--------------- QuickDiag | g3n-h@ckm@n | V3_01.06.17.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 23/06/2017 04:28:03 Updated 01/06/2017 | 06.50 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+01:00) Bruxelles, Copenhague, Madrid, Paris [widen-finalis (Administrator)] - [YOUCAM8WAIT] (S-1-5-21-4183021106-2149456055-877251859-1000) System: Microsoft Windows 7 Édition Starter - Service Pack 1 - (6.1.7601) - BuildType: Multiprocessor Free - OSLanguage: 1036 (040c) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 7 Édition Starter |C:\Windows|\Device\Harddisk0\Partition3 Boot : Normal boot PC: AOD255 - Acer - IdNumber: LUSDG0D0170426EC0E1601 - UUID: 364EE69C-9C82-9CB1-2111-1C750822B622 Processor : X64 - 1662 Mhz - Intel(R) Atom(TM) CPU N450 @ 1.66GHz InsydeH2O Version V3.08(DDR2) - - Acer - S/N: LUSDG0D0170426EC0E1601 - V3.08(DDR2) - ACRSYS - 1 CoreTemp : 60 Celsius ----------| Extended ---------- | SoundDevice Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0272&SUBSYS_10250349&REV_1000\4&350CB3CC&0&0001 ---------- | Video Intel(R) Graphics Media Accelerator 3150 - Resolution: 1024x600 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A011&SUBSYS_03491025&REV_00\3&33FD14CA&0&10 - AdapterCompatibility: Intel Corporation - RAM: 268435456 Intel(R) Graphics Media Accelerator 3150 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController2 - Drivers: igdumdx32.dll - PNPDeviceID: PCI\VEN_8086&DEV_A012&SUBSYS_03491025&REV_00\3&33FD14CA&0&11 - AdapterCompatibility: Intel Corporation - RAM: mv video hook driver2 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController3 - Drivers: - PNPDeviceID: ROOT\DISPLAY\0000 - AdapterCompatibility: UVNC BVBA - RAM: CyberLink Mirror Driver - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController4 - Drivers: - PNPDeviceID: ROOT\DISPLAY\0001 - AdapterCompatibility: CyberLink - RAM: Inegrated Video Chipset DeviceName: Intel(R) Graphics Media Accelerator 3150 - DriverVersion: 8.14.10.2117 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 18432 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 50176 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22528 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 23552 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 12288 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 31744 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13312 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 64000 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\iccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Radius Inc. - Status: OK c:\windows\system32\sirenacm.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 48464 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsc2_codec32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 234496 - Manufacturer: TechSmith Corporation - Status: OK c:\windows\system32\tsccvid.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 592384 - Manufacturer: TechSmith Corporation - Status: OK c:\windows\system32\vct3216.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 82944 - Manufacturer: Voxware, Inc. - Status: OK c:\windows\system32\scg726.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 13239 - Manufacturer: SHARP Corporation - Status: OK c:\windows\system32\alf2cd.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: NCT Company - Status: OK c:\windows\system32\lame.ax - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 245760 - Manufacturer: - Status: OK c:\windows\system32\mcdvd_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 261632 - Manufacturer: MainConcept - Status: OK c:\windows\system32\mpg4c32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 413760 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\divx.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 638976 - Manufacturer: DivXNetworks, Inc. - Status: OK c:\windows\system32\vp6vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 438272 - Manufacturer: On2.com - Status: OK c:\windows\system32\xvidvfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 235520 - Manufacturer: - Status: OK c:\windows\system32\x264vfw.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 3525120 - Manufacturer: x264vfw project - Status: OK c:\windows\system32\lagarith.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 216064 - Manufacturer: - Status: OK c:\windows\system32\divxa32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 291408 - Manufacturer: Packed With Joy ! - Status: OK c:\windows\system32\l3codecp.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 220672 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK ---------- | CPU CPU #1 value:100 % CPU #2 value:100 % Total Overall CPU Usage value:100 % ---------- | Network Atheros AR8152 PCI-E Fast Ethernet Controller [NDIS 6.20] : SENT:0 bytes/sec / RECVD:0 bytes/sec Carte de bouclage Microsoft : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] WiFi Link 1000 BGN : SENT:236 bytes/sec / RECVD:236 bytes/sec Overall -> SEND Maxium:100 bytes/sec, / RECEIVE Maximum:236 bytes/sec WAN Miniport (SSTP) - - Microsoft - Status: - PnPID : ROOT\MS_SSTPMINIPORT\0000 WAN Miniport (IKEv2) - - Microsoft - Status: - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000 WAN Miniport (L2TP) - - Microsoft - Status: - PnPID : ROOT\MS_L2TPMINIPORT\0000 WAN Miniport (PPTP) - - Microsoft - Status: - PnPID : ROOT\MS_PPTPMINIPORT\0000 WAN Miniport (PPPOE) - - Microsoft - Status: - PnPID : ROOT\MS_PPPOEMINIPORT\0000 WAN Miniport (IPv6) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIPV6\0000 WAN Miniport (Network Monitor) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANBH\0000 Atheros AR8152 PCI-E Fast Ethernet Controller (NDIS 6.20) - Ethernet 802.3 - Atheros - Status: - PnPID : PCI\VEN_1969&DEV_2060&SUBSYS_03491025&REV_C1\4&16969C7D&0&00E0 WAN Miniport (IP) - - Microsoft - Status: - PnPID : ROOT\MS_NDISWANIP\0000 Carte de bouclage Microsoft - Ethernet 802.3 - Microsoft - Status: - PnPID : ROOT\NET\0000 RAS Async Adapter - - - Status: - PnPID : Intel(R) WiFi Link 1000 BGN - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&6FF3C1D&0&00E1 Microsoft Teredo Tunneling Adapter - - Microsoft - Status: - PnPID : ROOT\*TEREDO\0000 ---------- | Memory RAM = Total (MB) : 1037 | Free (MB) : 189 Pagefile = Total (MB) : 2086 | Free (MB) : 414 Virtual = Total (MB) : 2097 | Free (MB) : 1951 Physical Memory 0 : Capacity: 1073741824 - DIMM0 - Posit.: 0 - Manufacturer: AD00000000000000 - PartNumber: 48594D503131325336344350362D53362020 - S/N: 53733B47 ---------- | SID Users Acronis Agent User : [S-1-5-21-4183021106-2149456055-877251859-1002] Administrateur : [S-1-5-21-4183021106-2149456055-877251859-500] Invité : [S-1-5-21-4183021106-2149456055-877251859-501] widen-finalis : [S-1-5-21-4183021106-2149456055-877251859-1000] Administrateurs : [S-1-5-32-544] IIS_IUSRS : [S-1-5-32-568] Invités : [S-1-5-32-546] Lecteurs des journaux d’événements : [S-1-5-32-573] Utilisateurs : [S-1-5-32-545] Utilisateurs de l’Analyseur de performances : [S-1-5-32-558] Utilisateurs du journal de performances : [S-1-5-32-559] Utilisateurs du modèle COM distribué : [S-1-5-32-562] Acronis Remote Users : [S-1-5-21-4183021106-2149456055-877251859-1001] ---------- | SystemAccounts Name: Tout le monde - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATEUR PROPRIETAIRE - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: GROUPE CREATEUR - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: DROITS DU PROPRIÉTAIRE - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: LIGNE - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: RESEAU - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: TACHE - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIF - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: Proxy - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: Système - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Utilisateurs authentifiés - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: UTILISATEUR TERMINAL SERVER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: SERVICE LOCAL - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: SERVICE RÉSEAU - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives A:\ -> [Fixed] | [youcam 8 setup] | Total : 1.96 Go | Free : 1.87 Go -> NTFS [ATA] C:\ -> [Fixed] | [Acer] | Total : 211.06 Go | Free : 123.58 Go -> NTFS [ATA] E:\ -> [Removable] | [STYLO ESPIO] | Total : 3.7 Go | Free : 3.6 Go -> FAT32 [USB] F:\ -> [Removable] | [WINUSB W10] | Total : 3.69 Go | Free : 0.36 Go -> exFAT [USB] G:\ -> [Removable] | [TRANSCEND] | Total : 0.24 Go | Free : 0.03 Go -> FAT [USB] H:\ -> [Removable] | [reset pass] | Total : 476.7 Go | Free : 476.67 Go -> exFAT [USB] I:\ -> [Removable] | [] | Total : 28.96 Go | Free : 28.92 Go -> FAT32 [USB] J:\ -> [Removable] | [RASPBIAN] | Total : 0.04 Go | Free : 0.02 Go -> FAT32 [USB] K:\ -> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 74.31 Go -> NTFS [USB] L:\ -> [Fixed] | [VERBATIM] | Total : 465.6 Go | Free : 249.69 Go -> NTFS [USB] M:\ -> [Fixed] | [reason antimalwares] | Total : 0.07 Go | Free : 0 Go -> NTFS [USB] N:\ -> [Fixed] | [youcam 8 & photodir 9] | Total : 0.05 Go | Free : 0.02 Go -> NTFS [USB] O:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 15.34 Go -> exFAT [USB] R:\ -> [Removable] | [MYLINUXLIVE] | Total : 14.42 Go | Free : 11.58 Go -> FAT32 [USB] S:\ -> [Fixed] | [power2go 11] | Total : 0.03 Go | Free : 0.02 Go -> NTFS [USB] T:\ -> [Removable] | [UUI] | Total : 14.42 Go | Free : 13.96 Go -> FAT32 [USB] X:\ -> [Fixed] | [SYSTEM & ANDROID] | Total : 4.1 Go | Free : 1.68 Go -> NTFS [ATA] Z:\ -> [Fixed] | [youcam 8 programfiles] | Total : 2.77 Go | Free : 2.68 Go -> NTFS [ATA] Disk Usage Information [14 total Physical Disks] Physical Drive #0 [X:, C:, A:, Z:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [H:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [T:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [O:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #4 [K:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, J:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, L:, N:, S:, M:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #5 [P:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #6 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #7 [I:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #8 [Q:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #9 [R:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [, E:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 1 Part. - PnPID : EUCR\UB6250\COMBO_DRIVE DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 5 Part. - PnPID : IDE\DISKHITACHI_HTS545025B9A300_________________PB2OC60F\4&1BE3E953&0&0.0.0 DeviceID: \\.\PHYSICALDRIVE12 - Status: OK - USB - External hard disk media - 4 Part. - PnPID : USBSTOR\DISK&VEN_FUJITSU&PROD_MJA2500BH_G2&REV_\68300019430B&0 DeviceID: \\.\PHYSICALDRIVE11 - Status: OK - USB - Removable Media - 2 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_0815\000000000004&0 DeviceID: \\.\PHYSICALDRIVE13 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_9454\7&35F057B8&0 DeviceID: \\.\PHYSICALDRIVE6 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&0 DeviceID: \\.\PHYSICALDRIVE7 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&1 DeviceID: \\.\PHYSICALDRIVE8 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_GENERIC&PROD_STORAGE_DEVICE&REV_TS29\000000000017&2 DeviceID: \\.\PHYSICALDRIVE10 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_GENPLUS&PROD_USB-MSDC_DISK_A&REV_1.00\7&368B17D4&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_2.0&REV_1.00\C860008863DBC0B0CA0B3B01&0 DeviceID: \\.\PHYSICALDRIVE9 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_PMAP\001A4D5E84E6B05079526B2F&0 DeviceID: \\.\PHYSICALDRIVE5 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV_1.00\121220130416&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - Removable Media - 1 Part. - PnPID : USBSTOR\DISK&VEN_SANDISK&PROD_WIRELESS_STICK&REV_1\D0E40BF4E788&0 DeviceID: \\.\PHYSICALDRIVE4 - Status: OK - USB - External hard disk media - 1 Part. - PnPID : USBSTOR\DISK&VEN_WD&PROD_MY_PASSPORT_0827&REV_1012\575831314438354450483744&0 ---------- | Windows updates Last detection : 2016-12-20 00:55:28 Downloaded last ones : 2016-12-21 15:45:07 Installed last ones : 2017-02-04 12:34:33 Next search : 2017-06-23 00:27:07 Test 1 : Windows Is Activated ---------- | Browsers Default : "C:\Program Files\Comodo\Dragon\dragon.exe" -- "" ---------- | FlashPlayer FlashPlayer ActiveX : 10.1.82.76 ---------- | Security AV : AS : Windows Defender Disabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 360 | [Owner : Système | Parent : 4(System) | 0.05 Mo] - (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.19135) = C:\Windows\System32\smss.exe [17/12/2016 07:02:51] CPU Usage:0 % 524 | [Owner : Système | Parent : 456() | 1.48 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 % 576 | [Owner : Système | Parent : 456() | 0.08 Mo] - (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe [14/07/2009 01:36:49] CPU Usage:0 % 584 | [Owner : Système | Parent : 568() | 7.01 Mo] - (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe [14/07/2009 01:11:09] CPU Usage:0 % 644 | [Owner : Système | Parent : 568() | 1.1 Mo] - (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe [17/12/2016 06:53:40] CPU Usage:0 % 680 | [Owner : Système | Parent : 576(wininit.exe) | 3.7 Mo] - (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7601.18829) = C:\Windows\System32\services.exe [17/12/2016 07:01:23] CPU Usage:0 % 696 | [Owner : Système | Parent : 576(wininit.exe) | 5.25 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.19135) = C:\Windows\System32\lsass.exe [17/12/2016 07:02:51] CPU Usage:0 % 704 | [Owner : Système | Parent : 576(wininit.exe) | 1.35 Mo] - (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe [14/12/2016 19:48:33] CPU Usage:0 % 804 | [Owner : Système | Parent : 680(services.exe) | 3.27 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 872 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 3.36 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 928 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 6.72 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1000 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 7.56 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1052 | [Owner : Système | Parent : 680(services.exe) | 42.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1092 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 5.26 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1136 | [Owner : Système | Parent : 680(services.exe) | 15.89 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:15 % 1188 | [Owner : Système | Parent : 680(services.exe) | 0.12 Mo] - (.The Within Network, LLC - Unsigned Themes Service.) - (0.0.2.0) = C:\Windows\UnsignedThemesSvc.exe [13/07/2009 01:07:48] CPU Usage:0 % 1536 | [Owner : Système | Parent : 680(services.exe) | 1.92 Mo] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe [14/12/2016 19:48:02] CPU Usage:0 % 1580 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 3.78 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1696 | [Owner : Système | Parent : 680(services.exe) | 2.55 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1724 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 1.53 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1764 | [Owner : Système | Parent : 680(services.exe) | 0.06 Mo] - (. - .) - (0.0.0.0) = C:\Windows\System32\NMSAccessU.exe [08/06/2017 06:07:21] CPU Usage:0 % 1904 | [Owner : SERVICE LOCAL | Parent : 680(services.exe) | 0.24 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 1948 | [Owner : Système | Parent : 680(services.exe) | 3.15 Mo] - (.WiseCleaner.com - Wise Driver Care.) - (1.0.613.1001) = C:\Program Files\Wise\Wise Driver Care\wdcservice.exe [18/06/2017 10:14:03] CPU Usage:0 % 1660 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 0.16 Mo] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe [14/07/2009 01:19:28] CPU Usage:0 % 2184 | [Owner : SERVICE LOCAL | Parent : 1052(svchost.exe) | 0.52 Mo] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe [18/12/2016 07:25:09] CPU Usage:0 % 2832 | [Owner : Système | Parent : 680(services.exe) | 47.44 Mo] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe [17/12/2016 07:07:00] CPU Usage:8 % 3156 | [Owner : widen-finalis | Parent : 680(services.exe) | 5.06 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [18/12/2016 04:34:55] CPU Usage:0 % 3476 | [Owner : widen-finalis | Parent : 1052(svchost.exe) | 1.67 Mo] - (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe [14/07/2009 01:24:23] CPU Usage:0 % 3504 | [Owner : widen-finalis | Parent : 3468() | 100.88 Mo] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe [14/12/2016 19:48:55] CPU Usage:50 % 4016 | [Owner : widen-finalis | Parent : 1136(svchost.exe) | 0.12 Mo] - (.Microsoft Corporation - Windows Update.) - (7.6.7600.320) = C:\Windows\System32\wuauclt.exe [15/12/2016 12:45:53] CPU Usage:0 % 3536 | [Owner : Système | Parent : 680(services.exe) | 2.73 Mo] - (.Bitdefender - Bitdefender Device Management Service.) - (21.0.25.89) = C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [23/06/2017 02:42:22] CPU Usage:0 % 3472 | [Owner : Système | Parent : 2832(SearchIndexer.exe) | 4.06 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe [17/12/2016 07:06:59] CPU Usage:0 % 3876 | [Owner : widen-finalis | Parent : 3504(explorer.exe) | 0.26 Mo] - (.PortableApps.com - Mozilla Firefox, Portable Edition.) - (2.0.5.0) = K:\lfs hyper & jobs janv 2016-dtpro-rebit-p2go11\PortableApps\FirefoxPortable\FirefoxPortable.exe [13/06/2017 22:27:38] CPU Usage:0 % 4032 | [Owner : widen-finalis | Parent : 3876(FirefoxPortable.exe) | 217.58 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.0.6368) = K:\lfs hyper & jobs janv 2016-dtpro-rebit-p2go11\PortableApps\FirefoxPortable\App\Firefox\firefox.exe [08/06/2017 21:19:58] CPU Usage:0 % 2284 | [Owner : widen-finalis | Parent : 1344() | 0.69 Mo] - (.Bitdefender - Bitdefender Home Vulnerability Assesment Agent.) - (1.0.0.180) = C:\Program Files\Bitdefender Home Scanner\hvaag.exe [23/06/2017 02:48:07] CPU Usage:0 % 2660 | [Owner : Système | Parent : 680(services.exe) | 11.8 Mo] - (.Bitdefender - Bitdefender Agent.) - (21.0.24.40) = C:\Program Files\Bitdefender Agent\ProductAgentService.exe [22/06/2017 06:56:39] CPU Usage:0 % 3412 | [Owner : widen-finalis | Parent : 680(services.exe) | 7.8 Mo] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe [18/12/2016 04:34:55] CPU Usage:0 % 3576 | [Owner : Système | Parent : 680(services.exe) | 9.08 Mo] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.7601.17514) = C:\Windows\System32\msiexec.exe [14/12/2016 19:44:32] CPU Usage:0 % 3924 | [Owner : widen-finalis | Parent : 3504(explorer.exe) | 28.87 Mo] - (.SosVirus - QuickDiag.) - (1.6.17.1) = C:\Users\widen-finalis\Desktop\quickdiag_3_01.06.17.1.exe [22/06/2017 21:10:17] CPU Usage:0 % 2652 | [Owner : SERVICE RÉSEAU | Parent : 804(svchost.exe) | 9.34 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe [14/12/2016 19:48:33] CPU Usage:0 % 1428 | [Owner : SERVICE RÉSEAU | Parent : 680(services.exe) | 10.43 Mo] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe [14/12/2016 19:46:47] CPU Usage:0 % ---------- | MD5 [MD5.40D777B7A95E00593EB1568C68514493] - [14/12/2016 19:48:55] - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2555 Ko] - (6.1.7601.17514) : C:\Windows\Explorer.exe [MD5.AD7B9C14083B52BC532FBA5948342B98] - [14/12/2016 19:48:25] - (.