du moine du i crie de i a flêche qui tourne du koff koff koff, du framo grave de 2009 NON SéCURISé EN 2016 & de la négation du séjour à Paris en octobre 2016\probs usb, bing bar wondershare forums.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\roguekiller ad aware reason core security prolongations licenses keys.lnk - Encrypted: False - Target: G:\ROGUEKILLER AD AWARE REASON CORE SECURITY PROLONGATIONS LICENSES KEYS.txt - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\système et sécurité.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\wondershare.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\desktop\autres applications\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\desktop\likenewpc.html.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\favorites\acer\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\favorites\acer\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\favorites\links\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\favorites\links\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\backup1\barrow 2 & widen\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\aomei onekey recovery 1.6.lnk - Encrypted: False - Target: C:\Program Files\AOMEI OneKey Recovery 1.6\OneKey.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\easeus partition master 11.8.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Partition Master 11.8\bin\EPMStartLoader.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet (chromodo).lnk - Encrypted: False - Target: C:\Program Files\COMODO\Chromodo\chromodo.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\welcome center.lnk - Encrypted: False - Target: C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\windows\recent\zhpcleaner.lnk - Encrypted: False - Target: C:\Backup2\lfs ultra finalis\Desktop\ZHPCleaner.txt - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\zhp\quarantine\optimisation en 1 clic.lnk - Encrypted: False - Target: C:\Program Files\simplitec\simplisafe\PowerSuiteStart.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\appdata\roaming\zhp\quarantine\simplisafe.lnk - Encrypted: False - Target: C:\Program Files\simplitec\simplisafe\PowerSuiteStart.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\auslogics disk defrag professional.lnk - Encrypted: False - Target: C:\Program Files\Auslogics\Disk Defrag Professional\DiskDefragPro.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\folder marker.lnk - Encrypted: False - Target: C:\Program Files\Folder Marker\FolderMarker.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\macrorit partition  extender free.lnk - Encrypted: False - Target: C:\Program Files\Macrorit\Partition Extender\dm.extender.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\pre_scan_restore.lnk - Encrypted: False - Target: C:\Pre_Scan\Pre_Scan_Restore.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\rebit & daemon tools pro 7\daemon tools pro.lnk - Encrypted: False - Target: C:\Program Files\DAEMON Tools Pro\DTPro.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\rebit & daemon tools pro 7\rebit 5.lnk - Encrypted: False - Target: C:\Program Files\Rebit 5\DashUI.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\rebit & daemon tools pro 7\rebit pro.lnk - Encrypted: False - Target: C:\Program Files\Rebit\Rebit Pro\DashUI.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\restore apps - onekey recovery pro & system go back\aomei onekey recovery 1.6.lnk - Encrypted: False - Target: C:\Program Files\AOMEI OneKey Recovery 1.6\OneKey.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\restore apps - onekey recovery pro & system go back\system goback free.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\System GoBack Free\bin\Loader.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\should i remove it.lnk - Encrypted: False - Target: C:\Program Files\Reason\Should I Remove It\ShouldIRemoveIt.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\usbfix.lnk - Encrypted: False - Target: C:\UsbFix\UsbFix.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\wondershare 1-click pc care 8.lnk - Encrypted: False - Target: C:\Program Files\Wondershare\1-Click PC Care\BoostSpeed.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\desktop\zhpcleaner.lnk - Encrypted: False - Target: C:\Backup2\lfs ultra finalis\AppData\Roaming\ZHP\ZHPCleaner.exe - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\favorites\acer\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\favorites\acer\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\favorites\links\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\favorites\links\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\favorites\nch software download site.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\backup2\lfs ultra finalis\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup2\public\desktop\ad-aware antivirus.lnk - Encrypted: False - Target: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\astroburn lite.lnk - Encrypted: False - Target: C:\Program Files\Astroburn Lite\AstroburnLite.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\comodo cloud scanner.lnk - Encrypted: False - Target: C:\Program Files\COMODO\COMODO Cloud Scanner\CloudScanner.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\comodo firewall.lnk - Encrypted: False - Target: C:\Program Files\COMODO\COMODO Internet Security\cistray.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\easeus partition master 11.8.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Partition Master 11.8\bin\EPMStartLoader.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\easeus todo pctrans.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\express burn disc burning software.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\ExpressBurn\expressburn.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\express burn.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\ExpressBurn\expressburn.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\express zip - compresseur de fichiers.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\ExpressZip\expresszip.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\filemarker.net.lnk - Encrypted: False - Target: C:\Program Files\FileMarker.NET\FileMarker.NET.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\gestionnaire de connexion.lnk - Encrypted: False - Target: C:\Program Files\SFR\Gestionnaire de Connexion\SFR_Gestionnaire_connexion.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\herdprotect.lnk - Encrypted: False - Target: C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\internet (chromodo).lnk - Encrypted: False - Target: C:\Program Files\COMODO\Chromodo\chromodo.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\nch suite.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\ExpressBurn\expressburn.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\pixillion - convertisseur de fichiers image.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\Pixillion\pixillion.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\prism - convertisseur de fichiers vidéo.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\Prism\prism.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\reason core security.lnk - Encrypted: False - Target: C:\Program Files\Reason\Security\rsUI.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\slimcleaner.lnk - Encrypted: False - Target: C:\Windows\Installer\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}\Icon.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\slimdrivers.lnk - Encrypted: False - Target: C:\Windows\Installer\{746AB259-6474-4111-8966-1C62F9A6E063}\Icon.exe - Hidden: False - Status: OK
c:\backup2\public\desktop\switch - convertisseur de fichiers audio.lnk - Encrypted: False - Target: C:\Program Files\NCH Software\Switch\switch.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer (2).lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer (2).lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player (2).lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\windows\recent\system and security.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup3\administrator\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\backup3\administrator\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\backup3\administrator\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\backup3\administrator\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\backup3\public\desktop\acer gamezone console.lnk - Encrypted: False - Target: C:\Program Files\Acer GameZone\GameConsole\Acer Game Console.exe - Hidden: False - Status: OK
c:\backup3\public\desktop\acer registration.lnk - Encrypted: False - Target: C:\Program Files\Acer\Registration\GREG.exe - Hidden: False - Status: OK
c:\backup3\public\desktop\adobe reader 9.lnk - Encrypted: False - Target: C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe - Hidden: False - Status: OK
c:\backup3\public\desktop\mcafee internet security suite.lnk - Encrypted: False - Target: C:\Program Files\mcafee.com\agent\mcagent.exe - Hidden: False - Status: OK
c:\backup3\public\desktop\norton online backup.lnk - Encrypted: False - Target: C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe - Hidden: False - Status: OK
c:\backup3\public\desktop\skype.lnk - Encrypted: False - Target: C:\Program Files\Preload\Skype\SkypeSetup.exe - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\bg\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\cs\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\da\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\de\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\el\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\en\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\es\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\fi\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\fr\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\hr\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\hu\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\id\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\it\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\ja\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\ko\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\nl\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\no\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\pl\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\pt\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\ro\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\ru\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\sc\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\sk\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\sl\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\sv\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\tc\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\th\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer android generic guide\tr\android user guide.lnk - Encrypted: False - Target: C:\Book\Android_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer generic guide\00\acersystem user guide.lnk - Encrypted: False - Target: C:\book\Generic_User_Guide.pdf - Hidden: False - Status: OK
c:\oem\preload\autorun\gui\acer quick guide\00\acersystem user quick guide.lnk - Encrypted: False - Target: C:\book\Quick_Guide.pdf - Hidden: False - Status: OK
c:\program files\acer accessory store\acer boutique accessoire.lnk - Encrypted: False - Target: C:\Program Files\Acer Accessory Store\StartUrl.exe - Hidden: False - Status: OK
c:\program files\microsoft games\freecell\freecellmce.lnk - Encrypted: False - Target: C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - Hidden: False - Status: OK
c:\program files\microsoft games\hearts\heartsmce.lnk - Encrypted: False - Target: C:\Program Files\Microsoft Games\Hearts\Hearts.exe - Hidden: False - Status: OK
c:\program files\microsoft games\purble place\purbleplacemce.lnk - Encrypted: False - Target: C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - Hidden: False - Status: OK
c:\program files\microsoft games\solitaire\solitairemce.lnk - Encrypted: False - Target: C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - Hidden: False - Status: OK
c:\program files\microsoft games\spidersolitaire\spidersolitairemce.lnk - Encrypted: False - Target: C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\easeus partition master 11.9.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EPMStartLoader.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\everest ultimate edition.lnk - Encrypted: False - Target: C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\free download manager 5.lnk - Encrypted: False - Target: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\comodo dragon.lnk - Encrypted: False - Target: C:\Program Files\COMODO\Dragon\dragon.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet (chromodo).lnk - Encrypted: False - Target: C:\Program Files\COMODO\Chromodo\chromodo.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\welcome center.lnk - Encrypted: False - Target: C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\internet explorer\quick launch\wondershare tidymymusic.lnk - Encrypted: False - Target: C:\Program Files\Wondershare\TidyMyMusic\TidyMyMusic.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\addition.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Addition.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\adsfix_05_11_2016_05_06_54.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\AdsFix_05_11_2016_05_06_54.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\adwcleaner[c0].lnk - Encrypted: False - Target: C:\Users\barrow 2 & widen\Desktop\AdwCleaner[C0].txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\bureau.lnk - Encrypted: False - Target: C:\Backup2\lfs ultra finalis\Desktop - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\clonezilla (h).lnk - Encrypted: False - Target: H:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\clés de license filmora pro edition (last inedit app paid + bonus tidymymusic).lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\clés de license filmora pro edition (last inedit app paid + bonus tidymymusic).txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\data - backup data.lnk - Encrypted: False - Target: H:\data - backup data - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\data - emsisoft.lnk - Encrypted: False - Target: O:\data - emsisoft - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\data - ultra fit.lnk - Encrypted: False - Target: D:\data - ultra fit - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\documents.lnk - Encrypted: False - Target: M:\Data\Documents - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\download.lnk - Encrypted: False - Target: U:\Download - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\downloads for android(tm) (d).lnk - Encrypted: False - Target: D:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\framakey (m).lnk - Encrypted: False - Target: M:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\frst.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\FRST.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\hirens.bootcd.15.2.lnk - Encrypted: False - Target: D:\data - ultra fit\Hirens.BootCD.15.2.zip - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\hitmanpro (l).lnk - Encrypted: False - Target: L:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\log.lnk - Encrypted: False - Target: C:\UsbFix\Log - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\look_my_hardware - scan mode lynnlo fortefesse pc portable.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Look_my_hardware - scan mode LYNNLO FORTEFESSE pc portable.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\look_my_hardware boot mode lea primafesses pc portable.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Look_my_hardware boot mode LEA PRIMAFESSES pc portable.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\look_my_hardware.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Look_my_hardware.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\matériel et audio.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\mort du porc - otlpe and pc mover pro 10 michel.lnk - Encrypted: False - Target: U:\mort du porc - otlpe and pc mover pro 10 michel - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\ou a i a wonder'dar & le pavillon de l'hor'dar.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ou a i a wonder'dar & le pavillon de l'hor'dar - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\parted magi (o).lnk - Encrypted: False - Target: O:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\parted magi (r).lnk - Encrypted: False - Target: R:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\pcmover_10_pro_ug_fre.lnk - Encrypted: False - Target: U:\Download\PCmover_10_Pro_UG_FRE.pdf - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\pmagic_2016_07_12.lnk - Encrypted: False - Target: G:\Data\Documents\pmagic_2016_07_12.iso - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\rem-vbs.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Rem-VBS.log - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\rsit.lnk - Encrypted: False - Target: C:\rsit - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\shortcut.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Shortcut.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\sommaire.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\Sommaire.pdf - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\système et sécurité.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\téléchargements.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\usbdeview.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads\usbdeview.zip - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\usbvaccinesetup50a.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads\USBVaccineSetup50a.zip - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\utilisateurs.lnk - Encrypted: False - Target: C:\Users - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\uui (i).lnk - Encrypted: False - Target: I:\ - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\recent\zhpdiag.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ZHPDiag.txt - Hidden: False - Status: OK
c:\users\barrow 2 & widen\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ad-aware et cyberlink\ad-aware antivirus.lnk - Encrypted: False - Target: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ad-aware et cyberlink\cyberlink audiodirector 7.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\AudioDirector7\AudioDirector.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ad-aware et cyberlink\cyberlink colordirector 5.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\ColorDirector5\ColorDirector.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ad-aware et cyberlink\cyberlink powerdirector 15.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\PowerDirector15\PDR.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ad-aware et cyberlink\cyberlink screen recorder 15.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\PowerDirector15\ScreenRecorder.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\everest ultimate edition.lnk - Encrypted: False - Target: C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\location filesync pour une tache de sync de power2go 11\easeus everysync 3.0.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySync.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\marmiton.lnk - Encrypted: False - Target: C:\MARMITON\MARMITON.EXE - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\filmora_setup_full1084.exe.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\filmora_setup_full1084.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\l'art du moine de se souiller dans le non-sécurisé en coussins-beignets en ou a noémuie après lfs ultra finalis\filmora_setup_full1084.exe.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\filmora_setup_full1084.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\video editor for power2go 11 & efm du musée de l'homme\wondershare filmora.lnk - Encrypted: False - Target: C:\Program Files\Wondershare\Filmora\Filmora.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\ou a i a wonder'dar & le pavillon de l'hor'dar\wondershare tidymymusic.lnk - Encrypted: False - Target: C:\Program Files\Wondershare\TidyMyMusic\TidyMyMusic.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\pre_scan_restore.lnk - Encrypted: False - Target: C:\Pre_Scan\Pre_Scan_Restore.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\usbfix.lnk - Encrypted: False - Target: C:\UsbFix\UsbFix.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\desktop\zhpdiag.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\AppData\Roaming\ZHP\ZHPDiag3.exe - Hidden: False - Status: OK
c:\users\barrow 2 & widen\favorites\acer\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\favorites\acer\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\favorites\links\acer gamezone.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\favorites\links\acer.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\barrow 2 & widen\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\users\barrow 2 & widen\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\users\barrow 2 & widen\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\shows desktop.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\ad-aware antivirus (2).lnk - Encrypted: False - Target: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\ad-aware antivirus.lnk - Encrypted: False - Target: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\cyberlink power2go 11.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\Power2Go11\Power2Go.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\welcome center.lnk - Encrypted: False - Target: C:\Program Files\Acer\Welcome Center\OEMWelcomeCenter.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows explorer.lnk - Encrypted: False - Target: C:\Windows\explorer.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\windows media player.lnk - Encrypted: False - Target: C:\Program Files\Windows Media Player\wmplayer.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\internet explorer\quick launch\window switcher.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\adsfix_10_11_2016_06_35_29 last rapport for forum topic aide ultime.lnk - Encrypted: False - Target: H:\data - backup data\AdsFix_10_11_2016_06_35_29 last rapport for forum topic aide ultime.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\adsfix_10_11_2016_06_35_29.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\AdsFix_10_11_2016_06_35_29.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\adwcleaner[c2].txt (2).lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\AdwCleaner[C2].txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\adwcleaner[c2].txt.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick\AdwCleaner[C2].txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\cadeaux de finalisation 100% sécurisé finalis (& de lfs ultra).lnk - Encrypted: False - Target: D:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\cadeaux de finalisation 100% sécurisé finalis (& de lfs ultra) - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\casper-rw-900m.zip.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads\casper-rw-900M.zip - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\clé de license roguekiller technician abon à vie.txt.lnk - Encrypted: False - Target: D:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\cadeaux de finalisation 100% sécurisé finalis (& de lfs ultra)\clé de license roguekiller technician abon à vie.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\data - backup data.lnk - Encrypted: False - Target: H:\data - backup data - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\efm du musée de l'homme & power2go 11.lnk - Encrypted: False - Target: K:\efm du musée de l'homme & power2go 11 - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\fk_mint_persist_1pfat32_16g.7z.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads\fk_mint_persist_1pfat32_16G.7z - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\fur-1204.zip.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads\FUR-1204.zip - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\jrt.txt.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick\JRT.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\mbam rapport.txt.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick\mbam rapport.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\power2go11.lnk - Encrypted: False - Target: K:\efm du musée de l'homme & power2go 11\power2go11 utilities - drive D\power2go11 - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\rapports microclick (2).lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\rapports microclick.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\téléchargements.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\zhpcleaner.txt.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\rapports microclick\ZHPCleaner.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\recent\zhpdiag.txt.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop\ZHPDiag.txt - Hidden: False - Status: OK
c:\users\power2go 11 promo\appdata\roaming\microsoft\windows\sendto\fax recipient.lnk - Encrypted: False - Target: C:\Windows\system32\WFS.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\ad-aware & cyberlink power2go 11 essentials\ad-aware antivirus.lnk - Encrypted: False - Target: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\ad-aware & cyberlink power2go 11 essentials\cyberlink power2go 11.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\Power2Go11\Power2Go.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\adsfix_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\cyberlink-power2go.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\AppData\Local\Temp\cyberlink-power2go.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\cyberlink_power2go_downloader.lnk - Encrypted: False - Target: K:\efm du musée de l'homme & power2go 11\power2go 11 essentials\CyberLink_Power2Go_Downloader.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\pre_scan_donate.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\pre_scan_restore.lnk - Encrypted: False - Target: C:\Pre_Scan\Pre_Scan_Restore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\usbfix.lnk - Encrypted: False - Target: C:\UsbFix\UsbFix.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\zhpcleaner.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\AppData\Roaming\ZHP\ZHPCleaner.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\desktop\zhpdiag.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\AppData\Roaming\ZHP\ZHPDiag3.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\documents\sauvetage framamint data traveller\data\documents\desktop\autres applications\internet explorer.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Hidden: False - Status: OK
c:\users\power2go 11 promo\documents\sauvetage framamint data traveller\data\documents\desktop\likenewpc.html.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\power2go 11 promo\links\desktop.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Desktop - Hidden: False - Status: OK
c:\users\power2go 11 promo\links\downloads.lnk - Encrypted: False - Target: C:\Users\Power2Go 11 promo\Downloads - Hidden: False - Status: OK
c:\users\power2go 11 promo\links\recentplaces.lnk - Encrypted: False - Target:  - Hidden: False - Status: OK
c:\users\public\desktop\acer configuration manager for android(tm).lnk - Encrypted: False - Target: C:\Windows\Installer\{523281E5-91DD-49F5-9D85-954148F7596A}\AndroidManager.exe_EDE5AF10CF5B4DA1B61C039E5CAD3FA5.exe - Hidden: False - Status: OK
c:\users\public\desktop\advanced system protector.lnk - Encrypted: False - Target: C:\Program Files\ASP\AdvancedSystemProtector.exe - Hidden: False - Status: OK
c:\users\public\desktop\comodo cloud antivirus.lnk - Encrypted: False - Target: C:\Program Files\COMODO\COMODO Cloud Antivirus\ccavsrv.exe - Hidden: False - Status: OK
c:\users\public\desktop\comodo dragon.lnk - Encrypted: False - Target: C:\Program Files\COMODO\Dragon\dragon.exe - Hidden: False - Status: OK
c:\users\public\desktop\cyberlink labelprint 2.5.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\LabelPrint\LabelPrint.exe - Hidden: False - Status: OK
c:\users\public\desktop\cyberlink waveeditor 2.lnk - Encrypted: False - Target: C:\Program Files\CyberLink\WaveEditor\WaveEditor.exe - Hidden: False - Status: OK
c:\users\public\desktop\e-carte bleue lcl.lnk - Encrypted: False - Target: C:\Program Files\e-Carte Bleue\LCL\LCL.exe - Hidden: False - Status: OK
c:\users\public\desktop\easeus partition master 11.9.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EPMStartLoader.exe - Hidden: False - Status: OK
c:\users\public\desktop\easeus todo backup free 9.2.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\Todo Backup\bin\Loader.exe - Hidden: False - Status: OK
c:\users\public\desktop\easeus todo pctrans.lnk - Encrypted: False - Target: C:\Program Files\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe - Hidden: False - Status: OK
c:\users\public\desktop\free download manager 5.lnk - Encrypted: False - Target: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe - Hidden: False - Status: OK
c:\users\public\desktop\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\users\public\desktop\hitmanpro.lnk - Encrypted: False - Target: C:\Program Files\HitmanPro\HitmanPro.exe - Hidden: False - Status: OK
c:\users\public\desktop\internet (chromodo).lnk - Encrypted: False - Target: C:\Program Files\COMODO\Chromodo\chromodo.exe - Hidden: False - Status: OK
c:\users\public\desktop\iso to usb.lnk - Encrypted: False - Target: C:\Program Files\ISO to USB\isotousb.exe - Hidden: False - Status: OK
c:\users\public\desktop\laplink pcmover professional.lnk - Encrypted: False - Target: C:\Program Files\Laplink\PCmover\PCmover.exe - Hidden: False - Status: OK
c:\users\public\desktop\malwarebytes anti-malware.lnk - Encrypted: False - Target: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe - Hidden: False - Status: OK
c:\users\public\desktop\mozilla firefox.lnk - Encrypted: False - Target: C:\Program Files\Mozilla Firefox\firefox.exe - Hidden: False - Status: OK
c:\users\public\desktop\panda cloud cleaner.lnk - Encrypted: False - Target: C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe - Hidden: False - Status: OK
c:\users\public\desktop\reflect.lnk - Encrypted: False - Target: C:\Program Files\Macrium\Reflect\Reflect.exe - Hidden: False - Status: OK
c:\users\public\desktop\roguekiller.lnk - Encrypted: False - Target: C:\Program Files\RogueKiller\RogueKiller.exe - Hidden: False - Status: OK
c:\users\public\desktop\supersonicpc - 1-click-care.lnk - Encrypted: False - Target: C:\Program Files\SupersonicPC\RequireAdministrator.exe - Hidden: False - Status: OK
c:\users\public\desktop\unchecky.lnk - Encrypted: False - Target: C:\Program Files\Unchecky\unchecky.exe - Hidden: False - Status: OK
c:\users\public\desktop\wondershare tidymymusic.lnk - Encrypted: False - Target: C:\Program Files\Wondershare\TidyMyMusic\TidyMyMusic.exe - Hidden: False - Status: OK
c:\users\public\desktop\zhp.lnk - Encrypted: False - Target: C:\Program Files\ZebHelpProcess\ZHPHep.exe - Hidden: False - Status: OK
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\quick launch\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\google chrome.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Hidden: False - Status: OK
c:\windows\system32\migwiz.lnk - Encrypted: False - Target: C:\Windows\system32\migwiz\migwiz.exe - Hidden: False - Status: OK
c:\windows\system32\oem\dummy.lnk - Encrypted: False - Target: C:\OEM\preload\utility\Dummy_X86.exe - Hidden: False - Status: OK
c:\windows\system32\oem\dummy_x64.lnk - Encrypted: False - Target: C:\OEM\preload\utility\Dummy_X64.exe - Hidden: False - Status: OK
c:\windows\system32\oem\dummy_x86.lnk - Encrypted: False - Target: C:\OEM\preload\utility\Dummy_X86.exe - Hidden: False - Status: OK