© Microsoft Corporation. Tous droits réservés. - Interpréteur de commandes Windows.) - [295.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 01:11:09] - (.© Microsoft Corporation. Tous droits réservés. - Processus d’exécution client-serveur.) - [6 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - [14/07/2009 01:43:52] - (.© Microsoft Corporation. - COM Surrogate.) - [7 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe [MD5.2362B7281A39807F1AA3550333A194BC] - [17/12/2016 07:02:56] - (.© Microsoft Corporation. Tous droits réservés. - DLL du client API BASE Windows NT.) - [852 Ko] - (6.1.7601.19135) : C:\Windows\System32\Kernel32.dll [MD5.7884C1EDF5BD21749C206E8C4B5DB409] - [17/12/2016 07:02:51] - (.© Microsoft Corporation. - Local Security Authority Process.) - [21.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\lsass.exe [MD5.7660F01D3B38ACA1747E397D21D790AF] - [14/12/2016 19:48:26] - (.© Microsoft Corporation. - Distributed COM Services.) - [368 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll [MD5.51138BEEA3E2C21EC44D0932C71762A8] - [14/07/2009 01:41:43] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte Windows (Rundll32).) - [43.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe [MD5.0780A42DBD7D9969F9BF4A19AA4285B5] - [17/12/2016 07:01:23] - (.© Microsoft Corporation. Tous droits réservés. - Applications Services et Contrôleur.) - [253 Ko] - (6.1.7601.18829) : C:\Windows\System32\services.exe [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 01:19:28] - (.© Microsoft Corporation. Tous droits réservés. - Processus hôte pour les services Windows.) - [20.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe [MD5.F1DD3ACAEE5E6B4BBC69BC6DF75CEF66] - [14/12/2016 19:48:39] - (.© Microsoft Corporation. Tous droits réservés. - DLL client de l’API uilisateur de Windows multi-utilisateurs.) - [792.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll [MD5.61AC3EFDFACFDD3F0F11DD4FD4044223] - [14/12/2016 19:46:38] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Userinit.) - [26 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 01:36:49] - (.© Microsoft Corporation. Tous droits réservés. - Application de démarrage de Windows.) - [94 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe [MD5.52449FD429D6053B78AE564DEF303870] - [17/12/2016 06:53:40] - (.© Microsoft Corporation. Tous droits réservés. - Application d’ouverture de session Windows.) - [297 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - [18/12/2016 04:35:53] - (.© Microsoft Corporation. Tous droits réservés. - Ancillary Function Driver for WinSock.) - [331 Ko] - (6.1.7601.18264) : C:\Windows\System32\Drivers\afd.sys [MD5.338C86357871C167A96AB976519BF59E] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [21.08 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys [MD5.DDCE686D76C2B4DB435A3AF5BD0E691D] - [17/12/2016 06:55:05] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [129.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys [MD5.77EA11B065E0A8AB902D78145CA51E10] - [14/07/2009 01:11:15] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [69 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - [14/12/2016 19:43:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys [MD5.F024449C97EC1E464AAFFDA18593DB88] - [14/12/2016 19:43:21] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [76.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys [MD5.9036377B8A6C15DC2EEC53E489D159B5] - [14/12/2016 19:42:58] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [106 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - [14/07/2009 01:11:24] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port i8042.) - [79 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys [MD5.D80AA0907748D7CC8EFAB3773F32629B] - [17/09/2010 09:03:52] - (.Copyright(C) Intel Corporation 1994-2010 - Intel Rapid Storage Technology driver - x86.) - [425.52 Ko] - (9.6.4.1002) : C:\Windows\System32\Drivers\iastor.sys [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - [14/07/2009 01:54:29] - (.© Microsoft Corporation. - IP Network Address Translator.) - [99.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys [MD5.E900BD16B9EE8F09609D7FBE2027B376] - [17/12/2016 07:02:53] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [121.5 Ko] - (6.1.7601.19135) : C:\Windows\System32\Drivers\mrxsmb.sys [MD5.E7C54812A2AAF43316EB6930C1FFA108] - [14/12/2016 19:48:19] - (.© Microsoft Corporation. Tous droits réservés. - Pilote NDIS 6.20.) - [695.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\ndis.sys [MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - [17/12/2016 06:50:50] - (.© Microsoft Corporation. - MBT Transport driver.) - [184.5 Ko] - (6.1.7601.23451) : C:\Windows\System32\Drivers\netbt.sys [MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - [17/12/2016 05:56:57] - (.© Microsoft Corporation. Tous droits réservés. - Pilote du système de fichiers NT.) - [1183.94 Ko] - (6.1.7601.19116) : C:\Windows\System32\Drivers\ntfs.sys [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - [14/07/2009 01:45:35] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de port parallèle.) - [77.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - [14/07/2009 01:54:34] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [77 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\rasl2tp.sys [MD5.3E21C083B8A01CB70BA1F09303010FCE] - [14/07/2009 01:53:41] - (.© Microsoft Corporation. - SMB Transport driver.) - [69.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys [MD5.C7E41209132B9CF084CCEA8593F61328] - [17/12/2016 07:04:14] - (.© Microsoft Corporation. Tous droits réservés. - Pilote TCP/IP.) - [1279.23 Ko] - (6.1.7601.23496) : C:\Windows\System32\Drivers\tcpip.sys [MD5.B459575348C20E8121D6039DA063C704] - [14/12/2016 19:45:19] - (.© Microsoft Corporation. - TDI Translation Driver.) - [73 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\tdx.sys [MD5.F497F67932C6FA693D7DE2780631CFE7] - [14/12/2016 19:48:20] - (.© Microsoft Corporation. Tous droits réservés. - Pilote de cliché instantané du volume.) - [239.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll (.COMODO.-.COMODO Secure Shopping.) - (1.1.20635.97) -- C:\Windows\system32\cssguard32.dll (.OrdinarySoft.-.COM object for StartMenuX.) - (5.8.0.0) -- C:\Program Files\Start Menu X\shellext-proxyv2.dll (.Killer{R}.-.KillCopy Shell Extension DLL.) - (1.0.0.1) -- C:\Program Files\KillSoft\KillCopy\killcopy.dll (.Intel Corporation.-.igfxpph Module.) - (8.14.10.2117) -- C:\Windows\system32\igfxpph.dll (.Intel Corporation.-.hccutils Module.) - (8.14.10.2117) -- C:\Windows\system32\hccutils.DLL ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.COMODO.-.COMODO Internet Security.) - (10.0.1.6223) -- C:\Windows\system32\guard32.dll (.COMODO.-.COMODO Secure Shopping.) - (1.1.20635.97) -- C:\Windows\system32\cssguard32.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE LOCAL Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: AUTORITE NT\SERVICE RÉSEAU [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"="F:\cyberlink youcam 8 essentials\sosvirus app for stop all power2go 11 process for facilite iobit unlocker work\processclose_1.0.0.3(5).exe"\1 "MRUList"=bknmljihgfedca "b"=wordpad\1 "c"=C:\Users\widen-finalis\Desktop\rkill.exe\1 "d"=C:\Users\widen-finalis\Downloads\JRT.exe\1 "e"="F:\lfs hyper - evolutions of barrow, 100% sécurisé & co... variations\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\FirefoxPortable\FirefoxPortable.exe"\1 "f"=C:\Users\widen-finalis\Desktop\OTL.exe\1 "g"=D:\UsbFix.lnk\1 "h"=C:\Users\widen-finalis\Downloads\processclose_2_08.01.17.1.exe\1 "i"=C:\Users\widen-finalis\Desktop\adsfix_4_15.06.17.1.exe\1 "j"=notepad\1 "k"="C:\Users\widen-finalis\Downloads\processclose_2_08.01.17.1 (1).exe"\1 "l"=iexplore.exe\1 "m"=C:\Users\widen-finalis\Downloads\DTPro820-0708.exe\1 "n"=C:\Users\widen-finalis\Desktop\Pre_Scan.exe\1 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DebugOptions"=2048 "Documents"= "DosPrint"=no "Load"= "NetMessage"=no "NullPort"=None "Programs"=com exe bat pif cmd "Device"=Microsoft XPS Document Writer,winspool,Ne00: "UserSelectedDefault"=0 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "IconServiceLib"=IconCodecService.dll "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "GDIProcessHandleQuota"=10000 "ShutdownWarningDialogTimeout"=4294967295 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 ""=mnmsrvc "DeviceNotSelectedTimeout"=15 "Spooler"=yes "TransmissionRetryTimeout"=90 "AppInit_DLLs"= "LoadAppInit_DLLs"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Config.sys : FILES=40 ---------- | Tasks List Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 Bitdefender AgentTask_6F2980EE6088481484E6D8285516CD07 GoogleUpdateTaskMachineCore GoogleUpdateTaskMachineUA ReasonSecurityScheduledScan ReasonSecurityStart ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "RCDependentServices"=CertPropSvc SessionEnv "NotificationTimeOut"=0 "SnapshotMonitors"=1 "ProductVersion"=5.1 "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "fDenyTSConnections"=1 "StartRCM"=0 "TSAdvertise"=0 "DeleteTempDirsOnExit"=1 "fSingleSessionPerUser"=1 "PerSessionTempDir"=0 "TSUserEnabled"=0 "InstanceID"=0578a6b9-6a59-4ec3-961e-248eb93 "fCredentialLessLogonSupported"=1 "fCredentialLessLogonSupportedTSS"=1 "fCredentialLessLogonSupportedKMRDP"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "CriticalSectionTimeout"=2592000 "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "ProcessorControl"=2 "ResourceTimeoutCount"=648000 "BootExecute"=autocheck autochk * "ExcludeFromKnownDlls"= "ObjectDirectories"=\Windows \RPC Control "ProtectionMode"=1 "NumberOfInitialSessions"=2 "SetupExecute"= [HKLM\System\CurrentControlSet\Control] "PreshutdownOrder"=AcrSch2Svc wuauserv gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "CurrentUser"=USERNAME "BootDriverFlags"=0 "ServiceControlManagerExtension"=%systemroot%\system32\scext.dll "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2) [HKLM\System\CurrentControlSet\Control\lsa] "auditbaseobjects"=0 "auditbasedirectories"=0 "crashonauditfail"=0 "fullprivilegeauditing"=0x00 "Bounds"=0x0030000000200000 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Notification Packages"=scecli "Security Packages"=kerberos msv1_0 schannel wdigest tspkg pku2u "Authentication Packages"=msv1_0 "LsaPid"=696 "SecureBoot"=1 "ProductType"=11 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "restrictanonymous"=0 "restrictanonymoussam"=1 ---------- | .LNK with Arguments c:\program files\acer accessory store\acer boutique accessoire.lnk - Encrypted: False - Target: C:\Program Files\Acer Accessory Store\StartUrl.exe - Args: (hxxp://store.acer-euro.com/fr?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal) - Hidden: False - Status: OK c:\users\widen-finalis\appdata\roaming\microsoft\internet explorer\quick launch\warthunder.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Args: ( --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=753842b6d1c2ea1edb87baac604516a6f119361b --start-fullscreen) - Hidden: False - Status: OK c:\users\widen-finalis\appdata\roaming\microsoft\windows\start menu\programs\dragon blood\dragon blood.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Args: ( --app=hxxps://promo-us.101xp.com/en/dk_13/?utm_source=IS&subid1=KoT%2FH26urBdv1akQHdupEBnZrGd5nv9WYt%2BrE2jdrRNp36sTaNyuFW7VvU05i%2F5QYqnpQziC9X0dgfRNO8v4UDzeqR9t26oXZtmoFGrc%2Fk4AAABf7Zsi&subid2=100 --start-fullscreen) - Hidden: False - Status: OK c:\users\widen-finalis\appdata\roaming\microsoft\windows\start menu\programs\warthunder\warthunder.lnk - Encrypted: False - Target: C:\Program Files\Google\Chrome\Application\chrome.exe - Args: ( --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=753842b6d1c2ea1edb87baac604516a6f119361b --start-fullscreen) - Hidden: False - Status: OK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Control Panel\Desktop] "ScreenSaveActive"=1 "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "UserPreferencesMask"=0x9E3E078012000000 "ScreenSaveTimeOut"=600 "Wallpaper"=%windir%\web\wallpaper\windows\img0.jpg "ScreenSaverIsSecure"=0 "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer] "ExplorerStartupTraceRecorded"=1 "ShellState"=0x240000003028000000000000000000000000000001000000120000000000000022000000 "CleanShutdown"=0 "Browse For Folder Width"=347 "Browse For Folder Height"=288 "link"=0x1E000000 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=0 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "SuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StartMenuInit"=4 "TaskbarSizeMove"=0 "ShowSuperHidden"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=0 "EnableLinkedConnections"=1 "EnableSecureUIAPath"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=0 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=0 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=0 "{871C5380-42A0-1069-A2EA-08002B30309D}"=0 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=0 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=0 "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "CheckedValue"=1 "ValueName"=Hidden "DefaultValue"=2 "HKeyRoot"=2147483649 "HelpID"=shell.hlp#51105 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd} "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "IconUnderline"=2 "GlobalAssocChangedCounter"=325 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ---------- | Winlogon [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin "BuildNumber"=7601 "FirstLogon"=0 "AutoRestartShell"=1 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ReportBootOk"=1 "Shell"=explorer.exe "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Userinit"=C:\Windows\system32\userinit.exe, "VMApplet"=SystemPropertiesPerformance.exe /pagefile "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "ShutdownWithoutLogon"=0 "WinStationsDisabled"=0 "DisableCAD"=1 "scremoveoption"=0 "ShutdownFlags"=2147483687 "AutoAdminLogon"=0 "DefaultUserName"=widen-finalis ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] "PerceivedType"=text ""=htafile "Content Type"=application/hta [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\System32\mshta.exe "%1" %* [HKLM\Software\Classes\InternetShortcut] "NeverShowExt"= "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "EditFlags"=2 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046 "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "EditFlags"=65536 "BrowserFlags"=4096 "FriendlyTypeName"=@dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] "NeverShowExt"= ""=Application Reference "IsShortcut"= "EditFlags"=131072 "FriendlyTypeName"=@dfshim.dll,-201 [HKLM\Software\Classes\Folder] "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeLayoutPatternForSearch"=alpha "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay ""=Folder "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.ItemTypeText [HKLM\Software\Clients\StartMenuInternet\Dragon\Shell\open\Command] ""="C:\Program Files\Comodo\Dragon\dragon.exe" [HKLM\Software\Clients\StartMenuInternet\Dragon\InstallInfo] "ReinstallCommand"="C:\Program Files\Comodo\Dragon\dragon.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""="C:\Program Files\Internet Explorer\iexplore.exe" [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\widen-finalis\Downloads\resizer-free\resizer-free.exe"=1 "F:\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\VivaldiPortable\VivaldiPortable.exe"=1 "F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "F:\100% sécurisé finalis - padam-sirtaki of lfs ultra, barrow 2 & widen\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora_setup_full1084.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\KCinst.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-resource-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\army.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\location filesync for 1 task of youcam 8 file-folder sync\everysync_trial.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-fashion-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-holiday-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-80s-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-romantic-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\supercopier-windows-x86-1.2.1.0-setup.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\teracopy.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-summer-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\ultracopier-windows-x86_64-1.2.1.0-setup.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-spring-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\Unlocker1.9.2.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\chsetup-1.40.exe"=1 "F:\cyberlink youcam 8 essentials\efm du musée de l'homme & du musée de l'ordre de la libération\video editor wonderdar cher lloyd oath de youcam 8 essendar for efm du musée de l'homme 2 & du MOL\filmora-halloween-effect-pack.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\unlocker-setup.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\wood.exe"=1 "F:\cyberlink youcam 8 essentials\data copy tools for youcam 8\xpsolive.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer_0.exe"=1 "C:\ProgramData\VideoDownloaderUltimateWinApp\tools\installhelper.exe"=1 "C:\ProgramData\VideoDownloaderUltimateWinApp\uninstall.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\SteganosPrivacySuite18.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\VideoDownloaderUltimate_winapp_installer.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\WebsiteX5Start13.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\PCmoverExpress.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\OODefragProfessional20ENU.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\Nero_TuneItUp_2.4.6.177_SN_FULL.exe"=1 "F:\CADEAUX FINALIS LFS ULTRA 100% 14 12 2016 ET 1ER ANNIV WIDEN ET AJUSTAGES LFS ULTRA FINALIS\musicrecorder-stub-xx-18001.exe"=1 "F:\logarythms - souvenirs 2005 & 2011 - lfs ultra & 100% sécurisé\sosvirus SIMPLE\Drive D\UsbFix_Standard\UsbFix_Standard.exe"=1 "F:\anti-faux positif pre_scan - exe installers\DAEMONToolsUltra500-0540.exe"=1 "\\Livebox\CARBIDE\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "SIGN.MEDIA=924A210 Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1 "F:\Cadeaux rec final lfs ultra et 100% sécurisé 20-12\ashampoo_burning_studio_2017_25270.exe"=1 "C:\Users\widen-finalis\Downloads\Macrium\v6.3.1665_reflect_setup_free_x86.exe"=1 "D:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\revo uninstaller pro portable\program files (x64)\RevoUninstallerPro_Portable\RevoUPPort.exe"=1 "D:\barrow 3, widen 2 & 100% sécurisé finalis\PortableApps\IObitUninstallerPortable\IObitUninstallerPortable.exe"=1 "C:\Users\widen-finalis\Downloads\mb3-setup-35891.35891-3.0.6.1469.exe"=1 "F:\barrow 3, widen 2 & 100% sécurisé finalis\lfs ultra & 100% sécurisé finalis part 20 ultimate ultra finale\cadeau rec lfsu100%sf alias 1er gotd après lfsu100%sf\Scardalia112-db39ma\Setup.exe"=1 "C:\Users\widen-finalis\Downloads\reason-core-security-setup.exe"=1 "F:\barrow 3, widen 2 & 100% sécurisé finalis\cyberlink youcam 8 essentials\youcam 8 utilities\portableappz.blogspot.fr & portableapps.com platform\PortableApps\FirefoxPortable\FirefoxPortable.exe"=1 "C:\Program Files\Process Lasso\ProcessLasso.exe"=1 "C:\Program Files\Process Lasso\ProcessGovernor.exe"=1 "C:\Users\WIDEN-~1\AppData\Local\Temp\is-M761O.tmp\CountInstallation.exe"=1 "C:\Users\WIDEN-~1\AppData\Local\Temp\RarSFX0\installer.exe"=1 "K:\lfs hyper & jobs janv 2016-dtpro-rebit-p2go11\ajustages finalisation lfsu100%sf SIMPLE\LinuxLive USB Creator 2.9.4.exe"=1 "C:\Users\widen-finalis\Downloads\PortableApps.com_Platform_Setup_14.4.1.paf.exe"=1 "K:\lfs hyper & jobs janv 2016-dtpro-rebit-p2go11\ajustages finalisation lfsu100%sf SIMPLE\rebit-dt pro 7à9 & lite 11-power2go 11\DTPro820-0708.exe"=1 "C:\Users\widen-finalis\Downloads\DTPro820-0708.exe"=1 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "SwapMouseButtons"=#USR:Control Panel\Mouse "Beep"=#USR:Control Panel\Sound "DoubleClickSpeed"=#USR:Control Panel\Mouse "CoolSwitch"=USR:Control Panel\Desktop "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=128920209537502489 "AntiVirusOverride"=0 "AntiSpywareOverride"=0 "FirewallOverride"=0 [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=1 "DisableRoutinelyTakingAction"=0 "ProductStatus"=0 "InstallTime"=0x876E8EAE8054D201 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASCAntivirusSrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] ---------- | Winsock (Whitelist) ---------- | Hosts 127.0.0.1 localhost ::1 localhost ---------- | Ping Envoi d'une requ?te 'ping' sur google.com [216.58.204.142] avec 32 octets de donn?es?: R?ponse de 216.58.204.142?: octets=32 temps=40 ms TTL=54 R?ponse de 216.58.204.142?: octets=32 temps=39 ms TTL=54 R?ponse de 216.58.204.142?: octets=32 temps=39 ms TTL=54 R?ponse de 216.58.204.142?: octets=32 temps=40 ms TTL=54 Statistiques Ping pour 216.58.204.142: Paquets?: envoy?s = 4, re?us = 4, perdus = 0 (perte 0%), Dur?e approximative des boucles en millisecondes : Minimum = 39ms, Maximum = 40ms, Moyenne = 39ms ---------- | @ [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Internet Explorer\Main] "Disable Script Debugger"=yes "AlwaysShowMenus"=0 "StatusBarWeb"=0 "Start Page"=about:blank "Default_Page_URL"=http://acer.msn.com "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\Windows\system32\blank.htm "Save_Session_History_On_Exit"=no "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "XMLHTTP"=1 "NoUpdateCheck"=1 "UseClearType"=no "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "DisableFirstRunCustomize"=1 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000000000200300002C020000 "NotifyDownloadComplete"=yes "DisableScriptDebuggerIE"=yes "OperationalData"=5 "ImageStoreRandomFolder"=mrqzngt "DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF900000000000000010030000E0010000 "Use FormSuggest"=yes "Check_Associations"=no "Isolation"=PMIL "TabProcGrowth"=0 "RunOnceHasShown"=1 "RunOnceComplete"=1 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings] "IE5_UA_Backup_Flag"=5.0 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "EmailName"=User@ "PrivDiscUiShown"=1 "EnableHttp1_1"=1 "WarnOnIntranet"=1 "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 "EnableNegotiate"=1 "WarnOnPost"=0x01000000 "UrlEncoding"=0 "SecureProtocols"=2688 "PrivacyAdvanced"=0 "ZonesSecurityUpgrade"=0xA77C8F729F5BD201 "DisableCachingOfSSLPages"=0 "WarnonZoneCrossing"=0 "CertificateRevocation"=1 "MigrateProxy"=1 "ProxyEnable"=0 "GlobalUserOffline"=0 [HKLM\Software\Microsoft\Internet Explorer\Main] "AutoHide"=yes "Security Risk Page"=about:SecurityRisk "Extensions Off Page"=about:NoAdd-ons "Default_Search_URL"=http://www.google.fr/ "Default_Page_URL"=http://www.google.fr/ "Anchor_Visitation_Horizon"=0x01000000 "Cache_Percent_of_Disk"=0x0A000000 "Placeholder_Width"=0x1A000000 "Placeholder_Height"=0x1A000000 "Default_Secondary_Page_URL"= "Use_Async_DNS"=yes "Start Page"=http://www.google.fr/ "Local Page"=C:\Windows\System32\blank.htm "Search Page"=http://www.google.fr/?q={searchTerms} "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "TabProcGrowth"=Medium "Print_Background"=0 "AlwaysShowMenus"=0 "StatusBarWeb"=1 "Check_Associations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "x86AppPath"=C:\Program Files\Internet Explorer\IEXPLORE.EXE [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "InPrivate"=res://ieframe.dll/inprivate_win7.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "Home"=270 "PostNotCached"=res://ieframe.dll/repost.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "mosaic"=http:// "www"=http:// "home"=http:// "ftp"=ftp:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "EnablePunycode"=1 "CodeBaseSearchPath"=CODEBASE "WarnOnIntranet"=1 "MinorVersion"=0 "ActiveXCache"=C:\Windows\Downloaded Program Files "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | Proxy [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] [HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies] "ProxyEnable"=0 "GlobalUserOffline"=0 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] : igfxdev.dll ---------- | Execution FileExts [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv] "Application"=wmplayer.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xcesession] "Progid"=PDFXEdit.XCESESSION "Application"=PDFXEdit.exe [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xclpack] "Progid"=PDFXEdit.XCLPACK "Application"=PDFXEdit.exe ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- %SystemRoot%\system32\EhStorShell.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -- %SystemRoot%\system32\ntshrui.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= ---------- | Toolbar [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=0 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100001002F00000001000000800600005E010000060000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FE16C5F812BF4A4CA70A6BCB164875A40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=0 [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DownloadRetries"=0 "DefaultPackCorrection"=1 "KnownProvidersUpgradeTime"=0x1AB6121BA35BD201 "Version"=4 "UpgradeTime"=0x1347E745A35BD201 "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}] - (Google) - https://www.google.fr/search?q={searchTerms} : ---------- | ElevationPolicy [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575}] - (C:\Program Files\Foxit Software\Foxit Reader\) - FoxitReader.exe : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D9420AC0-7FFF-413D-B419-52469CCC2485}] - (C:\Program Files\Tracker Software\PDF Viewer\) - PDFXCview.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{003B91A6-61E3-4591-891D-01E94C8CB11E}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - Silverlight.Configuration.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08E8D305-8D6D-49fe-8603-03A926E46AE0}] - (C:\Program Files\Common Files\Adobe\Updater6) - Adobe_Updater.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : %SystemRoot%\system32\wucltux.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14A4F162-54C8-449c-8D0B-A8D92F949583}] - (C:\Program Files\Steganos Privacy Suite 18) - passwordmanageriebroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B3FB63-66F4-4EFC-B717-BB283B85E79B}] - (C:\Program Files\Adobe\Reader 9.0\Reader\) - AcroBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\System32) - msspellcheckingfacility.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ec76a37-1762-46ff-9b14-765b3e6793be}] - (c:\Program Files\Microsoft Silverlight\4.0.50401.0\) - agcp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254363DC-CC0E-47D3-B9F2-C4531366D4D1}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - wincomserver.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3214A3DF-F8D9-4A27-BF4D-FBBDE52E2E68}] - (C:\Program Files\FreeDownloadManager.ORG\Free Download Manager) - fdm.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{358E6F10-DE8A-4602-8424-179CA217F8EE}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32Info.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B9A6E32-36C9-4946-B78C-3F58E3785EC1}] - (C:\Program Files\Java\jre6\bin) - unpack200.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43ABBB95-C0E9-497B-8BB9-B5FA08861705}] - (C:\Program Files\Windows Live\Mail\) - wlmail.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] - (C:\Program Files\Java\jre6\bin) - jp2launcher.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C0B7A7C-8ECF-422f-9448-0874C41D4532}] - (%ProgramFiles%\Common Files\Microsoft Shared\Windows Live) - WLLoginProxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - (C:\Program Files\Java\jre6\bin) - javaws.exe : C:\Program Files\Java\jre6\bin\wsdetect.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B7FB824-0A43-4bc2-B58D-F6386FEEFD84}] - (Choice Guard) - CGuard.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E1F80F4-953F-41E7-8460-E64AE5BE4ED3}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AdobeCollabSync.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F1C58E0-2797-4EB7-A74A-397B24BB769D}] - (C:\Program Files\Tracker Software\PDF-XChange Lite 6\) - pdfSaver5L.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C6A861C-B233-4994-AFB1-C158EE4FC578}] - (C:\Program Files\Adobe\Reader 9.0\Reader) - AcroRd32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\System32\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E2003F-95C5-4591-BA9A-0093080FDB5C}] - (C:\Program Files\Common Files\Oberon Media\OberonBroker\1.0.0.63) - OberonBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] - (C:\Program Files\Google\Update\1.3.33.5) - GoogleUpdateBroker.exe : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] - (C:\Program Files\Google\Update\1.3.33.5) - GoogleUpdateWebPlugin.exe : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - () - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] - (C:\Program Files\Java\jre6\bin) - ssvagent.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D133B285-8A43-4EC7-93BE-9B909C2370F5}] - (C:\Program Files\Windows Live\Messenger\) - msnmsgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d8a5d001-3352-40db-9d1c-ed46683193b5}] - (C:\Program Files\Windows Live\Writer\) - WindowsLiveWriter.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}] - (c:\Program Files\McAfee\SiteAdvisor) - saUI.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files\adobe\acrobat 6.0\Acrobat) - acrobat.exe : ---------- | Ext\Settings [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] : : C:\Program Files\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}] : : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2DD257A3-5028-41AE-A1E7-A12F76A08893}] : : C:\Program Files\COMODO\COMODO Secure Shopping\cssbho32.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}] : : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] : : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files\Java\jre6\bin\jp2ssv.dll ---------- | Ext\Stats [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] : : C:\Program Files\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] : : C:\Windows\System32\mshtml.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DD257A3-5028-41AE-A1E7-A12F76A08893}] : : C:\Program Files\COMODO\COMODO Secure Shopping\cssbho32.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53719C00-353D-4FCF-A8AB-1B1027B60A49}] : : C:\Program Files\Tracker Software\PDF Editor\iePDFXEditPlugin.x86.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] : : C:\Windows\System32\ieframe.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}] : : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA8A9780-280D-11CF-A24D-444553540000}] : : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}] : : C:\Program Files\Java\jre6\bin\jp2ssv.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEAF541-F3E1-4C24-ACAC-99C30715084A}] : : c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}] : : %SystemRoot%\System32\msxml3.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] : : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] : : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12BE9EF0-90BE-4FA8-8341-78157FB9132C}] -> (TSC Internet Explorer BHO) : C:\Program Files\TechSmith\Morae\BrowserExtensions\InternetExplorer\InternetExplorerBHO.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD257A3-5028-41AE-A1E7-A12F76A08893}] -> (IeUrlFilter Class) : C:\Program Files\COMODO\COMODO Secure Shopping\cssbho32.dll [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] -> (Programme d'aide de l'Assistant de connexion Windows Live) : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [22/01/2009 16:41:30] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) : C:\Program Files\Java\jre6\bin\jp2ssv.dll ---------- | Chrome C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Create share and access your Google Docs from anywhere. - Docs - http://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/ - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\cfmjkokphadmhbenfjjecfbhbbonbjcb = : Assits Morae Recorder in capturing navigation events. - MoraeChromeExtension - https://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\fhmeggicckjohfhgocjieomdmmanmocd = : page: html/popup/description.html - __MSG_extName__ - permissions:[tabsstoragecookiesmanagementwebNavigationwebRequestwebRequestBlocking\u003Call_urls>alarms] - https://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\widen-finalis\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Google\Chrome\Extensions\fhmeggicckjohfhgocjieomdmmanmocd] [HKLM\Software\Google\Chrome\Extensions\cfmjkokphadmhbenfjjecfbhbbonbjcb] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "{00F0643E-B367-4779-B45D-7046EBA37A88}"=C:\Program Files\Steganos Privacy Suite 18\spmplugin3 "MoraeFirefoxExtension@techsmith.com"=C:\Program Files\TechSmith\Morae\BrowserExtensions\Firefox\morae_firefox_extension-1.0-fx-windows.xpi [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - () : [HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] - () : [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{CFB4C46D-1B8B-4FB1-A605-36FA4CB6F2AA}] "DhcpNameServer"=192.168.1.1 192.168.1.1 ---------- | ActiveX [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] - (Java (Sun)) - -> C:\Program Files\Java\jre6\bin\regutils.