---------- | AppCertDlls | AppInit_DLLs


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"PaintDesktopVersion"=0   
"Pattern"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=10   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=%windir%\web\wallpaper\windows\img0.jpg   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"Browse For Folder Width"=347   
"Browse For Folder Height"=288   

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=0   
"ShowCompColor"=1   
"HideFileExt"=0   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=4   
""=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=95   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=0   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=153   
"MaxLimit2"=SECHKRCUJP42673   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"AutoRestartShell"=1   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=0   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=39   
"AutoAdminLogon"=0   
"DefaultUserName"=barrow 2 & widen   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""="%SystemRoot%\system32\NOTEPAD.EXE" %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\Chromodo\Shell\open\Command]
""="C:\Program Files\Comodo\Chromodo\chromodo.exe"   
[HKLM\Software\Clients\StartMenuInternet\Chromodo\InstallInfo]
"ReinstallCommand"="C:\Program Files\Comodo\Chromodo\chromodo.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command]
""="C:\Program Files\Comodo\Dragon\dragon.exe"   
[HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo]
"ReinstallCommand"="C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files\Internet Explorer\iexplore.exe"   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\POWER2~1\AppData\Local\Temp\1478680376726\poinstaller.exe"=1
"C:\Users\Power2Go 11 promo\Downloads\RegistryFirstAid_AQFR.exe"=1
"C:\Users\Power2Go 11 promo\Downloads\Setup_SupersonicPC_2015.exe"=1
"C:\Users\Power2Go 11 promo\Downloads\SmartPrivacyCleaner_FR.exe"=1
"C:\Users\POWER2~1\AppData\Local\Temp\advanced-system-protector.exe"=1
"C:/Users/Power2Go 11 promo/Downloads/tuxboot-0.8.2.exe"=1
"C:\Users\Power2Go 11 promo\Downloads\BDAntiRansomwareSetup.exe"=1
"C:\Users\Power2Go 11 promo\Downloads\Macrium\v6.2.1549_reflect_setup_free_x86.exe"=1


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
""=@SYS:DoesNotExist   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920209537502489
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=1
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0x7F3B8C189E21D201

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hitmanpro37.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

#      127.0.0.1       localhost
#      ::1             localhost
# unchecky_begin
# These rules were added by the Unchecky program in order to block advertising software modules
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
[61] More lines

---------- | @

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"AlwaysShowMenus"=0
"StatusBarWeb"=0
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=0
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=about:blank
"OperationalData"=5
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300002C020000
"ImageStoreRandomFolder"=6sex2rn

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0xAA54FB42553AD201
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"ProxyEnable"=0
"MigrateProxy"=1
"ProxyHttp1.1"=1
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1
"GlobalUserOffline"=0

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=about:blank
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm
"Compat"=res://mshtml.dll/compat.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files
"ProxyEnable"=0
"GlobalUserOffline"=0