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3911CF56-9EF2-39BA-846A-C27BD3CD0685}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - (Disable SSL3) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -DisableSSL3 [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> [HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}] - (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab | C:\Program Files\Java\jre6\bin\jp2iexp.dll [HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}] - (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab | C:\Program Files\Java\jre6\bin\jp2iexp.dll [HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}] - (Java Plug-in 1.6.0_18) - http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab | C:\Program Files\Java\jre6\bin\npjpi160_18.dll ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1 [HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\PDFXCview.exe] : "C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\PDFXEdit.exe] : "C:\Program Files\Tracker Software\PDF Editor\PDFXEdit.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\uer.exe] : "C:\Users\widen-finalis\AppData\Local\CompuClever\Ultra eBook Reader\uer.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\ufo.exe] : "C:\Users\widen-finalis\AppData\Local\CompuClever\Ultra File Opener\ufo.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WinRAR.exe] : "C:\Program Files\WinRAR\WinRAR.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe /LaunchPhotoViewer /v "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: PhotoAcqWiaEventHandler - AppID: {00F3CDFD-5D2E-439F-8900-3F56A0C1C8BA} Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CLWFLService7 - AppID: {03C200E3-11BC-49ea-8BAB-3B09120AC3AE} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488} Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df} Name: RecorderCaptureHelper - AppID: {062C25DA-D101-46D6-B715-82F9774CBFF4} Name: IDBHO - AppID: {062C56BD-B2FF-4405-88D9-93154F27D785} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: PhotoAcqDropTargetEventHandler - AppID: {06A2568A-CED6-4187-BB20-400B8C02BE5A} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: QuickTimeShellExt - AppID: {0A18A436-2A7A-49F3-A488-30538A2F6323} Name: SFSAPO - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011} Name: PDFXCviewAx - AppID: {11F77E2D-987F-4A38-80CC-49DEC7099E9B} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: ObserverChat - AppID: {16844F3E-281C-4FEC-8BCA-3176CDF5DB9D} Name: WriterBrowserExtension - AppID: {198B12CC-F591-440C-AC7A-6A730BBC436C} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: DTSLimiterDLL - AppID: {24E79C19-1F52-43CC-8684-BFA13340E72C} Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F} Name: ShredderContextMenu - AppID: {253C5D8C-536F-4140-9103-55F5B5442921} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: DTSVoiceClarityDLL - AppID: {272EFD2A-90BE-4E48-8557-3D9CEA0530A0} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00} Name: ImageHost - AppID: {2903EDD7-545F-4156-977A-5E730E57F253} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: Windows Live Photo Gallery Autoplay Drop Target - AppID: {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B} Name: CContactDb - AppID: {380689D0-AFAA-47E6-B80E-A33436FE314B} Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0} Name: LivePhotoAcqHWEventHandler - AppID: {3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F} Name: EEL32A - AppID: {3D5781D9-B2FF-4396-8478-395412020995} Name: igfxcfg - AppID: {3D62E9A1-D243-11D2-B561-00A0C92E6848} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a} Name: McNAReg - AppID: {4743AB3F-566B-42ED-9F55-B561577663D2} Name: EEG32A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: ComProxy - AppID: {536BF835-F397-46D3-AD11-92642F8CABD9} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Watson subscriber for SENS Network Events - AppID: {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: Video Capture Wizard - AppID: {5AB7566D-F75B-4A53-9615-115B6CB1D59B} Name: EED32A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0} Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2} Name: Odyssey - AppID: {5F8FD45A-D58C-4AAD-8EDE-B9B78F02B959} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: PDFPrevHndlr - AppID: {6236FF8C-E747-4173-86D3-99F511B61DF3} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: WLXQuickTimeControlHost - AppID: {631AF1F1-55E0-4190-9B1E-454D9F370AA2} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: McAlertHst - AppID: {66AEAB5B-1AC2-4504-B28D-667C2529858F} Name: DTSNeoPCDLL - AppID: {68976842-77A6-447F-83E8-97DF7A83A970} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: PDFPreviewHandlerHost - AppID: {6B127CFD-C642-4338-BC8C-472DF61E5A14} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: WindowsLiveWriterFilter - AppID: {7054B371-09E3-4BC8-8A61-02D7799EA98A} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: AcroIEHelperShim - AppID: {77AB4812-5411-4EA9-8437-77AD0F230302} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: CLMLSvc_P2G10 - AppID: {7AF75464-3A22-4BB6-A2A0-F9ED5B72DD77} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: DTSBassEnhancementDLL - AppID: {7E70FA0D-5DFA-4BA6-98C6-F10BBAAF7410} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: IPS - AppID: {86F9F754-EB88-4A94-A092-721F013CB10B} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: CavWp - AppID: {895A8A5F-FE77-4089-AF43-354D81EF1099} Name: UACObject - AppID: {8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC} Name: AQFileRestore - AppID: {8AA07539-D174-4a6d-BF11-BCCC3C0F6B05} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: DTSSymmetryDLL - AppID: {91953DA9-4AB8-473A-BF6D-462FA2E58025} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60} Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C} Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410} Name: PDFXCview - AppID: {9856F285-6F2C-4D07-AA8E-46532A04A0F5} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44} Name: WLXAutoPlayMgr - AppID: {9B5CDBB0-6D57-4816-BD04-CA9E68DF5610} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: chext - AppID: {9D4C4C5F-EE90-4a6b-9245-244C369E4FAE} Name: MalwareHunterContextHandler - AppID: {9D8C0710-8D32-4A42-84E5-210927BC6CB0} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134} Name: Microsoft.Live.Folders.RichUpload.3.dll - AppID: {A40C5393-FD53-4528-95EB-0B348BC1539D} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: PDFShellInfo - AppID: {A5090E95-F1E2-41C8-BDA1-5AEB6C321FDE} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: DTSBoostDLL - AppID: {A5900CCC-3E28-4F96-8410-C43BF113C279} Name: Recorder - AppID: {A68748E6-2F9C-428A-8DFD-AB3DCD7BDCB3} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: IA3DUtility - AppID: {A7D71146-EBCD-4E6C-916C-E77865BCC53B} Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: AudialsPlayerApp - AppID: {AC34A1CE-3D65-4bf5-9055-F64BF4C71F70} Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: DTSGainCompensatorDLL - AppID: {B3D43A87-E6C7-4EC8-8546-CEB9EE9BD936} Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA} Name: EASendMailObj - AppID: {B68B03DD-C8C4-49A6-9ACD-D427E9325754} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A} Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000} Name: VzCs - AppID: {B71E6735-683C-43E6-AD3F-9D2D367C8BBB} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: WLX Thumbnail Cache Out of Proc Server - AppID: {B8A2E14E-290D-4122-B092-1A7D86198CCE} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: DTSS2HeadphoneDLL - AppID: {BA291C7C-39AC-4331-9592-B694DA24BC89} Name: CloudSer - AppID: {BABD83F8-E723-4D8F-B5D1-B03E1F1108F5} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: AcroPDF - AppID: {BBAA0E44-3862-490C-8E63-AC2D2D6EF733} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: WindowsLiveWriterApplication - AppID: {BF7C0368-EA36-475E-AA42-3F28E736FABD} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Acronis True Image Shell Extension Backend - AppID: {C4E69DB9-E094-483e-B922-E7ADE65FB497} Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83} Name: McNASvc - AppID: {C8A49047-AFB0-4931-9314-ABAAC93E662B} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180} Name: FLWindowsVistaAPI - AppID: {CEB471B6-B946-44E5-9288-54477A1033AF} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: DTSS2SpeakerDLL - AppID: {CF3C79C7-8096-4BF2-9684-9F6B832FAC23} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: sfFTPLib - AppID: {D6625767-E42E-491C-A919-9A71641572A4} Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE} Name: Microsoft.Live.FolderShare.Client - AppID: {daa6bc26-4dfa-4e8f-8d5f-47202dc8e400} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: EAGetMailObj - AppID: {DE73C9C2-1C57-4306-99B9-CBFF7A423DA6} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: CavShell - AppID: {E11C8519-5595-4397-B515-AB036DEC467A} Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: McNAVer - AppID: {EC57D58E-0F20-4253-8C14-BD2B37BE5884} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AcroBroker - AppID: {F2383816-917A-46CC-AD2A-5013BED3800F} Name: Acronis VSS Requestor - AppID: {F282135C-65A6-4A99-80F1-F315BAC76BF4} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: Microsoft.Aspnet.Snapin.AspNetManagementUtility.4 - AppID: {F75B6772-91E4-4D2F-9D44-61A447109C2B} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: DaemonShellExtImage - AppID: {F9B84490-4C45-4737-82E5-0EA0B1CF5307} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: RecorderChat - AppID: {FF385292-7348-4C73-AC12-AC98FC3E1DC0} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8A10EE91-3ECA-4d0b-8A3F-8A26D26E03FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" ---------- | SvcHost (Whitelist) [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "regsvc"=RemoteRegistry "DcomLaunch"=Power PlugPlay DcomLaunch "secsvcs"=WinDefend "bthsvcs"=bthserv ---------- | SvcHost - Netsvcs (Whitelist) Term - : ---------- | Software [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\2BrightSparks] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\7-Zip] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AC3Filter] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Acer] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Adobe] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Apowersoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\AppDataLow] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Ashampoo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Bandizip] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Bitdefender] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Bitsum] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\BlackParrot] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\BugSplat] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Cameyo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Caphyon] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Chicony] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Chromium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Clients] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Code Sector] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Comodo] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ComodoGroup] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\CyberLink] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DesktopPaints.com] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Disc Soft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DivXNetworks] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DMGR1.25] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Dritek] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\DVDVideoSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\EaseUS] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ej-technologies] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Elantech] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Foxit Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Freecom] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\FreeDownloadManager.ORG] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\g3n-h@ckm@n] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Gabest] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\giveawayoftheday.com] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\GlarySoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Google] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icaros] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Icecream] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Informer Technologies, Inc.] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Insyde Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Intel] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Jam Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\JavaSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\KillSoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Laplink] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Lavasoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Licenses] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LinuxLive] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LiteManager] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Local AppWizard-Generated Applications] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Locky] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\LogMeInRescueCallingCard] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\macrium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Magnet] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Malwarebytes] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Marmiton] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Mozilla] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MozillaPlugins] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\MPC-HC] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\msaver] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Netscape] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\nkN2QX8XUF] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\O&O] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Obsidium] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\OEM] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Paramount Software (UK) Ltd.] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\PEiD] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Perigee Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Policies] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\QFX Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\RapidSolution] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Realtek] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Reason] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\RegisteredApplications] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Remo Driver Discover] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sanwhole] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\SharewareOnSale] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Siber Systems] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sonix] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Spearit] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Steganos] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Sunisoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\sysinternals] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\TechSmith] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Tracker Software] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Trolltech] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Ultracopier] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\UsbFix Standard] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VirtuaMedia] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Viv] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Vivaldi] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\VOS] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WebTweakTools] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows 7 - Codec Pack] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Windows 8 - Codec Pack] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WinRAR SFX] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\WixSharp] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Wondershare] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Wow6432Node] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Xilisoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\ZHP] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\ShellNoRoam] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\2BrightSparks] [HKLM\Software\7-Zip] [HKLM\Software\Acer] [HKLM\Software\Acer Incorporated] [HKLM\Software\ACLEngine] [HKLM\Software\Acronis] [HKLM\Software\Adobe] [HKLM\Software\AdsFix] [HKLM\Software\America Online] [HKLM\Software\Ashampoo] [HKLM\Software\Atheros Communications Inc.] [HKLM\Software\ATI Technologies] [HKLM\Software\AVC3] [HKLM\Software\Bandizip] [HKLM\Software\Bitdefender] [HKLM\Software\Bitdefender Agent] [HKLM\Software\Bitdefender Device Management] [HKLM\Software\Bitdefender Home Scanner] [HKLM\Software\Bitsum] [HKLM\Software\Caphyon] [HKLM\Software\Chicony Electronics Co.,Ltd.] [HKLM\Software\Chromium] [HKLM\Software\Clients] [HKLM\Software\Code Sector] [HKLM\Software\COMODO] [HKLM\Software\ComodoGroup] [HKLM\Software\CyberLink] [HKLM\Software\DebugMode] [HKLM\Software\DirectShowFilters] [HKLM\Software\Disc Soft] [HKLM\Software\Dritek] [HKLM\Software\DTS] [HKLM\Software\DVDVideoSoft] [HKLM\Software\Eassos] [HKLM\Software\EgisTec] [HKLM\Software\EgisTec IPS] [HKLM\Software\EgisTec Shredder] [HKLM\Software\ej-technologies] [HKLM\Software\FlashIntegro] [HKLM\Software\Foxit Software] [HKLM\Software\FreeFileSync] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Gabest] [HKLM\Software\GlarySoft] [HKLM\Software\Google] [HKLM\Software\GridinSoft] [HKLM\Software\Icaros] [HKLM\Software\Ignis] [HKLM\Software\Insyde Software] [HKLM\Software\Intel] [HKLM\Software\Interwoven] [HKLM\Software\jam software] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KillSoft] [HKLM\Software\Laplink] [HKLM\Software\Lavasoft] [HKLM\Software\Licenses] [HKLM\Software\LinuxLive USB Creator] [HKLM\Software\LiteManagerTeam] [HKLM\Software\LogMeInRescueCallingCard] [HKLM\Software\macrium] [HKLM\Software\Macromedia] [HKLM\Software\Magnet] [HKLM\Software\MalwarebytesARW] [HKLM\Software\McAfee] [HKLM\Software\McAfeeInstaller] [HKLM\Software\Media Player - Codec Pack] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\MozillaPlugins-BackupByVivaldiPortable] [HKLM\Software\MyDrivers] [HKLM\Software\Nero] [HKLM\Software\Npcap] [HKLM\Software\Oberon Media] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\OemSetup] [HKLM\Software\OOBEOffer] [HKLM\Software\Ordinarysoft] [HKLM\Software\Policies] [HKLM\Software\Printers] [HKLM\Software\QFX Software] [HKLM\Software\RapidSolution] [HKLM\Software\Realtek] [HKLM\Software\Realtek Semiconductor Corp.] [HKLM\Software\Reason] [HKLM\Software\RegisteredApplications] [HKLM\Software\Runtime Software] [HKLM\Software\Siber Systems] [HKLM\Software\SonicFocus] [HKLM\Software\Sony Corporation] [HKLM\Software\SOSVirus] [HKLM\Software\Spearit] [HKLM\Software\Speed Install] [HKLM\Software\SRS Labs] [HKLM\Software\Steganos] [HKLM\Software\sysinternals] [HKLM\Software\Techsmith] [HKLM\Software\Tracker Software] [HKLM\Software\tueagles] [HKLM\Software\Ultra eBook Reader] [HKLM\Software\Ultra File Opener] [HKLM\Software\Viv] [HKLM\Software\WafCX] [HKLM\Software\Waves Audio] [HKLM\Software\Windows 7 - Codec Pack] [HKLM\Software\Windows 8 - Codec Pack] [HKLM\Software\wise] [HKLM\Software\WiseDriverCare] [HKLM\Software\Wondershare] [HKLM\Software\Wow6432Node] [HKLM\Software\WUW] [HKLM\Software\Xilisoft] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] ---------- | FeatureControl [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "VideoDownloaderUltimate.exe"="11001" "Notifier.exe"="11001" "ServiceProvider.exe"="8000" "burningstudio2017.exe"="11001" "softinfo.exe"="11000" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CrossDomain_Fix_KB867801] "burningstudio2017.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "burningstudio2017.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "softinfo.exe"="0" "burningstudio2017.exe"="1" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "burningstudio2017.exe"="10" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "burningstudio2017.exe"="10" [HKU\S-1-5-21-4183021106-2149456055-877251859-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "burningstudio2017.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "WindowsAnytimeUpgradeUI.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BFCACHE] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "prevhost.exe"="8" "sllauncher.exe"="8000" "Filmora.exe"="9999" "AudialsNotifier.exe"="11000" "Audials.exe"="11000" "Scadarlia"="11001" "softinfo.exe"="11000" "FoxitReader.exe"="11000" "PDFXEdit.exe"="11000" "Power2Go10.exe"="8000" "PDR.exe"="8000" "PhotoDirector8.exe"="8000" "WiseHotkey.exe"="11000" "Video Editor Pro.exe"="11001" "WiseDriverCare.exe"="11000" "YouCam7.exe"="9000" "ProductAgentUI.exe"="11000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING] "iexplore.exe"="1" "*"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGuiIT.exe"="0" "SAPGUI.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "sllauncher.exe"="0" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING] "softinfo.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES] "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"="1" "cs.exe"="1" "waol.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "sllauncher.exe"="1" "wlmail.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "sllauncher.exe"="6" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "winmail.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "sllauncher.exe"="1" "WindowsLiveWriter.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "prevhost.exe"="1" "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "sllauncher.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"="1" "msimn.exe"="1" "outlook.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"="1" "winword.exe"="1" "excel.exe"="1" "powerpnt.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "sllauncher.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "PresentationHost.exe"="1" "wlmail.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.00000000000000000000000000000000] - [08/06/2017 06:06:44] - |D| - [173240] - C:\Program Files\2BrightSparks [MD5.00000000000000000000000000000000] - [16/06/2017 19:59:45] - |D| - [8096682] - C:\Program Files\7zCRkWVWo9 [MD5.00000000000000000000000000000000] - [16/06/2017 20:00:21] - |D| - [6234458] - C:\Program Files\8FW9oOkBP8 [MD5.00000000000000000000000000000000] - [10/06/2017 16:16:21] - |D| - [11195] - C:\Program Files\AC3Filter [MD5.00000000000000000000000000000000] - [17/06/2017 08:59:30] - |D| - [0] - C:\Program Files\Apowersoft [MD5.00000000000000000000000000000000] - [23/06/2017 02:40:56] - |D| - [81494534] - C:\Program Files\Bitdefender [MD5.00000000000000000000000000000000] - [17/06/2017 04:40:08] - |D| - [33210004] - C:\Program Files\Bitdefender Agent [MD5.00000000000000000000000000000000] - [23/06/2017 02:47:23] - |D| - [104777522] - C:\Program Files\Bitdefender Home Scanner [MD5.00000000000000000000000000000000] - [10/06/2017 21:57:29] - |D| - [0] - C:\Program Files\Caphyon [MD5.00000000000000000000000000000000] - [08/06/2017 05:24:01] - |D| - [34072] - C:\Program Files\CyberLink [MD5.00000000000000000000000000000000] - [08/06/2017 07:13:15] - |D| - [0] - C:\Program Files\DebugMode [MD5.00000000000000000000000000000000] - [22/06/2017 13:57:59] - |D| - [6384546] - C:\Program Files\Decrap my Computer [MD5.00000000000000000000000000000000] - [08/06/2017 05:47:11] - |D| - [424183] - C:\Program Files\Digiarty [MD5.00000000000000000000000000000000] - [16/06/2017 16:53:25] - |D| - [1617155] - C:\Program Files\DVDVideoSoft [MD5.00000000000000000000000000000000] - [08/06/2017 06:58:25] - |D| - [12623252] - C:\Program Files\Easeware [MD5.00000000000000000000000000000000] - [09/06/2017 14:40:35] - |D| - [11991] - C:\Program Files\Eassos System Restore [MD5.00000000000000000000000000000000] - [10/06/2017 16:16:07] - |D| - [44025] - C:\Program Files\ffdshow [MD5.00000000000000000000000000000000] - [16/06/2017 16:53:28] - |D| - [20641460] - C:\Program Files\FreeCodecPack [MD5.00000000000000000000000000000000] - [08/06/2017 07:21:23] - |D| - [0] - C:\Program Files\GiliSoft [MD5.00000000000000000000000000000000] - [16/06/2017 16:58:24] - |D| - [59095912] - C:\Program Files\Google [MD5.00000000000000000000000000000000] - [08/06/2017 07:03:01] - |D| - [0] - C:\Program Files\Gridinsoft [MD5.00000000000000000000000000000000] - [10/06/2017 21:59:56] - |D| - [31693412] - C:\Program Files\iGetting Audio [MD5.00000000000000000000000000000000] - [10/06/2017 16:33:10] - |D| - [170313] - C:\Program Files\JAM Software [MD5.00000000000000000000000000000000] - [08/06/2017 06:29:33] - |D| - [0] - C:\Program Files\Java [MD5.00000000000000000000000000000000] - [08/06/2017 06:32:52] - |D| - [6380] - C:\Program Files\Kotobee Author [MD5.00000000000000000000000000000000] - [09/06/2017 08:06:37] - |D| - [0] - C:\Program Files\Laplink [MD5.00000000000000000000000000000000] - [10/06/2017 22:04:26] - |D| - [0] - C:\Program Files\MSECACHE [MD5.00000000000000000000000000000000] - [23/06/2017 02:49:21] - |D| - [545537] - C:\Program Files\Npcap [MD5.00000000000000000000000000000000] - [16/06/2017 16:24:03] - |D| - [39839583] - C:\Program Files\NSIS Uninstall Information [MD5.00000000000000000000000000000000] - [16/06/2017 18:00:05] - |D| - [9962713] - C:\Program Files\Remo Driver Discover [MD5.00000000000000000000000000000000] - [08/06/2017 06:21:01] - |D| - [12828] - C:\Program Files\RogueKiller [MD5.00000000000000000000000000000000] - [08/06/2017 07:36:07] - |D| - [0] - C:\Program Files\Runtime Software [MD5.00000000000000000000000000000000] - [08/06/2017 06:15:01] - |D| - [0] - C:\Program Files\Sanwhole [MD5.00000000000000000000000000000000] - [08/06/2017 06:42:32] - |D| - [0] - C:\Program Files\Siber Systems [MD5.00000000000000000000000000000000] - [08/06/2017 06:10:20] - |D| - [385951] - C:\Program Files\Start Menu X [MD5.00000000000000000000000000000000] - [08/06/2017 05:44:37] - |D| - [0] - C:\Program Files\TechSmith [MD5.00000000000000000000000000000000] - [16/06/2017 16:49:10] - |D| - [2285474] - C:\Program Files\tuEagles [MD5.00000000000000000000000000000000] - [08/06/2017 06:20:14] - |D| - [7538] - C:\Program Files\UCheck [MD5.00000000000000000000000000000000] - [09/06/2017 14:30:17] - |D| - [0] - C:\Program Files\WinRAR [MD5.00000000000000000000000000000000] - [08/06/2017 05:48:54] - |D| - [22818865] - C:\Program Files\Wise [MD5.00000000000000000000000000000000] - [08/06/2017 07:31:38] - |D| - [0] - C:\Program Files\Xilisoft [MD5.08D93C33DB4463288DF29C9B4F494F03] - [22/06/2017 16:59:49] - |A| - [3194] - C:\Windows\AndroidInstall.log [MD5.7FB6B8A9719E75289A4C43AC31167611] - [08/06/2017 06:12:10] - |A| - [163093] - C:\Windows\Animated Wallpaper Maker Uninstaller.exe [MD5.764BEB653EDB973A63E9D30764341933] - [22/06/2017 16:43:53] - |A| - [3262] - C:\Windows\DPINST.LOG [MD5.00000000000000000000000000000000] - [10/06/2017 22:42:29] - |D| - [61598686] - C:\Windows\ERUNT [MD5.00000000000000000000000000000000] - [22/06/2017 18:32:03] - |D| - [98304] - C:\Windows\OEMTemp [MD5.8C13B87AAF2D4B1DB1A56C841730D7A9] - [16/06/2017 16:49:54] - |A| - [9522] - C:\Windows\Retafte.bmp [MD5.6DD33EFEBA08378FC785A28391B3E6F3] - [16/06/2017 07:34:58] - |A| - [51622] - C:\Windows\uninstaller.dat [MD5.EA3ECB92A2EA3A42273CB3B308CA1A5B] - [09/06/2017 14:59:29] - |A| - [156910] - C:\Windows\WMSysPr8.prx [MD5.72F2D357120F95C1E725C22915FE95E1] - [08/06/2017 06:00:31] - |A| - [193] - C:\Windows\WORDPAD.INI [MD5.603896977C69A2EC9FBE37C7C1A232D8] - [10/06/2017 22:05:47] - |A| - [36] - C:\Windows\xlkfs.log [MD5.2D2832774DAE51B8EFE46EDABE018B75] - [10/06/2017 18:42:50] - |A| - [110459392] - C:\Windows\Installer\11299b.msi [MD5.67AA15748004286F843D7F5B414F40F6] - [09/06/2017 07:59:53] - |A| - [128733184] - C:\Windows\Installer\12e5f4.msi [MD5.E81C668B81975567E8C5728B805704E2] - [17/06/2017 07:34:07] - |A| - [40960] - C:\Windows\Installer\172bcd.msi [MD5.ACD26DF98862923EDB409B058EA41A8C] - [06/06/2017 20:43:17] - |A| - [9469952] - C:\Windows\Installer\1cb958.msi [MD5.A72E7124D3D175394AC8661E935042D4] - [01/06/2017 07:38:59] - |A| - [37046784] - C:\Windows\Installer\1cb972.msi [MD5.7E9111E7E5CF4131F5631752682BD904] - [01/06/2017 07:42:53] - |A| - [32328192] - C:\Windows\Installer\1cb97c.msi [MD5.73A3B466052BC2675429352BB12985EA] - [08/06/2017 05:58:34] - |A| - [127971328] - C:\Windows\Installer\2cc9f6.msi [MD5.ED2372C9B6D079A3546196452FA45545] - [10/06/2017 16:12:07] - |A| - [417792] - C:\Windows\Installer\35285b.msi [MD5.53DF295A99335D837423249E600C78AC] - [08/06/2017 06:29:20] - |A| - [12321280] - C:\Windows\Installer\3ae20a.msi [MD5.9C1E06615F8D02C390A201D83C91FE7C] - [08/06/2017 06:31:10] - |A| - [181760] - C:\Windows\Installer\3ae213.msi [MD5.72BF0B7142646F1CD0FA7C872DB106D6] - [16/06/2017 16:58:17] - |A| - [26112] - C:\Windows\Installer\4a56a.msi [MD5.CA6AA8BDC92842CC4C34A792221715DE] - [09/06/2017 20:27:57] - |A| - [24464384] - C:\Windows\Installer\bf84d8.msi [MD5.CDF9FD45DD2CBF058175040D1845F4CD] - [09/06/2017 20:27:55] - |A| - [9725440] - C:\Windows\Installer\bf84e5.msi [MD5.00000000000000000000000000000000] - [10/06/2017 16:19:19] - |D| - [0] - C:\Windows\Installer\MSI3D83.tmp- [MD5.00000000000000000000000000000000] - [10/06/2017 16:19:20] - |D| - [0] - C:\Windows\Installer\MSI42E1.tmp- [MD5.00000000000000000000000000000000] - [10/06/2017 16:19:25] - |D| - [0] - C:\Windows\Installer\MSI5930.tmp- [MD5.00000000000000000000000000000000] - [08/06/2017 06:15:08] - |D| - [825906] - C:\Windows\Installer\{10A7315E-3376-48F3-A681-8DE609CB47E2} [MD5.00000000000000000000000000000000] - [08/06/2017 05:42:11] - |D| - [11502] - C:\Windows\Installer\{2452C59D-5040-4A9A-A97F-B925390619E1} [MD5.00000000000000000000000000000000] - [08/06/2017 06:29:38] - |D| - [113152] - C:\Windows\Installer\{26A24AE4-039D-4CA4-87B4-2F83216018FF} [MD5.00000000000000000000000000000000] - [08/06/2017 05:44:41] - |D| - [202240] - C:\Windows\Installer\{3064B250-EDCA-4E69-A62A-4DA32225E4BE} [MD5.00000000000000000000000000000000] - [10/06/2017 16:37:10] - |D| - [372526] - C:\Windows\Installer\{3D9D17E3-934B-4065-9D13-9B5A83E0733A} [MD5.00000000000000000000000000000000] - [08/06/2017 22:25:32] - |D| - [764030] - C:\Windows\Installer\{51E5F3BE-F3D1-4F44-B49F-05BFA7E0D2D2} [MD5.00000000000000000000000000000000] - [08/06/2017 05:45:15] - |D| - [94208] - C:\Windows\Installer\{53892D48-8DEF-40E1-BCBF-98A46BBBBB91} [MD5.00000000000000000000000000000000] - [09/06/2017 08:06:46] - |D| - [552609] - C:\Windows\Installer\{542E95CE-407E-45A5-A267-A4912A0A53FD} [MD5.00000000000000000000000000000000] - [10/06/2017 16:12:07] - |D| - [12688955] - C:\Windows\Installer\{545EBD0B-A9B3-455C-904D-6A6E3A29AD61} [MD5.00000000000000000000000000000000] - [16/06/2017 18:46:55] - |D| - [366816] - C:\Windows\Installer\{5686E484-7136-4674-A4B2-508C7B26DCA4} [MD5.00000000000000000000000000000000] - [10/06/2017 21:58:05] - |D| - [269673] - C:\Windows\Installer\{581697C8-33DC-44BA-A7C3-992B5D29C011} [MD5.00000000000000000000000000000000] - [16/06/2017 18:49:03] - |D| - [313872] - C:\Windows\Installer\{71FFA475-24D5-44FB-A51F-39B699E3D82C} [MD5.00000000000000000000000000000000] - [08/06/2017 22:25:35] - |D| - [764030] - C:\Windows\Installer\{84875F6F-2996-4469-BF1D-F59A85C5C702} [MD5.00000000000000000000000000000000] - [08/06/2017 07:41:44] - |D| - [316416] - C:\Windows\Installer\{8C784F8B-89D0-4A59-A000-7EEF129E1574} [MD5.00000000000000000000000000000000] - [08/06/2017 23:44:59] - |D| - [7833215] - C:\Windows\Installer\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA413851} [MD5.00000000000000000000000000000000] - [08/06/2017 22:25:32] - |D| - [764030] - C:\Windows\Installer\{DAC390BA-1387-4DF8-A9BC-683E81E77E86} [MD5.8210141840CE237FBF40B6E26E2DD11D] - [09/06/2017 14:59:29] - |A| - [38912] - C:\Windows\system32\alf2cd.acm [MD5.A87283273167D46C980DB8EC9723A9FF] - [16/06/2017 16:30:07] - |A| - [30480] - C:\Windows\system32\CLMirrorDriver.dll [MD5.A0AB432A744C854DB59390257B78588A] - [08/06/2017 23:45:14] - |A| - [263352] - C:\Windows\system32\cmdkbdcss32.dll [MD5.DF94FB32E764775A6DDB17A63904B01A] - [08/06/2017 23:45:16] - |A| - [41376] - C:\Windows\system32\csscsr32.dll [MD5.F8EA18CCC8C7AA793D6F724C4FCBA2A5] - [08/06/2017 23:45:15] - |A| - [338560] - C:\Windows\system32\cssguard32.dll [MD5.E0BBCEC12A1DE6E25C612AD205B719B4] - [08/06/2017 06:30:27] - |A| - [411368] - C:\Windows\system32\deploytk.dll [MD5.902179013800F311AFF57CD5F29BE346] - [09/06/2017 14:59:29] - |A| - [638976] - C:\Windows\system32\divx.dll [MD5.EFF71E68DD8F9DC0BBD89CD83153C336] - [09/06/2017 14:59:29] - |A| - [221215] - C:\Windows\system32\divxdec.ax [MD5.ACAA3955AEF5BE4B3A1035566A34CD7D] - [08/06/2017 04:43:25] - |A| - [236792] - C:\Windows\system32\iseguard32.dll [MD5.AD3A2226B72F6E161425254276670117] - [08/06/2017 06:30:27] - |A| - [145184] - C:\Windows\system32\java.exe [MD5.B427962BDB196D132AF50F6C7B78380D] - [08/06/2017 06:30:27] - |A| - [145184] - C:\Windows\system32\javaw.exe [MD5.C8824405C4E358A2FE4D97C83101079A] - [08/06/2017 06:30:27] - |A| - [153376] - C:\Windows\system32\javaws.exe [MD5.69A0628BBE1A404B1BA0B6DCA7610A06] - [09/06/2017 14:59:29] - |A| - [98304] - C:\Windows\system32\L3CODECX.AX [MD5.5E6F49F657A509D079C60D08A2EE33A7] - [09/06/2017 14:59:29] - |A| - [245760] - C:\Windows\system32\lame.ax [MD5.521F1463E9733FD867E097727DD90177] - [09/06/2017 14:59:29] - |A| - [261632] - C:\Windows\system32\mcdvd_32.dll [MD5.016BE824802F3869A7DA2F2B6329B563] - [09/06/2017 14:59:29] - |A| - [413760] - C:\Windows\system32\mpg4c32.dll [MD5.35EAEAA90AE48FF392B766F3080F3217] - [09/06/2017 14:59:46] - |A| - [71480] - C:\Windows\system32\mslvddsfilter3.ax [MD5.5FEFD614BBD3FFA3712B172F70B1FDE2] - [09/06/2017 14:59:30] - |A| - [24576] - C:\Windows\system32\msxml3a.dll [MD5.1C77E76A6C8DCD0482883C4748F6B481] - [09/06/2017 07:57:18] - |A| - [24680] - C:\Windows\system32\mv2.dll [MD5.7AEA4DF1CA68FD45DD4BBE1F0243CE7F] - [08/06/2017 06:07:21] - |A| - [71096] - C:\Windows\system32\NMSAccessU.exe [MD5.00000000000000000000000000000000] - [23/06/2017 02:49:22] - |D| - [658752] - C:\Windows\system32\Npcap [MD5.783B818AC0B424E175EA63D175489F62] - [10/06/2017 16:37:14] - |A| - [125632] - C:\Windows\system32\pxcpm5L.dll [MD5.63933941E56CBA2B65BDF51F72D4A341] - [16/06/2017 18:49:33] - |A| - [323520] - C:\Windows\system32\ROMwln.dll [MD5.DC4B2F21968AC6E7E6C8A4417ED0D85C] - [09/06/2017 14:59:29] - |A| - [13239] - C:\Windows\system32\Scg726.acm [MD5.B71EDD2C82F513AACCD3059635F483EA] - [08/06/2017 06:07:18] - |A| - [692224] - C:\Windows\system32\SyncBackPro.dll [MD5.83A083A42F97BCF3F8E016820178DDE2] - [09/06/2017 14:59:29] - |A| - [82944] - C:\Windows\system32\vct3216.acm [MD5.FAC0D5B16EFA7376CA81047490187D0D] - [09/06/2017 14:59:30] - |A| - [438272] - C:\Windows\system32\vp6vfw.dll [MD5.A9970042BE512C7981B36E689C5F3F9F] - [16/06/2017 16:25:07] - |A| - [1461992] - C:\Windows\system32\WdfCoInstaller01009.dll [MD5.1D9FB9784F32276EFB43512A81217753] - [09/06/2017 14:59:29] - |A| - [53248] - C:\Windows\system32\xvid.ax [MD5.51853084F6D842026392335CCC338D67] - [16/06/2017 16:30:07] - |A| - [21264] - C:\Windows\system32\Drivers\CLMirrorDriver.sys [MD5.BDF8CB4E8D283534BCF09284B858EB17] - [16/06/2017 16:25:07] - |A| - [79624] - C:\Windows\system32\Drivers\CLVirtualBus01.sys [MD5.2970D03C1954668522C18BEE30DE57CC] - [08/06/2017 23:45:23] - |A| - [95976] - C:\Windows\system32\Drivers\cmdcss.sys [MD5.4F334F8BF3AC669FD655E69A3B866239] - [10/06/2017 22:05:19] - |A| - [26168] - C:\Windows\system32\Drivers\dtproscsibus.sys [MD5.697C5171833B7D67CA6802C345BCC55C] - [08/06/2017 23:24:55] - |A| - [3060] - C:\Windows\system32\Drivers\fvstore.dat [MD5.7E2722165591E58D16E64B8FB850BB83] - [08/06/2017 06:42:55] - |A| - [17472] - C:\Windows\system32\Drivers\GUSBootStartup.sys [MD5.048C878140F1DA2C560820EBFB541EB8] - [08/06/2017 04:43:25] - |A| - [40952] - C:\Windows\system32\Drivers\isedrv.sys [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/06/2017 16:25:37] - |AH| - [0] - C:\Windows\system32\Drivers\Msft_Kernel_CLVirtualBus01_01009.Wdf [MD5.797BDDFB4388C89E513B495CDF11BEF5] - [09/06/2017 07:57:19] - |A| - [12904] - C:\Windows\system32\Drivers\mv2.sys [MD5.B8EAC99B14772BDC36CA963AED109FA2] - [10/06/2017 22:00:27] - |A| - [22312] - C:\Windows\system32\Drivers\rsdrv.sys ---------- | Drives A: E: F: G: [18/06/2017 19:26:03] - |A| - (.2005-2017 COMODO. All rights reserved. - COMODO Internet Security.) - [5365328] - (10.0.1.6246) - G:\cfw_installer_6106_53.exe [18/06/2017 19:27:54] - |A| - (.2005-2017 COMODO. All rights reserved. - COMODO Internet Security.) - [5365336] - (10.0.1.6246) - G:\cispremium_installer.exe [18/06/2017 19:28:32] - |A| - (.Copyright (c) 2009-2017, Comodo Security Solutions, Inc. - Comodo Dragon.) - [69134136] - (57.0.2987.93) - G:\dragonsetup.exe [18/06/2017 19:28:21] - |A| - (.© 2008-2012 Comodo Security Solutions, Inc. All rights reserved. - COMODO PC TuneUp setup.) - [14863480] - (1.0.3740.46) - G:\cptsetup.exe [18/06/2017 19:29:20] - |A| - (.Copyright (c) 2015, Comodo Security Solutions, Inc. - Comodo IceDragon.) - [53489464] - (40.1.1.18) - G:\icedragonsetup.exe [19/06/2017 14:43:57] - |H| - (. - .) - [16] - (0.0.0.0) - G:\AUTORUN.INF H: I: J: K: [13/06/2017 09:55:16] - |A| - (. - .) - [1916] - (0.0.0.0) - K:\Air.Explorer.1.15.1.Portable - Raccourci (2).lnk [13/06/2017 09:55:16] - |A| - (. - .) - [1350] - (0.0.0.0) - K:\Air.Explorer.1.15.1.Portable - Raccourci.lnk [13/06/2017 09:55:27] - |A| - (. - .) - [2042] - (0.0.0.0) - K:\Apowersoft.Phone.Manager.PRO.2.8.7.KaranPC - Raccourci (2).lnk [13/06/2017 09:55:27] - |A| - (. - .) - [1420] - (0.0.0.0) - K:\Apowersoft.Phone.Manager.PRO.2.8.7.KaranPC - Raccourci.lnk [13/06/2017 09:55:29] - |A| - (. - .) - [1829] - (0.0.0.0) - K:\ASC_Portable - Raccourci.lnk [13/06/2017 09:55:45] - |A| - (. - .) - [1285] - (0.0.0.0) - K:\BitPro-3.40.287.apk - Raccourci.lnk [22/01/2017 09:50:46] - |A| - (. - .) - [574] - (0.0.0.0) - K:\COMODO TrustConnect (VPN).lnk [13/06/2017 09:56:22] - |A| - (. - .) - [1737] - (0.0.0.0) - K:\Documents - Raccourci.lnk [13/06/2017 09:56:36] - |A| - (. - .) - [1880] - (0.0.0.0) - K:\Filmora.8.2.2.1.Portable - Raccourci (2).lnk [13/06/2017 09:56:36] - |A| - (. - .) - [1330] - (0.0.0.0) - K:\Filmora.8.2.2.1.Portable - Raccourci.lnk [13/06/2017 09:56:39] - |A| - (. - .) - [1939] - (0.0.0.0) - K:\GlassWire.Elite.1.2.102.KaranPC - Raccourci (2).lnk [13/06/2017 09:56:39] - |A| - (. - .) - [1365] - (0.0.0.0) - K:\GlassWire.Elite.1.2.102.KaranPC - Raccourci.lnk [13/06/2017 10:17:13] - |A| - (. - .) - [1311] - (0.0.0.0) - K:\Google Drive.lnk [13/06/2017 09:56:44] - |A| - (. - .) - [2006] - (0.0.0.0) - K:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC - Raccourci (2).lnk [13/06/2017 09:56:44] - |A| - (. - .) - [1400] - (0.0.0.0) - K:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC - Raccourci.lnk [13/06/2017 09:56:44] - |A| - (. - .) - [2029] - (0.0.0.0) - K:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC(2) - Raccourci ().lnk [13/06/2017 09:56:44] - |A| - (. - .) - [1415] - (0.0.0.0) - K:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC(2) - Raccourci.lnk [13/06/2017 09:57:01] - |A| - (. - .) - [1250] - (0.0.0.0) - K:\Launcher - Raccourci.lnk [13/06/2017 09:57:02] - |A| - (. - .) - [1970] - (0.0.0.0) - K:\Max.Uninstaller.3.8.1.1578.KaranPC - Raccourci (2).lnk [13/06/2017 09:57:02] - |A| - (. - .) - [1380] - (0.0.0.0) - K:\Max.Uninstaller.3.8.1.1578.KaranPC - Raccourci.lnk [13/06/2017 09:57:25] - |A| - (. - .) - [1335] - (0.0.0.0) - K:\PDF-5.4.1.0510.karan.mobi.apk - Raccourci.lnk [13/06/2017 09:57:34] - |A| - (. - .) - [2101] - (0.0.0.0) - K:\PDF-XChange.Viewer.Pro.2.5.322.4.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 09:57:34] - |A| - (. - .) - [1455] - (0.0.0.0) - K:\PDF-XChange.Viewer.Pro.2.5.322.4.Portable.KaranPC - Raccourci.lnk [13/06/2017 09:57:25] - |A| - (. - .) - [1737] - (0.0.0.0) - K:\PDFTools6 - Raccourci (2).lnk [13/06/2017 09:57:25] - |A| - (. - .) - [1798] - (0.0.0.0) - K:\PDFTools6 - Raccourci.lnk [13/06/2017 09:57:35] - |A| - (. - .) - [1773] - (0.0.0.0) - K:\PDFXLiteHome6 - Raccourci (2).lnk [13/06/2017 09:57:35] - |A| - (. - .) - [1834] - (0.0.0.0) - K:\PDFXLiteHome6 - Raccourci.lnk [13/06/2017 09:57:37] - |A| - (. - .) - [1717] - (0.0.0.0) - K:\PDFXVE6 - Raccourci (2).lnk [13/06/2017 09:57:37] - |A| - (. - .) - [1778] - (0.0.0.0) - K:\PDFXVE6 - Raccourci.lnk [13/06/2017 09:57:37] - |A| - (. - .) - [1750] - (0.0.0.0) - K:\PDFXVE6(2) - Raccourci ().lnk [13/06/2017 09:57:37] - |A| - (. - .) - [1811] - (0.0.0.0) - K:\PDFXVE6(2) - Raccourci.lnk [13/06/2017 09:57:53] - |A| - (. - .) - [1732] - (0.0.0.0) - K:\PDFXVwer - Raccourci (2).lnk [13/06/2017 09:57:53] - |A| - (. - .) - [1793] - (0.0.0.0) - K:\PDFXVwer - Raccourci.lnk [13/06/2017 09:57:57] - |A| - (. - .) - [1768] - (0.0.0.0) - K:\PortableApps - Raccourci.lnk [08/06/2017 20:23:01] - |A| - (. - .) - [1160] - (0.0.0.0) - K:\Samples (muvee Wedding Studio).lnk [13/06/2017 09:58:02] - |A| - (. - .) - [1919] - (0.0.0.0) - K:\StartMenuXPro61-jt46ds - Raccourci.lnk [13/06/2017 09:58:04] - |A| - (. - .) - [2042] - (0.0.0.0) - K:\TeamViewer.12.0.78313.All.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 09:58:04] - |A| - (. - .) - [1420] - (0.0.0.0) - K:\TeamViewer.12.0.78313.All.Portable.KaranPC - Raccourci.lnk [13/06/2017 09:58:14] - |A| - (. - .) - [2096] - (0.0.0.0) - K:\TweakBit.Driver.Updater.1.8.1.4.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 09:58:15] - |A| - (. - .) - [1450] - (0.0.0.0) - K:\TweakBit.Driver.Updater.1.8.1.4.Portable.KaranPC - Raccourci.lnk [13/06/2017 09:58:15] - |A| - (. - .) - [1921] - (0.0.0.0) - K:\UltraEdit.24.10.0.24.Portable - Raccourci (2).lnk [13/06/2017 09:58:15] - |A| - (. - .) - [1355] - (0.0.0.0) - K:\UltraEdit.24.10.0.24.Portable - Raccourci.lnk [28/02/2011 04:57:52] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Image Helper.) - [1080656] - (6.11.1.404) - K:\dbghelp.dll [21/02/2016 19:04:14] - |A| - (.Copyright (c) Rocket Division Software, StarBurn Software 2001-2015. All rights reserved. - StarBurn CD/DVD/Blu-Ray/HD-DVD Burning, Grabbing and Mastering Toolkit for Windows 95/98/Me/NT/2000/XP/2003/Vista/Longhorn/7/8/2010.) - [3235200] - (15.5.1.4144) - K:\StarBurn.dll [13/06/2017 09:55:15] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - K:\AdwCleaner.6.047.KaranPC.exe [10/11/2016 21:48:56] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [3910208] - (6.0.3.0) - K:\adwcleaner_6.030.exe [13/06/2017 09:55:15] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - K:\adwcleaner_6.047(2).exe [13/06/2017 09:55:16] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - K:\adwcleaner_6.047.exe [12/06/2017 07:34:49] - |A| - (. - Ashampoo Music Studio 4 Setup .) - [2492000] - (1.0.0.0) - K:\ashampoo_music_studio_4_dl.exe [05/06/2017 21:49:36] - |A| - (.2007-2015@Auslogics Software Pty Ltd - Auslogics BitReplica Installation File .) - [6628472] - (2.1.1.0) - K:\auslogics-bitreplica-setup.exe [13/06/2017 09:55:43] - |A| - (. - .) - [9915392] - (0.0.0.0) - K:\bitdefender_homescanner.exe [30/04/2016 20:13:58] - |A| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - K:\BitTorrent (1).exe [30/04/2016 20:17:08] - |A| - (.©2016 BitTorrent, Inc. All Rights Reserved. - BitTorrent.) - [1963528] - (7.9.6.42179) - K:\BitTorrent(btkey,https^3A^2F^2Futp.st^2FjSAg97W0).exe [19/05/2017 18:11:36] - |A| - (.Copyright 2009 - clout.) - [2703072] - (1.0.0.1) - K:\clout.exe [13/06/2017 09:37:11] - |A| - (. - Dr. Folder Setup .) - [8249192] - (0.0.0.0) - K:\dfinstall.exe [07/05/2009 00:58:20] - |A| - (. - .) - [68096] - (0.0.0.0) - K:\diff.exe [13/06/2017 09:40:02] - |A| - (.Copyright(c) 2013 ArcticLine Software. - FileMarker.NET Pro - tool for file icon changing .) - [2548288] - (1.0.1.0) - K:\FileMarker.NET_Pro.exe [13/06/2017 09:22:11] - |A| - (.Copyright © 2006-2013 ArcticLine Software - Folder Marker Free - Tool for folder icon changing.) - [16874149] - (4.2.0.0) - K:\Folder Marker Free.port.exe [13/06/2017 09:22:12] - |A| - (.Copyright(c) 2006-2017 ArcticLine Software - Folder Marker Free - tool for folder icon changing .) - [5405800] - (4.3.0.0) - K:\FolderMarkerFree.exe [13/06/2017 09:56:36] - |A| - (.Jacek Pazera - Free Audio Extractor installer..) - [2717700] - (1.3.0.0) - K:\Free Audio Extractor.exe [17/05/2017 19:34:38] - |A| - (. - Free Image Convert and Resize Setup .) - [2268208] - (1.0.5.0) - K:\FreeImageConvertAndResize_2.1.70.822_d.exe [17/05/2017 19:34:37] - |A| - (. - Free Image Convert and Resize Setup .) - [2268208] - (1.0.5.0) - K:\FreeImageConvertAndResize_2.1.70.822_o.exe [13/06/2017 09:56:37] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - K:\FRST(2).exe [13/06/2017 09:56:37] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - K:\FRST(3).exe [13/06/2017 09:56:37] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - K:\FRST.exe [13/06/2017 09:56:37] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2438656] - (11.6.2017.0) - K:\FRST64(2).exe [13/06/2017 09:56:37] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2438656] - (11.6.2017.0) - K:\FRST64.exe [19/05/2017 18:11:22] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - GoodSync Synchronizer.) - [11028192] - (10.4.5.9) - K:\GoodSync-inst.exe [19/05/2017 18:11:22] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - GoodSync Synchronizer.) - [11028192] - (10.4.5.9) - K:\GoodSync2Go-v10.exe [19/04/2017 18:52:22] - |A| - (.Copyright (c) GoPro, Inc.. All rights reserved. - GoPro Studio 2.5.7.) - [121291664] - (2.5.7.549) - K:\GoProStudioPC-2.5.7.549 [1].exe [19/05/2017 18:11:32] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - Command Line GoodSync File System Tool.) - [3947744] - (9.9.95.9) - K:\gscp.exe [19/05/2017 18:11:38] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - GoodSync Explorer.) - [9084640] - (10.4.5.9) - K:\GsExplorer.exe [19/05/2017 18:11:26] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - Command Line GoodSync.) - [4941024] - (10.4.5.9) - K:\gsync-v10.exe [13/06/2017 09:56:54] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - K:\iExplore.exe [13/06/2017 09:56:54] - |A| - (.Christian Kindahl - InfraRecorder Portable installer..) - [680350] - (0.52.0.0) - K:\InfraRecorder.exe [15/11/2016 18:20:48] - |A| - (. - ISO to USB Setup .) - [1733751] - (0.0.0.0) - K:\isotousb_setup.exe [17/05/2017 17:55:50] - |A| - (. - Junkware Removal Tool.) - [1663672] - (8.1.3.0) - K:\JRT.exe [13/06/2017 09:56:58] - |A| - (. - K-Lite Mega Codec Pack Setup .) - [45240736] - (13.2.4.0) - K:\K-Lite.Codec.Pack.13.2.4.KaranPC.Mega.exe [13/06/2017 09:56:58] - |A| - (.Dominik Reichl and community - KeePass Professional Portable installer..) - [613792] - (2.18.0.0) - K:\KeePassProfessional.exe [19/05/2017 18:11:30] - |A| - (.Copyright (C) 2007-2017 Siber Systems Inc. - GoodSync Log Viewer.) - [4347104] - (9.9.95.9) - K:\LogView.exe [19/04/2017 18:53:18] - |A| - (.(c) Malwarebytes. All rights reserved. - Malwarebytes Anti-Malware .) - [22851472] - (2.2.1.1043) - K:\mbam-setup-2.2.1.1043.exe [26/05/2017 14:07:50] - |A| - (.Copyright 2016 Wondershare Corporation - mobilego_setup_full818.exe.) - [1183888] - (1.4.0.1) - K:\mobilego_setup_full818.exe [15/05/2017 14:15:53] - |A| - (.© MOVAVI. All rights reserved. - Movavi Video Suite 11.) - [102150320] - (11.3.1.0) - K:\MovaviVideoSuiteSetup_11_3_1.exe [13/06/2017 09:40:29] - |A| - (.Copyright (C) 2008 - muvee Installer.) - [7477128] - (10.5.0.24958) - K:\muveeTurboVideoCutter_1.2.0.25543_2868.exe [13/06/2017 09:40:30] - |A| - (.Copyright (C) 2008 - muvee Installer.) - [10705944] - (10.0.1.23600) - K:\muveeTurboVideoStabilizer_1.0.0.23_2786.exe [09/06/2017 06:14:13] - |A| - (.Copyright (C) 2006 Macrovision Corporation - Setup Launcher .) - [146379680] - (12.0.0.58851) - K:\PCmover_EN.exe [14/11/2016 10:30:43] - |A| - (.(c) Paramount Software. All rights reserved. - Macrium Reflect Package Download.) - [3545552] - (6.0.553.0) - K:\ReflectDL.exe [17/04/2017 07:35:21] - |A| - (.ResetBrowser - Comment Supprimer ? - ResetBrowser.) - [1622528] - (0.1.1.6) - K:\ResetBrowser.exe [12/06/2017 13:57:23] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - K:\rkill.exe [25/02/2015 15:22:15] - |A| - (.ENC Security Systems BV - SanDisk SecureAccessV3.) - [16024600] - (6.0.9.0) - K:\RunSanDiskSecureAccess_Win.exe [17/05/2017 17:56:13] - |A| - (. - .) - [16384] - (0.0.0.0) - K:\SFTGC.exe [13/06/2017 09:57:58] - |A| - (.Skype Limited - Skype Portable installer..) - [242815] - (1.3.0.6) - K:\SkypePortable.exe [22/01/2017 09:15:29] - |A| - (.© 2016 Sophos Limited - SophosClean.) - [11619360] - (3.7.13.262) - K:\SophosClean_x64.exe [13/06/2017 09:58:01] - |A| - (.RootkitAnalytics.com - SpyDLLRemover installer..) - [1370201] - (3.2.0.0) - K:\SpyDLLRemover.exe [13/06/2017 09:58:07] - |A| - (.TeamViewer GmbH - TeamViewer Portable installer..) - [602283] - (7.0.12799.0) - K:\TeamViewer.exe [24/04/2017 09:06:11] - |A| - (.TeamViewer GmbH - .) - [14718840] - (12.1.10277.0) - K:\TeamViewer_Setup.exe [26/05/2017 09:22:58] - |A| - (.Mozilla - Thunderbird.) - [40489056] - (4.42.0.0) - K:\Thunderbird Setup 52.1.1.exe [14/11/2016 07:50:00] - |A| - (.Copyright - Geza Kovacs+Thomas Tsai - License - GNU GPL v2+ - tuxboot - http://tuxboot.sourceforge.net.) - [5111808] - (1.1.1.1) - K:\tuxboot-0.8.2.exe [17/05/2017 17:56:15] - |A| - (.