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll

---------- | SSODL | SEH | URLSH | STS


---------- | Toolbar

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   


---------- | Extensions


---------- | SearchScopes


---------- | ElevationPolicy

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\5.1.10411.0\) - Silverlight.Configuration.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0}] - (C:\Program Files\Common Files\Adobe\Updater6) - Adobe_Updater.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : %SystemRoot%\system32\wucltux.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files\Adobe\Reader 9.0\Reader\) - AcroBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\System32) - msspellcheckingfacility.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\5.1.10411.0\) - agcp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254363DC-CC0E-47D3-B9F2-C4531366D4D1}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - wincomserver.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3214A3DF-F8D9-4A27-BF4D-FBBDE52E2E68}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - fdm.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32Info.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files\Windows Live\Mail\) - wlmail.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0B7A7C-8ECF-422f-9448-0874C41D4532}] - (%ProgramFiles%\Common Files\Microsoft Shared\Windows Live) - WLLoginProxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B7FB824-0A43-4bc2-B58D-F6386FEEFD84}] - (Choice Guard) - CGuard.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AdobeCollabSync.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] - (C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63) - OberonBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] - (C:\Program Files\Google\Update\1.3.31.5) - GoogleUpdateBroker.exe : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] - (C:\Program Files\Google\Update\1.3.31.5) - GoogleUpdateWebPlugin.exe : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - () - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files\Windows Live\Messenger\) - msnmsgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files\Windows Live\Writer\) - WindowsLiveWriter.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\system32\Macromed\Flash) - FlashUtil32_23_0_0_205_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] :  : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

---------- | Ext\Stats

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] :  : C:\Windows\System32\ieframe.dll
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] :  : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] :  : %SystemRoot%\System32\msxml3.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] :  : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] :  : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll  [22/01/2009 14:41:30]

---------- | Chrome



---------- | Opera


---------- | Firefox


[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
[HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416] - (WLPG Install MIME type) : C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll


C:\Users\barrow 2 & widen\AppData\Roaming\Mozilla\Firefox\Profiles\4hml8hmp.default-1478423378248\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20161019084923");
user_pref("browser.startup.homepage_override.mstone", "49.0.2");
user_pref("extensions.blocklist.pingCountTotal", 2);
user_pref("extensions.blocklist.pingCountVersion", 2);
user_pref("extensions.bootstrappedAddons", "{\"asyncrendering@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\barrow 2 & widen\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4hml8hmp.default-1478423378248\\\\features\\\\{a26719a4-009d-49c7-8ced-dd257151a3e6}\\\\asyncrendering@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"e10srollout@mozilla.org\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true}}");
user_pref("extensions.databaseSchema", 17);
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "49a");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1478424641);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20160826.01");
user_pref("extensions.lastAppVersion", "49.0.2");
user_pref("extensions.lastPlatformVersion", "49.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{a26719a4-009d-49c7-8ced-dd257151a3e6}\",\"addons\":{\"asyncrendering@mozilla.org\":{\"version\":\"2.0\"}}}");
user_pref("extensions.xpiState", "{\"app-system-addons\":{\"asyncrendering@mozilla.org\":{\"d\":\"C:\\\\Users\\\\barrow 2 & widen\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\4hml8hmp.default-1478423378248\\\\features\\\\{a26719a4-009d-49c7-8ced-dd257151a3e6}\\\\asyncrendering@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1478424648450}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.3\",\"st\":1476928285172},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.4\",\"st\":1476928285208},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1476928285209}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"49.0.2\",\"st\":1476928285171}}}");
user_pref("browser.startup.homepage", "https://www.google.com");

C:\Users\Power2Go 11 promo\AppData\Roaming\Mozilla\Firefox\Profiles\x5vkww1m.default\Prefs.js

user_pref("browser.startup.homepage_override.buildID", "20161019084923");
user_pref("browser.startup.homepage_override.mstone", "49.0.2");
user_pref("extensions.blocklist.pingCountTotal", 4);
user_pref("extensions.blocklist.pingCountVersion", 4);
user_pref("extensions.bootstrappedAddons", "{\"asyncrendering@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Power2Go 11 promo\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x5vkww1m.default\\\\features\\\\{f773c03d-3bbf-4854-8b34-b230a24495d4}\\\\asyncrendering@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"e10srollout@mozilla.org\":{\"version\":\"1.3\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"firefox@getpocket.com\":{\"version\":\"1.0.4\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true},\"webcompat@mozilla.org\":{\"version\":\"1.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":false,\"runInSafeMode\":true}}");
user_pref("extensions.databaseSchema", 17);
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "49a");
user_pref("extensions.e10sBlockedByAddons", false);
user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2");
user_pref("extensions.getAddons.cache.lastUpdate", 1479150998);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20160826.01");
user_pref("extensions.lastAppVersion", "49.0.2");
user_pref("extensions.lastPlatformVersion", "49.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{f773c03d-3bbf-4854-8b34-b230a24495d4}\",\"addons\":{\"asyncrendering@mozilla.org\":{\"version\":\"2.0\"}}}");
user_pref("extensions.xpiState", "{\"app-system-addons\":{\"asyncrendering@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Power2Go 11 promo\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\x5vkww1m.default\\\\features\\\\{f773c03d-3bbf-4854-8b34-b230a24495d4}\\\\asyncrendering@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1478678852941}},\"app-system-defaults\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.3\",\"st\":1476928285172},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.4\",\"st\":1476928285208},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0\",\"st\":1476928285209}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":true,\"v\":\"49.0.2\",\"st\":1476928285171}}}");

---------- | Active Connections

  TCP    127.0.0.1:49255        barrow2etwiden:49256   ESTABLISHED     972
  TCP    127.0.0.1:49256        barrow2etwiden:49255   ESTABLISHED     972
  TCP    127.0.0.1:59482        barrow2etwiden:20158   SYN_SENT        1452
  TCP    192.168.1.15:59428     prod2.adlice.com:http  TIME_WAIT       0

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5EE308D5-4F56-472E-9F82-438A6C2112F7}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5EE308D5-4F56-472E-9F82-438A6C2112F7}]
"DhcpNameServer"=192.168.1.1 192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5EE308D5-4F56-472E-9F82-438A6C2112F7}]
"DhcpNameServer"=192.168.1.1 192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [6,1,7601,17514] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{66C64F22-FC60-4E6C-A6B5-F0D580E680CE}] - () - [11,0,9600,0] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,7601,23517] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - () - [11,0,9600,0] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [6,1,7601,23537] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [11,0,9600,0] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> 
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - () - [43,0,0,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,7601,23517] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,7601,23517] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [6,1,7601,17514] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{66C64F22-FC60-4E6C-A6B5-F0D580E680CE}] - (Enable TLS1.1 and 1.2) - [11,0,9600,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -EnableTLS
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,7601,23517] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [6,1,7601,17514] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - [2,0,50727,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - (Disable SSL3) - [11,0,9600,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -DisableSSL3
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [6,1,7601,23537] - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [11,0,9600,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - [43,0,0,0] -  -> "C:\Program Files\Google\Chrome\Application\54.0.2840.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - [2,0,50727,1] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,9600,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [6,3,9600,18524] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 


---------- | Applications

[HKLM\SOFTWARE\Classes\Applications\eSobi.exe] : "C:\Program Files\eSobi\eSobi2\eSobi.exe" /e "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA}
Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}
Name: eDSPSDProtect - AppID: {023ED001-BA16-4467-B0D9-D098191C17A9}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488}
Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df}
Name: CELERITASWMSecureShell - AppID: {0545D0D4-6CF7-4088-B65A-65F1EA53A70F}
Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: McOobeSvc - AppID: {08F4B21B-105C-4D16-822E-223E9C5ED0FC}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323}
Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: cmdcmc - AppID: {140D7792-1113-49DB-9B16-E669A934D975}
Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: cmdlogs - AppID: {2000BB21-EADE-4133-91DB-981380788877}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: Dispatch - AppID: {224FC5DE-26AD-4A47-A2C3-5A50885F314C}
Name: cmdcfg - AppID: {242A5883-A8B3-4273-9D5A-DAECFF8B9BB0}
Name: DTSLimiterDLL - AppID: {24E79C19-1F52-43CC-8684-BFA13340E72C}
Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F}
Name: ShredderContextMenu - AppID: {253C5D8C-536F-4140-9103-55F5B5442921}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: DTSVoiceClarityDLL - AppID: {272EFD2A-90BE-4E48-8557-3D9CEA0530A0}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: CMSVSWrap Object - AppID: {2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}
Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: cmdcloud - AppID: {3367D0D0-5996-477E-8385-7D1B6C2AF9AC}
Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B}
Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B}
Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0}
Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}
Name: EEL32A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: igfxcfg - AppID: {3D62E9A1-D243-11D2-B561-00A0C92E6848}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a}
Name: cmdaruns - AppID: {47730F83-7966-4F56-9AF5-15CADFABBEFC}
Name: EEG32A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: ComProxy - AppID: {536BF835-F397-46D3-AD11-92642F8CABD9}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B}
Name: EED32A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}
Name: Odyssey - AppID: {5F8FD45A-D58C-4AAD-8EDE-B9B78F02B959}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: DTSNeoPCDLL - AppID: {68976842-77A6-447F-83E8-97DF7A83A970}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: AutoItX3 - AppID: {6E8109C4-F369-415D-AF9A-2AEEFF313234}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: AcroIEHelperShim - AppID: {77AB4812-5411-4EA9-8437-77AD0F230302}
Name: CLMLSvc_P2G11 - AppID: {79454E97-52CD-4517-B6A1-43A1D3C5FDAC}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: DTSBassEnhancementDLL - AppID: {7E70FA0D-5DFA-4BA6-98C6-F10BBAAF7410}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: AdAwareShellExtension - AppID: {815E3070-A914-4A36-BC40-2F35AAD1C91E}
Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98}
Name: wlcsdk - AppID: {83B16523-1802-47EF-A9A6-2B3C8B796A6F}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: IPS - AppID: {86F9F754-EB88-4A94-A092-721F013CB10B}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: DTSSymmetryDLL - AppID: {91953DA9-4AB8-473A-BF6D-462FA2E58025}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: AutorunsWrapper - AppID: {9223DCE6-1F38-4600-BB57-17B8CA8996EC}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C}
Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44}
Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134}
Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: PDFShellInfo - AppID: {A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: DTSBoostDLL - AppID: {A5900CCC-3E28-4F96-8410-C43BF113C279}
Name: AIMPlugin - AppID: {A72B23B6-A76F-4E17-AEE0-50F10A9B5C9B}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: IA3DUtility - AppID: {A7D71146-EBCD-4E6C-916C-E77865BCC53B}
Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: DTSGainCompensatorDLL - AppID: {B3D43A87-E6C7-4EC8-8546-CEB9EE9BD936}
Name: McAfee SiteAdvisor Service - AppID: {B48A23C6-434F-43bc-B98E-AF5B21A92964}
Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: DTSS2HeadphoneDLL - AppID: {BA291C7C-39AC-4331-9592-B694DA24BC89}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: CcavHelper - AppID: {CD10AF2C-3024-4CF0-B978-0FBB7C4FE14C}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: DTSS2SpeakerDLL - AppID: {CF3C79C7-8096-4BF2-9684-9F6B832FAC23}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}
Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400}
Name: EverySyncExplorerOverlay - AppID: {DE4CE140-5838-468B-86C0-A422AC75B092}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: cmdurlflt - AppID: {E60DD523-5B62-46B9-9584-1633E4D407BC}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: Microsoft.Aspnet.Snapin.AspNetManagementUtility.4 - AppID: {F75B6772-91E4-4D2F-9D44-61A447109C2B}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: ESLoadSevice - AppID: {FCA6F20F-92E5-4E74-AC19-D14B59CB1C15}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{224FC5DE-26AD-4A47-A2C3-5A50885F314C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2B29DD0A-49D7-4C85-B4DA-64B1A22F1671}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"

---------- | Svchost - Netsvcs (Whitelisted)

Term -  : 

---------- | Software

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\7x9uaQ3861iYF6]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Acer]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\AppDataLow]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Ashampoo]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Bitdefender]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Clients]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\COMODO]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\ComodoGroup]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\CyberLink]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Dritek]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Elantech]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Google]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Insyde Software]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Intel]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\KILLSOFT]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Licenses]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Locky]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\LogMeInRescueCallingCard]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\macrium]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Mozilla]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\OEM]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Paramount Software (UK) Ltd.]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Policies]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\QtProject]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Realtek]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Sonix]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\sysinternals]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Systweak]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\UsbFix]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\UsbFix Standard]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\AppDataLow\Software\adawarebp]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\Software\Microsoft\Windows NT\CurrentVersion]




[HKLM\Software\Acer]
[HKLM\Software\Acer Incorporated]
[HKLM\Software\Adobe]
[HKLM\Software\AdsFix]
[HKLM\Software\America Online]
[HKLM\Software\Atheros Communications Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AutoIt v3]
[HKLM\Software\AVC3]
[HKLM\Software\Bitdefender]
[HKLM\Software\Bitdefender 60Seconds]
[HKLM\Software\Borland]
[HKLM\Software\Chicony Electronics Co.,Ltd.]
[HKLM\Software\CIS_Backup_{25B9C8A9-7B0C-4f9c-AF29-59A5608704F9}]
[HKLM\Software\Clients]
[HKLM\Software\CLSID]
[HKLM\Software\COMODO]
[HKLM\Software\ComodoGroup]
[HKLM\Software\CyberLink]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\Dritek]
[HKLM\Software\DTS]
[HKLM\Software\EaseUS]
[HKLM\Software\EaseUS Todo Backup]
[HKLM\Software\EgisTec]
[HKLM\Software\EgisTec IPS]
[HKLM\Software\EgisTec Shredder]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\GeekBuddyRSP]
[HKLM\Software\Google]
[HKLM\Software\HitmanPro]
[HKLM\Software\Insyde Software]
[HKLM\Software\Intel]
[HKLM\Software\KillSoft]
[HKLM\Software\Laplink]
[HKLM\Software\Lavasoft]
[HKLM\Software\LogMeInRescueCallingCard]
[HKLM\Software\macrium]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Oberon Media]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\OemSetup]
[HKLM\Software\OOBEOffer]
[HKLM\Software\Panda Security]
[HKLM\Software\Panda Software]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Rocket Division Software]
[HKLM\Software\SonicFocus]
[HKLM\Software\SOSVirus]
[HKLM\Software\Spearit]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\Systweak]
[HKLM\Software\TrendMicro]
[HKLM\Software\Unchecky]
[HKLM\Software\Volatile]
[HKLM\Software\WafCX]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wondershare]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Help]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]