© 2008/2016 - El Desaparecido - www.SosVirus.net - UsbFix - Remove Malware From Your Drive!.) - [304243] - (8.2.1.0) - K:\Un-UsbFix.exe [13/06/2017 09:58:20] - |A| - (.Geza Kovacs - UNetbootin Portable installer..) - [4921375] - (0.0.0.568) - K:\UNetbootin.exe [17/04/2017 07:34:33] - |A| - (. - Win32DiskImager Setup .) - [12290974] - (0.0.0.0) - K:\Win32DiskImager-0.9.5-install.exe [13/06/2017 09:58:53] - |A| - (.Wisecleaner.com - Wise Disk Cleaner Free Portable installer..) - [672609] - (7.1.3.466) - K:\WiseDiskCleaner.exe [10/11/2016 22:04:11] - |A| - (.Nicolas Coolman - ZHPCleane.) - [2771456] - (2017.5.14.81) - K:\ZHPCleaner.exe [10/11/2016 22:41:19] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2442240] - (2016.11.8.213) - K:\ZHPDiag3.exe [09/12/2016 16:18:19] - |A| - (. - .) - [149] - (0.0.0.0) - K:\autorun (1).inf [24/05/2016 07:32:13] - |A| - (. - .) - [5774] - (0.0.0.0) - K:\a2settings.ini [24/05/2016 09:34:30] - |A| - (. - .) - [64] - (0.0.0.0) - K:\a2whitelist.ini [28/04/2017 06:04:22] - |A| - (. - .) - [410] - (0.0.0.0) - K:\ampa.ini [21/04/2017 17:10:51] - |A| - (. - .) - [4] - (0.0.0.0) - K:\bandeja.ini [21/04/2017 17:10:51] - |A| - (. - .) - [10] - (0.0.0.0) - K:\config.ini [18/04/2026 19:29:05] - |A| - (. - .) - [2054] - (0.0.0.0) - K:\Framakey.ini [21/04/2017 17:10:51] - |A| - (. - .) - [4] - (0.0.0.0) - K:\idioma.ini [09/08/2016 16:00:26] - |A| - (. - .) - [44] - (0.0.0.0) - K:\language.ini [13/06/2017 09:57:01] - |A| - (. - .) - [27] - (0.0.0.0) - K:\Launcher.ini [11/07/2016 09:24:15] - |A| - (. - .) - [0] - (0.0.0.0) - K:\LogAnalyZer.ini [25/02/2017 07:34:32] - |A| - (. - .) - [2069] - (0.0.0.0) - K:\rk_config.ini [12/06/2017 13:57:23] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - K:\rkill.com L: [13/06/2017 21:06:26] - |A| - (. - .) - [1916] - (0.0.0.0) - L:\Air.Explorer.1.15.1.Portable - Raccourci (2).lnk [13/06/2017 21:06:27] - |A| - (. - .) - [1350] - (0.0.0.0) - L:\Air.Explorer.1.15.1.Portable - Raccourci.lnk [13/06/2017 21:08:49] - |A| - (. - .) - [2042] - (0.0.0.0) - L:\Apowersoft.Phone.Manager.PRO.2.8.7.KaranPC - Raccourci (2).lnk [13/06/2017 21:08:51] - |A| - (. - .) - [1420] - (0.0.0.0) - L:\Apowersoft.Phone.Manager.PRO.2.8.7.KaranPC - Raccourci.lnk [13/06/2017 21:08:52] - |A| - (. - .) - [1829] - (0.0.0.0) - L:\ASC_Portable - Raccourci.lnk [13/06/2017 21:10:08] - |A| - (. - .) - [1285] - (0.0.0.0) - L:\BitPro-3.40.287.apk - Raccourci.lnk [13/06/2017 21:10:09] - |A| - (. - .) - [2157] - (0.0.0.0) - L:\CODE DE LICENSE CODYSAFE - Raccourci.lnk [13/06/2017 21:10:13] - |A| - (. - .) - [1732] - (0.0.0.0) - L:\CodySafe - Raccourci.lnk [13/06/2017 21:10:13] - |A| - (. - .) - [1948] - (0.0.0.0) - L:\codysafe portable skins & themes - Raccourci.lnk [13/06/2017 21:13:55] - |A| - (. - .) - [1737] - (0.0.0.0) - L:\Documents - Raccourci.lnk [13/06/2017 21:14:09] - |A| - (. - .) - [1485] - (0.0.0.0) - L:\EMCO.Malware.Destroyer.7.7.10.1130.Portable.karanpc.com - Raccourci.lnk [13/06/2017 21:14:51] - |A| - (. - .) - [1880] - (0.0.0.0) - L:\Filmora.8.2.2.1.Portable - Raccourci (2).lnk [13/06/2017 21:14:52] - |A| - (. - .) - [1330] - (0.0.0.0) - L:\Filmora.8.2.2.1.Portable - Raccourci.lnk [13/06/2017 21:16:23] - |A| - (. - .) - [1939] - (0.0.0.0) - L:\GlassWire.Elite.1.2.102.KaranPC - Raccourci (2).lnk [13/06/2017 21:16:24] - |A| - (. - .) - [1365] - (0.0.0.0) - L:\GlassWire.Elite.1.2.102.KaranPC - Raccourci.lnk [13/06/2017 21:16:52] - |A| - (. - .) - [2006] - (0.0.0.0) - L:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC - Raccourci (2).lnk [13/06/2017 21:16:55] - |A| - (. - .) - [1400] - (0.0.0.0) - L:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC - Raccourci.lnk [13/06/2017 21:16:55] - |A| - (. - .) - [2029] - (0.0.0.0) - L:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC(2) - Raccourci ().lnk [13/06/2017 21:16:56] - |A| - (. - .) - [1415] - (0.0.0.0) - L:\GreenCloud.Printer.Pro.7.8.2.0.KaranPC(2) - Raccourci.lnk [13/06/2017 21:18:25] - |A| - (. - .) - [1250] - (0.0.0.0) - L:\Launcher - Raccourci.lnk [13/06/2017 21:18:46] - |A| - (. - .) - [1970] - (0.0.0.0) - L:\Max.Uninstaller.3.8.1.1578.KaranPC - Raccourci (2).lnk [13/06/2017 21:18:48] - |A| - (. - .) - [1380] - (0.0.0.0) - L:\Max.Uninstaller.3.8.1.1578.KaranPC - Raccourci.lnk [13/06/2017 21:20:37] - |A| - (. - .) - [1335] - (0.0.0.0) - L:\PDF-5.4.1.0510.karan.mobi.apk - Raccourci.lnk [13/06/2017 21:20:45] - |A| - (. - .) - [2101] - (0.0.0.0) - L:\PDF-XChange.Viewer.Pro.2.5.322.4.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 21:20:46] - |A| - (. - .) - [1455] - (0.0.0.0) - L:\PDF-XChange.Viewer.Pro.2.5.322.4.Portable.KaranPC - Raccourci.lnk [13/06/2017 21:20:40] - |A| - (. - .) - [1737] - (0.0.0.0) - L:\PDFTools6 - Raccourci (2).lnk [13/06/2017 21:20:42] - |A| - (. - .) - [1798] - (0.0.0.0) - L:\PDFTools6 - Raccourci.lnk [13/06/2017 21:20:59] - |A| - (. - .) - [1773] - (0.0.0.0) - L:\PDFXLiteHome6 - Raccourci (2).lnk [13/06/2017 21:21:01] - |A| - (. - .) - [1834] - (0.0.0.0) - L:\PDFXLiteHome6 - Raccourci.lnk [13/06/2017 21:21:23] - |A| - (. - .) - [1717] - (0.0.0.0) - L:\PDFXVE6 - Raccourci (2).lnk [13/06/2017 21:21:25] - |A| - (. - .) - [1778] - (0.0.0.0) - L:\PDFXVE6 - Raccourci.lnk [13/06/2017 21:21:29] - |A| - (. - .) - [1750] - (0.0.0.0) - L:\PDFXVE6(2) - Raccourci ().lnk [13/06/2017 21:21:32] - |A| - (. - .) - [1811] - (0.0.0.0) - L:\PDFXVE6(2) - Raccourci.lnk [13/06/2017 21:23:03] - |A| - (. - .) - [1732] - (0.0.0.0) - L:\PDFXVwer - Raccourci (2).lnk [13/06/2017 21:23:08] - |A| - (. - .) - [1793] - (0.0.0.0) - L:\PDFXVwer - Raccourci.lnk [13/06/2017 21:23:36] - |A| - (. - .) - [1280] - (0.0.0.0) - L:\PhotoDir-5.5.1.apk - Raccourci.lnk [13/06/2017 21:23:39] - |A| - (. - .) - [1768] - (0.0.0.0) - L:\PortableApps - Raccourci.lnk [13/06/2017 21:24:20] - |A| - (. - .) - [2306] - (0.0.0.0) - L:\start menu x pro giveaway activation code - Raccourci.lnk [13/06/2017 21:24:42] - |A| - (. - .) - [1919] - (0.0.0.0) - L:\StartMenuXPro61-jt46ds - Raccourci.lnk [13/06/2017 21:25:03] - |A| - (. - .) - [2042] - (0.0.0.0) - L:\TeamViewer.12.0.78313.All.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 21:25:03] - |A| - (. - .) - [1420] - (0.0.0.0) - L:\TeamViewer.12.0.78313.All.Portable.KaranPC - Raccourci.lnk [13/06/2017 21:26:08] - |A| - (. - .) - [2096] - (0.0.0.0) - L:\TweakBit.Driver.Updater.1.8.1.4.Portable.KaranPC - Raccourci (2).lnk [13/06/2017 21:26:11] - |A| - (. - .) - [1450] - (0.0.0.0) - L:\TweakBit.Driver.Updater.1.8.1.4.Portable.KaranPC - Raccourci.lnk [13/06/2017 21:26:24] - |A| - (. - .) - [1921] - (0.0.0.0) - L:\UltraEdit.24.10.0.24.Portable - Raccourci (2).lnk [13/06/2017 21:26:27] - |A| - (. - .) - [1355] - (0.0.0.0) - L:\UltraEdit.24.10.0.24.Portable - Raccourci.lnk [13/06/2017 21:08:41] - |A| - (. - A-PDF to Video Setup .) - [16523542] - (0.0.0.0) - L:\a-pdf-ptv.exe [13/06/2017 21:06:04] - |A| - (.© Systweak Software - Advanced System Protector .) - [5907704] - (2.1.1000.13627) - L:\advanced-system-protector_2-1_fr_202630.exe [13/06/2017 21:06:13] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - L:\AdwCleaner.6.047.KaranPC.exe [10/11/2016 21:48:56] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [3910208] - (6.0.3.0) - L:\adwcleaner_6.030.exe [13/06/2017 21:06:17] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - L:\adwcleaner_6.047(2).exe [13/06/2017 21:06:22] - |A| - (.Malwarebytes - AdwCleaner is a free Adware/PUP removal tool..) - [4110280] - (6.0.4.7) - L:\adwcleaner_6.047.exe [25/05/2017 17:12:50] - |A| - (.Copyright © 2008-2017 Auslogics Labs Pty Ltd - TweakBit Anti-Malware Installation File .) - [8467112] - (2.2.0.0) - L:\anti-malware-setup.exe [13/06/2017 21:09:39] - |A| - (. - Ashampoo Music Studio 4 Setup .) - [2492000] - (1.0.0.0) - L:\ashampoo_music_studio_4_dl.exe [13/06/2017 21:10:03] - |A| - (. - .) - [9915392] - (0.0.0.0) - L:\bitdefender_homescanner.exe [13/06/2017 21:10:13] - |A| - (.Codyssey.com - CodySafe installer.) - [42137268] - (1.1.0.135) - L:\CodySafe_AdminPack.exe [13/06/2017 21:10:15] - |A| - (.Codyssey.com - CodySafe installer.) - [11519840] - (1.1.0.135) - L:\CodySafe_CommPack.exe [13/06/2017 21:10:23] - |A| - (.Codyssey.com - CodySafe Sigma installer.) - [2485182] - (1.1.2.146) - L:\CodySafe_Sigma_Setup.exe [13/06/2017 21:10:29] - |A| - (.Codyssey.com - Crow Theme for CodySafe installer.) - [901821] - (0.1.0.0) - L:\Crow Theme for CodySafe.exe [13/06/2017 21:15:04] - |A| - (.Jacek Pazera - Free Audio Extractor installer..) - [2717700] - (1.3.0.0) - L:\Free Audio Extractor.exe [13/06/2017 21:15:09] - |A| - (.FreeDownloadManager.ORG - Free Download Manager Portable installer..) - [4495536] - (3.8.1173.0) - L:\Free Download Manager.exe [13/06/2017 21:15:15] - |A| - (.ZenJu & Contributors @ SourceForge - FreeFileSync Portable installer..) - [8218549] - (5.0.0.0) - L:\FreeFileSync.exe [30/05/2017 13:49:32] - |A| - (.Zenju - All Rights Reserved - FreeFileSync 9.1 [Donation Edition] Setup .) - [11690272] - (9.1.0.0) - L:\FreeFileSync_9.1_[Donation_Edition]_Windows_Setup.exe [13/06/2017 21:15:26] - |A| - (.Codyssey.com - Freeraser installer.) - [2041097] - (1.0.0.23) - L:\FreeraserSetup.exe [13/06/2017 21:15:35] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - L:\FRST(2).exe [13/06/2017 21:15:41] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - L:\FRST(3).exe [13/06/2017 21:15:48] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [1776640] - (11.6.2017.0) - L:\FRST.exe [13/06/2017 21:15:54] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2438656] - (11.6.2017.0) - L:\FRST64(2).exe [13/06/2017 21:15:58] - |A| - (.©1999-2015 Jonathan Bennett & AutoIt Team - Farbar Recovery Scan Tool.) - [2438656] - (11.6.2017.0) - L:\FRST64.exe [13/06/2017 21:16:49] - |A| - (.Codyssey.com - Green Theme for CodySafe installer.) - [1059588] - (0.1.0.0) - L:\Green Theme for CodySafe.exe [13/06/2017 21:17:23] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - L:\iExplore.exe [13/06/2017 21:17:31] - |A| - (.Christian Kindahl - InfraRecorder Portable installer..) - [680350] - (0.52.0.0) - L:\InfraRecorder.exe [13/06/2017 21:18:23] - |A| - (. - K-Lite Mega Codec Pack Setup .) - [45240736] - (13.2.4.0) - L:\K-Lite.Codec.Pack.13.2.4.KaranPC.Mega.exe [13/06/2017 21:18:21] - |A| - (.Dominik Reichl and community - KeePass Professional Portable installer..) - [613792] - (2.18.0.0) - L:\KeePassProfessional.exe [20/03/2017 09:26:53] - |A| - (. - .) - [926278321] - (1.0.0.0) - L:\lfs u 100% s fin pt 5000_sib.exe [13/06/2017 21:18:31] - |A| - (.Codyssey.com - Liberty Theme for CodySafe installer.) - [904115] - (0.1.0.0) - L:\Liberty Theme for CodySafe.exe [13/06/2017 21:19:57] - |A| - (. - .) - [219648] - (3.1.3.0) - L:\OTA.exe [13/06/2017 21:20:01] - |A| - (. - .) - [646656] - (3.1.47.2) - L:\OTS.exe [17/04/2017 07:35:21] - |A| - (.ResetBrowser - Comment Supprimer ? - ResetBrowser.) - [1622528] - (0.1.1.6) - L:\ResetBrowser.exe [13/06/2017 21:23:56] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - L:\rkill.exe [13/06/2017 20:06:00] - |A| - (. - .) - [2279928] - (0.0.0.0) - L:\SharewareOnSale_Giveaway_Eassos_System_Restore_hub.exe [13/06/2017 21:24:05] - |A| - (.Skype Limited - Skype Portable installer..) - [242815] - (1.3.0.6) - L:\SkypePortable.exe [13/06/2017 21:24:07] - |A| - (.Avanquest Software - Protect your privacy .) - [1370624] - (2.0.0.0) - L:\SmartPrivacyCleaner_FR.exe [13/06/2017 21:24:13] - |A| - (.RootkitAnalytics.com - SpyDLLRemover installer..) - [1370201] - (3.2.0.0) - L:\SpyDLLRemover.exe [14/02/2010 00:18:58] - |A| - (.Codyssey.com - StartCodySafe - Starter for CodySafe portable environment.) - [182756] - (0.2.0.3) - L:\StartCodySafe.exe [13/06/2017 21:24:35] - |A| - (. - Start Menu X Setup .) - [6349736] - (0.0.0.0) - L:\StartMenuX_Setup_6_02_PRO.exe [13/06/2017 21:24:29] - |A| - (. - Start Menu X Setup .) - [6494576] - (0.0.0.0) - L:\StartMenuX_Setup_6_1_PRO.exe [13/06/2017 21:25:06] - |A| - (.TeamViewer GmbH - TeamViewer Portable installer..) - [602283] - (7.0.12799.0) - L:\TeamViewer.exe [13/06/2017 21:25:50] - |A| - (.© 1996-2017 by Joachim Marder e.K. - TreeSize Setup .) - [20313952] - (6.3.7.1230) - L:\TreeSize-x64-Demo.exe [13/06/2017 21:25:55] - |A| - (.© 1996-2017 by Joachim Marder e.K. - TreeSize Setup .) - [19062712] - (6.3.7.1230) - L:\TreeSize-x86-Demo.exe [13/06/2017 21:25:28] - |A| - (.© 1996-2017 by Joachim Marder e.K. - TreeSize Free Setup .) - [7471816] - (4.0.3.372) - L:\TreeSizeFreeSetup.exe [13/06/2017 21:26:37] - |A| - (.Geza Kovacs - UNetbootin Portable installer..) - [4921375] - (0.0.0.568) - L:\UNetbootin.exe [13/06/2017 21:27:19] - |A| - (.WiseCleaner.com - Wise Hotkey .) - [3430104] - (1.1.8.32) - L:\WHKSetup.exe [13/06/2017 21:27:26] - |A| - (. - WiPS Golden 2.1 Setup .) - [96588969] - (0.0.0.0) - L:\wips_golden21.exe [13/06/2017 21:27:30] - |A| - (. - WiPS Graphic 2.1 Setup .) - [46296084] - (0.0.0.0) - L:\WiPS_Graphic21.exe [13/06/2017 21:28:06] - |A| - (. - WiPS Multimedia 2.1 Setup .) - [106491898] - (0.0.0.0) - L:\WiPS_Multimedia21.exe [13/06/2017 19:49:20] - |A| - (. - WiPS Network 2.1 Setup .) - [90730190] - (0.0.0.0) - L:\WiPS_Network21.exe [13/06/2017 19:49:23] - |A| - (. - WiPS Office 2.1 Setup .) - [113052628] - (0.0.0.0) - L:\WiPS_Office21.exe [13/06/2017 19:50:17] - |A| - (. - WiPS Security 2.1 Setup .) - [32050785] - (0.0.0.0) - L:\WiPS_Security21.exe [13/06/2017 19:50:32] - |A| - (.Wisecleaner.com - Wise Disk Cleaner Free Portable installer..) - [672609] - (7.1.3.466) - L:\WiseDiskCleaner.exe [13/06/2017 19:50:36] - |A| - (.Wisecleaner.com - Wise Registry Cleaner Free Portable installer..) - [701911] - (6.2.1.388) - L:\WiseRegistryCleaner.exe [13/06/2017 19:50:40] - |A| - (.Codyssey.com - Yin & Yang Theme for CodySafe installer.) - [934453] - (0.1.0.0) - L:\Yin & Yang Theme for CodySafe.exe [10/11/2016 22:04:11] - |A| - (.Nicolas Coolman - ZHPCleane.) - [2488832] - (2016.11.8.191) - L:\ZHPCleaner.exe [10/11/2016 22:41:19] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2442240] - (2016.11.8.213) - L:\ZHPDiag3.exe [10/04/2017 14:26:42] - |A| - (. - .) - [282] - (0.0.0.0) - L:\desktop_FromLFSULTRA-WIDEN.ini [13/06/2017 21:18:27] - |A| - (. - .) - [27] - (0.0.0.0) - L:\Launcher.ini [13/06/2017 21:23:50] - |A| - (.© BleepingComputer.com. All rights reserved. - Terminates malware processes so that you can run your normal security programs..) - [2030536] - (2.8.4.0) - L:\rkill.com M: N: O: [16/06/2017 12:14:18] - |A| - (. - .) - [2233640] - (0.0.0.0) - O:\SharewareOnSale_Giveaway_EaseUS_EverySync_hub.exe [16/06/2017 12:14:20] - |A| - (.© 2008/2016 - El Desaparecido - www.SOSVirus.net - UsbFix Premium.) - [4165610] - (9.0.0.1) - O:\UsbFix_Standard.exe [16/06/2017 12:14:26] - |A| - (.Copyright 2017 Marcin Szeniak - BCUninstaller Setup .) - [2669920] - (3.8.3.0) - O:\BCUninstaller_3.8.3_setup.exe [16/06/2017 12:14:28] - |A| - (.ResetBrowser - Comment Supprimer ? - ResetBrowser.) - [1622528] - (0.1.1.6) - O:\ResetBrowser.exe [16/06/2017 12:14:29] - |A| - (. - Ashampoo Music Studio 4 Setup .) - [2492000] - (1.0.0.0) - O:\ashampoo_music_studio_4_dl.exe [16/06/2017 12:14:33] - |A| - (. - .) - [646656] - (3.1.47.2) - O:\OTS.exe [16/06/2017 12:14:33] - |A| - (. - .) - [646656] - (3.1.47.2) - O:\OTS (1).exe [16/06/2017 12:14:33] - |A| - (. - .) - [219648] - (3.1.3.0) - O:\OTA.exe [23/06/2017 01:34:58] - |A| - (. - .) - [0] - (0.0.0.0) - O:\avast_decryptor_encryptile.exe [01/01/2017 15:17:08] - |A| - (.Nicolas Coolman - ZHPDiag.) - [2624000] - (2016.12.30.255) - O:\ZHPDiag3.exe [01/01/2017 15:17:09] - |A| - (.© 2008/2010 C_XX - SEAF.) - [498868] - (1.0.1.0) - O:\SEAF.exe [29/12/2016 21:12:05] - |A| - (. - .) - [64] - (0.0.0.0) - O:\a2whitelist.ini [29/12/2016 14:31:41] - |A| - (. - .) - [6226] - (0.0.0.0) - O:\a2settings.ini [01/01/2017 15:17:10] - |SH| - (. - .) - [104] - (0.0.0.0) - O:\desktop.ini R: [22/06/2017 09:24:08] - |N| - (. - .) - [448] - (0.0.0.0) - R:\SmartClean.ini S: [25/05/2017 15:03:40] - |A| - (.Copyright (C) CyberLink Corporation. All rights reserved - CyberLink Downloader.) - [1167128] - (3.0.0.1006) - S:\CyberLink_Power2Go_Downloader.exe T: X: [22/06/2017 13:57:30] - |A| - (.Setup Engine Copyright © 2004-2012 Indigo Rose Corporation - Setup Application.) - [5663088] - (9.1.0.0) - X:\Decrap_Setup.exe [30/09/2016 07:06:18] - |A| - (. - .) - [410] - (0.0.0.0) - X:\ampa.ini Z: ---------- | C: [14/07/2009 04:36:15] - |SHD| - [5657194] - C:\$Recycle.Bin [16/06/2017 20:45:28] - |D| - [675644440] - C:\AdsFix [MD5.4B3F5D130E5F2770A741DFF860DD90F2] - [16/06/2017 20:46:36] - |A| - (. - .) - [54791] - (0.0.0.0) - C:\AdsFix.txt [17/06/2017 06:49:19] - |D| - [751430452] - C:\AdwCleaner [MD5.D9EBEC6668A6092FCBD1713C347AA5E0] - [14/07/2009 04:04:04] - |A| - (. - .) - [24] - (0.0.0.0) - C:\autoexec.bat [12/12/2016 23:00:34] - |RD| - [2191234555] - C:\Backup [05/12/2016 11:13:31] - |AD| - [86054683] - C:\book [17/09/2010 09:22:05] - |SHD| - [185285658] - C:\Boot [MD5.D6AE2D5521DD93AEBC90D411D099FA36] - [17/09/2010 09:22:06] - |RASH| - (. - .) - [383562] - (0.0.0.0) - C:\bootmgr [MD5.117A26124A6997CB68A7984E2EA6ECCE] - [17/09/2010 09:22:07] - |RASH| - (. - .) - [8192] - (0.0.0.0) - C:\BOOTSECT.BAK [MD5.ED4FC5980BD8B1AD869FF725C7776338] - [14/07/2009 04:04:04] - |A| - (. - .) - [10] - (0.0.0.0) - C:\config.sys [MD5.204BA94DD32AF13BA2D023047270DBD2] - [10/06/2017 22:21:20] - |A| - (. - .) - [1281] - (0.0.0.0) - C:\DelFix.txt [14/07/2009 06:53:55] - |SHD| - [0] - C:\Documents and Settings [10/12/2016 18:43:28] - |D| - [1478656] - C:\ESD [22/12/2016 05:14:29] - |D| - [0] - C:\EverySync [MD5.EA6AD199D291A1F4530174F5466D28D4] - [08/06/2017 06:39:45] - |A| - (. - .) - [1568] - (0.0.0.0) - C:\GUDownLoaddebug.txt [MD5.D41D8CD98F00B204E9800998ECF8427E] - [05/12/2016 11:07:11] - |ASH| - (. - .) - [796729344] - (0.0.0.0) - C:\hiberfil.sys [16/06/2017 16:44:03] - |D| - [16203974] - C:\IconPack [17/09/2010 08:58:43] - |D| - [492020] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\IO.SYS [08/06/2017 06:27:37] - |D| - [921402] - C:\MARMITON [MD5.D41D8CD98F00B204E9800998ECF8427E] - [11/12/2016 00:24:47] - |RASH| - (. - .) - [0] - (0.0.0.0) - C:\MSDOS.SYS [17/09/2010 09:16:45] - |D| - [2596623579] - C:\OEM [MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/12/2016 14:59:09] - |ASH| - (. - .) - [1241513984] - (0.0.0.0) - C:\pagefile.sys [14/07/2009 04:37:05] - |D| - [0] - C:\PerfLogs [22/06/2017 04:56:26] - |D| - [67999975] - C:\Pre_Scan [MD5.987B699F869ED243F327CD83BC399E76] - [22/06/2017 07:13:55] - |A| - (. - .) - [7933] - (0.0.0.0) - C:\Pre_Scan.txt [14/07/2009 04:37:05] - |RD| - [2934908958] - C:\Program Files [14/07/2009 04:37:05] - |HD| - [53682232163] - C:\ProgramData [22/06/2017 21:32:38] - |D| - [42039295319] - C:\QuickDiag [MD5.A444C773D09764C6D56C0906241D8388] - [23/06/2017 04:28:03] - |A| - (. - .) - [253320] - (0.0.0.0) - C:\QuickDiag.txt [12/12/2016 16:02:56] - |SHD| - [260722604] - C:\Recovery [05/12/2016 19:53:59] - |D| - [0] - C:\SauvegardePersonnelle [16/06/2017 16:19:51] - |D| - [48783914] - C:\SkinPack [05/12/2016 11:07:11] - |SHD| - [0] - C:\System Volume Information [10/06/2017 22:04:24] - |D| - [1033973] - C:\Unreal Commander [14/07/2009 04:37:05] - |RD| - [107574292823] - C:\Users [08/06/2017 23:26:36] - |HD| - [0] - C:\VTRoot [16/06/2017 16:41:25] - |HD| - [54609920] - C:\W7P_Backups [12/07/2007 03:48:01] - |AD| - [15476848611] - C:\Windows ---------- | C:\Windows [MD5.065919847CF1C1C0A1C5F63C488EB54B] - [17/09/2010 09:26:45] - |A| - (. - .) - [33] - (0.0.0.0) - C:\Windows\0 [MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/09/2010 08:57:00] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\Acer.tag [04/02/2017 18:41:27] - |D| - [0] - C:\Windows\Acronis [14/07/2009 06:52:30] - |D| - [802] - C:\Windows\addins [MD5.08D93C33DB4463288DF29C9B4F494F03] - [22/06/2017 16:59:49] - |A| - (. - .) - [3194] - (0.0.0.0) - C:\Windows\AndroidInstall.log [MD5.7FB6B8A9719E75289A4C43AC31167611] - [08/06/2017 06:12:10] - |A| - (. - .) - [163093] - (0.0.0.0) - C:\Windows\Animated Wallpaper Maker Uninstaller.exe [14/07/2009 04:37:05] - |D| - [3325456] - C:\Windows\AppCompat [14/07/2009 04:37:05] - |D| - [9913976] - C:\Windows\AppPatch [14/07/2009 04:37:05] - |RSD| - [714735190] - C:\Windows\assembly [MD5.DBD14D0DB0382DFE96D7B5007DDD5ABE] - [14/12/2016 19:44:40] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de fichier de démarrage.) - [65024] - (6.1.7601.17514) - C:\Windows\bfsvc.exe [14/07/2009 04:37:06] - |D| - [18304606] - C:\Windows\Boot [MD5.BB4D85219895C2CCF9D7EA433EA467B5] - [14/07/2009 06:57:37] - |AS| - (. - .) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat [14/07/2009 04:37:06] - |D| - [3233280] - C:\Windows\Branding [MD5.6FBB766EB79F9EED3684194EEAF838DF] - [12/12/2016 23:50:28] - |A| - (. - .) - [11453] - (0.0.0.0) - C:\Windows\ChangeLang_Done.tag [MD5.3A12D0855904754EB55D5A05BD301683] - [17/09/2010 03:45:55] - |A| - (. - .) - [10] - (0.0.0.0) - C:\Windows\CSUP.TXT [14/07/2009 04:37:06] - |D| - [2450776] - C:\Windows\Cursors [14/07/2009 06:34:21] - |D| - [731] - C:\Windows\debug [06/10/2009 04:29:32] - |AD| - [254527] - C:\Windows\DeployWinRE2 [MD5.337F31202C81C9DC45F52600F41EF046] - [12/12/2016 15:21:00] - |A| - (. - .) - [14947] - (0.0.0.0) - C:\Windows\devices.txt [14/07/2009 06:52:30] - |D| - [3042330] - C:\Windows\diagnostics [14/07/2009 06:56:48] - |D| - [0] - C:\Windows\DigitalLocker [MD5.3B3E3D81B9F4FAB89AC0B2769ABE17D3] - [14/12/2016 07:08:12] - |A| - (. - .) - [64] - (0.0.0.0) - C:\Windows\dm.dmap [17/09/2010 09:17:21] - |D| - [12505585] - C:\Windows\Downloaded Installations [14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Downloaded Program Files [MD5.764BEB653EDB973A63E9D30764341933] - [22/06/2017 16:43:53] - |A| - (. - .) - [3262] - (0.0.0.0) - C:\Windows\DPINST.LOG [MD5.E7CCB395344AF1C555C45E55C149A773] - [17/09/2010 09:18:36] - |A| - (.Copyright (C) 2004 - EMCRI DLL.) - [361808] - (1.0.0.3) - C:\Windows\EMCRI_E.dll [10/06/2017 22:42:29] - |D| - [61598686] - C:\Windows\ERUNT [MD5.40D777B7A95E00593EB1568C68514493] - [14/12/2016 19:48:55] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Explorateur Windows.) - [2616320] - (6.1.7601.17514) - C:\Windows\explorer.exe [MD5.F38B53088F3200BC9B8037DBA400F0AA] - [12/12/2016 15:19:41] - |A| - (. - .) - [113264] - (0.0.0.0) - C:\Windows\FixUVC.exe [14/07/2009 04:37:06] - |RSD| - [358178595] - C:\Windows\Fonts [12/12/2016 23:44:18] - |D| - [142336] - C:\Windows\fr-FR [MD5.F9202335BBA03A02F084FE588564BBF5] - [14/07/2009 01:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Utilitaire de service de chiffrement de lecteur BitLocker.) - [13824] - (6.1.7600.16385) - C:\Windows\fveupdate.exe [14/07/2009 04:37:06] - |D| - [83144388] - C:\Windows\Globalization [14/07/2009 04:37:06] - |D| - [38934178] - C:\Windows\Help [MD5.2FF3A32F01DF61836FED59D441D8B9DF] - [14/07/2009 02:12:58] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Aide et support Microsoft.) - [497152] - (6.1.7600.16385) - C:\Windows\HelpPane.exe [MD5.9B90B0C78671A4881D06C91941F6F379] - [14/07/2009 02:12:22] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Exécutable de l’aide HTML Microsoft®.) - [15360] - (6.1.7600.16385) - C:\Windows\hh.exe [14/07/2009 04:37:06] - |D| - [143547244] - C:\Windows\IME [14/07/2009 04:37:06] - |D| - [130683750] - C:\Windows\inf [17/09/2010 09:17:22] - |SHD| - [1568042803] - C:\Windows\Installer [14/07/2009 04:37:06] - |D| - [48371] - C:\Windows\L2Schemas [14/07/2009 04:37:06] - |D| - [0] - C:\Windows\LiveKernelReports [MD5.EF3024328398C07DE0BDF35B67ABEC68] - [17/09/2010 08:57:27] - |A| - (. - .) - [172] - (0.0.0.0) - C:\Windows\LMv4.UNI [14/07/2009 04:37:06] - |D| - [19063872] - C:\Windows\Logs [14/07/2009 04:37:06] - |RSD| - [13327133] - C:\Windows\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [14/07/2009 01:55:01] - |A| - (. - .) - [43131] - (0.0.0.0) - C:\Windows\mib.bin [14/07/2009 04:37:07] - |D| - [798200025] - C:\Windows\Microsoft.NET [14/12/2016 11:04:34] - |D| - [1496] - C:\Windows\Migration [MD5.A8BF8A76DA1BDCAEFB65F2F987BCA8C5] - [23/04/2009 06:44:23] - |A| - (. - .) - [2572] - (0.0.0.0) - C:\Windows\MOD01OPK04000H0001.enc [MD5.1162C16DCAF8288ADF7CB74DE472A107] - [17/09/2010 03:46:01] - |A| - (. - .) - [1996] - (0.0.0.0) - C:\Windows\MOD01SET00000000MU.enc [MD5.E551DAEAF6F19A8FCFA8E0D689870CD3] - [17/09/2010 09:21:10] - |A| - (. - .) - [2008] - (0.0.0.0) - C:\Windows\MOD01SET5K000G0002.enc [MD5.448CA8C1E3F648FFEF53645B511C5F74] - [06/10/2009 22:46:28] - |A| - (. - .) - [2476] - (0.0.0.0) - C:\Windows\MOD01SET74FR0H0003.enc [MD5.013985963D7C6010B033A70E452292BA] - [17/09/2010 09:21:10] - |A| - (. - .) - [2048] - (0.0.0.0) - C:\Windows\MOD01SET75000H0005.enc [MD5.24D9E3329D9625546EDD7EEB46B33E9A] - [17/09/2010 09:21:10] - |A| - (. - .) - [2168] - (0.0.0.0) - C:\Windows\MOD01SET78000G0018.enc [14/07/2009 04:37:07] - |D| - [0] - C:\Windows\ModemLogs [MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [14/07/2009 04:04:57] - |A| - (. - .) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini [12/12/2016 23:35:29] - |D| - [10136198] - C:\Windows\NAPP_Dism_Log [MD5.D0B21C17A8FD3C4D452016AB5E640A58] - [06/10/2009 04:29:32] - |A| - (. - .) - [741] - (0.0.0.0) - C:\Windows\NewDeployWinRE.cmd [MD5.D378BFFB70923139D6A4F546864AA61C] - [14/07/2009 01:41:04] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Bloc-notes.) - [179712] - (6.1.7600.16385) - C:\Windows\notepad.exe [MD5.A3F93D2E535F509E84B1B9060CA9F852] - [05/02/2017 12:14:42] - |A| - (. - .) - [1716144] - (0.0.0.0) - C:\Windows\ntbtlog.txt [17/09/2010 09:31:33] - |D| - [229807] - C:\Windows\oem [22/06/2017 18:32:03] - |D| - [98304] - C:\Windows\OEMTemp [14/07/2009 06:52:30] - |D| - [65] - C:\Windows\Offline Web Pages [17/09/2010 09:13:51] - |D| - [0] - C:\Windows\Options [12/07/2007 03:49:28] - |D| - [1519073] - C:\Windows\Panther [MD5.ACA81BF682ED2907FCEDF4A359BB8E1B] - [17/09/2010 09:37:39] - |A| - (. - .) - [70] - (0.0.0.0) - C:\Windows\patch.loag [12/12/2016 15:32:00] - |D| - [0] - C:\Windows\PCHEALTH [14/07/2009 06:52:30] - |D| - [62073347] - C:\Windows\Performance [MD5.1731B06A9C0BA5D8A5166ACA24B9C1C0] - [04/02/2017 17:37:55] - |A| - (. - .) - [113620] - (0.0.0.0) - C:\Windows\PFRO.log [MD5.C4929C7C4BE57AF744E315B239F61F07] - [12/12/2016 15:19:42] - |A| - (. - .) - [302] - (0.0.0.0) - C:\Windows\PidList_C.ini [14/07/2009 04:37:07] - |D| - [1132015] - C:\Windows\PLA [MD5.EADCEB89DD46DA2A5560CA2AF016A6A6] - [12/12/2016 15:19:42] - |A| - (.Copyright (C) 2007 - DefaultSettingEXE MFC Application.) - [206208] - (1.1.0.1) - C:\Windows\PLFSetI.exe [14/07/2009 04:37:07] - |D| - [2859777] - C:\Windows\PolicyDefinitions [17/09/2010 08:23:21] - |D| - [25846181] - C:\Windows\Prefetch [MD5.8A4883F5E7AC37444F23279239553878] - [14/07/2009 01:17:08] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Éditeur du Registre.) - [398336] - (6.1.7600.16385) - C:\Windows\regedit.exe [14/07/2009 04:37:07] - |D| - [21544] - C:\Windows\Registration [14/07/2009 04:37:07] - |D| - [5224491] - C:\Windows\Resources [MD5.8C13B87AAF2D4B1DB1A56C841730D7A9] - [16/06/2017 16:49:54] - |A| - (. - .) - [9522] - (0.0.0.0) - C:\Windows\Retafte.bmp [MD5.C8717886B101DFEF52EBC243C1706801] - [17/09/2010 09:10:23] - |A| - (.Copyright (C) 2010 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [1251944] - (1.0.2.4) - C:\Windows\RtlExUpd.dll [14/07/2009 04:37:07] - |D| - [0] - C:\Windows\SchCache [14/07/2009 04:37:07] - |D| - [58021] - C:\Windows\schemas [14/07/2009 04:37:07] - |D| - [5268138] - C:\Windows\security [14/07/2009 06:34:13] - |D| - [45310510] - C:\Windows\ServiceProfiles [14/07/2009 04:37:07] - |D| - [66225382] - C:\Windows\servicing [14/07/2009 06:34:16] - |D| - [457] - C:\Windows\Setup [MD5.978F70D77E0CFA2BBCB996B3FD1B579E] - [04/02/2017 16:09:43] - |A| - (. - .) - [15414] - (0.0.0.0) - C:\Windows\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [04/02/2017 16:09:43] - |A| - (. - .) - [0] - (0.0.0.0) - C:\Windows\setuperr.log [MD5.0D0D3F885589CDEA678C3B17ABB70DC7] - [24/10/2014 10:12:04] - |A| - (.Copyright (C) 1998-2014 - ArchiCrypt Live Engine.) - [117848] - (19.1.1.0) - C:\Windows\SleeN1964.sys [12/12/2016 15:02:19] - |D| - [554176037] - C:\Windows\SoftwareDistribution [14/07/2009 04:37:07] - |D| - [70586312] - C:\Windows\Speech [MD5.9060C3C745E7B2D8E1A81DD061021546] - [14/07/2009 06:48:09] - |A| - (. - .) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml [MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\suite.vssMgr.exe [14/07/2009 04:37:07] - |D| - [700380] - C:\Windows\system [MD5.286A9EDB379DC3423A528B0864A0F111] - [14/07/2009 04:04:23] - |A| - (. - .) - [219] - (0.0.0.0) - C:\Windows\system.ini [12/07/2007 03:51:11] - |D| - [2886552061] - C:\Windows\System32 [14/07/2009 04:37:09] - |D| - [15] - C:\Windows\TAPI [14/07/2009 04:37:09] - |D| - [12644] - C:\Windows\Tasks [14/07/2009 04:37:09] - |AD| - [31358276] - C:\Windows\Temp [14/07/2009 04:37:09] - |D| - [0] - C:\Windows\tracing [MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 23:41:17] - |A| - (. - Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll [14/07/2009 06:52:30] - |D| - [6144] - C:\Windows\twain_32 [MD5.163A95975E1D8819E653AA3E961371CA] - [14/12/2016 19:45:00] - |A| - (. - Gestionnaire de sources Twain_32 (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll [MD5.F36A271706EDD23C94956AFB56981184] - [14/07/2009 00:47:26] - |A| - (. - Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe [MD5.0BD6E68F3EA0DD62CD86283D86895381] - [14/07/2009 02:14:40] - |A| - (. - Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe [MD5.6DD33EFEBA08378FC785A28391B3E6F3] - [16/06/2017 07:34:58] - |A| - (. - .) - [51622] - (0.0.0.0) - C:\Windows\uninstaller.dat [MD5.B38882E54F783A2C37946C27091DC8B4] - [17/09/2010 09:18:30] - |A| - (.(C) 2000-2009 Dritek System Inc. - Uninstall Application.) - [349776] - (2.1.2.2017) - C:\Windows\UNINSTLMv4.EXE [MD5.3D571A3CBF127E9555EAD2F8598F425F] - [13/07/2009 01:07:48] - |A| - (.Copyright (C) 2009 - Unsigned Themes Service.) - [21096] - (0.0.2.0) - C:\Windows\UnsignedThemesSvc.exe [14/07/2009 04:37:09] - |D| - [12420] - C:\Windows\Vss [MD5.93C96478B0D5B27B979E0E3AB0802C77] - [07/07/2016 09:08:40] - |A| - (. - .) - [75184] - (0.0.0.0) - C:\Windows\vssMgr.exe [14/07/2009 04:37:09] - |D| - [1447926] - C:\Windows\Web [MD5.162904DAA5412143F5403233E77F787E] - [14/07/2009 04:04:23] - |A| - (. - .) - [403] - (0.0.0.0) - C:\Windows\win.ini [MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [14/07/2009 06:41:57] - |RAH| - (. - .) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest [MD5.00A385985F02C0E5E4B68F3D3FE11E46] - [04/02/2017 17:40:46] - |A| - (. - .) - [1175899] - (0.0.0.0) - C:\Windows\WindowsUpdate.log [MD5.8E6F7D51A5CB299C25621C6C1AB57E84] - [13/07/2009 22:29:46] - |A| - (.Copyright © Microsoft Corp. 1991-1992 - Windows Help Engine application file.) - [256192] - (3.10.0.425) - C:\Windows\winhelp.exe [MD5.1D420D66250BCAAAED05724FB34008CF] - [14/07/2009 02:12:29] - |A| - (.© Microsoft Corporation. Tous droits réservés. - Relais Windows Winhlp32.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe [14/07/2009 04:37:09] - |D| - [7712216849] - C:\Windows\winsxs [MD5.360A166B4DD11DFD897F73F5410FDEE2] - [17/04/2010 02:28:46] - |A| - (.© 2008 Microsoft Corporation. Tous droits réservés. - Écran de veille photos Windows Live.) - [307056] - (14.0.8117.416) - C:\Windows\WLXPGSS.SCR [MD5.EA3ECB92A2EA3A42273CB3B308CA1A5B] - [09/06/2017 14:59:29] - |A| - (. - .) - [156910] - (0.0.0.0) - C:\Windows\WMSysPr8.prx [MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 23:34:23] - |A| - (. - .) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx [MD5.72F2D357120F95C1E725C22915FE95E1] - [08/06/2017 06:00:31] - |A| - (. - .) - [193] - (0.0.0.0) - C:\Windows\WORDPAD.INI [MD5.6E8EACC0B339365D79A2C06896865D3D] - [14/07/2009 01:41:00] - |A| - (.© Microsoft Corporation. All rights reserved. - Windows Write.) - [9216] - (6.1.7600.16385) - C:\Windows\write.exe [MD5.603896977C69A2EC9FBE37C7C1A232D8] - [10/06/2017 22:05:47] - |A| - (. - .) - [36] - (0.0.0.0) - C:\Windows\xlkfs.log [MD5.F9F4905664C5B42B49E78EFA12D1A6B6] - [12/12/2016 15:33:59] - |A| - (. - .) - [20] - (0.0.0.0) - C:\Windows\xö“ [MD5.B317B33694BAC49D492DD3F23E374899] - [13/07/2009 23:30:30] - |A| - (. - .) - [707] - (0.0.0.0) - C:\Windows\_default.pif ---------- | Systemroot\System [14/07/2009 01:00:47] - |A| - [69584] - C:\Windows\System\avicap.dll (Copyright © Microsoft Corp. 1992-1994) - (AVI Capture DLL) [14/07/2009 01:00:47] - |A| - [109456] - C:\Windows\System\avifile.dll (Copyright © Microsoft Corp. 1991-2000) - (Microsoft AVI File support library) [13/07/2009 23:41:42] - |A| - [32816] - C:\Windows\System\COMMDLG.DLL (Copyright © Microsoft Corp. 1981-1996) - (Common Dialogs libraries) [13/07/2009 23:41:23] - |A| - [2000] - C:\Windows\System\keyboard.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Keyboard Driver Module) [13/07/2009 22:29:46] - |A| - [9936] - C:\Windows\System\lzexpand.dll (Copyright © Microsoft Corp. 1989-1992) - (Windows file expansion library) [14/07/2009 01:00:47] - |A| - [73376] - C:\Windows\System\mciavi.drv (Copyright © Microsoft Corp. 1992-1994) - (MCI driver for AVI) [14/07/2009 01:00:47] - |A| - [25264] - C:\Windows\System\mciseq.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for MIDI sequencer) [14/07/2009 01:00:47] - |A| - [28160] - C:\Windows\System\mciwave.drv (Copyright © Microsoft Corp. 1991) - (MCI driver for waveform audio) [13/07/2009 23:41:32] - |A| - [68992] - C:\Windows\System\MMSYSTEM.DLL (Copyright © Microsoft Corp. 1981-1996) - (System APIs for Multimedia) [13/07/2009 23:41:32] - |A| - [1152] - C:\Windows\System\mmtask.tsk (Copyright © Microsoft Corp. 1981-1996) - (Multimedia background task support module) [13/07/2009 23:41:27] - |A| - [2032] - C:\Windows\System\mouse.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW MOUSE Driver Module) [10/06/2009 23:21:50] - |A| - [126912] - C:\Windows\System\msvideo.dll (Copyright © Microsoft Corp. 1992-1994) - (Microsoft Video for Windows DLL) [13/07/2009 22:29:46] - |A| - [82944] - C:\Windows\System\olecli.dll (Copyright © Microsoft Corp. 1991-1993) - (Object Linking and Embedding Client Library) [13/07/2009 23:41:50] - |A| - [24064] - C:\Windows\System\OLESVR.DLL (Copyright © Microsoft Corp. 1991-1996) - (Object Linking and Embedding Server Library) [13/07/2009 23:41:22] - |A| - [5120] - C:\Windows\System\SHELL.DLL (Copyright © Microsoft Corp. 1981-1996) - (Windows Shell library) [13/07/2009 23:41:23] - |A| - [1744] - C:\Windows\System\sound.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW SOUND Driver Module) [14/07/2009 00:00:27] - |A| - [5532] - C:\Windows\System\stdole.tlb (Copyright © Microsoft Corp. 1993-1995) - (OLE 2.1 16/32 Interoperability Type Library) [13/07/2009 23:41:21] - |A| - [3360] - C:\Windows\System\system.drv (Copyright © Microsoft Corp. 1981-1996) - (Windows System Driver core component) [13/07/2009 23:41:39] - |A| - [4048] - C:\Windows\System\TIMER.DRV (Copyright © Microsoft Corp. 1981-1996) - (Timer driver for PC compatibles) [13/07/2009 22:29:46] - |A| - [9008] - C:\Windows\System\ver.dll (Copyright © Microsoft Corp. 1991) - (Version Checking and File Installation Libraries) [13/07/2009 23:41:26] - |A| - [2176] - C:\Windows\System\vga.drv (Copyright © Microsoft Corp. 1981-1996) - (WOW Display Driver Module) [13/07/2009 23:41:45] - |A| - [12704] - C:\Windows\System\WFWNET.DRV (Copyright © Microsoft Corp. 1981-1996) - (Windows for Workgroups network driver) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [01/04/2017 07:55:22] - C:\Windows\Installer\122d083.msi : (COMODO Secure Shopping - COMODO) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/07/2010 04:28:52] - C:\Windows\Installer\13ccf3.msi : (MSI Database - Insyde) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/06/2017 07:34:07] - C:\Windows\Installer\172bcd.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/06/2017 20:43:17] - C:\Windows\Installer\1cb958.msi : (Silent Install Builder 5 - Aprel Tech, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2017 07:38:59] - C:\Windows\Installer\1cb972.msi : (Morae Recorder - TechSmith Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/06/2017 07:42:53] - C:\Windows\Installer\1cb97c.msi : (Morae Observer - TechSmith Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/12/2016 15:22:38] - C:\Windows\Installer\20566370.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/11/2016 19:50:16] - C:\Windows\Installer\34edd9.msi : (Acronis Backup Agent - Acronis) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/06/2017 16:12:07] - C:\Windows\Installer\35285b.msi : (Fast Spell Checker - WebTweakTools.com) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/07/2009 22:37:54] - C:\Windows\Installer\36130b.msi : (UxStyle Core Beta - The Within Network, LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]