---------- | FeatureControl

[HKU\S-1-5-21-1541472888-895532398-2178115478-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Trial.exe"="8888"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Main.exe"="9999"
"prevhost.exe"="8000"
"WiseProgramUninstaller.exe"="11000"
"mbam.exe"="11000"
"Power2Go.exe"="8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"iexplore.exe"="1"
"*"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGuiIT.exe"="0"
"SAPGUI.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"sllauncher.exe"="0"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"sllauncher.exe"="1"
"wlmail.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"sllauncher.exe"="6"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
"*"="3"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"winmail.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"sllauncher.exe"="1"
"WindowsLiveWriter.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"sllauncher.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"sllauncher.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
"mbam.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
"wlmail.exe"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [16/11/2016 12:34:02] - |D| - [25066491] - C:\Program Files\ASP
[MD5.00000000000000000000000000000000] - [04/11/2016 03:41:39] - |D| - [33073401] - C:\Program Files\Bitdefender
[MD5.00000000000000000000000000000000] - [02/11/2016 18:02:27] - |D| - [317904] - C:\Program Files\e-Carte Bleue
[MD5.00000000000000000000000000000000] - [04/11/2016 04:07:40] - |D| - [142551486] - C:\Program Files\FreeDownloadManager.ORG
[MD5.00000000000000000000000000000000] - [05/11/2016 05:35:34] - |D| - [427931047] - C:\Program Files\Google
[MD5.00000000000000000000000000000000] - [10/11/2016 14:28:00] - |D| - [11118952] - C:\Program Files\HitmanPro
[MD5.00000000000000000000000000000000] - [14/11/2016 04:59:34] - |D| - [135392807] - C:\Program Files\Macrium
[MD5.00000000000000000000000000000000] - [04/11/2016 07:41:26] - |D| - [59351190] - C:\Program Files\Malwarebytes Anti-Malware
[MD5.00000000000000000000000000000000] - [06/11/2016 10:02:33] - |D| - [94161526] - C:\Program Files\Mozilla Firefox
[MD5.00000000000000000000000000000000] - [06/11/2016 10:02:58] - |D| - [262595] - C:\Program Files\Mozilla Maintenance Service
[MD5.00000000000000000000000000000000] - [02/11/2016 05:22:35] - |D| - [133681766] - C:\Program Files\Panda Security
[MD5.00000000000000000000000000000000] - [02/11/2016 06:23:05] - |D| - [2122128] - C:\Program Files\Panda USB Vaccine
[MD5.00000000000000000000000000000000] - [16/11/2016 12:27:33] - |D| - [5705040] - C:\Program Files\PremierOpinion
[MD5.00000000000000000000000000000000] - [09/11/2016 10:16:48] - |D| - [18080888] - C:\Program Files\RFA 10
[MD5.00000000000000000000000000000000] - [11/11/2016 06:04:12] - |D| - [78458888] - C:\Program Files\RogueKiller
[MD5.00000000000000000000000000000000] - [02/11/2016 09:44:45] - |D| - [5425824] - C:\Program Files\Unchecky
[MD5.00000000000000000000000000000000] - [02/11/2016 04:59:06] - |D| - [211555059] - C:\Program Files\ZebHelpProcess
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/11/2016 04:28:30] - |A| - [0] - C:\Windows\BcdLog.txt
[MD5.9E6045358C1993946B9ED59B8B7EBEE2] - [10/11/2016 17:30:27] - |A| - [302690] - C:\Windows\ntbtlog.txt
[MD5.2111735B3E6EC26DD560B262E2B6643D] - [02/11/2016 04:29:09] - |A| - [28] - C:\Windows\OutLog.txt
[MD5.776A82302FC758B9B01B3A12DE1CE85D] - [02/11/2016 18:02:06] - |A| - [1342976] - C:\Windows\Installer\129e64.msi
[MD5.3BE41B1153D9D8F602DF1D7FED0175E9] - [05/11/2016 05:34:20] - |A| - [46157824] - C:\Windows\Installer\153eb8.msi
[MD5.9370A2EB35422E0ABDAB228DF94DBBD0] - [05/11/2016 05:35:19] - |A| - [40960] - C:\Windows\Installer\153ebd.msi
[MD5.B2A55DA714A43A97C436775590140C2D] - [03/11/2016 08:33:31] - |A| - [12025856] - C:\Windows\Installer\169cb4.msi
[MD5.1EA87053C6D871D6BE4524A61BC53EF4] - [14/11/2016 04:38:07] - |A| - [41979904] - C:\Windows\Installer\2590433.msi
[MD5.79AE4D699F0EB58D952305B68751BA64] - [14/11/2016 04:38:07] - |A| - [122729917] - C:\Windows\Installer\pe3x86.zip
[MD5.1EA87053C6D871D6BE4524A61BC53EF4] - [14/11/2016 04:37:42] - |A| - [41979904] - C:\Windows\Installer\reflect_setupv6.2.1549-x86-00.msi
[MD5.53E0BA9E741B21EC4F568FEE6A6505C5] - [04/11/2016 03:38:37] - |A| - [20480] - C:\Windows\Installer\SourceHash{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
[MD5.400D853C78EF2A602BF7B0BE87729115] - [09/11/2016 10:00:56] - |A| - [20480] - C:\Windows\Installer\SourceHash{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
[MD5.610A59C97B474E5784743A016C04C8A6] - [05/11/2016 05:40:02] - |A| - [20480] - C:\Windows\Installer\SourceHash{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[MD5.C3EECED66C2F3F6B5943A6C53D28FAAE] - [05/11/2016 05:34:35] - |A| - [20480] - C:\Windows\Installer\SourceHash{77CD02E9-7F33-33D9-B5CB-13C332E0E575}
[MD5.364A2331E2DAD08FDC22ADAFD3D9CCC0] - [08/11/2016 03:14:44] - |A| - [20480] - C:\Windows\Installer\SourceHash{9E04F23D-3E2E-4A62-AEBF-8BC952402730}
[MD5.CA1E1E108F3D706E723E4C84715C622D] - [09/11/2016 09:44:35] - |A| - [20480] - C:\Windows\Installer\SourceHash{B175520C-86A2-35A7-8619-86DC379688B9}
[MD5.D6F023342666C12A8F8D7EDD45EBA659] - [09/11/2016 09:44:20] - |A| - [20480] - C:\Windows\Installer\SourceHash{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
[MD5.9E879C91AB3FBE23937FF298B7F6A9AA] - [14/11/2016 04:59:18] - |A| - [20480] - C:\Windows\Installer\SourceHash{C33384C4-2E31-4A04-9F74-342E7075EA6A}
[MD5.0929D31D3AF7059A009BA8CE69E75A12] - [09/11/2016 09:57:18] - |A| - [20480] - C:\Windows\Installer\SourceHash{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[MD5.53FC6F47706D7E98E46C1B8E4D9E7CF9] - [02/11/2016 18:02:25] - |A| - [20480] - C:\Windows\Installer\SourceHash{DB981AC8-910B-4C0E-8250-829243E85934}
[MD5.83C9238DA51610ADFFBD59DA9A6AB3F2] - [04/11/2016 03:39:06] - |A| - [20480] - C:\Windows\Installer\SourceHash{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [14/11/2016 05:01:11] - |A| - [0] - C:\Windows\Installer\wix{C33384C4-2E31-4A04-9F74-342E7075EA6A}.SchedServiceConfig.rmi
[MD5.00000000000000000000000000000000] - [05/11/2016 12:36:13] - |D| - [59608] - C:\Windows\Installer\{0DC5FA19-8E63-4777-AEB7-FEFDA6C3C057}
[MD5.00000000000000000000000000000000] - [05/11/2016 12:36:13] - |D| - [59608] - C:\Windows\Installer\{115C1C6A-15A2-48B1-A599-79F1AA1A03F6}
[MD5.00000000000000000000000000000000] - [05/11/2016 12:36:18] - |D| - [59608] - C:\Windows\Installer\{20334FA5-6CD5-48FC-B5F9-D34D75E07845}
[MD5.00000000000000000000000000000000] - [05/11/2016 12:36:13] - |D| - [59608] - C:\Windows\Installer\{26F31E12-3722-45FD-903B-49012286BB4C}
[MD5.00000000000000000000000000000000] - [05/11/2016 12:36:12] - |D| - [59608] - C:\Windows\Installer\{28349A67-1D99-45A6-A1C1-C5B6D1DF937A}
[MD5.00000000000000000000000000000000] - [08/11/2016 03:14:53] - |D| - [17886] - C:\Windows\Installer\{9E04F23D-3E2E-4A62-AEBF-8BC952402730}
[MD5.00000000000000000000000000000000] - [14/11/2016 05:00:54] - |D| - [665497] - C:\Windows\Installer\{C33384C4-2E31-4A04-9F74-342E7075EA6A}
[MD5.00000000000000000000000000000000] - [09/11/2016 09:59:03] - |D| - [155217] - C:\Windows\Installer\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
[MD5.00000000000000000000000000000000] - [02/11/2016 18:02:27] - |D| - [324480] - C:\Windows\Installer\{DB981AC8-910B-4C0E-8250-829243E85934}
[MD5.D7D84D597FDB84C9B265A1F14A50D1BE] - [09/11/2016 02:49:32] - |A| - [690688] - C:\Windows\system32\adtschema.dll
[MD5.DE8821DA97BB8FA07C3970BD458205B6] - [09/11/2016 02:49:36] - |A| - [644096] - C:\Windows\system32\advapi32.dll
[MD5.5EFA8E04BB2364CF18C07918F3661C4B] - [09/11/2016 02:49:35] - |A| - [6656] - C:\Windows\system32\apisetschema.dll
[MD5.08D4B51D253445837FF74786FFAE2523] - [09/11/2016 02:49:34] - |A| - [50688] - C:\Windows\system32\appidapi.dll
[MD5.A43F799523A16F42BC0F890FEF90D2B9] - [09/11/2016 02:49:33] - |A| - [16896] - C:\Windows\system32\appidcertstorecheck.exe
[MD5.1C6553556F6DE1B38F7B9D5BCA36461B] - [09/11/2016 02:49:33] - |A| - [97792] - C:\Windows\system32\appidpolicyconverter.exe
[MD5.12812E47DEB2CB394BAB6950AFABE3D0] - [09/11/2016 02:49:33] - |A| - [29696] - C:\Windows\system32\appidsvc.dll
[MD5.A116C624FF8D9522C0FB7271B8679075] - [09/11/2016 02:49:48] - |A| - [67584] - C:\Windows\system32\asycfilt.dll
[MD5.596D1F332737FFC909E1C821A3238D28] - [09/11/2016 02:49:52] - |A| - [308456] - C:\Windows\system32\atmfd.dll
[MD5.73BDA490A7B9FE900AFEF093F572EB42] - [09/11/2016 02:49:35] - |A| - [34304] - C:\Windows\system32\atmlib.dll
[MD5.F78A44DB62D8708B105F25B49A173602] - [09/11/2016 02:49:33] - |A| - [50176] - C:\Windows\system32\auditpol.exe
[MD5.4BC02BD73338C3A26265F5C64DBEC770] - [02/11/2016 05:00:51] - |A| - [183808] - C:\Windows\system32\BDEADMIN.CPL
[MD5.1388B1F789DBA40B31D740BA35D69365] - [03/11/2016 07:32:44] - |A| - [463016] - C:\Windows\system32\CcavGuard32.dll
[MD5.D4798407E750CDA7C3885D5B8E37403F] - [09/11/2016 02:49:55] - |A| - [125952] - C:\Windows\system32\chajei.ime
[MD5.AF40161FD6CC6F243A6E3F2181CA7FD0] - [09/11/2016 02:49:55] - |A| - [125952] - C:\Windows\system32\cintlgnt.ime
[MD5.56F817905DB79573D95E84DC407B1204] - [09/11/2016 02:49:52] - |A| - [250600] - C:\Windows\system32\clfs.sys
[MD5.44E7D66C3F0E2896239B03073714AF19] - [09/11/2016 02:49:35] - |A| - [17408] - C:\Windows\system32\credssp.dll
[MD5.228CF2CB0632BB822D8700EB681EE934] - [09/11/2016 02:49:35] - |A| - [36352] - C:\Windows\system32\cryptbase.dll
[MD5.DA18B56F6896F36A41B23BB035FAAB0F] - [09/11/2016 02:49:34] - |A| - [38912] - C:\Windows\system32\csrsrv.dll
[MD5.8C25E347F5E2C2BCA9B5258A68B72AE7] - [02/11/2016 05:00:51] - |A| - [210032] - C:\Windows\system32\DBCLIENT.DLL
[MD5.441766E9D3DC1548799F16F3B1464037] - [09/11/2016 02:49:35] - |A| - [10240] - C:\Windows\system32\dciman32.dll
[MD5.58F9BFBAE3C25D1A349DF0C6ECE8F9DF] - [09/11/2016 02:49:27] - |A| - [935424] - C:\Windows\system32\diagtrack.dll
[MD5.9A7331C81A4625AADBF0A469D9F1876C] - [09/11/2016 02:49:45] - |A| - [416256] - C:\Windows\system32\dxtmsft.dll
[MD5.DE77051857B9424A1D84D0FA9EE0EF91] - [09/11/2016 02:49:47] - |A| - [279040] - C:\Windows\system32\dxtrans.dll
[MD5.CB49B6D7FC1018A2C44F1A538E226706] - [05/11/2016 09:04:44] - |A| - [796352] - C:\Windows\system32\FlashPlayerApp.exe
[MD5.3FDAA2FBFB373BDD669D8EDD39A8D3DC] - [05/11/2016 09:04:44] - |A| - [142528] - C:\Windows\system32\FlashPlayerCPLApp.cpl
[MD5.9F55D5E1D7C62F51F021F2B81F51FC62] - [09/11/2016 02:49:36] - |A| - [70656] - C:\Windows\system32\fontsub.dll
[MD5.35AED5EB93D4476259A1AB573149FD81] - [09/11/2016 02:49:40] - |A| - [341504] - C:\Windows\system32\html.iec
[MD5.34C7A4062EB215785F3B0D53FFF84D24] - [09/11/2016 02:49:51] - |A| - [689664] - C:\Windows\system32\ie4uinit.exe
[MD5.A583CFFE53566F9A7C292250A75843D6] - [09/11/2016 02:49:37] - |A| - [710144] - C:\Windows\system32\ieapfltr.dll
[MD5.5A8B4C901136F17B418119C8B9DE31FA] - [09/11/2016 02:49:51] - |A| - [346320] - C:\Windows\system32\iedkcs32.dll
[MD5.7B4D939659DF3B29866CB3B2AD321DB0] - [09/11/2016 02:49:38] - |A| - [102912] - C:\Windows\system32\ieetwcollector.exe
[MD5.684BF8AC1370E1E38C4E2F2D737D4A7D] - [09/11/2016 02:49:36] - |A| - [4096] - C:\Windows\system32\ieetwcollectorres.dll
[MD5.6180C8A0C24065007BC34A3098BB0E4B] - [09/11/2016 02:49:38] - |A| - [47616] - C:\Windows\system32\ieetwproxystub.dll
[MD5.9263229A4663D0D59B9752D5EE12B35A] - [09/11/2016 02:50:00] - |A| - [13654016] - C:\Windows\system32\ieframe.dll
[MD5.0A1A9619E1D22971E92B0F0CAFB69147] - [09/11/2016 02:49:39] - |A| - [30720] - C:\Windows\system32\iernonce.dll
[MD5.1741BDC6EF1DC754517D9861BFC4AB43] - [09/11/2016 02:49:57] - |A| - [2287616] - C:\Windows\system32\iertutil.dll
[MD5.23407251A65842CA98769FC06288169F] - [09/11/2016 02:49:41] - |A| - [62464] - C:\Windows\system32\iesetup.dll
[MD5.44A80962762BBE125D7593E6F62F58BF] - [09/11/2016 02:49:41] - |A| - [476160] - C:\Windows\system32\ieui.dll
[MD5.B147CA73C74AB89ED784328C9DB286D2] - [09/11/2016 02:49:40] - |A| - [115712] - C:\Windows\system32\ieUnatt.exe
[MD5.DACADD12EAB0D4105C67BC1A4CB0BE04] - [09/11/2016 02:49:49] - |A| - [1027584] - C:\Windows\system32\IMJP10.IME
[MD5.3528127B3B004A5A41245E11DD14B64D] - [09/11/2016 02:49:48] - |A| - [701440] - C:\Windows\system32\IMJP10K.DLL
[MD5.C45CD99002A4BA7F14842375E1C442F3] - [09/11/2016 02:49:46] - |A| - [430080] - C:\Windows\system32\imkr80.ime
[MD5.001A349F5C7C0A98F5957BAC52F58F80] - [09/11/2016 02:49:51] - |A| - [741888] - C:\Windows\system32\inetcomm.dll
[MD5.B28D24BE79655AA49DE182B2B425D7D2] - [09/11/2016 02:49:53] - |A| - [2055680] - C:\Windows\system32\inetcpl.cpl
[MD5.659867EFA2105808220C3B5BFD696285] - [09/11/2016 02:49:38] - |A| - [84480] - C:\Windows\system32\INETRES.dll
[MD5.31CA273CC39FB99AA8E784A190E58074] - [09/11/2016 02:49:55] - |A| - [202240] - C:\Windows\system32\input.dll
[MD5.72A61A1205F5C7626C39A4C8C1EE2966] - [09/11/2016 02:49:39] - |A| - [91136] - C:\Windows\system32\inseng.dll
[MD5.B91D88F3279FF2290F2C7CDD71971B5B] - [09/11/2016 02:49:39] - |A| - [60416] - C:\Windows\system32\JavaScriptCollectionAgent.dll
[MD5.CCCA649EECB2190BC5A3F829B6A3979A] - [09/11/2016 02:49:38] - |A| - [663552] - C:\Windows\system32\jscript.dll
[MD5.44F1DBF504F90BA317207151D78E1345] - [09/11/2016 02:49:58] - |A| - [4608000] - C:\Windows\system32\jscript9.dll
[MD5.5608FACC9ADDCE0EE8BD084EE968EFB4] - [09/11/2016 02:49:40] - |A| - [620032] - C:\Windows\system32\jscript9diag.dll
[MD5.889BE428534CB9E1AB42805F7A35B18E] - [09/11/2016 02:49:38] - |A| - [47104] - C:\Windows\system32\jsproxy.dll
[MD5.D44A18C1EEAAF7E771B360DDCFC48518] - [09/11/2016 02:49:37] - |A| - [553472] - C:\Windows\system32\kerberos.dll
[MD5.466D04E384804482C5459C533DD7D2ED] - [09/11/2016 02:49:35] - |A| - [26112] - C:\Windows\system32\lpk.dll
[MD5.CBDB1A1F2FAF30A1D30CF92D3CAF7392] - [09/11/2016 02:49:55] - |A| - [1062912] - C:\Windows\system32\lsasrv.dll
[MD5.55A1F001FE2A16C15B494EA6F63C3C45] - [09/11/2016 02:49:35] - |A| - [22016] - C:\Windows\system32\lsass.exe
[MD5.0B329D1E1E7BCEED71BFFE22C69A1CCC] - [09/11/2016 02:49:32] - |A| - [146432] - C:\Windows\system32\msaudite.dll
[MD5.4C7A52467D41DE158258A551C49CC169] - [09/11/2016 02:49:47] - |A| - [829952] - C:\Windows\system32\msctf.dll
[MD5.1BB1926737665BA62EC87284A069B0D1] - [09/11/2016 02:49:47] - |A| - [693248] - C:\Windows\system32\msfeeds.dll
[MD5.CF67F56D3D87BB166E7C758BA72EF9B3] - [09/11/2016 02:50:03] - |A| - [20304896] - C:\Windows\system32\mshtml.dll
[MD5.C7A3FE59BE6BA47DA76A3625D01AEA9C] - [09/11/2016 02:49:37] - |A| - [2724864] - C:\Windows\system32\mshtml.tlb
[MD5.4EEBE5DC0562FEE73714C7B8DB6E754B] - [09/11/2016 02:49:44] - |A| - [64000] - C:\Windows\system32\MshtmlDac.dll
[MD5.C49F9656E525DE61C01A599A2776BCBC] - [09/11/2016 02:49:44] - |A| - [76288] - C:\Windows\system32\mshtmled.dll
[MD5.E445E3C13FA123149122D9E5C7CC49C2] - [09/11/2016 02:49:55] - |A| - [1155072] - C:\Windows\system32\mshtmlmedia.dll
[MD5.41446E17E2EF8363719487295B188C7B] - [09/11/2016 02:49:32] - |A| - [60416] - C:\Windows\system32\msobjs.dll
[MD5.D789020BC53B58C59791AB6087034A61] - [09/11/2016 02:49:44] - |A| - [168960] - C:\Windows\system32\msrating.dll
[MD5.B04B2DE4F1D7A632591444A28BB64701] - [09/11/2016 02:49:50] - |A| - [667648] - C:\Windows\system32\MsSpellCheckingFacility.exe
[MD5.F1FBB48FE52C96E6FD0F3EBDF1C124C2] - [09/11/2016 02:49:54] - |A| - [261120] - C:\Windows\system32\msv1_0.dll
[MD5.78C2B9F66D4242AA9CC0A8693E2001F9] - [09/11/2016 02:49:54] - |A| - [2291712] - C:\Windows\system32\MSVidCtl.dll
[MD5.12340D95B5AF0497DDB0DB98CA301B4E] - [09/11/2016 02:49:35] - |A| - [223232] - C:\Windows\system32\ncrypt.dll
[MD5.B92BFA14A838167504D1AE2CD04F4680] - [09/11/2016 02:49:54] - |A| - [1310528] - C:\Windows\system32\ntdll.dll
[MD5.3BAB11E3100E91D322BB2968E4288721] - [09/11/2016 02:49:52] - |A| - [4000488] - C:\Windows\system32\ntkrnlpa.exe
[MD5.04B9CB2F81994A2E3A32DCC3E297C647] - [09/11/2016 02:49:53] - |A| - [3944680] - C:\Windows\system32\ntoskrnl.exe
[MD5.12E21F14F3A8E16DE2714064A733B44F] - [09/11/2016 02:49:40] - |A| - [130048] - C:\Windows\system32\occache.dll
[MD5.DFA4FC62E591AFE142B21D11DE145687] - [09/11/2016 02:49:45] - |A| - [581632] - C:\Windows\system32\oleaut32.dll
[MD5.7A415385F709BB9AD0C8457722FAEA4D] - [09/11/2016 02:49:50] - |A| - [90624] - C:\Windows\system32\olepro32.dll
[MD5.474E6D5718A08617EF48699DAC1C67EE] - [09/11/2016 02:49:55] - |A| - [125952] - C:\Windows\system32\phon.ime
[MD5.7AC6ACDBF5FAF53F786E66D43635C819] - [09/11/2016 02:49:51] - |A| - [90112] - C:\Windows\system32\pintlgnt.ime
[MD5.EE41ECC5D30C8EB5A235E7C3901F5160] - [16/11/2016 12:27:39] - |A| - [660792] - C:\Windows\system32\pmls.dll
[MD5.579E21723234BB05DC46B19C3BC65CCD] - [09/11/2016 02:49:55] - |A| - [125952] - C:\Windows\system32\qintlgnt.ime
[MD5.435C9129A479D912F53292DBDA5B1191] - [09/11/2016 02:49:55] - |A| - [125952] - C:\Windows\system32\quick.ime
[MD5.491E239A590051D2ACE3AA514BDFE82D] - [09/11/2016 02:49:35] - |A| - [141312] - C:\Windows\system32\rpchttp.dll
[MD5.87EC0189A02FE10C972CB16F6BFA0D47] - [09/11/2016 02:49:37] - |A| - [655360] - C:\Windows\system32\rpcrt4.dll
[MD5.EA2F4F0D0C3A2D7020E6A6461FE24C88] - [09/11/2016 02:49:34] - |A| - [262656] - C:\Windows\system32\rstrui.exe
[MD5.A130EC660960755C74DA7467DCB65E5F] - [16/11/2016 12:33:59] - |A| - [17872] - C:\Windows\system32\sasnative32.exe
[MD5.8C1B4231DF981A8D95D0B58799DD7A35] - [09/11/2016 02:49:36] - |A| - [254464] - C:\Windows\system32\schannel.dll
[MD5.953B036B621A8300705ADA7696D0612D] - [09/11/2016 02:49:35] - |A| - [22016] - C:\Windows\system32\secur32.dll
[MD5.341208E985E45E3DE0C2837B0D53FA66] - [09/11/2016 02:49:34] - |A| - [50176] - C:\Windows\system32\setbcdlocale.dll
[MD5.76FE76A763299894D7F98A9874A9C0A9] - [09/11/2016 02:49:36] - |A| - [69632] - C:\Windows\system32\smss.exe
[MD5.31D2C45DC57BFD796097045B1820E2BE] - [09/11/2016 02:49:34] - |A| - [43008] - C:\Windows\system32\srclient.dll
[MD5.2421B85120349CBC451D43D891C113E1] - [09/11/2016 02:49:36] - |A| - [400896] - C:\Windows\system32\srcore.dll
[MD5.828F362975A0999244848B917A6CE23E] - [09/11/2016 02:49:36] - |A| - [99840] - C:\Windows\system32\sspicli.dll
[MD5.108FB52FBFF489597FD21A9FFE4CF36C] - [09/11/2016 02:49:35] - |A| - [15872] - C:\Windows\system32\sspisrv.dll
[MD5.FFE8DC32786ED2CFF21AB907A51B332D] - [09/11/2016 02:49:55] - |A| - [126976] - C:\Windows\system32\tintlgnt.ime
[MD5.39EB5BE5CFADE72D973A7F5E088EB7EE] - [09/11/2016 02:49:35] - |A| - [65536] - C:\Windows\system32\TSpkg.dll
[MD5.F7710C0968CDB9E4CAA7653ACB171CE0] - [09/11/2016 02:49:33] - |A| - [2048] - C:\Windows\system32\tzres.dll
[MD5.75ED258371A0A40705B68B0EA8357A46] - [09/11/2016 02:49:56] - |A| - [187392] - C:\Windows\system32\UIAnimation.dll
[MD5.27AB472295602A88D28E21B69CBC241D] - [09/11/2016 02:49:57] - |A| - [1312256] - C:\Windows\system32\urlmon.dll
[MD5.B84BBC5FB401B06499D4CF1A6D0350EA] - [09/11/2016 02:49:50] - |A| - [41984] - C:\Windows\system32\UtcResources.dll
[MD5.5FEA608549A47841C77C0FF088D2B980] - [09/11/2016 02:49:37] - |A| - [498688] - C:\Windows\system32\vbscript.dll
[MD5.A9970042BE512C7981B36E689C5F3F9F] - [09/11/2016 09:50:21] - |A| - [1461992] - C:\Windows\system32\WdfCoInstaller01009.dll
[MD5.CBA76F0D87ED8F481CD87B023EFD64AF] - [09/11/2016 02:49:36] - |A| - [172032] - C:\Windows\system32\wdigest.dll
[MD5.57563CF814A18670233C0812D0A114C2] - [09/11/2016 02:49:48] - |A| - [230400] - C:\Windows\system32\webcheck.dll
[MD5.A1229632BF332E8B63A2F9583C575718] - [09/11/2016 02:49:56] - |A| - [2399744] - C:\Windows\system32\win32k.sys
[MD5.7D64E699ED2153099A27681C50FF6286] - [09/11/2016 02:49:52] - |A| - [497152] - C:\Windows\system32\win32spl.dll
[MD5.19465502D25C5B7D54B792E3695C2A90] - [09/11/2016 02:49:57] - |A| - [2444800] - C:\Windows\system32\wininet.dll
[MD5.8BA54B312F9BBBF40C6EE247E0C1F5EA] - [09/11/2016 02:49:34] - |A| - [50688] - C:\Windows\system32\Drivers\appid.sys
[MD5.28AF7D4427868B7CE4C00CAB1864C7F6] - [09/11/2016 02:49:50] - |A| - [68608] - C:\Windows\system32\Drivers\bowser.sys
[MD5.BDF8CB4E8D283534BCF09284B858EB17] - [11/11/2016 05:36:50] - |A| - [79624] - C:\Windows\system32\Drivers\CLVirtualBus01.sys
[MD5.7D95C87011AE03371F682E65A4A97325] - [03/11/2016 07:32:08] - |A| - [119880] - C:\Windows\system32\Drivers\CmdCCAV.sys
[MD5.2FB9B034CC55F84516A4CE5BBC8C5417] - [02/11/2016 05:23:08] - |A| - [38520] - C:\Windows\system32\Drivers\DasPtct.SYS
[MD5.BB8D5186BA1F2E44B9914E5A307797F6] - [09/11/2016 02:49:48] - |A| - [67304] - C:\Windows\system32\Drivers\ksecdd.sys
[MD5.E2B1A84325E4ABDAB65097FAB6F2A49A] - [09/11/2016 02:49:48] - |A| - [137960] - C:\Windows\system32\Drivers\ksecpkg.sys
[MD5.A1D52DB330E18B5A7A718D31D950CA87] - [04/11/2016 07:41:26] - |A| - [24448] - C:\Windows\system32\Drivers\mbam.sys
[MD5.22649DC583AE1F124C12FB1D39AE8B0B] - [04/11/2016 07:41:26] - |A| - [126336] - C:\Windows\system32\Drivers\mbamchameleon.sys
[MD5.5023F594D5448E16F920157174C61358] - [04/11/2016 07:44:51] - |A| - [170200] - C:\Windows\system32\Drivers\MBAMSwissArmy.sys
[MD5.E15146EA99447CDBD2C952CF9B792BEA] - [09/11/2016 02:49:37] - |A| - [124416] - C:\Windows\system32\Drivers\mrxsmb.sys
[MD5.131DCC8B4F67E93F41362135C5EB040F] - [09/11/2016 02:49:36] - |A| - [226304] - C:\Windows\system32\Drivers\mrxsmb10.sys
[MD5.7A150C5F144F578FAA7982646E4AF847] - [09/11/2016 02:49:36] - |A| - [98304] - C:\Windows\system32\Drivers\mrxsmb20.sys
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [09/11/2016 09:52:49] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_Kernel_CLVirtualBus01_01009.Wdf
[MD5.66DDF98174707CBADBCA6BBABDA1231C] - [04/11/2016 07:41:26] - |A| - [53120] - C:\Windows\system32\Drivers\mwac.sys
[MD5.D271C14EE0EEEA27359CD9E14E49F0DE] - [02/11/2016 05:23:11] - |A| - [50320] - C:\Windows\system32\Drivers\PSKMAD.sys
[MD5.0C997B061E3C66BD9E927C1288EB1CC7] - [16/11/2016 13:31:54] - |A| - [24688] - C:\Windows\system32\Drivers\TrueSight.sys

---------- | Drives


V:

[09/05/2011 20:08:50] - |N| - (. - Télécharge et installe VirtualBox portable.) - [301259] - (3.3.6.1) - V:\VirtualBoxPortable.exe
[04/05/2011 17:11:58] - |N| - (. - .) - [472466] - (0.8.0.2) - V:\Framakey.exe
[13/11/2016 18:10:17] - |H| - (. - .) - [16] - (0.0.0.0) - V:\AUTORUN.INF
[03/05/2011 11:24:12] - |N| - (. - .) - [2054] - (0.0.0.0) - V:\Framakey.ini

Q:

[18/04/2026 07:50:54] - |N| - (. - .) - [983040] - (0.8.0.5) - Q:\Framakey.exe
[18/04/2026 19:29:05] - |N| - (. - .) - [2141] - (0.0.0.0) - Q:\Framakey.ini

D:

[21/02/2016 18:04:14] - |A| - (.Copyright © 1999-2012 - BASS.) - [105528] - (2.4.9.0) - D:\bass.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2005-2012 by radio42: Bernd Niedergesaess, Germany. http://www.bass.radio42.com/ - bn@radio42.com - BASS.NET API for .Net.) - [638976] - (2.4.9.1) - D:\Bass.Net.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2003-2009 - BASSCD.) - [17472] - (2.4.2.0) - D:\basscd.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2004-2009 - BASSFLAC.) - [24640] - (2.4.0.3) - D:\bassflac.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2005-2009 - BASSmix.) - [16448] - (2.4.2.0) - D:\bassmix.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2012 - BASSOPUS.) - [53816] - (2.4.0.0) - D:\bassopus.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2002-2010 - BASSWMA.) - [17472] - (2.4.4.0) - D:\basswma.dll
[21/02/2016 18:04:14] - |A| - (.Copyright © 2007-2009 - BASSWV.) - [28224] - (2.4.1.3) - D:\basswv.dll
[21/02/2016 18:04:14] - |A| - (.2003-2006, MaresWEB - Apple Lossless Audio Codec add-on for the BASS library.) - [9416] - (2.4.3.0) - D:\bass_alac.dll
[21/02/2016 18:04:14] - |A| - (.2003-2006, MaresWEB - Monkey's Audio add-on for the BASS library.) - [33624] - (2.4.0.4) - D:\bass_ape.dll
[21/02/2016 18:04:14] - |A| - (.2003-2006, MaresWEB - Musepack add-on for the BASS library.) - [21320] - (2.4.1.0) - D:\bass_mpc.dll
[15/03/2016 18:18:10] - |A| - (.Copyright © 2002-2008 Canneverbe Limited - CDBXPExt.) - [69120] - (4.5.6.6059) - D:\CDBXP.dll
[21/02/2016 18:04:14] - |A| - (.  -  .) - [337408] - (13.0.0.0) - D:\LogicNP.FolderView.dll
[21/02/2016 18:04:14] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2015. All rights reserved. - StarBurn  CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3235200] - (15.5.1.4144) - D:\StarBurn.dll
[30/09/2016 11:32:50] - |A| - (. - .) - [885317632] - (0.0.0.0) - D:\CyberLinkPowerDirectorUltimateSuite15.0_Trial_PUS160812-01_TR160908-003.exe
[15/10/2016 08:27:19] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1089304] - (2.9.1.8012) - D:\CyberLink_PhotoDirector_Downloader(1).exe
[15/10/2016 08:27:19] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1031608] - (2.9.1.6109) - D:\CyberLink_PhotoDirector_Downloader.exe
[15/10/2016 08:27:47] - |A| - (. - .) - [38457] - (0.0.0.0) - D:\xpsoft.exe
[15/10/2016 08:27:47] - |A| - (. - .) - [38683] - (0.0.0.0) - D:\xpsolive.exe
[15/10/2016 08:27:47] - |A| - (. - .) - [38296] - (0.0.0.0) - D:\xpssilver.exe
[10/07/2016 18:01:41] - |A| - (. - .) - [4248] - (0.0.0.0) - D:\0x0404.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [7094] - (0.0.0.0) - D:\0x0407.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [6129] - (0.0.0.0) - D:\0x0409.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [7022] - (0.0.0.0) - D:\0x040a.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [7242] - (0.0.0.0) - D:\0x040c.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [6897] - (0.0.0.0) - D:\0x0410.ini
[10/07/2016 18:01:41] - |A| - (. - .) - [6623] - (0.0.0.0) - D:\0x0411.ini
[10/07/2016 18:01:42] - |A| - (. - .) - [5724] - (0.0.0.0) - D:\0x0412.ini
[10/07/2016 18:01:42] - |A| - (. - .) - [4315] - (0.0.0.0) - D:\0x0804.ini
[11/07/2016 07:44:52] - |A| - (. - .) - [5504] - (0.0.0.0) - D:\a2settings.ini
[11/07/2016 07:44:52] - |A| - (. - .) - [64] - (0.0.0.0) - D:\a2whitelist.ini
[22/09/2016 16:47:37] - |A| - (. - .) - [1370] - (0.0.0.0) - D:\ampa.ini
[11/04/2010 12:02:38] - |A| - (. - .) - [24] - (0.0.0.0) - D:\Config.ini
[10/07/2016 18:10:42] - |A| - (. - .) - [142] - (0.0.0.0) - D:\Custom.ini
[10/07/2016 18:31:48] - |A| - (. - .) - [40] - (0.0.0.0) - D:\Define.ini
[18/07/2016 17:18:04] - |A| - (. - .) - [282] - (0.0.0.0) - D:\desktop(1).ini
[10/07/2016 18:31:48] - |A| - (. - .) - [282] - (0.0.0.0) - D:\desktop_FromLFS_ULTRA.ini
[18/04/2026 18:29:05] - |A| - (. - .) - [2141] - (0.0.0.0) - D:\Framakey.ini
[10/07/2016 18:39:27] - |A| - (. - .) - [101] - (0.0.0.0) - D:\info.ini
[09/08/2016 15:00:26] - |A| - (. - .) - [44] - (0.0.0.0) - D:\language.ini
[11/07/2016 08:24:15] - |A| - (. - .) - [0] - (0.0.0.0) - D:\LogAnalyZer.ini
[10/07/2016 18:44:47] - |A| - (. - .) - [1953] - (0.0.0.0) - D:\Setup.ini
[05/09/2016 06:00:53] - |A| - (. - .) - [184] - (0.0.0.0) - D:\SFR_Setup.ini
[10/07/2016 18:48:12] - |A| - (. - .) - [208] - (0.0.0.0) - D:\ureg.ini
[12/05/2016 11:06:17] - |A| - (. - .) - [1598] - (0.0.0.0) - D:\UserSettings.ini
[11/07/2016 08:32:19] - |A| - (. - .) - [27] - (0.0.0.0) - D:\VTU.ini

---------- | C:

[25/09/2016 20:28:31] - |D| - [0] - C:\$GetCurrent
[10/11/2016 06:55:11] - |SHD| - [258332146] - C:\$RECYCLE.BIN
[25/09/2016 23:30:22] - |D| - [206951093] - C:\$WINDOWS.~BT
[09/09/2016 02:35:26] - |D| - [0] - C:\06668807467cb589e09e8bf1fcfcb1
[18/09/2016 02:06:07] - |D| - [0] - C:\525ce3cad3f22d0ba77c74
[12/09/2016 13:14:12] - |D| - [0] - C:\7bafec45beca5ee74b137297
[26/02/2015 13:02:11] - |D| - [0] - C:\939487a4c10585ee9361692f
[04/11/2016 21:15:10] - |D| - [429260212] - C:\AdsFix
[MD5.A1E1F6ACCE4F0723DA1D8616A3F09CD1] - [10/11/2016 07:03:21] - |A| - (. - .) - [401] - (0.0.0.0) - C:\AdsFix.txt
[MD5.A7532F07D57DC1DAB300A3DDD2E58A9C] - [04/11/2016 21:23:22] - |A| - (. - .) - [84802] - (0.0.0.0) - C:\AdsFix_05_11_2016_05_06_54.txt
[MD5.E9BD43386288210A3D8624CD5D563D40] - [05/11/2016 12:28:09] - |A| - (. - .) - [26578] - (0.0.0.0) - C:\AdsFix_10_11_2016_06_35_29.txt
[04/11/2016 04:22:29] - |D| - [22888994] - C:\AdwCleaner
[MD5.276E27C6DB55DB22343E6CB79D6B21E5] - [08/09/2016 03:52:51] - |A| - (. - .) - [221] - (0.0.0.0) - C:\amcf.lst
[02/09/2016 11:58:33] - |D| - [0] - C:\AMD
[MD5.ADE820519AB2400638458AFC15FBAB85] - [08/09/2016 03:51:50] - |N| - (. - .) - [221423] - (0.0.0.0) - C:\amldr
[MD5.53E98BA2F07A51CAFDDD40758CA03BCC] - [08/09/2016 03:51:50] - |N| - (. - .) - [9216] - (0.0.0.0) - C:\amldr.mbr
[MD5.D382765397ECAE27558AF9CFAE64D240] - [29/08/2016 13:40:17] - |N| - (. - .) - [1024] - (0.0.0.0) - C:\AMTAG.BIN
[30/09/2016 06:03:26] - |D| - [609878016] - C:\Aomei
[MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 03:04:04] - |A| - (. - .) - [24] - (0.0.0.0) - C:\autoexec.bat
[11/11/2016 14:08:19] - |RASHD| - [0] - C:\autorun.inf
[10/10/2016 05:34:37] - |D| - [21330125] - C:\AVG_Remover
[28/09/2016 05:02:58] - |RD| - [2303465787] - C:\Backup
[MD5.B17EB303DEC8EDDBB53A90FE60030B22] - [29/08/2016 13:57:25] - |A| - (. - .) - [614] - (0.0.0.0) - C:\backup.status
[29/09/2016 06:16:10] - |RD| - [2872958625] - C:\Backup1
[08/10/2016 22:11:41] - |RD| - [1554412249] - C:\Backup2
[08/10/2016 23:46:45] - |RD| - [85405784] - C:\Backup3
[24/10/2010 20:19:11] - |AD| - [86054683] - C:\book
[17/09/2010 08:22:05] - |SHD| - [14594412] - C:\Boot
[MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [17/09/2010 08:22:06] - |RASH| - (. - .) - [383562] - (0.0.0.0) - C:\bootmgr
[MD5.117A26124A6997CB68A7984E2EA6ECCE] - [17/09/2010 08:22:07] - |RASH| - (. - .) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK
[29/10/2016 07:19:40] - |D| - [31807293] - C:\CCAV
[MD5.A9BA008CDC4D4449B2E001EC43377FA2] - [06/10/2016 10:17:24] - |A| - (. - .) - [39169] - (0.0.0.0) - C:\ComboFix.txt
[28/08/2016 08:10:18] - |D| - [0] - C:\Config.Msi
[MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 03:04:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys
[02/11/2016 18:03:42] - |D| - [0] - C:\cyberlink power2go 11 essentials setup
[MD5.C596CC91D80EEEA987EA5B7A7DBCEAE3] - [09/09/2016 04:11:14] - |A| - (. - .) - [2021] - (0.0.0.0) - C:\DelFix.txt
[14/07/2009 05:53:55] - |SD| - [0] - C:\Documents and Settings
[MD5.0B9661150BED1BAD84E0F01ABB163B77] - [03/11/2016 05:17:48] - |A| - (. - .) - [1690] - (0.0.0.0) - C:\EamClean.log
[MD5.DE2DEB07ACD63D082DE01FBA598CF6EA] - [28/09/2016 14:25:53] - |N| - (. - .) - [420352] - (0.0.0.0) - C:\EUMONBMP.SYS
[04/09/2016 15:43:20] - |D| - [0] - C:\EverySync
[25/09/2016 19:31:40] - |D| - [6042900] - C:\f98df656cd17360116c2
[05/11/2016 05:53:13] - |D| - [65133986] - C:\FRST
[MD5.9B03A0A3A1DA5B77715AA08A4D90B9B9] - [04/09/2016 21:58:37] - |A| - (. - .) - [537] - (0.0.0.0) - C:\GUDownLoaddebug.txt
[17/09/2010 07:58:43] - |D| - [692202] - C:\Intel
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 19:15:06] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\IO.SYS
[11/10/2016 15:06:16] - |D| - [350447857] - C:\Local Disk D_10112016166
[30/09/2016 04:29:03] - |D| - [696924935] - C:\Local Disk D_9302016529
[02/11/2016 04:39:27] - |D| - [429893194] - C:\Local Disk E_1122016439
[02/11/2016 17:11:22] - |D| - [269252] - C:\Look_my_hardware
[MD5.422337524EBE9AFAEFB72B0E075743BB] - [16/11/2016 15:20:34] - |A| - (. - .) - [24974] - (0.0.0.0) - C:\Look_my_hardware.tmp
[06/11/2016 10:10:27] - |D| - [920894] - C:\MARMITON
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [31/08/2016 19:15:06] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\MSDOS.SYS
[18/09/2016 06:40:39] - |D| - [0] - C:\My Works
[17/09/2010 08:16:45] - |D| - [2596629118] - C:\OEM
[MD5.625E75E2C696B92977FCCA2493921D7C] - [30/09/2016 06:12:19] - |N| - (. - .) - [212] - (0.0.0.0) - C:\okcf.lst
[MD5.C72D3673633FA8266CF4BAAAB660E813] - [30/09/2016 06:12:15] - |N| - (. - .) - [271626] - (0.0.0.0) - C:\okldr
[MD5.85360C0354019E3CC8618D5BA654F0AE] - [30/09/2016 06:12:15] - |N| - (. - .) - [8192] - (0.0.0.0) - C:\okldr.mbr
[MD5.984C0D8BB6372751AB363F10AFB5006E] - [07/09/2016 11:46:41] - |N| - (. - .) - [1024] - (0.0.0.0) - C:\OKTAG.BIN
[31/10/2016 13:20:27] - |D| - [475163183] - C:\OTLPE_7
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/10/2016 15:17:17] - |ASH| - (. - .) - [1073741824] - (0.0.0.0) - C:\pagefile.sys
[28/08/2016 19:31:24] - |D| - [8934] - C:\PCPinBackup
[28/08/2016 10:24:34] - |D| - [157697599] - C:\PcPinPoint
[MD5.4C195369353F6C531511481686B93C10] - [02/11/2016 09:46:01] - |A| - (. - .) - [13030] - (0.0.0.0) - C:\PDOXUSRS.NET
[14/07/2009 03:37:05] - |D| - [0] - C:\PerfLogs
[06/10/2016 08:04:25] - |D| - [279511059] - C:\Pre_Scan
[MD5.512E4125551A35D1D33928A74BB318F2] - [13/11/2016 18:45:11] - |A| - (. - .) - [12522] - (0.0.0.0) - C:\Pre_Scan.txt
[MD5.B2CF7FBBAA9EC4FAC658A19DE1CC869A] - [06/10/2016 09:00:17] - |RA| - (. - .) - [11005] - (0.0.0.0) - C:\Pre_Scan_06_10_2016_10_00_14.txt
[MD5.B95D6BD2601EBBC4A3F01C0563EC6AA8] - [28/10/2016 14:32:05] - |RA| - (. - .) - [17512] - (0.0.0.0) - C:\Pre_Scan_28_10_2016_15_32_03.txt
[14/07/2009 03:37:05] - |RD| - [18673346611] - C:\Program Files
[14/07/2009 03:37:05] - |HD| - [41336110626] - C:\ProgramData
[06/10/2016 09:37:16] - |D| - [6331] - C:\Qoobox
[06/10/2016 07:07:07] - |D| - [263040] - C:\QuickDiag
[MD5.3445F4A856EB2950DE095595DD0319A4] - [16/11/2016 12:58:06] - |A| - (. - .) - [270019] - (0.0.0.0) - C:\QuickDiag.txt
[MD5.7B1661D048B40CC499FCA6E044A9EE6E] - [02/11/2016 09:13:45] - |RA| - (. - .) - [408224] - (0.0.0.0) - C:\QuickDiag_02_11_2016_09_13_45.txt
[MD5.119DEA95967F8B5FA58A76E65E5CFEDD] - [01/09/2016 06:44:36] - |A| - (. - .) - [7850] - (0.0.0.0) - C:\QuickScript.txt
[08/10/2016 20:55:23] - |SHD| - [260722713] - C:\Recovery
[MD5.EA4376CB4253876D1E0F92CADAFEB4DA] - [14/11/2016 04:41:12] - |A| - (. - .) - [298342] - (0.0.0.0) - C:\Reflect_Install.log
[MD5.B445840B0BA1C7E9677CED423BEE24E4] - [10/10/2016 06:29:12] - |A| - (. - .) - [9112] - (0.0.0.0) - C:\Rem-VBS.log
[27/09/2016 11:31:30] - |D| - [2324] - C:\Rem-VBSqt
[MD5.70A86849D2637DC3D597351A2F62834A] - [17/09/2010 08:10:23] - |A| - (. - .) - [2089] - (0.0.0.0) - C:\RHDSetup.log
[10/10/2016 12:06:10] - |D| - [199198] - C:\rsit
[MD5.F2F6D8EFA639F5C94C8ADD89DB2CC060] - [20/09/2016 05:11:43] - |A| - (. - .) - [167744028] - (0.0.0.0) - C:\Sauv.reg
[10/10/2016 07:40:16] - |D| - [0] - C:\Sauvegarde Personnelle
[24/10/2010 20:12:46] - |SHD| - [10653289744] - C:\System Volume Information
[01/09/2016 01:52:39] - |D| - [1006812] - C:\UnZacMe
[MD5.BA4A69160520FD0589DBBECF096F00E3] - [01/09/2016 02:04:07] - |A| - (. - .) - [852] - (0.0.0.0) - C:\UnZacMe_01_09_2016_03.13.13.txt
[05/11/2016 07:55:33] - |D| - [55818181] - C:\UsbFix
[14/07/2009 03:37:05] - |RD| - [196200816924] - C:\Users
[25/10/2016 13:08:22] - |D| - [50512964] - C:\VTRoot
[12/07/2007 02:48:01] - |AD| - [16483183956] - C:\Windows
[02/09/2016 12:20:25] - |D| - [15993174] - C:\Windows10Upgrade
[MD5.28CDA470820B7034DAE22D421802DAE0] - [02/11/2016 06:26:21] - |A| - (. - .) - [4391] - (0.0.0.0) - C:\WinsockAnalyzer_02_11_2016_06_26_21.txt
[MD5.B4D3339A36FFECB8AE98EB1CA10CDFEF] - [02/11/2016 07:25:17] - |A| - (. - .) - [4391] - (0.0.0.0) - C:\WinsockAnalyzer_02_11_2016_07_25_17.txt
[MD5.BAA43DE37A73889CADBBC6B9758E6DE2] - [28/09/2016 15:11:38] - |N| - (. - .) - [4096] - (0.0.0.0) - C:\{7D0720F7-E16E-4D09-BCAA-BD3E9E12ABD4}.CBM

---------- | C:\Windows

[MD5.065919847CF1C1C0A1C5F63C488EB54B] - [17/09/2010 08:26:45] - |A| - (. - .) - [33] - (0.0.0.0) - C:\Windows\0
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/09/2010 07:57:00] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\Acer.tag
[14/07/2009 05:52:30] - |D| - [802] - C:\Windows\addins
[14/07/2009 03:37:05] - |D| - [11893469] - C:\Windows\AppCompat
[14/07/2009 03:37:05] - |D| - [9916402] - C:\Windows\AppPatch
[14/07/2009 03:37:05] - |RSD| - [655963090] - C:\Windows\assembly
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [02/11/2016 04:28:30] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\BcdLog.txt
[MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [09/10/2016 16:40:43] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[14/07/2009 03:37:06] - |D| - [18320680] - C:\Windows\Boot
[MD5.7186B8E3DD2E58A4A5F682BC7BD382DA] - [14/07/2009 05:57:37] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[14/07/2009 03:37:06] - |D| - [3233280] - C:\Windows\Branding
[MD5.6FBB766EB79F9EED3684194EEAF838DF] - [09/10/2016 00:26:43] - |A| - (. - .) - [11453] - (0.0.0.0) - C:\Windows\ChangeLang_Done.tag
[MD5.3A12D0855904754EB55D5A05BD301683] - [17/09/2010 02:45:55] - |A| - (. - .) - [10] - (0.0.0.0) - C:\Windows\CSUP.TXT
[14/07/2009 03:37:06] - |D| - [2113488] - C:\Windows\Cursors
[14/07/2009 05:34:21] - |D| - [1476] - C:\Windows\debug
[06/10/2009 03:29:32] - |AD| - [254527] - C:\Windows\DeployWinRE2
[MD5.7B70EC48E190983EC0A932F900A19C8A] - [08/10/2016 15:39:39] - |A| - (. - .) - [15318] - (0.0.0.0) - C:\Windows\devices.txt
[14/07/2009 05:52:30] - |D| - [3042330] - C:\Windows\diagnostics
[14/07/2009 05:56:48] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.8ADFBF6532E42E242603F4A0C78B44E3] - [09/10/2016 06:23:54] - |A| - (. - .) - [66560] - (0.0.0.0) - C:\Windows\dm.batch.ops
[17/09/2010 08:17:21] - |D| - [12505585] - C:\Windows\Downloaded Installations
[14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files
[MD5.E7CCB395344AF1C555C45E55C149A773] - [17/09/2010 08:18:36] - |A| - (.Copyright (C) 2004 - EMCRI DLL.) - [361808] - (1.0.0.3) - C:\Windows\EMCRI_E.dll
[MD5.EB16EC4A73332744481168D8699DB101] - [11/10/2016 14:54:47] - |AH| - (. - .) - [1423] - (0.0.0.0) - C:\Windows\EPMBatch.ept
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - [15/10/2016 01:58:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2972672] - (6.1.7601.23537) - C:\Windows\explorer.exe
[MD5.F38B53088F3200BC9B8037DBA400F0AA] - [08/10/2016 15:38:21] - |A| - (. - .) - [113264] - (0.0.0.0) - C:\Windows\FixUVC.exe
[14/07/2009 03:37:06] - |RSD| - [356751491] - C:\Windows\Fonts
[09/10/2016 00:20:22] - |D| - [142336] - C:\Windows\fr-FR
[MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 00:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[14/07/2009 03:37:06] - |D| - [83144388] - C:\Windows\Globalization
[14/07/2009 03:37:06] - |D| - [38934178] - C:\Windows\Help
[MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe
[MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 01:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe
[14/07/2009 03:37:06] - |D| - [143547244] - C:\Windows\IME
[14/07/2009 03:37:06] - |D| - [128476670] - C:\Windows\inf
[17/09/2010 08:17:22] - |SHD| - [825524953] - C:\Windows\Installer
[14/07/2009 03:37:06] - |D| - [48371] - C:\Windows\L2Schemas
[14/07/2009 03:37:06] - |D| - [0] - C:\Windows\LiveKernelReports
[MD5.EF3024328398C07DE0BDF35B67ABEC68] - [17/09/2010 07:57:27] - |A| - (. - .) - [172] - (0.0.0.0) - C:\Windows\LMv4.UNI
[14/07/2009 03:37:06] - |D| - [43088485] - C:\Windows\Logs
[14/07/2009 03:37:06] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 00:55:01] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[14/07/2009 03:37:07] - |D| - [903381521] - C:\Windows\Microsoft.NET
[09/10/2016 10:11:44] - |D| - [2759] - C:\Windows\Migration
[MD5.A8BF8A76DA1BDCAEFB65F2F987BCA8C5] - [23/04/2009 05:44:23] - |A| - (. - .) - [2572] - (0.0.0.0) - C:\Windows\MOD01OPK04000H0001.enc
[MD5.1162C16DCAF8288ADF7CB74DE472A107] - [17/09/2010 02:46:01] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\MOD01SET00000000MU.enc
[MD5.E551DAEAF6F19A8FCFA8E0D689870CD3] - [17/09/2010 08:21:10] - |A| - (. - .) - [2008] - (0.0.0.0) - C:\Windows\MOD01SET5K000G0002.enc
[MD5.448CA8C1E3F648FFEF53645B511C5F74] - [06/10/2009 21:46:28] - |A| - (. - .) - [2476] - (0.0.0.0) - C:\Windows\MOD01SET74FR0H0003.enc
[MD5.013985963D7C6010B033A70E452292BA] - [17/09/2010 08:21:10] - |A| - (. - .) - [2048] - (0.0.0.0) - C:\Windows\MOD01SET75000H0005.enc
[MD5.24D9E3329D9625546EDD7EEB46B33E9A] - [17/09/2010 08:21:10] - |A| - (. - .) - [2168] - (0.0.0.0) - C:\Windows\MOD01SET78000G0018.enc
[14/07/2009 03:37:07] - |D| - [0] - C:\Windows\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 03:04:57] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[09/10/2016 00:10:55] - |D| - [10135495] - C:\Windows\NAPP_Dism_Log
[MD5.D0B21C17A8FD3C4D452016AB5E640A58] - [06/10/2009 03:29:32] - |A| - (. - .) - [741] - (0.0.0.0) - C:\Windows\NewDeployWinRE.cmd
[MD5.A4F6DF0E33E644E802C8798ED94D80EA] - [15/10/2016 02:09:18] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7601.18917) - C:\Windows\notepad.exe
[MD5.9E6045358C1993946B9ED59B8B7EBEE2] - [10/11/2016 17:30:27] - |A| - (. - .) - [302690] - (0.0.0.0) - C:\Windows\ntbtlog.txt
[17/09/2010 08:31:33] - |D| - [229807] - C:\Windows\oem
[17/09/2010 08:36:37] - |D| - [499712] - C:\Windows\OEMTemp
[14/07/2009 05:52:30] - |D| - [65] - C:\Windows\Offline Web Pages
[17/09/2010 08:13:51] - |D| - [0] - C:\Windows\Options
[MD5.2111735B3E6EC26DD560B262E2B6643D] - [02/11/2016 04:29:09] - |A| - (. - .) - [28] - (0.0.0.0) - C:\Windows\OutLog.txt
[12/07/2007 02:49:28] - |D| - [1567672] - C:\Windows\Panther
[MD5.ACA81BF682ED2907FCEDF4A359BB8E1B] - [17/09/2010 08:37:39] - |A| - (. - .) - [70] - (0.0.0.0) - C:\Windows\patch.loag
[08/10/2016 15:50:23] - |D| - [0] - C:\Windows\PCHEALTH
[14/07/2009 05:52:30] - |D| - [62054114] - C:\Windows\Performance
[MD5.6DE04A66A93C9D5A3B05EFFDD59DFB4A] - [28/10/2016 11:35:59] - |A| - (. - .) - [26110] - (0.0.0.0) - C:\Windows\PFRO.log
[MD5.C4929C7C4BE57AF744E315B239F61F07] - [08/10/2016 15:38:21] - |A| - (. - .) - [302] - (0.0.0.0) - C:\Windows\PidList_C.ini
[14/07/2009 03:37:07] - |D| - [1132015] - C:\Windows\PLA
[MD5.EADCEB89DD46DA2A5560CA2AF016A6A6] - [08/10/2016 15:38:21] - |A| - (.Copyright (C) 2007 - DefaultSettingEXE MFC Application.) - [206208] - (1.1.0.1) - C:\Windows\PLFSetI.exe
[14/07/2009 03:37:07] - |D| - [2949263] - C:\Windows\PolicyDefinitions
[17/09/2010 07:23:21] - |D| - [54426530] - C:\Windows\Prefetch
[MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 00:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe
[14/07/2009 03:37:07] - |D| - [21544] - C:\Windows\registration
[14/07/2009 03:37:07] - |D| - [10251613] - C:\Windows\rescache
[14/07/2009 03:37:07] - |D| - [1662787] - C:\Windows\Resources
[MD5.C8717886B101DFEF52EBC243C1706801] - [17/09/2010 08:10:23] - |A| - (.Copyright (C) 2010 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1251944] - (1.0.2.4) - C:\Windows\RtlExUpd.dll
[14/07/2009 03:37:07] - |D| - [0] - C:\Windows\SchCache
[14/07/2009 03:37:07] - |D| - [58021] - C:\Windows\schemas
[14/07/2009 03:37:07] - |D| - [5267916] - C:\Windows\security
[14/07/2009 05:34:13] - |D| - [61810990] - C:\Windows\ServiceProfiles
[14/07/2009 03:37:07] - |D| - [69695139] - C:\Windows\servicing
[14/07/2009 05:34:16] - |D| - [457] - C:\Windows\Setup
[MD5.A76C27294C20EC4AC0A871644BD3B4A7] - [28/10/2016 06:35:43] - |A| - (. - .) - [2794] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [28/10/2016 06:35:44] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[31/10/2016 03:21:23] - |D| - [312] - C:\Windows\ShellNew
[08/10/2016 15:20:34] - |D| - [1035911047] - C:\Windows\SoftwareDistribution
[14/07/2009 03:37:07] - |D| - [70586312] - C:\Windows\Speech
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 05:48:09] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[14/07/2009 03:37:07] - |D| - [700380] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 03:04:23] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini
[12/07/2007 02:51:11] - |D| - [3032563843] - C:\Windows\System32
[14/07/2009 03:37:09] - |D| - [15] - C:\Windows\TAPI
[14/07/2009 03:37:09] - |D| - [21602] - C:\Windows\Tasks
[14/07/2009 03:37:09] - |D| - [48816] - C:\Windows\Temp
[14/07/2009 03:37:09] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 22:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[14/07/2009 05:52:30] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [09/10/2016 16:40:52] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 23:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 01:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.B38882E54F783A2C37946C27091DC8B4] - [17/09/2010 08:18:30] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\Windows\UNINSTLMv4.EXE
[14/07/2009 03:37:09] - |D| - [12420] - C:\Windows\Vss
[MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 08:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\vssMgr.exe
[14/07/2009 03:37:09] - |D| - [1278600] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 03:04:23] - |A| - (. - .) - [403] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 05:41:57] - |RA| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.08024C4811DB8EFBB12F96F214F9DEF6] - [08/10/2016 15:20:34] - |A| - (. - .) - [1892949] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 21:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe
[MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 01:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[14/07/2009 03:37:09] - |D| - [8796554270] - C:\Windows\winsxs
[MD5.360A166B4DD11DFD897F73F5410FDEE2] - [17/04/2010 00:28:46] - |A| - (.© 2008 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\Windows\WLXPGSS.SCR
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 22:34:23] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 00:41:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 22:30:30] - |A| - (. - .) - [707] - (0.0.0.0) - C:\Windows\_default.pif
[MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [08/10/2016 15:52:21] - |A| - (. - .) - [20] - (0.0.0.0) - C:\Windows\ˆù‘

---------- | Systemroot\System

[14/07/2009 00:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll     (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL)
[14/07/2009 00:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll     (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library)
[13/07/2009 22:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL     (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries)
[13/07/2009 22:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv     (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module)
[13/07/2009 21:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll     (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library)
[14/07/2009 00:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv     (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI)
[14/07/2009 00:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv     (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer)
[14/07/2009 00:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv     (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio)
[13/07/2009 22:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL     (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia)
[13/07/2009 22:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk     (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module)
[13/07/2009 22:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv     (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module)
[10/06/2009 22:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll     (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL)
[13/07/2009 21:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll     (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library)
[13/07/2009 22:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL     (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library)
[13/07/2009 22:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL     (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library)
[13/07/2009 22:41:23] - |A| - [1744] - C:\Windows\System\sound.drv     (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module)
[13/07/2009 23:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb     (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library)
[13/07/2009 22:41:21] - |A| - [3360] - C:\Windows\System\system.drv     (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component)
[13/07/2009 22:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV     (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles)
[13/07/2009 21:29:46] - |A| - [9008] - C:\Windows\System\ver.dll     (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries)
[13/07/2009 22:41:26] - |A| - [2176] - C:\Windows\System\vga.drv     (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module)
[13/07/2009 22:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV     (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver)

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[02/11/2016 18:02:06] - C:\Windows\Installer\129e64.msi : (e-Carte Bleue LCL - e-Carte Bleue LCL)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/07/2010 03:28:52] - C:\Windows\Installer\13ff97.msi : (MSI Database - Insyde)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/11/2016 05:34:20] - C:\Windows\Installer\153eb8.msi : (Google Chrome Installer - Google, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/11/2016 05:35:19] - C:\Windows\Installer\153ebd.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/11/2016 08:33:31] - C:\Windows\Installer\169cb4.msi : (COMODO Cloud Antivirus - COMODO)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/10/2016 04:40:14] - C:\Windows\Installer\1ad401.msi : (GeekBuddy - Comodo Security Solutions Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/11/2016 04:38:07] - C:\Windows\Installer\2590433.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2015 13:23:16] - C:\Windows\Installer\31fed72.msi : (Intel(R) Chipset Device Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/09/2010 08:17:21] - C:\Windows\Installer\3c5f1.msi : (eSobi - esobi Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/09/2016 09:24:13] - C:\Windows\Installer\714ed2.msi : (Blank Project Template - CyberLink Corp.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]